Trust-Based Permissioned Blockchain Network for Identification and Authentication of Internet of Smart Devices: An E-Commerce Prospective

The Internet of Things refers to billions of devices around us connected to the wireless internet. These IoT devices are memory-constrained devices that can collect and transfer data over the network without human assistance. Recently, IoT is materialized in retail commerce, transforming from recognition service to post-purchase engagement service. IoT examples in retail commerce are smart refrigerators, smart speakers, smart washing machines, smart automobiles, and automatic re-purchase of groceries using RFID tags. Despite the rise, one of the significant inconveniences slowing rapid adaption is the “security” of these devices, which are vulnerable to various attacks. One such attack is Distributed Denial-of-Service (DDoS) attacks targeting offline or online sensitive data. Hence, a lightweight cryptographic mechanism needs to establish secure communication among IoT devices. This paper presents the solution to secure communication among IoT devices using a permissioned blockchain network. Specifically, in this work, we proposed a mechanism for identifying and authenticating the smart devices using the Elliptic-curve cryptography (ECC) protocol. This proposed work uses permissioned blockchain infrastructure, which acts as a source of trust that aids the authentication process using ECC cryptosystem. In addition, lightweight Physical Unclonable Function (PUF) technology is also used to securely store the device’s keys. Using this technology, the private keys need not be stored anywhere, but it is generated on the fly from the trusted zone whenever the private key is required.