A two-tier Blockchain framework to increase protection and autonomy of smart objects in the IoT

Abstract

In recent years, the Internet of Things paradigm has become pervasive in everyday life attracting the interest of the research community. Two of the most important challenges to be addressed concern the protection of smart objects and the need to guarantee them a great autonomy. For this purpose, the definition of trust and reputation mechanisms appears crucial. At the same time, several researchers have started to adopt a common distributed ledger, such as a Blockchain, for building advanced solutions in the IoT. However, due to the high dimensionality of this problem, enabling a trust and reputation mechanism by leveraging a Blockchain-based technology could give rise to several performance issues in the IoT. In this paper, we propose a two-tier Blockchain framework to increase the security and autonomy of smart objects in the IoT by implementing a trust-based protection mechanism. In this framework, smart objects are suitably grouped into communities. To reduce the complexity of the solution, the first-tier Blockchain is local and is used only to record probing transactions performed to evaluate the trust of an object in another one of the same community or of a different community. Periodically, after a time window, these transactions are aggregated and the obtained values are stored in the second-tier Blockchain. Specifically, stored values are the reputation of each object inside its community and the trust of each community in the other ones of the framework. In this paper, we describe in detail our framework, its behavior, the security model associated with it and the tests carried out to evaluate its correctness and performance.

Introduction

In recent years, the Internet of Things (IoT) paradigm has reached maturity and today is becoming increasingly pervasive in everyday life. This process has been made possible by new research approaches that enable objects to be smart, autonomous and reliable. However, as the IoT grows, new challenges arise. In fact, the IoT is characterized by a large number of (often smart) objects with various constraints/features, such as: (i) limited storage and computing capability; (ii) great dynamism, due to the high number of nodes that join or leave the IoT at any time; (iii) criticality and sensitiveness of used services and applications. In this scenario, the protection of objects, on the one hand, and the possibility/need to guarantee them a great autonomy, on the other hand, represent two crucial issues to be addressed. As for protection, in [1] we presented a first approach to address this problem when it comes to privacy. In that case, we proposed to partially hide object features, but allowing their full use to support communication between objects. Nevertheless, the problem of providing a scalable, reliable and protected framework for IoT devices remains open. As for autonomy, making objects independent from each other during their interactions requires the capability of adding/removing contacts recognizing what features/services are provided by other objects [2], [3]. At the same time, in this context, the possibility of assessing the ability of an object to concretely and correctly provide the needed feature/service is fundamental. This is especially true when we consider the high vulnerability of smart objects to failures and/or cyber attacks, which could alter the way they behave. In the considered scenario, characterized by a high autonomy level of objects, leveraging compromised peers for services or for data retrieval may lead to the corruption of the whole IoT.

This reasoning highlights that autonomy and protection are two strongly interrelated aspects. In this scenario, the definition of trust and reputation mechanisms appears crucial [4], [5], [6], [7], [8], [9], [10]. However, most of the approaches proposed in recent literature describe strategies leveraging centralized services (such as whatchdogs) or particularly empowered smart objects, dedicated to data gathering from other objects and to the computation of trust and reputation values. Although these solutions may achieve pretty satisfactory results in some cases, they somehow force the fully distributed and autonomous nature of IoT to include “global” monitoring points.

To achieve a fully distributed solution in this setting, each smart object should be able to build a pretty complete representation of other objects’ behavior in the IoT. However, as a prerequisite, it should also be able to unequivocally link a sequence of actions (defining a behavior) to each object. This would require the definition of an authentication mechanism to map each action (e.g., a transaction) to the object making it. One of the key aspects to be taken into account when addressing this issue is that the IoT is totally distributed. For this reason, classical Public Key Infrastructure models cannot be adopted because they refer to a common root of trust (CA root), which, for the reason stated above, is not easily achievable in this context. Indeed, the IoT should be totally distributed and composed of heterogeneous objects possibly belonging to independent domains. To address this issue, in the past literature, many authors have started to propose the use of the Blockchain technology in the IoT as a means to have a shared and reliable environment among all objects [11], [12], [13], [14], [15], [16], [17], [18], [19].

The application of Blockchain-based strategies to add trust and reputation facilities in the IoT without requiring any special actor (e.g., sophisticate smart objects) involved, poses a lot of interesting research challenges that must be faced to build a complete solution. One of the main problems is related to the high computational power required for deploying a Blockchain-based solution in the IoT context. Smart objects are intrinsically very heterogeneous and, therefore, provide a wide range of computation capacity spanning from fully equipped powerful devices (such as smart cars, new generation smartphones, etc.) to very simple, with minimal computational capacity, smart sensors (e.g., smart meters, medical sensors, fitness trackers, etc.). In such a scenario, including the Blockchain technology can be very tricky because solutions must include the possibility of both exploiting fully equipped and powerful devices and supporting very simple and computationally limited ones. Moreover, if we observe this problem from the Blockchain perspective, handling the big volume of transactions generated by smart objects introduces important flaws in terms of both scalability and environmental costs [20], [21]. To partially face these issues several researchers focused on the definition of lightweight Blockchains for the IoT. Typically, these approaches work on the reduction of the information necessary to mine and validate transactions published in the ledger by proposing alternative consensus algorithms [22]. However, also the simple monitoring of the public ledger (to detect trust and reputation transactions, for instance) can be a heavy and expensive task for smart objects with minimal computation capacity in presence of a very high volume of transactions.

For this reason, some authors proposed to reduce the transaction volume to consider in the public ledger by adopting approaches based on the use of validity windows [23]. In this way, smart objects must only work with the transactions available inside the chosen window. Depending on the analyzed application scenario, reducing the size of transaction history may introduce important drawbacks; indeed, for instance, if such a ledger should be used to store trust and reputation information of smart objects at the end of a validity window, each object can have a fresh start as its reputation will be restored. To avoid this issue, historic data can be aggregated and made available inside each validity window; however, also this aggregation task can be very expensive and unfeasible for IoT objects if the volume of transactions is big [16].

This paper aims at providing a contribution in this setting. Indeed, it proposes a two-tier Blockchain framework to increase the protection and autonomy of smart objects in the IoT. Following the intuition proposed in [1], we consider smart objects as organized in communities. Hence, the first, local, tier is used to manage the trust measures of each smart object inside the community it belongs to and exploit a solution leveraging both a lightweight Blockchain and a validity window to control transaction volume. By organizing objects into communities, we can control the size of the local Blockchain in order to avoid excessive loads for smart objects. The second, global, tier is used to record aggregated data related to the individual communities, as well as the trust value that each community assigns to the other ones.

By definition, communities are built by looking at both the heterogeneity and the redundancy of provided features/services (so that multiple objects in the same community can offer the same feature/service). In a community, a smart object may require information to another smart object of the same community about the features/services offered by it. In order to estimate the latter’s reliability, and ultimately its reputation in the community, our approach adopts a solution based on a probing mechanism. In particular, nodes are tested using probing queries about features/services they can provide. Their answers are then compared with those received by other nodes capable of offering the same features/services. This comparison allows the computation of the reliability of the tested object in providing the features/services declared. All transactions made to assess the reliability of smart objects in a community are stored in a Blockchain with a dedicated smart contract.

After a certain time window, our framework computes the reputation of each object inside its community. At the end of this process, smart objects that do not meet the minimum reputation level are removed from the community. Then, for each community, a transaction with the list of its smart objects, along with their reputation, is stored in the Global Blockchain. In this way, the Local Blockchain is reset, following the approach described in [23], and all transactions occurring in the time window just passed are no longer considered.

Our approach also ensures protection when smart objects from different communities interact with each other. The procedure used in this case is similar to the one seen above. The results of a test performed by a smart object on another are stored in the Local Blockchain of the community the trustor object belongs to. Also in this scenario, after a certain time window, these transactions are aggregated and used to compute the trust of a community in another one. The trust values of each community in the other ones are stored in the Global Blockchain. Therefore, this last contains the reputation of each smart object in its community, as well as the trust of each community in the other ones it interacted with in the past. If there has never been an interaction between two communities, our approach assumes that each of them assigns a default trust value to the other one.

To perform the tasks described above, we use smart contract technology in the Blockchain. Indeed, Blockchain smart contracts are already being used to manage, control and secure IoT devices [24]. In particular, they can provide decentralized authentication rules and logic to implement single and multi-party authentication for an IoT device. They have been adopted to guarantee trustworthy and authorized identity registration, ownership tracking and monitoring of products, goods, and assets [25]. Their applications in IoT are discussed in [11], where the authors describe how Blockchain smart contracts can facilitate and support autonomous workflow and service sharing among IoT devices.

The previous description highlights that our approach is based on the requirement of having multiple objects providing the same feature/service in a community. Actually, this characteristic is common in several application scenarios. For instance, in contexts related to smart cities, the different available services are typically controlled through subgroups of smart meter/sensors dedicated to the specific domain, which the service belongs to. Such subgroups provide an adequate redundancy degree in order to avoid service outages. As a further example, consider the case in which a network of smart meters for fire detection is deployed in a forest [26]. This type of network typically includes sensors to measure temperature, humidity, wind speed and have a sufficient redundancy degree to handle fault tolerance. Again, we can think of the context of smart grids. These are power grids enabling a two-way flow of electricity and data across different smart sensors using the digital communication technology. This flow allows the system to detect, react and pro-act to problems that may occur or to usage changes. Of course, the security level required by the monitoring systems associated with smart grids needs ad hoc configurations. The latter typically involve clusters of smart objects collaborating with each other in a high fault tolerance setting. Another possible use case with these characteristics can be the video surveillance of critical public spaces through a network of smart drones capable of capturing snapshots of the monitored areas. In this case, the drones move freely in the environment and their number is often sufficient to ensure the coverage of the monitored areas. In this context, it is not unlikely that they can provide more than one proof of the same portion of an area in a given time interval. Snapshots can be compared through a proper similarity function that also takes into account different angles and perspectives.

Our approach also considers indoor scenarios, such as a smart home context. In these cases, the lower level of criticality and the smaller size of physical spaces make the need to provide redundancies less obvious. However, the next generation smart devices are typically equipped with several different sensors; think, for instance, of smartphones, smartwatches and smart televisions. Such devices may actually represent backups to standard domotic sensors (e.g., smart meters), again allowing for the construction of heterogeneous groups of smart objects with some redundancy level. Finally, we mention an edge interesting use case consisting of a community of objects belonging to the personal area network of a user. For example, consider the simple user gait monitoring service. This is typically done through personal devices such as fitbands. However, the same functionality can be also provided by a smartphone (in many cases, even multiple smartphones if a person has both a work phone and a personal one with her). Still, it can also be provided through all those devices equipped with an Inertial Measurement Unit (IMU). Moreover, some recent approaches (such as the one described in [27]) show that the WiFi signal reflected by the human body generates unique, albeit small, variations in the receiver’s wireless channel metrics, due to the well-known multipath effect of wireless signals. Thus, in principle, also WiFi can be used to measure a person’s pace.

All these example application cases show that the presence of multiple objects providing the same feature/service in a community is common in the modern IoT scenario.

Moreover, through a deep experimental campaign, carried out leveraging real-life smart object data and Ethereum transactions, we prove that our approach is feasible and allows for the detection of compromised nodes in a relative small amount of time strictly related to the chosen probing frequency. Of course, as shown in Section 6.2, the fraction of probing interactions among objects can be suitably tuned to avoid downgrading the overall performance of the system, on the one hand, and to guarantee a satisfactory security level for smart objects, on the other hand.

The outline of this paper is as follows. In Section 2, we examine related literature. In Section 3, we describe the reference IoT model. In Section 4, we illustrate the proposed framework. In Section 5, we describe our security model. In Section 6, we present the set of experiments performed to test our approach. Finally, in Section 7, we draw our conclusions and have a look at possible future developments of our research efforts.