See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/329443844

BlockChain for IoT Security and Management: Current Prospects, Challenges

and Future Directions

Preprint · December 2018

DOI: 10.13140/RG.2.2.26556.49289

CITATIONS READS
0 1,146

4 authors, including:

Shanto Roy Mehedi Hassan

Green University of Bangladesh Islamic University of Technology
23 PUBLICATIONS   22 CITATIONS    4 PUBLICATIONS   0 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

People Identity Verification in Cloud View project

Intelligent of Learning Things (IoLT) View project

All content following this page was uploaded by Shanto Roy on 06 December 2018.

The user has requested enhancement of the downloaded file.

 BlockChain for IoT Security and Management:
Current Prospects, Challenges and Future Directions
Shanto Roy∗ , Md. Ashaduzzaman† , Mehedi Hassan ‡ , and Arnab Rahman Chowdhury§
Department of Computer Science and Engineering∗†‡§
Green University of Bangladesh, Dhaka-1207, Bangladesh
Email: shantoroy∗ @ieee.org, asadayon† @gmail.com, mehedi‡ @cse.green.edu.bd, arnab§ @cse.green.edu.bd
Abstract—The paper presents an in detailed case study of in-
tegrating BlockChain (BC) in IoT ecosystems in order to achieve
security and privacy. Since the use in cryptocurrency, BlockChain
has gained tremendous attraction due to the versatile application
prospects it raises. As internet of things (IoT) is emerging towards
the smart city requirements, device or data security seems to be
a major concern. Therefore, BlockChain based decentralized and
distributed system can meet the privacy preserving management
in IoT ecosystems. In this paper, we discuss the necessity of
utilizing BlockChain for IoT security, privacy, management. We
present a literature overview of current progresses and security
enhancement in sensor networks using BlockChain; their scope,
prospects and limitations as well. Finally, we suggest some future
directions to indicate further areas of improvement.
keywords- BlockChain, IoT, Security, Privacy, Authentication
I. I NTRODUCTION
BlockChain is no longer a jargon now-a-days and this
system has been adapted through implementation in different
application areas. BC is an open distributed digital ledger sys-
tem that records immutable timestamp blocks one after another
within a chain. Every single block is added to the ledger after
a mining process that is verified by the participating nodes.
This is how BlockChain removes the requirement of a trusted
third party with this distributed record-keeping and verification
system.
In recent decade, internet of things aka IoT has emerged
with a view to targeting further automation in systems where
all nodes, devices and sensor networks are ubiquitously inter-
connected. IoT has made life more easier with smart trans-
portation, smart healthcare, smart agriculture and other smart
city approaches [1] [2]. As billions of devices are being con-
nected to the continuously growing networks, security appears
to be a major concern in this arena. Most of the devices are
resource constraint and heavy cryptographic approaches are
difficult to implement thereby.
Recent research works show that employing BC seems
to be a cure for security concerns regarding IoT [3]. The
present IoT ecosystem is a centralized system where devices
are managed, identified and authenticated centrally that raises
the scalability issue [4]. Therefore, BC provides a distributed
authentication and management system that can enforce the
privacy and security as well. Deviating from the centralized
system, BC provides automotive security, authentication and
trust management in both distributed [5] and decentralized [6]
IoT ecosystem.
The primary objectives of this survey are as follows:
• To analyze the necessity of BlockChain for IoT security,
privacy, integration and management
• To discuss the prospects of using BC in IoT ecosystems
• To raise issues considering different scopes, limitations
and future directions of utilizing BlockChain in sensor
networks
The rest of the paper is organized as follows: Section II
presents an initial overview of BC. Section III discusses the
necessity, requirements and ways of integrating BC in IoT
ecosystem. Then Section IV implies the security achievement
in IoT ecosystem due to the integration of BC. Later, Section V
looks into the implications and applications of utilizing BC in
different hybrid IoT ecosystems. Finally, Section VI elaborates
the scopes, limitations and future directions following a final
concluding section.
II. B LOCK C HAIN OVERVIEW
A. Background
BlockChain, devised by Satoshi Nakamoto in 2008 [7], is
an immutable and distributed public ledger of transactions.
The idea of BC was proposed for Bitcoin to answer the
double-spending problems in crypto currency. BC is composed
of a constantly increasing set of information, called blocks.
The most recent block is added to the BC in sequential
order which consists of transaction data, a timestamp and
cryptographic hash value of the previous block. Since BC
is a distributed ledger, no individual authority manage the
ledger, rather legitimacy of each block is authenticated by
the participating peers. A miner, any peer in the peer-to-peer
network, is accountable for mining blocks for BC by finding
a solution for a computationally exhaustive cryptographic
puzzle called proof-of-work (POW). Newly mined block is
broadcasted to the all nodes of the network. After verifying
the block by all the miners, it is added to the BC. After
inclusion of a block in the BC, it is quite arduous work to
modify data from the block because it necessitates to modify
all the subsequent blocks. And any block to be attached to
a BC it necessitates consensus of the majority nodes of the
network.
B. Design Goal
1) Decentralization: BC is decentralized public ledger be-
cause the data is stored across its peer-to-peer network. As
there is no centralized node to store data, BC abolishes the
vulnerability of single point of failure. Decentralization cuts
off the requirement of a 3rd party as well.
2) Autonomy: No individual entity can control the BC.
To store, transfer or update any data in the BC, it requires
consensus of the majority of nodes in the network. By adopting
decentralized consensus technique, it guarantees the reliability
and consistency without requiring any trusted third-party, thus
providing autonomy.
3) Transparency: BC systems maintain a high level of
transparency. If any data is required to entry or update into the
ledger, it should be validated and authenticated by the system.
Thats why any fraudulent transactions cannot be included into
the ledger.
4) Security: A cryptographic signature distinctive to each
block, and a consensus mechanism, the protocol which the
nodes in the network validate each block, are the two aspects
which make the system innately secure. Users of the system
uses public key cryptography to make a digital signature of its
transaction. So if any information is modified, the signature
will become unacceptable. Being a decentralized system, there
is no single point of failure and data can be altered from
a single place as all the peers in the network store the
information. It will require huge amounts of resource intensive
computing to alter every entity of a fixed BC.
5) Collective Verification: In BC model, a particular trans-
action is added after it is verified by other participating nodes.
Collective verification and identification revoke the necessity
of a third party in BC based systems.
6) Anonymity: It is theoretically intractable to discover the
identity of real user of an account in BC system because the
identity is obscured behind cryptography. BC uses Public Key
Cryptography for authenticating users and controlling access.
Changeable Private Key (PK) is used to sign each transaction
digitally for source authentication and identification by the
users which provides anonymity.
7) Privacy: BC system offers a great deal of privacy
and security in decentralized peer-to-peer networks. Many
promising research like zCash on Ethereum have enhanced
the privacy for BC technology. BC technology has gained its
popularity due to its offering privacy in decentralized network.
C. Working Procedure
1) Broadcasting transaction: A transaction requested by
any node is first encrypted using PKs and then broadcasted
to a Peer-to-Peer network.
2) Transaction validation: The nodes of the network vali-
dates the transaction along with authentication of the requester
node using Public Key Cryptography.
3) Block validation: All the verified pending transactions
are combined together to form a block and it is broadcasted to
the entire network. The block is then validated by the receiving
nodes which execute consensus algorithm like Proof-of-Work
(PoW) or Proof-of-Stake (PoS) in the block.
4) Appending to BC: A validated block is included in the
BC in a stable and irreversible way.
D. BlockChain Structure
The structure of different BC systems may differ in element.
Characteristically in the block, it consists of hash value of the
last generated block, the key data involved in this block, the
value of nonce obtained by solving any consensus algorithm
such as the PoW or PoS puzzle, a timestamp server and
other information. Key data of the blocks may differ from
application to application, for example: smart contract records,
bank transaction records, data from IOT devices, insurance
claim processing data etc. Time stamp data is the proof of
the user that at the time of each transaction, the bulk of the
participating nodes granted it was first received.
E. Consensus Algorithms
In BC system there is no trusted third party authority who
regulates how the system work, how any change or update
can be made. Rather all the nodes in the network resolve
disagreements or protection against security violations, keep
track of the flow of funds and ensure an indisputable exchange
to avoid fraudulent activities. The consensus mechanism is the
process by which all the nodes agree on common content and
the message added to the block is correct.
1) Proof of Work (PoW): Proof-of-Work (PoW) is a tech-
nique to finding solution of puzzles which is used to verify the
trustworthiness of the data. The mathematical puzzles require
a lot of computational power to solve. Output of the puzzle is
a hash which is used to verify any transaction. The nodes who
are responsible for calculating the solution for the PoW called
miners. If a miner succeeds to crack the puzzle, the new block
is formed. PoW is a defense mechanism against DoS attack.
Because attackers should invest lots of computational power
and time to solve the puzzle. Difficulties of the puzzles are
adjusted so that it can limit the rate at which new block can
be generated. It will create a provisional fork in the network
if several nodes discover a suitable solution at the same time.
In that cases, neighboring nodes accept the blocks which have
the longest version of the chain existing at any time.
2) Proof of Stake (PoS): The problem of PoW mechanism
is that it takes huge amount of computing power which is
waste of resources and reduced throughput in the entire BC
system. To overcome the problem Proof-of-Stake (PoS) mech-
anism is introduced which doesnt take so much computing
power. In this system if any node wants to create a block, it
needs to pay a certain amount of crypto currency which is
considered as stake. If the block is validated by the peers of
the network, the creator of the block get incentives as bonus.
On the contrary, if the block is not included in the system,
the creator losses some amount of crypto currency. Thus PoS
will provide defense against malicious attacks as attackers will
lose stake if they fail.
There are other more consensus mechanisms such as PoA
(Proof of Authority), PoET (Proof of Elapsed Time), DPoS
(Delegated Proof of Stake), PBFT (Practical Byzantine Fault
Tolerance) and so on are used in different BC systems. PoA
is slightly different from PoS system where it stakes the real
identities of the nodes in the system instead of fiscal value.
Permitted BC system uses PoET consensus mechanism. DPoS
depends on a group of delegates to authenticate blocks on
behalf of all nodes in the network. PBFT exploits pre-selected
validators to decide consensus for the network.
F. Types of Blockchains
At present there are three types of BC systems.
1) Public Blockchains: In public BC systems there are no
restrictions on accessing the BC. Anyone can send transaction
and participate in consensus mechanism using internet. Bitcoin
and Ethereum are the two major BC systems which are Public
BC.
2) Private Blockchains: Private BC are restricted in man-
ner. If any node wants to join the BC system, an invitation from
the administrator is needed. Participant and validator access is
regulated.
3) Consortium BC: There are no individual organization
monitoring it, rather a group of companies respectively func-
tion a node on such a network. So, Consortium BC can be
seen as partially decentralized networks.
III. B LOCK C HAIN FOR I OT E COSYSTEMS
A. Prospects of BC with IoT
BC has recently attracted a lot more attention in different
sectors due to its efficiency in a decentralized transparent
system without involving a third-party. Before looking into
deep, let’s discuss about the following research questions-
• Why BC need to be integrated with IoT?
• What might be the pros and cons while adapting BC in
IoT ecosystems?
• How to integrate BC with IoT keeping in mind about the
low power resource constraint environments?
The answer to the first question refers to the requirement
of security enforcement along with identity verification in
a decentralized or distributed system. Furthermore, there are
versatile scopes and opportunities while integrating both tech-
nologies [4], [8]–[14]. After the very first implementation
of BC in Bitcoin, the design goals attracted researchers to
implement transparent open ledger based records in other
computing arenas such as cloud computing [14], mobile edge
computing [15] [16], fog computing [3] [17] with better
optimized frameworks. As IoT is itself a distributed and
decentralized system, researchers became more interested to
integrate BC with IoT ecosystems. We will discuss the answers
of other research questions in the later parts of this paper.
Figure 1 presents a graphical timeline of how BC has been
adapting with technologies since its’ birth.
B. Security and Transparency vs Cost
BlockChain requires a consensus algorithm to ensure agree-
ment on identification and verification in a distributed system.
However, the traditional BC employed in Bitcoin is costly
due to the involvement of crypto puzzle solving process.
Moreover, it requires additional computation power. As a result
traditional BC is suitable for distributed networks where there
are miners to solve these cryptographic puzzles [18]. For
Fig. 1. Graphical Time-line of Evolution of BC
example, in case of Bitcoin or other crypto-currencies mining,
miners join in a distributed network waiting and competing
for their chance to solve a puzzle and be able to process the
transaction on first come first serve basis. The computation
requires additional graphics processor units (GPUs) and as
a result the computational pool requires high end physical
devices. Therefore, we see, cost is the primary limitation that
should be considered while implementing BC in other systems.
C. BlockChain Adaptation
IoT ecosystems constitute low-end resource limited end
devices where BC based crypto currency models can be cus-
tomized for IoT applications [19]. Adapting BC architecture
with IoT faces some challenging issues as traditional ones
require highly configured computing resources. Therefore,
adaption requires further modification in BC model to adapt
IoT ecosystems. First of all consensus model require further
modifications as present ones are costly in terms of computing
resource and energy consumption [20]. Although, BC and IoT
both comprise a distributed or decentralized system, the design
goals, scopes and challenges are pretty much different. How-
ever, considering the opportunities and prospects of applying
BC in IoT motivates to renovate adaptive BC model as BC
not only just provide additional privacy and security but also
restrict the requirement of central trustful management system
which is less fault tolerant and hard to scale as well [21].
D. BlockChain integration with IoT
BC and IoT are emerging technologies that will play a vital
role in future networks. Both of the techs have different design
goals, conceptual perspectives and implementation method-
ologies that should be integrated to achieve more secure and
efficient systems [21] [22] [23].
[24] introduced a new consensus system named proof
of concept (PoC) that substitutes traditional algorithms. The
proposed work relates a gateway to be the BC node (also a thin
client) through which low-end resource constraint devices can
communicate with BC network. Another employed strategies
in IoT ecosystem are proof of trust (PoT) and proof of luck
(PoL), introduced by [17], where authors developed a three-
tier system ”IoT-Fog-Cloud”. In this work, the communication
is secured using the Trustful Space-Time Protocol (TSTP).
 To synchronize, maintain and communicate with thousands
of IoT devices in server-client model, BC technology is used
by [25]. RSA cypto technique is used by the authors where
public key is stored in Ethereum, a software based BC tech-
nology to build and deploy decentralized applications where
public key is stored in individual devices. To evaluate the
performance and applicability of the proposed work, authors
developed smart contacts to store data coming for home
devices like electric meters and smart phones.
[26] proposes an architecture for IoT devices based on
BC technology upholding security and privacy benefits but
reducing bandwidth overheads and delays. As a demonstrative
case study for extensive IoT applications, they examined on a
smart home application. This lightweight architecture contains
smart homes, a sensor network ecosystem and cloud storage
that coordinates data transactions with BC using distributed
trust methods.
BC is even used in decentralized IoT ecosystems for secur-
ing storage using homomorphic computations [27]. Named as
BeeKeeper the project is able to process data without getting
known to user’s data. The architecture is also able to increase
additional computation power when new high-end devices
participate in the network. Collective verification and tamper
proof system delivers a privacy preserving Bc-IoT architecture.
In [1], a BC-based security framework is proposed to offer a
protected communication platform in a smart city. There are
several significant features like as improved trustworthiness,
better fault tolerance competency, faster and effective process,
scalability are provided by it.
E. Lightweight BlockChain Design
As PoW is costly in terms of resource and energy, [15]
proposes an edge computing based framework for mobile BC
where authors demand mobile edge computing as the solution
of solving PoW.
Since block is computationally expensive and it has limited
scalability it seems complex to adjust in IoT ecosystems.
While designing lightweight consensus system, [4] proposed a
lightweight BC based system named LSB applying distributed
throughput management to ensure the self-scalability of the
network. The mechanism provides security and privacy by ap-
plying public key cryptography, digital signature and hashing.
In LSB, the data flow is kept separated from the transaction
flow. To protect the overlay against a malicious Overlay Block
Manager (OBM), the authors proposed consensus-period so
that only one block can be generated at a period and being
adjusted by DTM.
Another lightweight BC based architecture for IoT is pro-
posed that virtually eliminates the overheads of classic BC,
while maintaining most of its security and privacy benefits
[28]. High resource devices create an overlay network in order
to implement a publicly accessible distributed BlockChain
that ensures end-to-end security and privacy. To reduce the
block validation processing time, proposed architecture uses
distributed trust. Simulations demonstrate that proposed ar-
chitecture decreases packet and processing overhead signifi-
cantly compared to the BC implementation used in Bitcoin.
It requires no mining and thus incurs no additional delays in
processing generated transactions.
IV. S ECURITY IN BC BASED I OT E COSYSTEM
Installation of existing IoT devices vulnerable to privacy
and security concerns. BC strengthen the security of these
IoT devices by safeguarding critical security data which is
a part of GHOST Project [29]. BC is used for security
IoT devices which have low processing capabilities. Network
security requirements are split into confidentiality, integrity,
authenticity and availability. Identity management require-
ments are separated into authentication, authorization, ac-
countability and revocation. Privacy requirements are split
into data privacy, anonymity, pseudonymity and unlinkability.
Trust requirements are divided into device, entity, and data
trust. Finally, resilience requirements are split into two specific
issues relating to robustness against attacks and resilience
against failures.
[30] have categorized different security issues depending
upon the high-level, intermediate-level, and low-level IoT lay-
ers. For leveraging IoT security at different levels, authors have
scrutinized the mechanism which is suggested by some prolific
literature and provided some possible solution regarding IoT
attacks by implementing and mapping possible solution which
is proposed in the literature. In addition to that they have
used blockchain techniques to address and solve IoT security
problems. Some future research issues and challenges are
also identified which will help the research community to
address security related isuues and provide reliable, efficient,
and scalable IoT security solutions.
Cyber-physical systems (CPS) have serious security issues,
especially in machine-to-machine (M2M) communications.
Sophisticated BC structure was designed between the public
area and private area to address the security issues [31]. A cot-
ton spinning production was taken as a case study to validate
this design. It solves the safety of scalation of machines ef-
fectively in the production process and secures communication
of data between the machines. [32] proposes a self-propelled
security architecture based on BC for the interconnected smart
vehicular ecosystem. They used emerging automotive services
as a case study to demonstrate the efficiency of the proposed
architecture. Furthermore, they discusses the robustness of
their architecture against typical security attacks.
Security and transparency without requiring a third party
is the primary attraction of integrating BC with IoT. Se-
curity measurements are primarily concerned with the CIA
triad (confidentiality, integrity and availability). The following
discussion and Table I reflects the employed strategies for
different security requirements in recent works.
A. Privacy or Confidentiality
In order to maintain the privacy issue, various symmetric
(AES, IDEA) and asymmetric (ECC, RSA) key cryptosystems
and tokenization [33] have been used widely in each and every
communication system. Therefore, in case of IoT ecosystem
as well, encryption is the usual way of ensuring confidentiality
of data while communicating each other [4] [8]. In BC based
system, nodes can easily acknowledge the identity of other
nodes within a system and transaction data can be encrypted
using public key or with a previously shared symmetric key.
The number of IoT devices per person is increasing so
rapidly that it requires sophisticated security measures. Even
though BC supports integrity and non-repudiation, data is not
preserved because it can be seen for verification and mining
purposes. Hence, Attribute-based encryption (ABE) techniques
were introduced to slightly change the BC protocol to ensure
privacy [19].
B. Integrity
In BC based IoT ecosystem, hash of different fields of a
transaction block is a proper way to maintain data integrity [4]
[8]. In [34], messages are signed with the associated private
key (using Elliptic Curve Digital Signature Algorithm) of the
corresponding node to ensure trust and data integrity. Proof of
Trust (PoT) has been used in a multi-tier based IoT ecosystem
for data integrity verification [17].
In [35], a framework based on BC technology is proposed
for Data Integrity Service which provide more trustworthy data
integrity authentication for the IoT data of both the data owners
and data consumers. This framework doesnt rely on Third
Party Auditors for the verification of data integrity which may
compromise credibility. Moreover, it provides some benefits
like no individual party can diminish the process, enhancement
of efficacy of data integrity verification with growing number
of clients, maintenance of trading data with data consumers,
and implementation of pay per transaction Data Integrity
Service.
C. Availability
Availability in IoT ecosystem largely depends on handling
the requests from only authorized nodes in a trusted envi-
ronment so that malicious requests can be discarded [4] [8].
DDoS attack in a BC based system is almost impossible
if the participating nodes in a network is authenticated and
authorized; making it difficult to enter in the network by
masquerading.
D. Authentication
BC provides authentication by default as the whole system
is decentralized and every node or member in the network is
verified by others. In smart home systems, a lightweight BC
system proposed by [4] enforces all the nodes to have a stored
genesis transaction in the BC for authentication. A particular
node is authenticated if it has the private key corresponding to
the public key of a transaction stored previously in the genesis
transaction. As it is quite difficult to build an efficient cen-
tralized authentication system, [34] proposed a decentralized
system named- Bubble of Trust; to identify and authenticate
nodes in BC based IoT ecosystem. A node uses a ticket during
initialization to authenticate itself and an object ID signed by
its private key is used for identification.
E. Authorization
Authorization is another security measurement that refers to
the user privileges over resources such as files, data, services or
application module etc. [36] proposes a BC based conceptual
architecture for mobile communication services that provides
privacy preserving authorization for mobile devices. In this
work, authors used a registration-confirmation system through
which a device will get an ID for authorization. Moreover, the
model also ensures reduced pricing and cost for services using
a single contract based billing system that is independent in
terms of different wireless communication services. In case
of smart systems, BC should be lightweight and the blocks
require modifications for additional data. In order to meet that
requirement, [8] utilized a policy header along with shared
keys for authorization of smart IoT devices in smart home
systems.
F. Access Control
A distributed trustworthy access control is required in IoT
ecosystems. Without proper access control the whole network
become vulnerable to initiate protection mechanism against
malicious attacks. A smart-contract based access control mech-
anism provides solution to the addressed problem [37]. The
access control proposed by authors is primarily based on the
Ethereum smart contract for decentralized application platform
[38].
G. Identity Verification
Cyber-security in the IoT seems to be a major concern
since number of interconnected devices is increasing expo-
nentially. BC provides scalability, heterogeneity and mobility
that requires initiating new identity management operations
in distributed and trustless environments. It is also necessary
to uniquely identify a particular device based on its intrinsic
digital properties. BC-based Identity Framework for IoT (BI-
FIT) achieves identity self-management by end users by au-
tonomously extracting appliances signatures and creating BC-
based identifiers for their appliance owners [39]. It correlates
the appliance signatures aka low-level identities and owners
identities as well with a view to using them in authentication
management process within the IoT ecosystem.
H. Non-repudiation
The concept of non-repudiation refers to the transparent
transaction logging system acknowledged by both parties. In
a public BC based IoT system, all the transactions are logged
and recorded in the public ledger so that no one can deny the
completion of a transaction [4].
V. I MPLICATION OF INTEGRATING B LOCK C HAIN
A. Cloud and IoT Ecosystem
Cloud, fog and edge computing are the associated central-
ized frameworks for managing IoT devices and data. [15]
proposes an edge computing based framework for mobile BC
to solve PoW keeping in mind about the energy profiling for
mining [40]. Considering a multi-tier system [3] Fog node
 TABLE I
E MPLOYED STRATEGIES FOR S ECURITY REQUIREMENTS IN BC BASED I OT E COSYSTEMS

Requirement Employed Strategies References

Confidentiality Different lightweight symmetric and asymmetric encryption systems are implemented to ensure privacy of all [4] [8]
transactions.
Integrity Hash of different field in a block is used to verify the integrity of transactions. Proof of Trust is another solution [4] [8] [34] [17] [35]
to verify integrity in multi-tier systems.
Availability Availability is achieved through proper authentication and authorization so that malicious outsider cannot cause [4] [8] [25]
potential attacks by entering in the network.
Authentication BC provides authentication in decentralized system by identifying stored corresponding keys in a transaction [4] [34]
process while being recorded in the open ledger. Authentication can also be achieved using ticket or token
management system.
Authorization Registration management in BC, policy headers and shared keys etc. provide authorization for current IoT [8] [36]
ecosystems.
Non-repudiation Transparent logging in public BC records every transaction so that none of the party can deny. [4]
Access Control Smart contract based access control mechanisms are required. [8] [37] [38]

works as middle layer integrating IoT and cloud. [17] utilizes
PoT and PoL in IoT and Fog respectively that ensures an
overall integration of BC in the entire network. Even mobile
computing for mobichain (for BC based secure transaction)
seems to be a good solution in M-Commerce [16].
In [41] the authors propose a system design for IoT, based
on BC which conveys a fine-grained access control and data
management of time- series sensor data of numerous IoT
applications. This system provide a secure and robust access
control management and assistance of the storage of time-
series IoT data at the brink of the network via a locality-
aware decentralized storage system. [14] discussed on a model
named ChainAnchor that helps commissioning an IoT device
into a cloud ecosystem. It has autonomous registration pro-
cess along with device manufacturing provenance information
anonymously.
B. Smart Transport
Internet of Vehicles (IoV) or smart transport using BC
[32] encompasses connected vehicle services like vehicle
management, infotainment, driving assistance, safety, traffic
management and data communication between nodes. Many
mishaps can be prevented and lives can be saved by the
efficient communication. Hence, including only the authen-
ticated nodes in the network in order to prevent malicious
activities like tampering the emergency message or sending
false information by using the promising and evolving BC
technology [42]. Smart contract feature of BC can perform any
specific task when triggered. It can provide real-time update.
Decentralized structure makes it more secure, efficient and
accurate. It is assumed that Using BC in transportation can
eliminate the involvement of third party in the utilization of
private transport and ride sharing.
While examining the application of the ad-hoc vehicular
communication network, [43] found that the existing systems
are incapable of supporting some remarkable features of ad-
hoc vehicular network. Block-VN model, a new distributed
BC architecture is proposed by the authors to address the
prodigious features of vehicular network. Block-VN is such
a technology that creates a network among vehicles which
allows them to discover and share their information to produce
value-added services. In near future, authors will concentrate
on sharing economy of mobile vehicles and try to integrate
the BC technology with wearable devices.
C. Smart Home
At present, every smart home is equipped with high-end
devices connected altogether that act as miners in a BC based
smart home system [8]. The authors demonstrate about four
core components in smart home to implement the mechanism-
transactions, local BC, home miner, and local storage. Using
layered security various attacks including DDoS are prevented
in smart homes. The architecture seems energy efficient as the
encryption and hashing are done by only selected miners.
D. Smart Healthcare
Healthcare and online patient monitoring [44] can be inte-
grated with BC within a trusted network [45] [46]. This helps
to maintain privacy & security of patients data and to ensure
risk control as well [47].
E. Smart Agriculture
Smart food supply chain is a part of smart agriculture and it
needs transparent information management with transparency,
neutrality, reliability and security [48]. Authors proposed a
traceable BC based food supply chain for real-time food
tracing. Environmental monitoring is another essential part in
ICT E-agriculture at local and regional scale [49].
F. Smart Industry
Autonomous transactions of data from machine to machine
in industrial system require BC to ensure transparency of
exchanged data [50]. As IoT already have tremendous impact
over industry, merging BC with IoT can provide trusted
open network delivering suitable output to enhance production
[13]. Also, cloud based platforms that require mobile cloud
processing like photo ID verifications [51] will achieve more
transparency using BC based architectures.
G. Smart Grid
For secure energy trading, [52] proposed a transaction
handling mechanism named EnergyChain that eradicates tra-
ditional third party based system that predefines a particular
miner to process all the transactions, block creation and block
validation. Smart grids should be cost effective as well [53].
VI. D ISCUSSION
A. Scope
1) Integrating Centralized and Decentralized Systems:
Recent works on BC shows potentiality in merging central-
ized and decentralized systems making it a hybrid highly
distributed networks. Both centralization and decentralization
has their own pros and cons. Therefore, it is wise to integrate
the advantages of both with a view to building an efficient
network.
A hierarchical distributed control system model for edge
computing were proposed by [54]. They have inspected the
IEC 61499 standard for distributed control systems, and have
proposed the current research regarding the operation of
function blocks as smart contracts performed by the BC on
a management level.
2) SDN based BlockChain: Two emerging technologies:
SDN and blockchains have been merged to mitigate some
issues such as flexibility, efficiency, availability, security which
is escalated in IoT network. DistBlockNet [55], a distributed
secure SDN architecture using the blockchain technology has
been proposed by the authors. In order to update, verify and
validate the flow rules for the IoT forwarding devices, authors
have proposed a new scheme using the blockchain technology
where security is automatically adapted without the review of
administrator. Authors have analyzed their proposed work with
existing one by changing computational metrics and found
that DistBlockNet is capable of detecting attacks in the IoT
network in real time with low performance overheads.
Research shows that, in this era of software defined net-
working (SDN) and machine learning (ML), BC based IoT
ecosystems can achieve high level of security [56] by adapting
to new threat models.
3) Wireless radio network: BC is being utilized in wireless
mobile networks as well. A new conceptual architecture has
been proposed for authorization of mobile services [36]. It
separates mobile communication infrastructure and billing
functions and multiple use of mobile communications using
BC technologies. [57] suggested a conceptual BC based model
for low power wide area (LPWA) network to address solution
towards two particular problems- trust of the private network
operators and lack of network coverage. The open distributed
and tamper-proof system provides ensured verifications of
transaction within a trusted low-end wireless devices network.
In various LPWA technologies, Narrow Band IoT (NB-
IoT) and long range (LoRa) are two main leading competitive
technologies. NB-IoT network is built and managed by mo-
bile operators while LoRa is operated by private companies
or organizations. These two comepetitve technologies bring
the trust issues between application customers and network
operations. A BC technology based solution is proposed to
build an open, trusted, decentralized and tamper-proof system
for LoRaWAN which provides the indisputable mechanism to
verify that the data of a transaction has existed at a specific
time in the network [57].
[6] deals with peer authentication and trust management
issues in the framework of Wireless Sensor Networks. They
propose a BC-based model to strengthen legitimacy and verac-
ity of cryptographic authentication data and subordinate peer
trust level in WSN.
4) Shared Economic Applications: Shared economy ap-
plications are becoming popular day by day. We have seen
enormous success of Airbnb, an online market place and
hospitality service center and Uber, a peer-to-peer ride sharing,
taxi cab, food delivery, and transportation network company
[58]. To establish the shared economy application service more
reliable, organize and secure, IoT and BC technology can be
used for the greater instinct. Communication and collection
of data from sensor and mobile devices and exchanging
information among IoT devices will be more reliable, fast and
cost effective thereby. Moreover, combining BC with IoT will
create a secure shared economy distributed application.
5) Customization in Service Provision: Using BC in mobile
communication can reduce the cost of total system and shares
the cost with the stakeholders [36]. It reduces the risk of
traceability of a users service use. It also provides several
communication services to users considering their level of use.
B. Limitations
The scope and application opportunity of BC is vast due
to the convenience of decentralization management and trans-
parency. However, BC is still in it’s infancy period and need
more research works. Except a few proposed BC system, most
are costly in terms of processing, maintenance and power
consumption [29]. Moreover, there are typical scaling issues as
well. In some cases, it just seems that sometimes centralized
maintenance is better than the decentralized ones. Although
some research proposes the hybrid utilization as a solution.
Security is another important aspect to keep in mind while
designing BC based systems. Moreover, the so-called 51%
attack seems to be a serious threat to BC based systems
[59]. In this attack, if a node possesses 51% of the overall
computational power, it can tamper the consensus system.
However, that is another reason BC should be developed
differently for IoT ecosystem. Furthermore, Due to the versa-
tile connectivity and tamper-able environment, various attacks
can be drawn over IoT ecosystems varying from smart home
to industrial automation. However, current research findings
include different protection mechanisms as well in the papers.
C. Future Research Directions
1) Security and Privacy: Several security issues were in-
troduced by [4] [60] [56] where they discussed about the
possible threats including DDoS and linking attack on BC
based smart systems. The papers also referred to particular
protection strategies to the individual vulnerabilities. However,
the security arena still requires a lot more contributions in
order to achieve a decentralized trustworthy system. There are
further areas to improve as well.
2) Adaptation to S-MQTT/CoAP: Currently there are some
popular communication protocols that are being used widely
in IoT ecosystems for device-to-device connection. The im-
provement and new development of lightweight encryption
algorithms are required to ensure the security of the BC. It is
also required to design and develop consensus system in hybrid
(both centralized and decentralized) mining environment that
will be able to adapt the secure MQTT or CoAP protocols.
3) Connectivity and Scaling: Scalability issues should be
solved in parallel BC [36]. In recent works, scalability was
always found to be a issue that needs immediate efficient so-
lutions. Some works just referred to particular miners selected
previously. However, in these cases, the architecture seem
to be more similar with any centralized system. Some other
works identified inefficiency in performance in the network
(e.g. less transaction per time) while more devices are being
added. Therefore, scalability with trusted connectivity without
degrading any performance requires more research attentions.
4) Energy Consumption & Resource Allocation: Although,
there are different approaches to avoid energy consumption in
BC based systems [40] [24], they are still inefficient in com-
parison with the performances provided by lower end devices.
High-processing BC nodes to increase the resilience of IoT
installations directly impacts the total energy consumption of
the system [29]. It can be kept at moderated levels if only a
limited amount of BC nodes is used and if a lower difficulty for
the mining algorithm is selected. It is also mandatory to reduce
computational overhead while using different cryptosystems
e.g. ABE techniques in BC powered-IoT [19].
5) BlockChain Standardization: Presents work propose dif-
ferent architectures to meet their requirements. A standard
model should be proposed for overall IoT ecosystem.
6) BlockChain model Optimization: BC model optimiza-
tion involves redesign and development of the model in order
to adapt IoT ecosystems. Considering all the odds and diffi-
culties of using BC should attract more research works. Smart
contract script technology can be used to define automated
trading model in the IoT network. In wireless sensor networks
fully-scaled LoRaWAN blockchain network can be built to link
customers gateways and application servers.
VII. C ONCLUSION
Having a distributed nature by default, the IoT ecosystem
has a wider scope of using BC for it’s security achieve-
ment purpose. Along with the autonomous authentication and
verification process in a decentralized system, other security
concerns can be meet by implementing a lightweight BC
system. The BC model that needs to be adapted with IoT,
needs modification in the verifying process as the traditional
consensus algorithms seem costly compared to the resources
a sensor network have. Also, design of a standard integration
of different ecosystems require further research attentions.
ACKNOWLEDGEMENTS
This work has been partially supported by Green University
of Bangladesh research fund.
L IST OF A BBREVIATIONS
ABE Attribute Based Encryption
AES Advanced Encryption Standard
BC BlockChain
CoAP Constrained Application Protocol
ECC Elliptic Curve Cryptography
IDEA International Data Encryption Algorithm
IoT Internet of Things
MQTT Message Queuing Telemetry Transport
PoS/W/T/C/L Proof of Stake/Work/Trust/Concept/Luck
RSA Rivest Shamir Adleman
R EFERENCES
[1] K. Biswas and V. Muthukkumarasamy, “Securing smart cities using
blockchain technology,” in High Performance Computing and Com-
munications; IEEE 14th International Conference on Smart City;
IEEE 2nd International Conference on Data Science and Systems
(HPCC/SmartCity/DSS), 2016 IEEE 18th International Conference on.
IEEE, 2016, pp. 1392–1393.
[2] T. M. Fernández-Caramés and P. Fraga-Lamas, “A review on the use of
blockchain for the internet of things,” IEEE Access, 2018.
[3] J. C. Song, M. A. Demir, J. J. Prevost, and P. Rad, “Blockchain design
for trusted decentralized iot networks,” in 2018 13th Annual Conference
on System of Systems Engineering (SoSE). IEEE, 2018, pp. 169–174.
[4] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Lsb: A
lightweight scalable blockchain for iot security and privacy,” arXiv
preprint arXiv:1712.02969, 2017.
[5] A. Dorri, M. Steger, S. S. Kanhere, and R. Jurdak, “Blockchain: A
distributed solution to automotive security and privacy,” IEEE Commu-
nications Magazine, vol. 55, no. 12, pp. 119–125, 2017.
[6] A. Moinet, B. Darties, and J.-L. Baril, “Blockchain based trust
& authentication for decentralized sensor networks,” arXiv preprint
arXiv:1706.01730, 2017.
[7] S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” 2008.
[8] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Blockchain for
iot security and privacy: The case study of a smart home,” in Pervasive
Computing and Communications Workshops (PerCom Workshops), 2017
IEEE International Conference on. IEEE, 2017, pp. 618–623.
[9] K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for
the internet of things,” Ieee Access, vol. 4, pp. 2292–2303, 2016.
[10] M. Conoscenti, A. Vetro, and J. C. De Martin, “Blockchain for the inter-
net of things: A systematic literature review,” in Computer Systems and
Applications (AICCSA), 2016 IEEE/ACS 13th International Conference
of. IEEE, 2016, pp. 1–6.
[11] N. Kshetri, “Can blockchain strengthen the internet of things?” IT
Professional, vol. 19, no. 4, pp. 68–72, 2017.
[12] S. Underwood, “Blockchain beyond bitcoin,” Communications of the
ACM, vol. 59, no. 11, pp. 15–17, 2016.
[13] A. Bahga and V. K. Madisetti, “Blockchain platform for industrial
internet of things,” Journal of Software Engineering and Applications,
vol. 9, no. 10, p. 533, 2016.
[14] T. Hardjono and N. Smith, “Cloud-based commissioning of constrained
devices using permissioned blockchains,” in Proceedings of the 2nd
ACM International Workshop on IoT Privacy, Trust, and Security.
ACM, 2016, pp. 29–36.
[15] Z. Xiong, Y. Zhang, D. Niyato, P. Wang, and Z. Han, “When mobile
blockchain meets edge computing: challenges and applications,” arXiv
preprint arXiv:1711.05938, 2017.
[16] K. Suankaewmanee, D. T. Hoang, D. Niyato, S. Sawadsitang,
P. Wang, and Z. Han, “Performance analysis and application of mobile
blockchain,” in 2018 International Conference on Computing, Network-
ing and Communications (ICNC). IEEE, 2018, pp. 642–646.
[17] C. Machado and A. A. M. Fröhlich, “Iot data integrity verification for
cyber-physical systems using blockchain,” in 2018 IEEE 21st Interna-
tional Symposium on Real-Time Distributed Computing (ISORC). IEEE,
2018, pp. 83–90.
[18] J. A. Kroll, I. C. Davey, and E. W. Felten, “The economics of bitcoin
mining, or bitcoin in the presence of adversaries,” in Proceedings of
WEIS, vol. 2013, 2013, p. 11.
[19] Y. Rahulamathavan, R. C.-W. Phan, M. Rajarajan, S. Misra, and A. Kon-
doz, “Privacy-preserving blockchain based iot ecosystem using attribute-
based encryption,” in 2017 IEEE International Conference on Advanced
Networks and Telecommunications Systems (ANTS). IEEE, 2017, pp.
1–6.
[20] W. Wang, D. T. Hoang, Z. Xiong, D. Niyato, P. Wang, P. Hu, and
Y. Wen, “A survey on consensus mechanisms and mining management
in blockchain networks,” arXiv preprint arXiv:1805.02707, 2018.
[21] M. Banerjee, J. Lee, and K.-K. R. Choo, “A blockchain future for
internet-of-things security: a position paper,” Digital Communications
and Networks, 2017.
[22] M. A. Walker, A. Dubey, A. Laszka, and D. C. Schmidt, “Platibart:
a platform for transactive iot blockchain applications with repeatable
testing,” in Proceedings of the 4th Workshop on Middleware and
Applications for the Internet of Things. ACM, 2017, pp. 17–22.
[23] E. F. Jesus, V. R. Chicarino, C. V. de Albuquerque, and A. A. d. A.
Rocha, “A survey of how to use blockchain to secure internet of things
and the stalker attack,” Security and Communication Networks, vol.
2018, 2018.
[24] K. R. Özyılmaz and A. Yurdakul, “Integrating low-power iot devices
to a blockchain-based infrastructure: work-in-progress,” in Proceedings
of the Thirteenth ACM International Conference on Embedded Software
2017 Companion. ACM, 2017, p. 13.
[25] S. Huh, S. Cho, and S. Kim, “Managing iot devices using blockchain
platform,” in Advanced Communication Technology (ICACT), 2017 19th
International Conference on. IEEE, 2017, pp. 464–467.
[26] A. Dorri, S. S. Kanhere, and R. Jurdak, “Blockchain in internet of things:
challenges and solutions,” arXiv preprint arXiv:1608.05187, 2016.
[27] L. Zhou, L. Wang, Y. Sun, and P. Lv, “Beekeeper: A blockchain-based
iot system with secure storage and homomorphic computation,” IEEE
Access, 2018.
[28] A. Dorri, S. S. Kanhere, and R. Jurdak, “Towards an optimized
blockchain for iot,” in Proceedings of the Second International Confer-
ence on Internet-of-Things Design and Implementation. ACM, 2017,
pp. 173–178.
[29] C. S. Kouzinopoulos, G. Spathoulas, K. M. Giannoutakis, K. Votis,
P. Pandey, D. Tzovaras, S. K. Katsikas, A. Collen, and N. A. Nijdam,
“Using blockchains to strengthen the security of internet of things,” in
International ISCIS Security Workshop. Springer, 2018, pp. 90–100.
[30] M. A. Khan and K. Salah, “Iot security: Review, blockchain solutions,
and open challenges,” Future Generation Computer Systems, vol. 82,
pp. 395–411, 2018.
[31] S. Yin, J. Bao, Y. Zhang, and X. Huang, “M2m security technology of
cps based on blockchains,” Symmetry, vol. 9, no. 9, p. 193, 2017.
[32] Y. Yuan and F.-Y. Wang, “Towards blockchain-based intelligent trans-
portation systems,” in Intelligent Transportation Systems (ITSC), 2016
IEEE 19th International Conference on. IEEE, 2016, pp. 2663–2668.
[33] S. Roy, A. R. Shovon, and M. Whaiduzzaman, “Combined approach
of tokenization and mining to secure and optimize big data in cloud
storage,” in Humanitarian Technology Conference (R10-HTC), 2017
IEEE Region 10. IEEE, 2017, pp. 83–88.
[34] M. T. Hammi, B. Hammi, P. Bellot, and A. Serhrouchni, “Bubbles of
trust: A decentralized blockchain-based authentication system for iot,”
Computers & Security, vol. 78, pp. 126–142, 2018.
[35] B. Liu, X. L. Yu, S. Chen, X. Xu, and L. Zhu, “Blockchain based data
integrity service framework for iot data,” in Web Services (ICWS), 2017
IEEE International Conference on. IEEE, 2017, pp. 468–475.
[36] S. Kiyomoto, A. Basu, M. S. Rahman, S. Ruj, D. Kim, J. Yun, S. Kim,
N. Farooqi, A. A. Alotaibi, and M. C. Angelides, “On blockchain-based
authorization architecture for beyond-5g mobile services.”
[37] Y. Zhang, S. Kasahara, Y. Shen, X. Jiang, and J. Wan, “Smart
contract-based access control for the internet of things,” arXiv preprint
arXiv:1802.04410, 2018.
[38] V. Buterin et al., “A next-generation smart contract and decentralized
application platform,” white paper, 2014.
View publication stats
[39] X. Zhu, Y. Badr, J. Pacheco, and S. Hariri, “Autonomic identity frame-
work for the internet of things,” in Cloud and Autonomic Computing
(ICCAC), 2017 International Conference on. IEEE, 2017, pp. 69–79.
[40] S. Sankaran, S. Sanju, and K. Achuthan, “Towards realistic energy pro-
filing of blockchains for securing internet of things,” in 2018 IEEE 38th
International Conference on Distributed Computing Systems (ICDCS).
IEEE, 2018.
[41] H. Shafagh, L. Burkhalter, A. Hithnawi, and S. Duquennoy, “Towards
blockchain-based auditable storage and sharing of iot data,” in Proceed-
ings of the 2017 on Cloud Computing Security Workshop. ACM, 2017,
pp. 45–50.
[42] A. Arora and S. K. Yadav, “Block chain based security mechanism for
internet of vehicles (iov),” 2018.
[43] P. K. Sharma, S. Y. Moon, and J. H. Park, “Block-vn: A distributed
blockchain based vehicular network architecture in smart city,” Journal
of Information Processing Systems, vol. 13, no. 1, p. 84, 2017.
[44] S. Roy, A. Rahman, M. Helal, M. S. Kaiser, and Z. I. Chowdhury,
“Low cost rf based online patient monitoring using web and mobile
applications,” in Informatics, Electronics and Vision (ICIEV), 2016 5th
International Conference on. IEEE, 2016, pp. 869–874.
[45] M. Mettler, “Blockchain technology in healthcare: The revolution starts
here,” in e-Health Networking, Applications and Services (Healthcom),
2016 IEEE 18th International Conference on. IEEE, 2016, pp. 1–3.
[46] A. Ekblaw, A. Azaria, J. D. Halamka, and A. Lippman, “A case study for
blockchain in healthcare:medrec prototype for electronic health records
and medical research data,” in Proceedings of IEEE open & big data
conference, vol. 13, 2016, p. 13.
[47] X. Yue, H. Wang, D. Jin, M. Li, and W. Jiang, “Healthcare data
gateways: found healthcare intelligence on blockchain with novel privacy
risk control,” Journal of medical systems, vol. 40, no. 10, p. 218, 2016.
[48] F. Tian, “A supply chain traceability system for food safety based on
haccp, blockchain & internet of things,” in Service Systems and Service
Management (ICSSSM), 2017 International Conference on. IEEE, 2017,
pp. 1–6.
[49] Y.-P. Lin, J. R. Petway, J. Anthony, H. Mukhtar, S.-W. Liao, C.-F.
Chou, and Y.-F. Ho, “Blockchain: The evolutionary next step for ict
e-agriculture,” Environments, vol. 4, no. 3, p. 50, 2017.
[50] J. Mattila, T. Seppälä, C. Naucler, R. Stahl, M. Tikkanen, A. Bådenlid,
J. Seppälä et al., “Industrial blockchain platforms: An exercise in use
case development in the energy industry,” The Research Institute of the
Finnish Economy, Tech. Rep., 2016.
[51] A. R. Shovon, S. Roy, T. Sharma, and M. Whaiduzzaman, “A restful
e-governance application framework for people identity verification in
cloud,” in International Conference on Cloud Computing. Springer,
2018, pp. 281–294.
[52] S. Aggarwal, R. Chaudhary, G. S. Aujla, A. Jindal, A. Dua, and
N. Kumar, “Energychain: Enabling energy trading for smart homes using
blockchains in smart grid ecosystem,” in Proceedings of the 1st ACM
MobiHoc Workshop on Networking and Cybersecurity for Smart Cities.
ACM, 2018, p. 1.
[53] F. Lombardi, L. Aniello, S. De Angelis, A. Margheri, and V. Sassone, “A
blockchain-based infrastructure for reliable and cost-effective iot-aided
smart grids,” 2018.
[54] A. Stanciu, “Blockchain based distributed control system for edge
computing,” in Control Systems and Computer Science (CSCS), 2017
21st International Conference on. IEEE, 2017, pp. 667–671.
[55] P. K. Sharma, S. Singh, Y.-S. Jeong, and J. H. Park, “Distblocknet: a
distributed blockchains-based secure sdn architecture for iot networks,”
IEEE Communications Magazine, vol. 55, no. 9, pp. 78–85, 2017.
[56] F. Restuccia, S. DOro, and T. Melodia, “Securing the internet of things
in the age of machine learning and software-defined networking,” IEEE
Internet of Things Journal, 2018.
[57] J. Lin, Z. Shen, C. Miao, and S. Liu, “Using blockchain to build trusted
lorawan sharing server,” International Journal of Crowd Science, vol. 1,
no. 3, pp. 270–280, 2017.
[58] S. Huckle, R. Bhattacharya, M. White, and N. Beloff, “Internet of things,
blockchain and shared economy applications,” Procedia computer sci-
ence, vol. 98, pp. 461–466, 2016.
[59] D. Bradbury, “The problem with bitcoin,” Computer Fraud & Security,
vol. 2013, no. 11, pp. 5–8, 2013.
[60] N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on ethereum
smart contracts (sok),” in Principles of Security and Trust. Springer,
2017, pp. 164–186.