1 Introduction

The Internet of Things (IoT), enabling the connectivity of physical and virtual objects to create smart environments, has witnessed exponential growth in the past decade with the advances in networking infrastructures and smart devices. According to a Gartner study, the number of IoT units worldwide is expected to reach around 20 billion by 2020 [7], and the IoT connections even only within the EU is estimated to reach 6 billion by 2020 [3], covering a market of over one trillion euros. Among major applications of IoT are smart homes integrating various sensors for security, elderly care and smart energy consumption, wearables for personal health monitoring, smart manufacturing expected to be prevalent in the European logistic chain and production line, smart energy grids, smart cities utilizing data from various sensors for long term development planning, connected vehicles, smart farming improving the agri-food supply chain, earth/ocean observation systems addressing environmental issues, and surveillance/safety warning systems for emergency response. Wide adoption of IoT is expected to provide immense economic benefits, as it enables crossing over borders between different industrial sectors, creating more efficient processes, reduced consumption and increased sharing of resources. IoT technology will also address societal challenges as in the cases of:

  • At-home health monitoring in Netherlands resulting in significant efficiency gains for elderly care efforts [16]

  • Auto-adjusting streetlights in Barcelona providing over 30% energy savings [1]

  • UK’s intelligent transport system reducing travel time by 25% and accidents by 50% [19]

Given the potential of IoT to create smarter, safer, and efficient systems as “the next major economic and societal innovation wave” after Internet’s evolution, development of IoT infrastructures and services are a significant task.

Despite the many economic and societal benefits of IoT, the security issues it gives rise to are a concerning aspect of the technology, hampering wider adoption. The crosslinking of various types of objects in IoT enables each object to influence the behavior of others and the exchange of vast amounts of information taking place automatically without the users’ awareness leads to security problems including violations of data privacy and integrity, vital for both proper functioning of critical systems and data protection rights of individuals. IoT-enabled devices have already created a large attack surface for hackers to exploit. Among major security incidents involving IoT devices are:

  • CIA tools turning Samsung SmartTVs into secret listening devices [8]

  • The massive distributed denial of service attack against a major DNS provider (Dyn) launched through security cameras [5]

  • Hackers remotely taking control of a Jeep Cherokee [9]

  • The Stuxnet virus destroying a fifth of Iran’s nuclear centrifuges by spinning out of control [12]

When we consider Industrial Internet of Things (IIoT), involving organizations in the energy, utilities, government, healthcare and finance sectors, the seriousness of the situation becomes more obvious. Vulnerabilities in such systems not only create privacy violations, but also hurt safety and availability, as in the case of disrupting power supply for communities through hacking into energy grids, making authentication and data integrity paramount.

Achieving security in IoT faces new challenges peculiar to the technology in addition to previously known vulnerabilities:

  • Many of the current IoT devices lack basic security requirements.

  • There is a lack of standardization for IoT standards and protocols, which creates security loopholes.

  • There is a lack of clarity regarding who is responsible for security violations [17].

  • There are scalability problems associated with the sizes of machine-to-machine (M2M) networks.

  • The low computing power/battery life of many devices make them unfit for computation-intensive cryptographic operations.

The challenges facing a secure IoT model partly stem from the centralized architecture of the current IoT ecosystem, which requires devices to be authenticated through trusted third parties (TTP) with high processing power in the cloud. Even if seemingly sufficient for today’s networks, a centralized security architecture will be unable to meet the needs of the near future’s huge IoT networks, with the central security servers being a single point of failure, therefore hot targets for attackers, and leading to performance bottlenecks and high maintenance costs. In order to seamlessly integrate into existing IoT systems, the security architecture to be developed needs to be energy-efficient, easy to operate across a variety of IoT devices, scalable for huge device networks, provide real-time authentication and data integrity verification, and ensure end-to-end security of disseminated data in line with the protection rights of individuals such that they remain in control.

In this work, we propose an adaptable data security architecture for IoT, addressing the specific requirements pertaining to the nature of IoT devices such as limited processing power, battery life and storage space, and provide a security architecture truly fit for the decentralized nature of IoT applications, addressing the shortcomings of existing state-of-the-art client-server based models. The architecture is based on the application of the blockchain technology to IoT in order to provide secure device authentication and protect/verify the integrity of data collected by sensors and other devices in an IoT network.

The rest of this paper is organized as follows: Sect. 2 provides an overview of data security approaches in IoT. Section 3 introduces the proposed data security architecture for IoT. Section 4 discusses the results of preliminary experiments for the feasibility of the approach. Section 5 concludes the paper.

2 Related Work

Current security architectures for IoT are generally extensions of legacy client-server based models, which provide authentication of devices by certification authorities through strong standards like the X.509 public key infrastructure (PKI) [11], and utilize extensions of TLS such as DTLS [14] for securing network communication, which are both heavy-weight for devices lacking sufficient energy, storage and processing power and rely on a centralized architecture for tasks including management of security keys and data integrity verification [2], resulting in large delays unsuitable for the distributed nature of IoT applications. Following the immense growth of the IoT technology in the past decade, there have been several proposals for IoT security and privacy, among which are:

  • A distributed capability-based access control method based on PKI using the Elliptic Curve Digital Signature Algorithm (ECDSA), which falls short of satisfying the real-time requirements of many IoT applications due to large delays [18]

  • An IP-sec and TLS based protocol to provide authentication and privacy, which is computationally-intensive [10]

  • A privacy management method based on the measurement of the risks of disclosing sensitive data, which strictly relies on the accuracy of the risk estimation methods [20].

One recent technique proving successful in providing decentralized, verifiable security and privacy of data is blockchain. Blockchain is a promising technology for secure IoT, providing a decentralized architecture, anonymity of users, tamperproof record of data transactions and highly trusted data verification/device authentication [4]. There are already proposals for utilizing blockchain as the underlying security model for various IoT systems [15], and companies like IBM and Samsung have started exploring the potential of blockchain for IoT. Although blockchain is seen by many as the next disruptive technology with great promise for IoT, a direct application of blockchain to IoT has major shortcomings to be addressed:

  • The ever-growing nature of the public ledger of transactions in blockchain is not suitable for the limited storage space available in many IoT devices.

  • The distributed consensus protocol involving all nodes for each transaction takes a long time, not meeting the real-time needs of some IoT applications.

  • The cryptographic processing on the devices consumes too much energy.

Our proposed architecture differs from purely blockchain-based architectures in that it takes into consideration the resource limitations of IoT devices in the blockchain network, and imposes a hierarchical blockchain structure for providing data security in IoT.

3 Proposed Approach

In order to address the data security challenges of IoT, in this work we propose a decentralized data security framework for IoT, adaptable to the very nature and context of IoT applications and devices. The framework has the goal of enabling the creation of a secure IoT ecosystem through standardization and interoperability, paving the way for further interdisciplinary research involving fields ranging from autonomous vehicles to smart energy distribution networks, removing the security barrier from wider adoption of IoT-enabled devices and services. The objectives of the framework are as follows:

  1. 1.

    To build a decentralized, anonymity-preserving, non-repudiation capable authentication and data verification framework, able to integrate IoT devices with various capabilities and generating data in various forms.

  2. 2.

    To ensure adaptable operation of the data security framework, such that it adjusts the processes involved in data verification and dissemination based on the capabilities of participating devices and operation context.

  3. 3.

    To ensure optimal performance in terms of energy consumption and end-to-end data communication delay.

We begin this section by describing a typical data generation scenario in IoT along with its data security requirements, provide an overview of blockchain and describe the hierarchical blockchain architecture we propose to provide decentralized data security in IoT networks.

3.1 The Smart Energy Trading Scenario

One specific use case of IoT in the energy sector is the building of distributed energy distribution networks automated with the help of smart energy meters that measure the energy consumption at individual units in the network. Thanks to the availability of renewable energy production tools like rooftop solar panels, houses can now even generate their own energy and perform energy trading with their neighbors without the need for an intermediary. In the presence of no trusted intermediate authority, the tracking of the amount of energy produced/consumed by each unit will need to rely on a mechanism that does not require trust between the network participants. This kind of IoT scenario is prone to the following security issues:

  1. 1.

    Especially in developing countries, fraudulent users could be involved in acts such as modifying the readings of the meters or even altering the behavior of the meters to incur negative usage costs, hence destroying the integrity of the data gathered by the IoT devices.

  2. 2.

    If the data gathered by all units are kept at a single site, that site becomes a single point of failure, and an attack on the site could result in the loss of all measurement data.

  3. 3.

    Malicious devices in the network could spoof other devices to hold them responsible for their own usage.

  4. 4.

    In the case of energy trading, devices buying/selling energy may not meet contractual obligations and it will be hard for the involved parties to track them down in case of using fake identities.

The last two of the above items require strong authentication mechanisms, however approaches based on trusted third parties (TTP) will not scale when the size of these networks is considered, and TTPs are still subject to the single-point-of-failure problem.

3.2 Blockchain

Blockchain, which is seen as the fifth disruptive technology in computing after mainframes, PC, the Internet and social media, is a distributed database (called ledger) shared and controlled by a group of networked independent parties as seen in Fig. 1. Within the context of the energy trading scenario, the ledger can be thought of as a database of all trading, production and consumption (as a result of energy consumption and production) transactions ever made by the network participants. For the sake of simplicity, the ledger in Fig. 1 shows the current energy surplus of the network participants in the database.

Blockchain provides an immutable record of data secured by a peer-to-peer (P2P) network of participants, who validate all transactions against the ever-growing database, using the cryptographic hash of each block of data in the chain that links it to its predecessor. The database updates to include new transaction records occur by broadcasting the transaction to the entire network as seen in Fig. 2 (which corresponds to sending a given amount of energy from A to B for our scenario) and running a distributed consensus algorithm typically involving the solution to a cryptographic puzzle (proof of work) by special participants of the network (miners) [13]. The whole network has a consistent copy of the ledger, which provides transaction transparency.

Fig. 1.
figure 1

Blockchain network and the ledger

Full size image
Fig. 2.
figure 2

Transaction in blockchain

Full size image

Some important features of blockchain, which make it an important tool for distributed data security are as follows:

  • It is a continuously growing list of records.

  • It is protected from revision and tampering (i.e. it is immutable).

  • It records all transactions that ever occurred.

  • It provides non-repudiation (i.e. participants performing transactions cannot deny involvement in transactions they performed).

  • Upon a new transaction, the blockchain is validated across the distributed network before including the transaction as the next block in the chain (i.e. it relies on a distributed consensus mechanism).

  • Blocks are made by miners (utilizing special equipment/software) coming to agreement on which transactions fit in each block, and which block will be the next in the chain.

One important feature of blockchain that makes it an effective technique for data security at scale is that it does not rely on trust between the participants in the network, and there is no central trusted authority involved. The security of blockchain relies purely on cryptography and distributed consensus in the network. In order to be able to write an alternative transaction history or replace any transaction in the chain, an attacker would have to invest in significant computational resources, which serves as a deterrent for adversaries. The transparency feature (i.e. everyone participating in the network has full visibility of all transactions) is a significant aspect for verifiability of all data transactions by all parties involved.

On the other hand, there are also some limitations of blockchain, which make it difficult to adapt to the problem of IoT security. Among the limitations are the following:

  • The 50% + 1 rule: An attacker controlling over 50% of the network will be able to amend transactions, i.e. write an alternative history.

  • Prohibitive power consumption: There are different consensus mechanisms (e.g. proof of stake, proof of work, proof of identity etc.) for blockchain, and proof of work, which requires the solving of cryptographic puzzles by the miners in the network, has been the most popular for public blockchains. The security of this scheme relies on the complexity of the computations performed by the nodes, however this also makes it prohibitive in terms of energy consumption for resource-constrained devices to participate in the block formation process.

  • Evergrowing ledger size: As the ledger keeps a record of all transactions that occurred since the formation of that blockchain, its size could become overburdening for capacity-limited IoT devices.

3.3 Hierarchical Blockchain Architecture

In order to account for the storage, processing and energy limitations of IoT devices, we propose a hierarchical blockchain architecture for data security in IoT. In the proposed architecture, the resource-limited IoT devices are connected to an upper layer of “data collectors” that are powerful devices with larger storage and less energy constraints (e.g. cloud servers). In a classical approach, these collectors would normally be connected to a central server, which stores all the collected data. However, in such an architecture, there is a chance to lose the data on some nodes, and the server is vulnerable to attacks. In the proposed architecture, we solve these problems with the benefits of blockchain. Blockchain provides a secure distributed database and eliminates the necessity of a central server. A simplified view of the hierarchical blockchain architecture is provided in Fig. 3.

Fig. 3.
figure 3

High-level view of hierarchical blockchain architecture

Full size image

The model ensures that the computation required for data verification is securely offloaded to nearby edge/cloud servers by resource-constrained devices in an adaptable manner considering device capacity, battery level and available storage space. This will lead to optimized resource utilization through a context-aware hybrid security architecture with computation-intensive work assigned to devices of greater capacity.

Upon issuance of a new transaction (e.g. a new energy purchase) request from a node in the IoT blockchain network, the following steps are taken:

  1. 1.

    The request issuer digitally signs the transaction (data update) with its own private key and broadcasts it in the device-level IoT blockchain network.

  2. 2.

    The transaction goes into a pool of pending transactions as seen in Fig. 4.

  3. 3.

    The miners in the local network verify the validity of the transaction origin by checking the digital signature on the transaction against the public key of the sender.

  4. 4.

    Miners pick out transactions from the pending pool, confirm the validity of the transaction logic (e.g. that the issuer has sufficient balance in his/her account to purchase the requested amount of energy) and start solving a cryptographic puzzle (using a secure hash algorithm such as SHA256 [6]). Solving the puzzle is achieved by finding a nonce value through repeatedly performing a cryptographic hash calculation involving the hash of the previous block and the current transaction until the target value is achieved.

  5. 5.

    The first miner able to solve the puzzle places the selected transaction in the chain, which needs to be approved by a majority of the network participants. The verification by the other participants is easy, as they are now given the correct nonce value and already have the hash of the previous block.

  6. 6.

    The linking of the transaction to the chain is provided by including the cryptographic hash (irreversible) of the previous block in the chain, so that any modifications to the previous data collected will not be possible (i.e. will require significant effort and computational resources).

Fig. 4.
figure 4

Formation of blocks in blockchain

Full size image

While the device-level blockchain operates as described above, the blockchain at the upper layer having powerful servers maintains the ledger of all transactions from the various blockchains at the layer below. This enables resetting of the device-level blockchains periodically to handle resource limitations, while still maintaining a transparent, data integrity-preserving complete history of transactions replicated at multiple sites.

Reconsidering the security issues with the scenario described in Sect. 3.1, we observe the proposed model mitigates them as follows:

  1. 1.

    Once a reading enters the blockchain, it will not be possible to change it, as the alteration would require building the whole chain from the beginning, relying on the utilization of expensive computational resources, which will outweigh the benefits of changing the meter reading/trade transaction for the adversary. Additionally, transactions that are not possible (such as negative meter readings) will not be validated by the blockchain network.

  2. 2.

    As the whole transaction history will be replicated at multiple sites in a transparent manner, there will be no single point of failure.

  3. 3.

    It will not be possible for malicious devices to spoof others, as transactions will require digital signatures, validated by all network participants.

  4. 4.

    Due to the transparency of transactions and the validation process, fraudulent transactions will not be possible.

4 Implementation

In a prototype implementation of the proposed architecture, we used Raspberry PiFootnote 1 devices that collect temperature data using their sensors. These devices are connected to cloud servers that serve as data collectors through WiFi. Raspberry Pi devices connected to the same data collector create a blockchain network between themselves, and all data collectors also create a blockchain network among themselves, without using a central server. Due to the storage limitations of the Raspberry Pi devices, ledgers are formed within the network formed at the device level, and the data are pushed to the layer above periodically. This results in a blockchain of blockchains to store the entire transaction history at the upper layer involving powerful cloud servers. The blockchain was implemented using the Ethereum blockchain platformFootnote 2.

In order to evaluate the feasibility of the proposed architecture for IoT security, we performed experiments with the developed IoT blockchain. Ethereum virtual machines were installed on Raspberry Pi devices, as well as on machine instances (t2.medium and c5.large instance types) in the AWS EC2Footnote 3 and connected to the same blockchain network through WiFi. The task of mining was offloaded to the cloud servers, as the devices were observed not to be capable of successfully completing the mining process when the difficulty level of the cryptographic puzzle to solve was high, which justifies the use of edge computing and a hierarchical approach in the proposed architectureFootnote 4.

In order to keep the transaction processing time standard (around 12–15 s), the Ethereum blockchain builds a directed acyclic graph (DAG) and automatically adjusts the difficulty of the cryptographic puzzles, which makes it difficult to evaluate performance in terms of transaction processing time. It was observed that the collected sensor data was processed and stored securely on all nodes in the formed IoT network. Figures 5, 6, 7 and 8 show excerpts from the runtime environment of the implemented blockchain.

Fig. 5.
figure 5

Ethereum transaction sample

Full size image
Fig. 6.
figure 6

AWS instances in Ethereum blockchain

Full size image
Fig. 7.
figure 7

Mining in Ethereum blockchain

Full size image
Fig. 8.
figure 8

Blockchain syncronization in Ethereum blockchain

Full size image

5 Conclusion

In this paper we proposed a data security architecture for IoT networks. The solution is based on the application of the blockchain technology to IoT networks to provide decentralized device authentication and data security guarantees, taking into consideration the resource limitations of IoT devices and the heterogeneity of IoT networks, which enables utilization of powerful cloud servers for mining in the blockchain network. This work differs from previous work based on blockchain in that it proposes a hierarchical structure of blockchain (blockchain of blockchains) to overcome the resource problems in IoT. A prototype implementation of the proposed architecture demonstrates the feasibility and promise of the model to provide data security in IoT. Future work will include modifications to the structure of blockchain itself to utilize lightweight cryptography fit for the nature of IoT as well as amendments to the consensus protocol used, in order the achieve higher performance mining on IoT devices as well.