The adoption of non-certified Internet of Things (IoT) devices can expose the system to cyber attacks that can disrupt IoT-based applications or generate fake data. At the same time, complex cryptographic approaches cannot be adopted due to the limited computational and power resources of IoT devices. In the literature, the certification of IoT devices is performed through a Certification Authority (CA) that generates and stores certificates for all the IoT nodes. Usually, CA is hosted in remote sites (e.g., in the Cloud or the IoT service administrator's private network) and this exposes the IoT ecosystem to attacks. This paper overcomes these challenges by proposing a new Broker based certification process which decouples at the Edge the communication between IoT devices and the CA. Acting as an “intermediary”, the Mobile Edge Computing (MEC) node shields the communication between untrusted IoT devices and the CA, taking the responsibility for the node certification. The establishment of a trusted ecosystem is further reinforced to guarantee integrity and non-repudiation of the data by using a Federated Blockchain, which is a distributed storage of non-falsifiable data in digital ledgers. Confidentiality and robustness against network issues or temporary disconnections is also achieved using the Extended Triple Diffie-Hellman (X3DH) protocol, which set up secure communication over the Internet among the involved. In the paper, we present the design of the whole proposed solution together with the exploited technologies and details on our implementation. We also present evaluation results to show the efficiency and performance of our solution.

Establishment of a trusted environment for IoT service provisioning based on X3DH-Based brokering and Federated Blockchain

Lukaj V.
Primo
;
Martella F.
Secondo
;
Fazio M.;Celesti A.
Penultimo
;
Villari M.
Ultimo
2023-01-01

Abstract

The adoption of non-certified Internet of Things (IoT) devices can expose the system to cyber attacks that can disrupt IoT-based applications or generate fake data. At the same time, complex cryptographic approaches cannot be adopted due to the limited computational and power resources of IoT devices. In the literature, the certification of IoT devices is performed through a Certification Authority (CA) that generates and stores certificates for all the IoT nodes. Usually, CA is hosted in remote sites (e.g., in the Cloud or the IoT service administrator's private network) and this exposes the IoT ecosystem to attacks. This paper overcomes these challenges by proposing a new Broker based certification process which decouples at the Edge the communication between IoT devices and the CA. Acting as an “intermediary”, the Mobile Edge Computing (MEC) node shields the communication between untrusted IoT devices and the CA, taking the responsibility for the node certification. The establishment of a trusted ecosystem is further reinforced to guarantee integrity and non-repudiation of the data by using a Federated Blockchain, which is a distributed storage of non-falsifiable data in digital ledgers. Confidentiality and robustness against network issues or temporary disconnections is also achieved using the Extended Triple Diffie-Hellman (X3DH) protocol, which set up secure communication over the Internet among the involved. In the paper, we present the design of the whole proposed solution together with the exploited technologies and details on our implementation. We also present evaluation results to show the efficiency and performance of our solution.
2023
File in questo prodotto:
File Dimensione Formato  
2023_Elsevier-IoT_X3DXFederatedBlockchain.pdf

solo utenti autorizzati

Licenza: Copyright dell'editore
Dimensione 7.23 MB
Formato Adobe PDF
7.23 MB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11570/3250094
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 8
  • ???jsp.display-item.citation.isi??? 3
social impact