Security and Privacy for Internet of Things: Authentication and Blockchain

TR Number



Journal Title

Journal ISSN

Volume Title


Virginia Tech


Reaping the benefits of the Internet of Things (IoT) system is contingent upon developing IoT-specific security and privacy solutions. Conventional security and authentication solutions often fail to meet IoT requirements due to the computationally limited and portable nature of IoT objects. Privacy in IoT is a major issue especially in the light of current attacks on Facebook and Uber. Research efforts in both the academic and the industrial fields have been focused on providing security and privacy solutions that are specific to IoT systems. These solutions include systems to manage keys, systems to handle routing protocols, systems that handle data transmission, access control for devices, and authentication of devices.

One of these solutions is Blockchain, a trust-less peer-to-peer network of devices with an immutable data storage that does not require a trusted party to maintain and validate data entries in it. This emerging technology solves the problem of centralization in systems and has the potential to end the corporations control over our personal information. This unique characteristic makes blockchain an excellent candidate to handle data communication and storage between IoT devices without the need of oracle nodes to monitor and validate each data transaction. The peer-to-peer network of IoT devices validates data entries before being added to the blockchain database. However, accurate authentication of each IoT device using simple methods is another challenging problem.

In this dissertation, a complete novel system is proposed to authenticate, verify, and secure devices in IoT systems. The proposed system consists of a blockchain framework to collect, monitor, and analyze data in IoT systems. The blockchain based system exploits a method, called Sharding, in which devices are grouped into smaller subsets to provide a scalable system. In addition to solving the scalability problem in blockchain, the proposed system is secured against the 51% attack in which a malicious node tries to gain control over the majority of devices in a single shard in order to disrupt the validation process of data entries. The proposed system dynamically changes the assignment of devices to shards to significantly decrease the possibility of performing 51% attacks. The second part of the novel system presented in this work handles IoT device authentication. The authentication framework uses device-specific information, called fingerprints, along with a transfer learning tool to authenticate objects in the IoT. The framework tracks the effect of changes in the physical environment on fingerprints and uses unique IoT environmental effects features to detect both cyber and cyber-physical emulation attacks. The proposed environmental effects estimation framework showed an improvement in the detection rate of attackers without increasing the false positives rate. The proposed framework is also shown to be able to detect cyber-physical attackers that are capable of replicating the fingerprints of target objects which conventional methods are unable to detect. In addition, a transfer learning approach is proposed to allow the use of objects with different types and features in the environmental effects estimation process. The transfer learning approach was also implemented in cognitive radio networks to prevent primary users emulation attacks that exist in these networks. Lastly, this dissertation investigated the challenge of preserving privacy of data stored in the proposed blockchain-IoT system. The approach presented continuously analyzes the data collected anonymously from IoT devices to insure that a malicious entity will not be able to use these anonymous datasets to uniquely identify individual users.

The dissertation led to the following key results. First, the proposed blockchain based framework that uses sharding was able to provide a decentralized, scalable, and secured platform to handle data exchange between IoT devices. The security of the system against 51% attacks was simulated and showed significant improvements compared to typical blockchain implementations. Second, the authentication framework of IoT devices is shown to yield to a 40% improvement in the detection of cyber emulation attacks and is able to detect cyber-physical emulation attacks that conventional methods cannot detect. The key results also show that the proposed framework improves the authentication accuracy while the transfer learning approach yields up to 70% additional performance gains. Third, the transfer learning approach to combine knowledge about features from multiple device types was also implemented in cognitive radio networks and showed performance gains with an average of 3.4% for only 10% relevant information between the past knowledge and the current environment signals.



Blockchain, Internet of things (IoT), Cyber-Physical Systems, Authentication