Blockchain based Internet of Things (Debashis De, Siddhartha Bhattacharyya etc.)

212

M. Polychronaki et al.

or life form, any organization, any device or any entity which has a physical repre-

sentation in the real world [9]. Thus, when the physical entity needs to interact with

the IoT system, will do so via its own digital identity. This description of digital

identity must not be misinterpreted with the very contemporary term of digital twin,

which is a dynamic representation of a physical form. However, digital identities

and speciﬁcally the decentralized identities can be a vital part of the authentication

process of a digital twin in an IoT system, since the source of the data characterizing

it must come from reliable sources.

Consequently, any entity which we want to be represented in the digital world

should be characterized by a number of properties called attributes, such as a name,

or a device serial number. These are to be used by the IAM system in order to establish

different roles and their hierarchy within the IoT environment. Different roles may

lead to different levels of access to data, services and applications (Fig. 1—Right).

Moreover, each identity must have a set of credential attributes in order to be

validated and authenticated for, when the physical entity needs to interact with the

system. For the IAM system to be able to distinguish between identities with similar

or identical attributes, as many of those are dependent on the physical entity itself,

every identity must have an identiﬁer which will be unique for the corresponding

environment that the IAM model is applied on.

Last but not least, the identity provider (IdP) is the system responsible for creating

and managing these identities. Most of the time, IdP is another service running in

the general service provider of an IoT system, which provides other services as well

as telemetry or middleware communication.

Figure 1 illustrates these basic components of a traditional IAM system and the

interaction between them. During the registration phase, the entities must commu-

nicate with the IdP to register themselves and make their presence known to the

system by providing information regarding their attributes. After the registration is

successfully completed, any time the respective entity needs to be authenticated and

the corresponding application checks in with the authentication service in order to

ﬁnd out whether a particular entity is approved by the IAM rules to perform any

actions.

1.3

Related Concepts and Terminology—Blockchain

Blockchain can be seen as a distributed network of unknown peers, which utilize

strong cryptography techniques and consensus algorithms, in order to provide coordi-

nation and trust between untrusted participants. This deﬁnition concludes the philos-

ophy of the blockchain-based IAM system, the participants of which do not trust

each other and ask authentication and authorization from each other.

The blockchain network consists of a number of peers, which in the case of an IoT

system could variate from any device with a minimum amount of processing power,

to any server managed and built for the corresponding IoT system. The network’s

main purpose is to hold a distributed ledger, which contains blocks of data from