Blockchain based Internet of Things (Debashis De, Siddhartha Bhattacharyya etc.)

Blockchain in IoT and Beyond: Case Studies …

129

The following list of steps is followed by Drone Dx and one Drone already in the

Network D, which functions as a Trust Anchor:

Drone Dx, which has received a mark of approval from ABC, pings the Network

D to ﬁnd the IP of a Trust Anchor and then pings the Trust Anchor signaling it

wants to initiate the onboarding process.

The Drone acting as the Trust Anchor now creates a DID Record in the Wallet

that it will use for securely communicating with Drone Dx and then builds an

NYM request to the ledger for recording.

The Trust Anchor initiates a connection request to the Drone Dx sending the DID

along with a cryptographical challenge for it to solve. For ease of understanding,

we will assume that the challenge is a Nonce of “A123F234” (hexadecimal

sequence), which Drone Dx needs to include in its reply back to the Trust

Anchor. This Nonce can be used only once.

Drone Dx accepts the requests. It then creates its wallet and creates a DID and its

respective Veriﬁcation Key, which it will use for communication with the Trust

Anchor Drone. In the connection response, Drone Dx includes the approval from

ABC, DID for Trust Anchor which it had made, the Nonce “A123F234”.

Drone Dx then queries the Ledger for verkey of the DID that was sent to it by the

Trust Anchor Drone (recall the Network D Ledger is public and permissioned).

Since DIDs are pairwise unique, this DID can only be used between Drone Dx

and the Trust Anchor inside the Network D.

The connection response is now encrypted anonymously (Indy provides a

crypto.anon_crypt API for this). The Trust Anchor inside the Network can use

its private key to decrypt this response and can validate its integrity. Drone Dx

sends this response.

Trust Anchor Drone inside the Network receives this response. It decrypts the

response by using the crypto.anon_decrypt API provided by Indy and validates it

bycheckingtheapprovalfromABC(whichshouldmatchwithitsownapproval),

the Nonce from the response.

The Trust Anchor now sends the DID received from Drone Dx to the Ledger

as an NYM Transaction. While it is sent by the Trust Anchor, ownership of it

belongs to Drone Dx. This creates a trusted connection between the two.

This completes the ﬁrst stage of the process. In the next stage of the onboarding

process, Drone Dx uses the record of its DID with the Trust Anchor Drone to create

a DID for itself stating its identity. This kind of DID is termed as Verinym. This DID

is sent back to the Trust Anchor who again commits it to the ledger. This particular

communication between the two is encrypted using the Sender and Receiver’s private

and veriﬁcation keys, respectively, using crypto.auth_crypt API from Indy. This is

reversible at the receiver’s end. The Receiver decrypts it using the crypto.auth_crypt

API. This completes the whole process. Drone Dx is now a part of Network D.