DIDAuth-IoTFW: Decentralized firmware authentication for smart home IoT devices using verifiable credentials

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2025-10-08 DOI:10.1016/j.iot.2025.101788

W.M.A.B. Wijesundara , Joong-Sun Lee , Eleni Aloupogianni , Dara Tith , Hiroyuki Suzuki , Takashi Obi

{"title":"DIDAuth-IoTFW: Decentralized firmware authentication for smart home IoT devices using verifiable credentials","authors":"W.M.A.B. Wijesundara , Joong-Sun Lee , Eleni Aloupogianni , Dara Tith , Hiroyuki Suzuki , Takashi Obi","doi":"10.1016/j.iot.2025.101788","DOIUrl":null,"url":null,"abstract":"<div><div>Rapid proliferation of smart home IoT devices has intensified the demand for secure, scalable, and autonomous firmware authentication mechanisms. Traditional centralized solutions face challenges related to privacy concerns, limited scalability, and vulnerability to single point of failure. In this paper, we propose DIDAuth-IoTFW, a novel decentralized identity and firmware authentication framework that uniquely integrates Ethereum Layer-2 Arbitrum, InterPlanetary File System (IPFS), and W3C-compliant Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). DIDAuth-IoTFW provides a complete firmware authentication life cycle, from decentralized identity registration to real-time, on-chain verifiable revocation. While enabling autonomous, cryptographic verification directly on resource-constrained IoT devices and ensuring reliable performance even when gateways are compromised or unavailable. Our proof-of-concept implementation on ESP32 and Raspberry Pi achieved complete resistance to replay, forgery, and revocation threats with verification consistently under 1.2 s. Compared to prior work, DIDAuth-IoTFW uniquely combines firmware–VC hash binding, contract binding that prevents cross-registry replay, and device-side enforcement resilient to gateway compromise. Experimental results indicate a robust, privacy-preserving, and scalable alternative to centralized firmware-update pipelines for smart-home IoT.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"34 ","pages":"Article 101788"},"PeriodicalIF":7.6000,"publicationDate":"2025-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525003026","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Rapid proliferation of smart home IoT devices has intensified the demand for secure, scalable, and autonomous firmware authentication mechanisms. Traditional centralized solutions face challenges related to privacy concerns, limited scalability, and vulnerability to single point of failure. In this paper, we propose DIDAuth-IoTFW, a novel decentralized identity and firmware authentication framework that uniquely integrates Ethereum Layer-2 Arbitrum, InterPlanetary File System (IPFS), and W3C-compliant Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). DIDAuth-IoTFW provides a complete firmware authentication life cycle, from decentralized identity registration to real-time, on-chain verifiable revocation. While enabling autonomous, cryptographic verification directly on resource-constrained IoT devices and ensuring reliable performance even when gateways are compromised or unavailable. Our proof-of-concept implementation on ESP32 and Raspberry Pi achieved complete resistance to replay, forgery, and revocation threats with verification consistently under 1.2 s. Compared to prior work, DIDAuth-IoTFW uniquely combines firmware–VC hash binding, contract binding that prevents cross-registry replay, and device-side enforcement resilient to gateway compromise. Experimental results indicate a robust, privacy-preserving, and scalable alternative to centralized firmware-update pipelines for smart-home IoT.

Abstract Image

查看原文本刊更多论文

DIDAuth-IoTFW：使用可验证凭据的智能家居物联网设备的分散固件身份验证

智能家居物联网设备的快速扩散加剧了对安全、可扩展和自主固件认证机制的需求。传统的集中式解决方案面临着与隐私问题、有限的可伸缩性和单点故障脆弱性相关的挑战。在本文中，我们提出了DIDAuth-IoTFW，这是一种新颖的去中心化身份和固件身份验证框架，它独特地集成了以太坊第二层仲裁、星际文件系统（IPFS）和符合w3c的去中心化标识符（did）和可验证凭证（VCs）。DIDAuth-IoTFW提供了一个完整的固件认证生命周期，从分散的身份注册到实时的、链上可验证的撤销。同时直接在资源受限的物联网设备上实现自主的加密验证，并确保在网关受到威胁或不可用的情况下也能实现可靠的性能。我们在ESP32和树莓派上的概念验证实现实现了对重放，伪造和撤销威胁的完全抵抗，验证始终在1.2秒内。与之前的工作相比，DIDAuth-IoTFW独特地结合了固件- vc哈希绑定、防止跨注册表重播的合约绑定，以及抵御网关入侵的设备端强制执行。实验结果表明，这是一种鲁棒、隐私保护和可扩展的替代方案，可用于智能家居物联网的集中式固件更新管道。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.