A Study on Secured Authentication and Authorization in Internet of Things: Potential of Blockchain Technology

  • Syeda Mariam Muzammal
  • Raja Kumar MurugesanEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1132)


With the proliferation of Internet of Things (IoT) and its influence in various use case scenarios, it can be expected that IoT services will create a global reach. Smart cities, smart grids, smart industries, smart wearables etc. are some examples of IoT services today. Besides all the benefits that IoT provide, security issues of these services and data generated by IoT are of major concern. Traditional security practices of authentication and authorization have been initially designed for security needs of centralized client/server models which are good to deal with human-machine interaction over the Internet. In centralized systems, normally devices and users are trusted for being in the same application domain. Moreover, such systems can become a bottleneck for a number of queries at the same time; or may become a single point of failure causing unavailability of connected devices that are totally relying on a single trusted party. This paper explores the IoT security issues and concerns. Moreover, it provides a review of centralized and decentralized IoT security solutions in terms of authentication and authorization. Additionally, it discusses how Blockchain technology can be leveraged to provide IoT security.


IoT security Authentication Authorization Blockchain 


  1. 1.
    Muzammal, S.M., Shah, M.A., Zhang, S.-J., Yang, H.-J.: Conceivable security risks and authentication techniques for smart devices: a comparative evaluation of security practices. Int. J. Autom. Comput. 13, (2016). Scholar
  2. 2.
    Fernández-Caramés, T.M., Fraga-Lamas, P., Fernandez-Carames, T.M., Fraga-Lamas, P.: A review on the use of blockchain for the internet of things. IEEE Access 6, 32979–33001 (2018). Scholar
  3. 3.
    Fremantle, P., Aziz, B., Kirkham, T.: Enhancing IoT security and privacy with distributed ledgers - a position paper. In: Proceedings of 2nd International Conference on Internet Things, Big Data Security, pp. 344–349 (2017).
  4. 4.
    Muzammal, S.M., et al.: Counter measuring conceivable security threats on smart healthcare devices. IEEE Access (2018). Scholar
  5. 5.
    Lomotey, R.K.: Enhancing privacy in wearable IoT through a provenance architecture (2018). Scholar
  6. 6.
    Muzammal, S.M., Shah, M.A.: ScreenStealer: addressing screenshot attacks on Android devices. In: 2016 22nd International Conference on Automation and Computing, ICAC 2016: Tackling the New Challenges in Automation and Computing (2016)Google Scholar
  7. 7.
  8. 8.
    Afshar, V.: Cisco: Enterprises Are Leading the Internet of Things Innovation.
  9. 9.
    OWASP Internet of Things Project – OWASP.
  10. 10.
    Panarello, A., Tapas, N., Merlino, G., Longo, F., Puliafito, A.: Blockchain and IoT integration: a systematic survey (2018)CrossRefGoogle Scholar
  11. 11.
    IBM: IoT for Blockchain - IBM Watson IoT.
  12. 12.
    Noor, M.B.M., Hassan, W.H.: Current research on Internet of Things (IoT) security: a survey. Comput. Netw. (2018). Scholar
  13. 13.
    Trnka, M., Cerny, T., Stickney, N.: Survey of authentication and authorization for the internet of things. Secur. Commun. Netw. 2018 (2018). Scholar
  14. 14.
    Jesus, E.F., Chicarino, V.R.L., De Albuquerque, C.V.N., Rocha, A.A.D.A.: A survey of how to use blockchain to secure internet of things and the stalker attack. Secur. Commun. Netw. 2018 (2018). Scholar
  15. 15.
    Hilton, S.: Dyn Analysis Summary of Friday October 21 Attack—Dyn Blog (2016).
  16. 16.
    Ferrante, A.J.: Battening down for the rising tide of IoT risks. ISSA J. 15, 20–24 (2017)Google Scholar
  17. 17.
    CISCO: Cisco’s Talos Intelligence Group Blog: New VPNFilter malware targets at least 500K networking devices worldwide.
  18. 18.
    Khandelwal, S.: Internet-Connected Teddy Bear Leaks Millions of Voice Messages and Password.
  19. 19.
  20. 20.
    Restuccia, F., D’Oro, S., Melodia, T.: Securing the internet of things in the age of machine learning and software-defined networking. IEEE Internet Things J. 5, 4829–4842 (2018). Scholar
  21. 21.
    Electricity Information Sharing and Analysis Center(E-ISAC): Analysis of the Cyber Attack on the Ukrainian Power Grid Table of Contents (2016)Google Scholar
  22. 22.
    Greenberg, A.: Hackers Remotely Kill a Jeep on the Highway—With Me in It—WIRED.
  23. 23.
    Osborne, C.: Over a dozen vulnerabilities uncovered in BMW vehicles—ZDNet.
  24. 24.
    Kruse-brandao, J., Garcia, J.L., Edwards, M.: Baseline Security Recommendations for IoT (2017)Google Scholar
  25. 25.
    Krebs, B.: Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K—Krebs on Security.
  26. 26.
    Grange, W.: Hajime worm battles Mirai for control of the Internet of Things.
  27. 27.
    Tony, B., Meg, J., Reyes, E.A.: Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S. (2018).
  28. 28.
    Bilefsky, D.: Hackers Use New Tactic at Austrian Hotel: Locking the Doors.
  29. 29.
    Goodin, D.: BrickerBot, the permanent denial-of-service botnet, is back with a vengeance—Ars Technica.
  30. 30.
    Bundesnetzagentur - News - Bundesnetzagentur withdraws dummy “Cayla” from circulation (2017).
  31. 31.
    D’Orazio, C.J., Choo, K.K.R., Yang, L.T.: Data exfiltration from internet of things devices: IOS devices as case studies. IEEE Internet Things J. 4, 524–535 (2017). Scholar
  32. 32.
    Ouaddah, A., Mousannif, H., Abou Elkalam, A., Ait Ouahman, A.: Access control in the Internet of Things: big challenges and new opportunities. Comput. Netw. 112, 237–262 (2017). Scholar
  33. 33.
    Sharma, A.: Blockchain for Authentication—Benefits, and Challenges.
  34. 34.
    Gope, P., Hwang, T.: BSN-Care: a secure IoT-based modern healthcare system using body sensor network. IEEE Sens. J. 16, 1368–1376 (2016). Scholar
  35. 35.
    Chan, A.: Proactive security strategies to stave off growing cyber-attacks in IoT and credential abuse – CSO—The Resource for Data Security Executives.
  36. 36.
    Burgess, M.: Austrian hotel Romantik Seehotel Jaegerwirt was hit by a cyberattack—WIRED UK.
  37. 37.
    Farash, M.S., Turkanović, M., Kumari, S., Hölbl, M.: An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Netw. 36, 152–176 (2016). Scholar
  38. 38.
    Peris-Lopez, P., González-Manzano, L., Camara, C., de Fuentes, J.M.: Effect of attacker characterization in ECG-based continuous authentication mechanisms for Internet of Things. Future Gener. Comput. Syst. 81, 67–77 (2018). Scholar
  39. 39.
    Li, F., Hong, J., Omala, A.A.: Efficient certificateless access control for industrial Internet of Things. Future Gener. Comput. Syst. 76, 285–292 (2017). Scholar
  40. 40.
    Kim, H., Lee, E.A.: Authentication and authorization for the internet of things. IT Prof. 19, 27–33 (2017). Scholar
  41. 41.
    Ngu, A.H.H., Gutierrez, M., Metsis, V., Nepal, S., Sheng, M.Z.: IoT middleware: a survey on issues and enabling technologies. IEEE Internet Things J. (2016).
  42. 42.
    Madsen, P.: Standardized Identity Protocols and the Internet of Things (2015)Google Scholar
  43. 43.
    Ourad, A.Z., Belgacem, B., Salah, K.: Using blockchain for IOT access control and authentication management. In: Georgakopoulos, D., Zhang, L.-J. (eds.) ICIOT 2018. LNCS, vol. 10972, pp. 150–164. Springer, Cham (2018). Scholar
  44. 44.
    Tao, M., Ota, K., Dong, M., Qian, Z.: AccessAuth: capacity-aware security access authentication in federated-IoT-enabled V2G networks. J. Parallel Distrib. Comput. 118, 107–117 (2018). Scholar
  45. 45.
    Vijayakumar, P., Chang, V., Jegatha Deborah, L., Balusamy, B., Shynu, P.G.: Computationally efficient privacy preserving anonymous mutual and batch authentication schemes for vehicular ad hoc networks. Future Gener. Comput. Syst. 78, 943–955 (2018). Scholar
  46. 46.
    Sicari, S., Rizzardi, A., Grieco, L.A., Piro, G., Coen-Porisini, A.: A policy enforcement framework for Internet of Things applications in the smart health. Smart Health 3–4, 39–74 (2017). Scholar
  47. 47.
    Lee, S.-H., Huang, K.-W., Yang, C.-S.: TBAS: token-based authorization service architecture in Internet of things scenarios. Int. J. Distrib. Sens. Netw. 13 (2017). Scholar
  48. 48.
    Symantec Security Response: Latest Intelligence for September 2017—Symantec Connect Community.
  49. 49.
    Ouaddah, A., Elkalam, A.A., Ouahman, A.A.: Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In: Rocha, Á., Serrhini, M., Felgueiras, C. (eds.) Europe and MENA Cooperation Advances in Information and Communication Technologies. Advances in Intelligent Systems and Computing, vol. 520, pp. 523–533. Springer, Cham (2017). Scholar
  50. 50. Ethereum Project.
  51. 51.
    Hammi, M.T., Bellot, P., Serhrouchni, A.: BCTrust: a decentralized authentication blockchain-based mechanism. In: IEEE Wireless Communications and Networking Conference WCNC, 1–6 April 2018 (2018).
  52. 52.
    ethdocs: Ethereum Homestead Documentation—Ethereum Homestead 0.1 documentation.
  53. 53.
    Novo, O.: Blockchain meets IoT: an architecture for scalable access management in IoT. IEEE Internet Things J. 5, 1184–1195 (2018). Scholar
  54. 54.
    Hammi, M.T., Hammi, B., Bellot, P., Serhrouchni, A., Tahar Hammi, M.: Bubbles of trust: a decentralized blockchain-based authentication system for IoT. Comput. Secur. (2018). Scholar
  55. 55.
    Dorri, A., Kanhere, S.S., Jurdak, R., Gauravaram, P.: Blockchain for IoT security and privacy: the case study of a smart home. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 618–623 (2017).
  56. 56.
    Di, D., Maesa, F.: Blockchain based access control services. In: IEEE International Symposium on Recent Advances on Blockchain and Its Applications (BlockchainApp), 2018 IEEE International Conference on Blockchain (2018)Google Scholar
  57. 57.
    Ramachandran, A., Kantarcioglu, D.M.: Using Blockchain and smart contracts for secure data provenance management (2017)Google Scholar
  58. 58.
    Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., Wan, J.: Smart contract-based access control for the internet of things, 1–11 (2018). Scholar
  59. 59.
    Singh, K.J., Kapoor, D.S.: Create your own internet of things: a survey of IoT platforms. IEEE Consum. Electron. Mag. 6, 57–68 (2017). Scholar
  60. 60.
    Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the internet of things. IEEE Access 4, 2292–2303 (2016). Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Taylor’s UniversitySubang JayaMalaysia

Personalised recommendations