1. Introduction
The research and development of connected devices and services are increasing every day. Professor Ashton introduced the phrase Internet of Things (IoT) in 1999 [
1]. An IoT news forecast mentioned that by 2030, the number of connected devices worldwide would reach 24.1 billion [
2]. The internet-connected devices and services improve our lifestyles by increasing work efficiency and productivity with innovative IoT applications. The benefits of the IoT are no longer limited to urban areas, also improving the quality of life and work in rural areas. The most common use cases are smart grid, smart city, smart home, smart healthcare, [
3] etc. All these innovative IoT applications are implemented in the physical world, where individuals’ and organizations’ data are transferred via the internet [
4]. As the innovation of IoT applications is currently an ongoing process, the need for trustworthy and secure communication increases. Identity management and authentication are essential for trustworthiness and secure communication [
5]. In the nascent stages of the Internet, IPv4 was deployed to manage the identification of the increasing number of devices. IPv4- and IPv6-based device identification are still in use for communication between devices [
6]. To ensure small range communication, Bluetooth, RFID, and NFC were invented [
7]. Cloud computing is an emerging technology. Though there are several benefits of all these currently available identity and communication solutions, these are still not fully compatible with the future needs of trustworthy and secure communication for the IoT paradigm [
8]. The IoT device and services are heterogeneous, and they need real-time decision-making within a short time period [
9]. IoT devices are resource-constrained and designed to perform specific tasks in the deployed environment [
10,
11]. Almost all the currently deployed IoT solutions are centralized, and the cloud layer is the main place for device identification and authentication. In these scenarios, IoT devices are controlled and authenticated from centralized servers [
12]. However, centralized solutions are not very feasible for an IoT solution where real-time decision-making is required [
13]. Additionally, most IoT devices are deployed in human society. The intruders can collect confidential data from IoT devices, gateways, during transactions to the cloud server, or even at the cloud servers due to lack of security, authentication, and authorization [
14].
Moreover, IoT devices need to trust and collaborate at the edge layer without obtaining any identity verification from the cloud layer [
13,
15]. DLT and Blockchain-based security solutions are growing in popularity as they provide secure and trustworthy data storage and management [
16]. The first use case of Blockchain was Bitcoin, introduced by Nakamoto in the year 2009, where he presented Bitcoin as a digital currency [
17]. After the first innovation of Blockchain, different business and communication sectors are adopting the concept of Blockchain in their current use cases [
18,
19]. As a result, many types of DLT have been introduced. Many recent researchers addressed the Blockchain-based trust, identity, and security solutions for IoT. One of the main advantages of DLT is decentralization. Our previous work proposed a distributed and decentralized architecture for identity management and secure communication for edge IoT devices [
20]. During further research, we found that adopting DLT with our proposed model could be the best fit for the increasing demand for secure communication and trustworthy identity management for edge IoT devices. Motivated by the above information, we propose a DLT-based identity management and secure communication solution for the IoT paradigm which is distributed and decentralized. We have performed a detailed literature review in our research domain, compared our proposed solution with the recently proposed IoT device identity management, and described how our proposed model would improve security, trust, and privacy for IoT solutions. We have also performed formal and informal verification of the proposed concept.
Below, we have listed our contributions in this article:
In the Introduction section, we present an overview of the need for a distributed identity management system for security, trust, and privacy at edge IoT devices;
A comprehensive survey on the DLT and related terms is performed, and the results are presented in the Background and Motivation section;
We have also studied and summarized different DLT used for identity management within the IoT domain;
We have proposed a new DLT-based distributed identity management model for IoT which will enhance data security, trust, and privacy;
Additionally, we have presented the evaluation of our proposed architecture using SPIN, Scyther and FobSim simulators.
The rest of the paper is organized as follows:
In
Section 2, we present a detailed review of the DLT followed by our motivation to use DLT-based identity management for security, trust, and privacy at the edge IoT devices;
Section 3 examines the related works, where recent results on DLT for identity management are discussed;
Section 4 presents our proposed DLT-based identity management model for security, trust, and privacy at edge IoT devices;
In
Section 5, we present the performance measurement results of the simulation;
In
Section 6, we discuss different common qualities of an identity management system;
Section 7 presents the conclusion of our work, and this paper ends with a future work description.
The following section describes our research background and a comparative presentation of DLT solutions and their connections with the IoT domain.
3. Related Works
In this section, we have presented a comprehensive survey on related works. Many recent papers have discussed DLT especially Blockchain-based identity management for IoT devices [
49,
50,
51,
52,
53,
54,
55,
56,
57,
58,
59,
60,
61,
62,
63,
64,
65,
66,
67,
68]. However, some of them also discussed the combination of machine learning and other technologies with the blockchain-based solution and some discussed the use of IoTA for a similar purpose. We briefly present a review of related works below.
In [
49], a detailed survey on blockchain-based identity management for the IoT was presented. The authors discussed scalability, interoperability, and mobility as essential requirements for the design of identity management systems for the IoT. The authors also presented the drawbacks of centralized identity management solutions. Furthermore, the authors described traditional identity management solutions, followed by different blockchain-based industrial solutions and currently proposed identity management solutions by academics. Finally, the authors discussed different challenges related to identity management, access controls, trust management, privacy, and performance evaluation. In an earlier survey [
50], the same authors presented comparative presentations on different initiatives on identity management, as well as comparisons between different blockchain-based identity management solutions. Another survey on Blockchain for identity management presented a detailed analysis of six use cases where blockchain is used for identity management. The discussed solutions are Namecoin, uPort, Sovrin, Blockstack, ShoCard and Jolocom [
51].
In [
52], the authors suggested a lightweight blockchain-based authentication and authorization solution framework for healthcare IoT systems. The proposed solution used the probabilistic model. In the proposed model, the authors recommended a miner-based solution and the authentication and authorization process take place at the cloud layer. Though the authors used a fog layer in their recommended model, the Blockchain solution is integrated with the cloud layer. Moreover, the authors recommended the solution based on the PoW consensus mechanism, which is a heavyweight solution and not very realistic for edge-based IoT scenarios. This type of solution can be applied for a model where most of the operations, decision-making, and data transfers involve the cloud layer.
In [
53], the authors proposed a consortium-based centralized identity management solution for the IoT. They discussed certificate management for the IoT entities and presented the architecture. Furthermore, they implemented their recommended model in a laboratory environment with Hyperledger Fabric. This solution is suitable for cloud-based and centralized solutions for IoT device identity management. In another publication [
54], the same group of authors presented a combined solution for IoT access control using capability-based access control and consortium-based blockchain technology. In our research, we focus on edge-based identity solutions, which will improve the authentication and authorization process at the edge layer.
The authors, in [
55], recommended a model with device clustering and blockchain for the authentication of devices. They also suggested the solution with local blockchain and global blockchain layer for local authentication and authorization process, which shares a slight similarity in architecture with our recommended model, but we have developed our model based on our previous works [
5,
20], where we also designed and verified secure communication protocol for IoT devices and their work is based on device clustering. Moreover, we propose the use of private ledger at the edge layer (local blockchain layer) to make it secure within a certain location and consortium ledger at the cloud layer (global blockchain layer) where inter-organizational collaboration could be required for sharing of identity information.
In [
56], the author recommended a role and permission-based decentralized model for access control of IoT. Wireless sensor nodes connect with the blockchain system via the management hub and miner networks for performing smart contracts. The managers assign access permissions to the IoT nodes. As we have already described above, a miner-based solution is not suitable for edge-based IoT solutions.
In [
57], the authors suggested a cross-domain secure authentication model for the industrial IoT devices. The model used layered architecture and localization of IoT devices by separating in different domains, which we think is a good concept, and we also consider similar concepts in this paper as well as in our previous works [
5,
20]. However, in their recommended model they proposed a central server for each domain, which creates the possibility of a single point of failure, on the other hand, we propose identity management using DLT at the edge layer of the IoT paradigm.
In [
58], the authors presented identity management for cloud-based IoT applications based on Blockchain. The proposed use case uses facial recognition of students to identify them for the printing service at any institute. They recommend the use of cloud services for the user data for their blockchain-based solution. This is useful in that certain context, but it is not applicable for distributed IoT end devices and a generic model for identity management.
User access control to IoT devices using Blockchain technology has been presented in many recent publications [
59,
60,
61,
62,
63,
64,
65,
66]. A user access control based on ciphertext-policy attribute-based authentication (CP-ABE) and IoTA is recommended in [
59], though the paper title is about IoT, the focus is more towards token-based authorization of user’s handheld devices for accessing IoT devices. Another work recommended user access control and authorization to IoT resources for its end users in a smart city environment. The proposed solution was implemented in the private Ethereum blockchain [
60]. The authors also presented the smart contract, and blockchain interaction with the application. Smart-contract-based access control for edge computing is suggested in another research publication [
61]. Here, the authors use Colored Petri Net (CPN) to present their blockchain-based edge computing solution. An Ethereum blockchain and smart contracts-based identity management solution was also proposed in [
62], where device ownership is mapped with the device using Blockchain. A decentralized identifier and blockchain-based user-centric IoT device identity management solution is recommended in [
63], where the focus is also IoT device ownership using blockchain technology. Another paper presented a private distributed ledger based IoT identity management solution for enterprise users [
64]. In [
65], user identity management and device ownership using Blockchain, attribute management via certificate authority is recommended. Though the proposed identity solution is blockchain based, it still has a dependency on certificate authority which is not fully a distributed solution. Furthermore, a blockchain- and capability-based IoT user access control model is recommended in [
66].
A security model with an identity and authentication framework is recommended in [
67]. The authors here presented the security challenges in IoT and the requirement of identity management for IoT devices. The recommended solution is namely BCoT sentry, where device authentication is carried out at the Blockchain gateways. They also implemented a prototype in Ubuntu virtual machine to demonstrate their proposal. This approach is good, but their implementation is different from ours, as we have presented the localization of the problem at the edge or fog layer of IoT to improve the IoT security at the lower layer of the IoT paradigm.
In [
68], the authors presented a blockchain and Unique-ID-based decentralized solution model for IoT devices. This solution also has some similarities with our model, but in our model, we have recommended a solution that is distributed and decentralized but also uses scalability feature of cloud layer of IoT paradigm.
As we found from the above literature review, a generic model for identity management of edge IoT devices is still an open issue. Many of the works are more focused on user access control to the IoT devices. As a result, in our recommended model, we have presented a generic solution for distributed identity management for the IoT device itself which can be adapted to different use cases, for example, smart city, industrial IoT, smart home, smart agriculture, etc. The below section presents the architecture and details of our proposed distributed ledger-based identity management solution for edge IoT devices.