Blockchain based Internet of Things (Debashis De, Siddhartha Bhattacharyya etc.)

230

M. Polychronaki et al.

mathematics. Regarding this type of proofs, the authors of [41] present the Multi-

Graph Zero-Knowledge-based Authentication System (M-ZAS). It is composed of

a two-procedure process, one of which is the Multi-Graph Zero-Knowledge Proof

(M-ZKP). Typically, graph-based ZKPs are not demanding in terms of computational

power but introduce high transmission overhead. However, the M-ZAS is designed

in such a way reducing the overhead, making it a solution ideal for IoT edge devices.

Currently, to the best of our knowledge, the implementations of ZKP protocols

using blockchain targeted for IoT devices authentication is a topic still under devel-

opment and open for further research. Regardless, the philosophy of ZKP protocols

has proven to be a ﬂawless match for identiﬁcation purposes [42] in decentralized

IAM systems, where the environment is considered trustless.

4.2

Decentralized Public Key Infrastructure

Public key infrastructures (PKI) are revolutionary solutions regarding authentication

[43]. Especially in IoT, most of the developed systems use one way or another PKI

system,inordertoauthenticatedevicesusingX.509digitalcertiﬁcates[29].Thisway,

there is no need for using passwords, while at the same time devices are authenticated

and the data exchanged are encrypted with these certiﬁcates. PKIs can provide the

security and privacy needed for sensitive data transmission. Asymmetric encryption

is the cryptographic process that takes place at the center of any PKI framework.

The PKI systems rely on a Certiﬁcate Authority (CA) which provides the certiﬁ-

cates to devices and users. The communication over the internet is secured with

the use of a cryptographic key pair (one public and one private) for encrypting and

decrypting messages. At the same time, the proper use of these keys also provides

the authentication of each user, since the decryption of messages relies on using

the corresponding user’s or device’s public key. Traditionally, the PKI systems are

based on centralized architectures, where the CA acts as a third party for multiple

applications.

While PKI is the most frequently applied method of authentication, it has certain

drawbacks. For starters, once again, the user is not the holder of his/her identity,

rather only of the private key which authenticates him/her as the rightful owner of

his/her identity held by the corresponding application’s centralized IAM system.

Moreover, with the CA relying on a centralized architecture, it can be targeted by

cyber-criminals for man-in-the-middle (MITM) attacks. Lastly, of course, as with

any centralized system, there is the danger of single point of failure (SPF), if for any

reason the authorization service of a particular CA becomes unavailable.

PGP is one implementation of decentralized PKI (DPKI) which uses similar tech-

niques as with X.509, but with the difference that we have a decentralized network

where users can verify each other’s signatures [44]. This architecture enables the

“Web of Trust” where entities participating can decide whether they can trust one

another based on previous and already trusted sources. When PGP was invented,

blockchain technology was not yet developed, and this led to the failure of this