Blockchain based Internet of Things (Debashis De, Siddhartha Bhattacharyya etc.)

232

M. Polychronaki et al.

blockchain network and a device setup process must take place before being able to

be authenticated in the IoT system. More speciﬁcally, X.509 certiﬁcates are generated

by the network nodes, while the private keys are generated directly in the IoT devices.

The implementation of this architecture led the authors to assess a use case of

a DKPI in an IoT environment and concluded on a number of important security

and functional failures, most of which can be handled if the respective measures are

carefully taken during the implementation of the architecture.

Nonetheless, none of these solutions make use of the identity standards of DIDs

or VCs, which means that their implementation process might prove to be rather

time-consuming and will not be able to perform on a large-scale IoT ecosystem with

multiple and heterogeneous IoT entities.

4.2.2

Instant Karma PKI (IKP)

The IKP [47] solution is a DPKI designed to work on the Ethereum blockchain and

utilizes smart contracts in order to provide the functionality of its main entities. The

scope of IKP is to build a network of CAs and domains used for the authorization and

authentication of users. The registration process of a user is made by the domains

which communicate with the CAs to get the certiﬁcates and interact with the ledger

to log the registration. Smart contracts are used for every operation, as well as the

registration of additional CAs or domains and broaden the IKP network.

The domains can negotiate with the CAs in order to agree upon a reaction policy

contract function. These policies take action when unauthorized certiﬁcates are

detected and act against any misbehavior by rewarding the peers who report these

certiﬁcates. Another functionality of the IKP contract is to register to the ledger as

per the Domain Certiﬁcate Policies, which deﬁne which CAs of each domain can

communicate with in order to generate and register a new certiﬁcate (Fig. 10).

The IKP solution is based on the most popular smart contract-enabled blockchain

network, the Ethereum while at the same time its design is rather ﬁne-grained. This

means that anyone can easily implement it using the guidelines of its creators. Despite

this, it is not designed speciﬁcally for IoT environments, which possibly could result

in implementation weaknesses or failures because of the extremely low computa-

tional performance of IoT devices. Moreover, we can see that IKP introduces a way

for generating and distributing the certiﬁcates as well as authorizing and authenti-

cating them using the blockchain network. However, it does not utilize either of the

identity standards nor DIDs or VCs which have been developed for decentralized

environments.