IEEE INTERNET OF THINGS JOURNAL, VOL. 8, NO.

2, JANUARY 15, 2021 881

Addressing Security and Privacy Issues of IoT

Using Blockchain Technology
Bhabendu Kumar Mohanta , Member, IEEE, Debasish Jena, Member, IEEE, Somula Ramasubbareddy,
Mahmoud Daneshmand , Senior Life Member, IEEE, and Amir H. Gandomi , Senior Member, IEEE

Abstract—Internet of Things (IoT) has been the most emerging

technology in the last decade because the number of smart devices
and its associated technologies has rapidly grown in both indus-
trial and research prospectives. The applications are developed
using IoT techniques for real-time monitoring. Due to low pro-
cessing power and storage capacity, smart things are vulnerable
to the attacks as existing security or cryptography techniques are
not suitable. In this study, we initially review and identify the
security and privacy issues that exist in the IoT system. Second,
as per blockchain technology, we provide some security solu-
tions. The detailed analysis, including enabling technology and
integration of IoT technologies, is explained. Finally, a case study
is implemented using the Ethererum-based blockchain system in
a smart IoT system and the results are discussed.
Index Terms—Blockchain, cryptography, distributed, Internet
of Things (IoT), privacy, security.

I. I NTRODUCTION Fig. 1. Applications of IoT.

YBER attacks on the Internet of Things (IoT) have
C increased by 22% in the last quarter, as asserted by a
report titled “State of IoT Security.” The report suggested
that some of the sectors, such as smart cities, finances, and the promising IoT-based applications are shown. The basic
transport, have a maximum ranking in an attacks scenario. architecture of the IoT system consists of three layers: the
Day by day, attacks are getting more sophisticated and high physical layer, the network layer, and the application layer.
grade, which is of concern. In the last decade, blockchain tech- Frustaci et al. [2] discussed security issues present in each of
nology has been one of the emerging concepts accepted by the IoT architecture layer. In an IoT application, different het-
both research and industry, having six principal characteristics erogeneous devices are connected and communicated to each
decentralized, immutable, transparent, autonomy, anonymity, other. As most of the smart devices are low-end devices, they
and open source [1]. Similarly, IoT is also one of the promis- are more vulnerable to different attacks. So to implement IoT-
ing technical fields using many smart applications that are based smart applications required a lightweight algorithm for
being developed. Sensors, intelligent devices, and actuators encryption/decryption, secure communication, and computa-
are used to implement IoT applications. In Fig. 1, some of tion. The basic security goal that is confidentiality, integrity,
and availability (CIA) must be maintained by the application.
Manuscript received January 7, 2020; revised March 9, 2020, April 28, To make use of the smart IoT application trust, management
2020, and May 30, 2020; accepted June 30, 2020. Date of publication plays an important role. As the user shares his/her personal
July 13, 2020; date of current version January 7, 2021. (Corresponding author: information in public platforms, privacy is a significant con-
Amir H. Gandomi.)
Bhabendu Kumar Mohanta and Debasish Jena are with the Department of cern. The user will only trust to use application if security
Computer Science Engineering, International Institute of Information issues are properly addressed. Lize et al. [3] mentioned that
Technology Bhubaneshwar, Bhubaneswar 751003, India (e-mail: trust is an important issue that needs to be addressed.
[email protected]; [email protected]).
Somula Ramasubbareddy is with the Department of Information The contributions of this article are as follows.
Technology, VNRVJIET, Hyderabad 500090, India (e-mail: 1) Initially, the layerwise security issues are identified in
[email protected]). IoT applications.
Mahmoud Daneshmand is with the School of Business, Stevens
Institute of Technology, Hoboken, NJ 07030 USA (e-mail: 2) We describe some of the work of IoT integration with
[email protected]). blockchain technology to address security and privacy
Amir H. Gandomi is with the Faculty of Engineering and Information issues.
Technology, University of Technology Sydney, Ultimo, NSW 2007, Australia
(e-mail: [email protected]). 3) The blockchain technology in terms of addressing IoT
Digital Object Identifier 10.1109/JIOT.2020.3008906 security issues is identified and explained in detail.
2327-4662 
c 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.

Authorized licensed use limited to: CHONGQING UNIV OF POST AND TELECOM. Downloaded on March 18,2021 at 06:05:20 UTC from IEEE Xplore. Restrictions apply.
 882 IEEE INTERNET OF THINGS JOURNAL, VOL. 8, NO. 2, JANUARY 15, 2021

of attacks. As the IoT devices are resource constraint devices,

existing security protocols or algorithms are not suitable. For
IoT devices, lightweight algorithms or protocols are needed.
In this regard, the elliptic curve cryptography (ECC)-based
algorithm is proposed by Satapathy et al. [8] for IoT appli-
cations due to smaller key size requirements for computation.
The IoT infrastructure is having three layers, such as physical,
network, and application layers. The security issue is existing
in each of these layers. The detailed description of security
and privacy issues is explained in the following section.

A. Security Challenges in IoT

In this section, the security challenges of IoT applica-
tions are identified. The IoT application mostly deals with
three-layer architecture, which are the physical, network, and
application layers. In the physical layer, devices are con-
nected through the gateway. The hardware device has limited
capability and vulnerable to the attacker. Changing the entire
hardware component is not recommended if it gets hacked
by the hacker. The system must address the security issue
available in each layer.
1) Node Capture Attacks: As the smart devices are
deployed in a different location as per the IoT applications,
the attacker can capture the devices or replace them with the
wrong device to get access to the network. In this type of
physical attack, it is very hard to distinguish the genius node
Fig. 2. Overall security issue in IoT. and the false node. In this type of attack, the attacker can
get important information about the application. To make the
network secure, this type of attack needs to be addressed.
4) The implementation in the Ethereum platform for 2) Replay Attacks: In a replay attack, the attackers intercept
authentication of IoT devices explained along with the the message from the communication medium and later send
security analysis is given. the same message to the network. In an IoT, an environment
attacker can hack the smart devices and send the data like the
II. S ECURITY AND P RIVACY I SSUES IN I OT authorized node in the network.
Since the development of IoT technology, most of the tradi- 3) Side-Channel Attacks: In side-channel attacks, the
tional applications have become IoT-based smart applications. attacker tries to get the plain text from the ciphertext. In this
A lot of work has been done regarding architecture, the proto- attack, getting the key using some time constant is important
col of IoT-based applications. The security and privacy issues as most of the encryption techniques use key exchanges for
still need to be addressed. In Fig. 2, layerwise security chal- encryption/decryption.
lenges are shown. As explained in [4], IoT techniques have 4) Eavesdropping: The eavesdropping attack occurs in an
security and privacy challenges. The device has limitation, and IoT scenario where smart devices are compromised. As the
a different attack model for IoT-based application in layerwise communication channel is not secure, the attacker can read
is also described. The IoT applications are developed using the message communication between two devices. It is like a
a framework in [5], where the authors have identified eight passive attack, where the adversary accesses the data from the
different frameworks and their security and privacy issues not secure transmission medium.
for developing applications. Security and privacy issues are 5) False Data Injection: The sensors or smart devices
the most challenging part in developing the IoT application, are deployed in a different location to read environmental
such as authentication and data protection in [6], where the information. The sensors and smart devices are capable of
authors have explained that the blockchain, fog computing, capturing the information and forwarding it to the next layer.
and machine learning can be used to solve the issue. As smart devices are resource constraint, they are vulnerable
Jaiswal et al. [7] proposed a secure framework for data to the attacker. The attacker tries to capture the device or read
collection for the smart healthcare system. In a smart health- the value from the not secure communication medium and
care system, intelligent devices are used to monitor the critical inject the false information to the network.
patient. The smart devices are connected wirelessly or using a 6) Spoofing: In the network layer, the attacker tries to gain
wire. In some applications, devices are accessed remotely as access to smart devices. Once it gains access to the devices,
well. For connectivity purposes, ZigBee, Bluetooth, or WiFi the attacker behaves like a legitimate node in the network. The
is used. Each of these devices is vulnerable to different types false messages are transmitted to the network.

Authorized licensed use limited to: CHONGQING UNIV OF POST AND TELECOM. Downloaded on March 18,2021 at 06:05:20 UTC from IEEE Xplore. Restrictions apply.
 MOHANTA et al.: ADDRESSING SECURITY AND PRIVACY ISSUES OF IoT USING BLOCKCHAIN TECHNOLOGY 883

7) MITM Attack: In the man-in-the-middle (MITM) attack,

the attacker tries to attack the communication medium when
the data are on transit. They watch the data packets running
through the medium and try to draw some pattern or insights
which is very vulnerable to the victim. This type of attack is
two types of active and passive attacks.
Fig. 3. Steps of information gathering in IoT application.
8) Sinkhole Attacks: The sinkhole attack is one of the rout-
ing attacks in IoT applications. As the message is transmitted
through different routes between two nodes, it creates network
15) Policy Enforcement: In IoT application, policy is one
traffic to breakdown the network. The type of attack compro-
of the essential security concerns so that the user can use
mises the node in the network. This attack also reduces the
the smart devices. As per the requirement of the application
performance of the network protocol.
sufficient police must be developed to protect user privacy.
9) DoS Attacks: The denial-of-service attack is a type of
cyber attack in which the attacker utilizes the assents of the
system. It tries to overflow the server with a large sum of B. Privacy Challenges in IoT
traffic. As a result, it will be unable to use the full amount of The basic IoT architecture consists of three layers, physical,
bandwidth and resources, although it does not result in a loss network, and application layers. In the physical layer, numer-
of crucial data that costs a huge loss of the victim. ous IoT smart devices are deployed in an application. These
10) Unauthorized Access: The attackers target the resource devices collect a huge volume of data from the environment.
constraint devices connected to the IoT applications. As most The data collections as shown in Fig. 3 of IoT application are
of the devices are connected using a different gateway. The performed in the following three ways.
attacker tries to capture authorize credential using different 1) Collection: This is the first step where sensors and
attacks. Once the personal credential is obtained, the attacker smart objects collect the raw data and forward it for
accesses the network information. processing.
11) Phishing Attacks: The IoT application has a lot of 2) Aggregation: In this step, collected data are combined
users. Every user has their own identity, they access the to get the information for further processing.
information of the smart devices or control them using the 3) Analytics: In this step, as per the applications, actual
application layer. The attacker tries to important information or meaningful information is extracted from the aggre-
about smart users/smart devices by sending a false message gate data by doing the different analysis through some
or email. techniques.
12) Trust Management: A trust management issue in the While data collection and processing is a critical part of IoT
application layer is a challenging task. As IoT-based appli- application, the privacy issues are raised in these data collec-
cation to monitor and manage the environment in real-time tion steps. For example, IoT enables the hospital system if the
users, shares personal information into the network. During attacker gains information about the patient details, and then it
computation in a decentralized environment, information is creates a set of patients. Similarly, in smart city applications, if
shared and broadcasted to the network. So trust management the user location and travel details leak or are captured by the
issues will arise among the nodes in the network. If any node attacker, then it raises privacy concerns. Privacy preservation
behaves maliciously in the network, it must be identified by techniques are needed to be designed to overcome the privacy
the network. So proper trust management is essential in the issue in the IoT system.
IoT system.
13) Authentication: An IoT application consists of intel-
ligent devices, sensors, actuators, and some smart devices III. C RITICAL W ORK ON I OT S ECURITY AND P RIVACY
to monitor, as well as do the computation. The data or U SING B LOCKCHAIN
information are captured by the smart devices and forwarded In the last decade, the growth of IoT devices and its use
to the next layer for processing and computing. Once the com- cases has been significant. As smart devices are resource con-
putation is done, the corresponding event is triggered by the straint in nature, they are vulnerable to different types of
network node. For secure and efficient computation, actual attacks. In a centralized architecture, a single point of failure
data are required from the sensors. If the sensors or intelli- is one of the primary issues. During data communication and
gent devices get capture by the attacker or an attacker part computing, applications face different security issues in each
of the network, then the system becomes corrupt. For this, layer. So in recent times, the research community has used
each and every device must be registered or authenticate to blockchain as a decentralized technology to address some of
the network. Authentication is one of the important issues in the security and privacy issues. Table I shows some of the work
any IoT application. done by the research community to address the issues, such
14) Malicious Attack: In IoT applications, smart devices as trust management, secure storage, authentication, privacy
are vulnerable to the outside world due to insecure commu- preservation, and access control in detail. From the literature
nication channels and wireless connectivity. An attacker can survey, it was understood that blockchain could be utilized
inject to the malicious code in the device through application to solve some of the security and privacy issues associated
and the device might be compromised. with IoT. In this work, we have tried to address how some

Authorized licensed use limited to: CHONGQING UNIV OF POST AND TELECOM. Downloaded on March 18,2021 at 06:05:20 UTC from IEEE Xplore. Restrictions apply.
 884 IEEE INTERNET OF THINGS JOURNAL, VOL. 8, NO. 2, JANUARY 15, 2021

TABLE I
L ITERATURE W ORK

of the security and privacy can be solved using blockchain Algorithm 1: Calculate Total White Space
technology. An in-depth analysis is given in Section V. Result: Calculate the total white space
WSCalculation(Root)
if RLL then
WSCalculation(RL )
IV. A RCHITECTURE AND F UNCTIONALITY OF WSCalculation(RR )
B LOCKCHAIN end
The blockchain is basically a decentralized, distributed, RD = RLD + RRD
immutable, and shared digital ledger which stores valid trans-
action in a peer-to-peer network. The valid transactions are
stored in a block with timestamp after the mining process Algorithm 2: ECDSA Key Generation
is done by the miner node. Each block stores the previous N1
Result: Kpri : N1  s private key, Kpub
N1
: N1  s public key
block hash value along with others’ attributes shown in Fig. 4.
P = A point of prime order n in E(Fq )
The blockchain uses SHA-256 and ECC for data integrity N1
and authentication. Fig. 5 describes the elliptic curve digi- Kpri = rand() % n − 1 + 1;
N1 N1
tal signature algorithm used in the blockchain system. In a Kpub = Kpri * P;
blockchain network, nodes are connected in mesh-like topol-
ogy. Each node in the network carry two keys: 1) a private key
and 2) a public key. The public key is the unique address used
to encrypt the message by the node in the network. The pri- V. I MPACT OF B LOCKCHAIN FOR I OT
vate key is used to sign the transactions and also to decrypt the Khan and Salah [21] discussed the layerwise security
message received from others’ node. Depending upon the uses, issue, such as low level, intermediate level, and high level.
the blockchain network is divided into public (permissionless) Similarly, paper also addressed the protocol and communi-
and private (permissioned) types. cation challenges in IoT and its solution approach in terms
The key pair of a node N1 is associated with a par- of blockchain. Kumar and Mallick [22] studied the different
ticular set of Elliptic curve domain parameters DP = security aspects of IoT applications and integrated how digital
(q, FR, a, b, G, n, h). E is an elliptic curve defined over Fq , ledger information will be stored securely using blockchain.
and P is a point of prime order n in E(Fq ) and q is a prime. Mohanty et al. [23] proposed an efficient blockchain-based
Each node N1 does the calculation, key generation, and mes- distributed model integrate with the IoT which provides
sage signing with ECDSA. The details of the calculation part security and privacy.
are given in Algorithm 1, key generation in Algorithm 2, Blockchain technology has some consensus algorithms,
message signing in Algorithm 3, and signature verification in which are already described by the researcher. The consensus
Algorithm 4. algorithms are Proof of Work (PoW), Proof of Burn (POB),
For verifying the signature (r, s) of node N1 on the message Proof of Stake (PoS), raft, practical byzantine fault tolerant
M1 , node N2 obtains an authenticated copy of N1 s domain (PBFT), Paxos, etc. Panda et al. [24] described in detail about
N1
parameters DP = (q, FR, a, b, G, n, h) and public key Kpub the distributed consensus algorithms. In the blockchain system,
and do the signature verification using ECDSA. a consensus algorithm is important to maintain transparency

Authorized licensed use limited to: CHONGQING UNIV OF POST AND TELECOM. Downloaded on March 18,2021 at 06:05:20 UTC from IEEE Xplore. Restrictions apply.
 MOHANTA et al.: ADDRESSING SECURITY AND PRIVACY ISSUES OF IoT USING BLOCKCHAIN TECHNOLOGY 885

Fig. 4. Blockchain basic transaction details.

Algorithm 3: Message Signing Using ECDSA

Result: The signature for the message M1 is the pair of
integers (r, s)
Input: Message M1 , domain parameters DP = (q, FR, a,
b, G, n, h)
begin:
k = rand() % n-1 + 1
if r = 0 then
x1 = rand() % q - 1
k*P = x1
y = x1 mod n
r = x1 mod n
Calculate k−1 mod n
s = k−1 H(M1 ) + Kpri
N1
*r
if s = 0 then
go to begin
end if
else
go to begin
end if = 0
Fig. 5. Digital signature apply for user identity.

and make the decision efficient as multiple nodes involved security issues are existing in the IoT system. To make the real
in the decision-making process. In IoT applications, real-time use of the IoT concept, security issue needs to be addressed.
decision and monitoring are done. To ensure the integrity of One of the solution approaches is using the blockchain tech-
the data and to have trust among the nodes, blockchain is nique. As shown in Fig. 6, IoT-enabled application using the
used to authenticate and authorization purpose outside the IoT wireless or wired devices is connected. Initially, all the smart
network. devices connected to the applications need to have authenti-
cation in the outside network that is the blockchain network.
Once devices are registered, they can perform different activ-
A. Solution Approach Using Blockchain ities as per their features locally. Similarly, users are also
IoT consists of smart things capable of sensing and pro- required to authenticate in the blockchain network initially.
cessing in real time. As the devices are resource constraint After that, they can monitor or access the different smart
devices, doing complex computation or applying cryptogra- objects present in the network. Hammi et al. [14] proposed
phy algorithm is not suitable. So the lightweight algorithms are “bubble of trust” for authentication of the IoT devices in the
essential for IoT devices. As explained in Section II, several decentralized network. Similarly, Mohanta et al. [25] proposed

Authorized licensed use limited to: CHONGQING UNIV OF POST AND TELECOM. Downloaded on March 18,2021 at 06:05:20 UTC from IEEE Xplore. Restrictions apply.
 886 IEEE INTERNET OF THINGS JOURNAL, VOL. 8, NO. 2, JANUARY 15, 2021

Algorithm 4: Signature Verification Using ECDSA

Result: Accept or Reject the Signature
if 1 ≤ r ≤ n-1 & 1 ≤ s ≤ n-1 then
w = s−1 mod n
Calculate H (M1 )
u1 = H (M1 )*w mod n
u2 = r*w mod n
u1 * P + u2 * Q = (x0 , y0 )
v = x0 mod n.
if v == r then
accept the signature
else
reject the signature
end if
end if = 0
Fig. 7. Experimental laboratory setup for the smart IoT system.

devices are deployed for information gathering. So to avoid

the system throughput, devices could be made into different
clusters and assign with a high-end system such as fog devices
to process and compute this information. Finally, all fog nodes
communicate with each other by applying some business logic
to come to the final decision. Blockchain has a different type,
such as public, private, permissionless, permissioned depend-
ing on the architecture, and demand of the IoT application
system can be built. Then, using smart contracts and consen-
sus algorithm computation and computing can be done in a
distributed way avoiding the third party. The business logic is
written in terms of smart contracts and deploys in the network,
which will execute independently. The security challenges are
Fig. 6. Proposed blockchain-based solution architecture.
avoided using a digital signature, timestamp, and encryption
technique in the business logic. Table II described the details
about the blockchain solution for some of the security issues
“DecAuth,” a decentralized authentication technique using the in IoT application.
Ethereum platform for IoT devices. The proposed work sug-
gested that only authentication and authorization need to be VI. E XPERIMENTAL S ETUP AND R ESULTS A NALYSIS
done in the blockchain network. The security and privacy issues in IoT, such as nonrepu-
1) Authentication and authorization should not be localized diation, data integrity, data privacy and authorization, secure
and should be kept outside the IoT network. communication, and secure unique identification are addressed
2) Blockchain-based authentication will add trust to the IoT using blockchain technology. For implementation purposes,
applications. the Ethereum open-source platform is used. Initially, a smart
3) The latency issue of blockchain will not impact business home environment is built based on IoT-enabled technology.
as usual (BAU) operation in the IoT network. As shown in Fig. 7, different gas levels (MQ6, MQ9, MQ135,
4) Only new device addition or new user addition would etc.) and temperature DHT22 sensor are connected to the
require blockchain operation. Raspberry Pi device in the room. The Raspberry Pi device is
5) Scaling of the IoT network will be strictly controlled used to collect the data from sensors devices and performed
through blockchain permission. computation in a distributed architecture. The Ethereum plat-
form is installed in a laboratory system. Authentication of the
B. IoT Applications: Blockchain Solution Approach node is performed on the client side, using Ethereum’ web3.js.
Blockchain is not always the first choice in every IoT appli- Each device is assigned with a unique address accessible glob-
cations. The existing centralized database system is suitable for ally. The IoT device identity is controlled by the user’s master
some IoT applications. Before using blockchain technology, account that is used for the management of accounts. The
the designer must see some of the criteria such as a central- authors used Ethereum blockchain connected to an Ethereum
ized/decentralized system, nodes are trusted to each other or wallet account provided by ganache, which is a test Ethereum
not, and the information needs to share among all peers or network provided for development purposes. The decentralized
not. No doubt that in an IoT application, a huge number of Decauth authentication technique [25] is used to authenticate

Authorized licensed use limited to: CHONGQING UNIV OF POST AND TELECOM. Downloaded on March 18,2021 at 06:05:20 UTC from IEEE Xplore. Restrictions apply.
 MOHANTA et al.: ADDRESSING SECURITY AND PRIVACY ISSUES OF IoT USING BLOCKCHAIN TECHNOLOGY 887

TABLE II
P OTENTIAL S OLUTION FOR S OME OF THE S ECURITY I SSUE

all the intermediate devices. Once all the devices are con- DecAuth protocol in the Ethereum platform. Smart contracts
nected to the distributed blockchain network using the hashing are written and deployed in the blockchain network for testing
and cryptographic concept, transaction is made immutable and purposes.
available to all users. In the Ethereum platform, login and reg-
istration pages are created. In the registration page, devices are
registered and assigned with a pair of keys; one is the unique R EFERENCES
address accessible globally. In the login page, the device can [1] I.-C. Lin and T.-C. Liao, “A survey of blockchain security issues and
login using a unique address. Each transaction is broadcast challenges,” Int. J. Netw. Security, vol. 19, no. 5, pp. 653–659, 2017.
[2] M. Frustaci, P. Pace, G. Aloi, and G. Fortino, “Evaluating critical secu-
in the network. The nodes in the network verify using the rity issues of the IoT world: Present and future challenges,” IEEE
previous information stored in the digital ledger or blockchain Internet Things J., vol. 5, no. 4, pp. 2483–2495, Aug. 2018.
database. The three Raspberry Pi devices are used to pro- [3] G. Lize, W. Jingpei, and S. Bin, “Trust management mechanism for
Internet of Things,” China Commun., vol. 11, no. 2, pp. 148–156, 2014.
cess and perform computation in a distributed network. The [4] Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, “A survey on security and
smart contracts are developed for logic as per the applica- privacy issues in Internet-of-Things,” IEEE Internet Things J., vol. 4,
tion requirement. The solidity platform is used to write the no. 5, pp. 1250–1258, Oct. 2017.
code for a smart contract in the Ethereum network. One of [5] M. Ammar, G. Russello, and B. Crispo, “Internet of Things: A survey on
the security of IoT frameworks,” J. Inf. Security Appl., vol. 38, pp. 8–27,
the logic developed for smart home IoT application is to Feb. 2018.
check the threshold value of the collected gas and temperature [6] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, and B. Sikdar, “A
from different sensors. The network node does the verifica- survey on IoT security: Application areas, security threats, and solution
architectures,” IEEE Access, vol. 7, pp. 82721–82743, 2019.
tion and validation, and a smart contract is automatically run [7] K. Jaiswal, S. Sobhanayak, B. K. Mohanta, and D. Jena, “IoT-cloud
in the Ethereum platform. The outcome of the smart contract based framework for patient’s data collection in smart healthcare system
is broadcast in the network using the digital signature and using Raspberry-Pi,” in Proc. IEEE Int. Conf. Elect. Comput. Technol.
Appl. (ICECTA), 2017, pp. 1–4.
encryption. [8] U. Satapathy, B. K. Mohanta, D. Jena, and S. Sobhanayak, “An ECC
based lightweight authentication protocol for mobile phone in smart
home,” in Proc. IEEE 13th Int. Conf. Ind. Inf. Syst. (ICIIS), 2018,
VII. C ONCLUSION pp. 303–308.
IoT techniques are used to implement different applications, [9] S. Biswas, K. Sharif, F. Li, S. Maharjan, S. P. Mohanty, and Y. Wang,
“PoBT: A light weight consensus algorithm for scalable IoT business
such as smart city, smart home, smart transportation system, blockchain,” IEEE Internet Things J., vol. 7, no. 3, pp. 2343–2355,
healthcare system, agriculture field, and supply chain system. Mar. 2020.
The innovation of smart things having wireless connectivity, [10] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “LSB:
A lightweight scalable blockchain for IoT security and anonymity,”
storage space, and some processing power makes us use these J. Parallel Distrib. Comput., vol. 134, pp. 180–197, Dec. 2019.
devices in real time. However, the IoT system having security [11] B. Yu, J. Wright, S. Nepal, L. Zhu, J. Liu, and R. Ranjan,
and privacy issues presents at a different level. This article “Trustchain: Establishing trust in the IoT-based applications ecosys-
tem using Blockchain,” IEEE Cloud Comput., vol. 5, no. 4, pp. 12–23,
addressed the security and privacy issues present in the IoT Jul./Aug. 2018.
system. As blockchain being the distributed network and secu- [12] L. Xie, Y. Ding, H. Yang, and X. Wang, “Blockchain-based secure
rity is maintained. In this study, blockchain is integrated with and trustworthy Internet of Things in SDN-enabled 5G-VANETs,” IEEE
IoT and implemented using the Ethereum platform for test- Access, vol. 7, pp. 56656–56666, 2019.
[13] L. Zhou, L. Wang, Y. Sun, and P. Lv, “Beekeeper: A blockchain-based
ing purposes. Some sensor devices are used to create the IoT IoT system with secure storage and homomorphic computation,” IEEE
smart environment and devices are authenticated using the Access, vol. 6, pp. 43472–43488, 2018.

Authorized licensed use limited to: CHONGQING UNIV OF POST AND TELECOM. Downloaded on March 18,2021 at 06:05:20 UTC from IEEE Xplore. Restrictions apply.
 888 IEEE INTERNET OF THINGS JOURNAL, VOL. 8, NO. 2, JANUARY 15, 2021

[14] M. T. Hammi, B. Hammi, P. Bellot, and A. Serhrouchni, “Bubbles of Somula Ramasubbareddy received the master’s
trust: A decentralized blockchain-based authentication system for IoT,” degree in computer science and engineering from
Comput. Security, vol. 78, pp. 126–142, Sep. 2018. JNTUA University, Anantapur, India, in 2015.
[15] C. Lin, D. He, N. Kumar, X. Huang, P. Vijaykumar, and K.-K. R. Choo, He is currently working as an Assistant Professor
“HomeChain: A blockchain-based secure mutual authentication system with the Department of IT, VNRVJIET, Hyderabad,
for smart homes,” IEEE Internet Things J., vol. 7, no. 2, pp. 818–829, India. His areas of interest are mobile cloud com-
Feb. 2020. puting and big data analytics.
[16] A. Gauhar et al., “xDBAuth: Blockchain based cross domain authentica-
tion and authorization framework for Internet of Things,” IEEE Access,
vol. 8, pp. 58800–58816, 2020.
[17] M. Shen, X. Tang, L. Zhu, X. Du, and M. Guizani, “Privacy-
preserving support vector machine training over blockchain-based
encrypted IoT data in smart cities,” IEEE Internet Things J., vol. 6,
no. 5, pp. 7702–7712, Oct. 2019.
[18] P. Lv, L. Wang, H. Zhu, W. Deng, and L. Gu, “An IoT-oriented privacy-
preserving publish/subscribe model over blockchains,” IEEE Access,
vol. 7, pp. 41309–41314, 2019.
[19] O. Novo, “Blockchain meets IoT: An architecture for scalable access
management in IoT,” IEEE Internet Things J., vol. 5, no. 2,
pp. 1184–1195, Apr. 2018.
[20] S. Ding, J. Cao, C. Li, K. Fan, and H. Li, “A novel attribute-based
access control scheme using blockchain for IoT,” IEEE Access, vol. 7, Mahmoud Daneshmand (Senior Life Member,
pp. 38431–38441, 2019. IEEE) received the B.S. and M.S. degrees in mathe-
[21] M. A. Khan and K. Salah, “IoT security: Review, blockchain solu- matics from the University of Tehran, Tehran, Iran,
tions, and open challenges,” Future Gener. Comput. Syst., vol. 82, and the M.S. and Ph.D. degrees in statistics from the
pp. 395–411, May 2018. University of California at Berkeley, Berkeley, CA,
[22] N. M. Kumar and P. K. Mallick, “Blockchain technology for secu- USA.
rity issues and challenges in IoT,” Procedia Comput. Sci., vol. 132, He is a Co-Founder and a Professor with the
pp. 1815–1823, Jun. 2018. Department of Business Intelligence and Analytics,
[23] S. N. Mohanty et al., “An efficient lightweight integrated blockchain and a Professor with the Department of Computer
(ELIB) model for IoT security and privacy,” Future Gener. Comput. Science, Stevens Institute of Technology, Hoboken,
Syst., vol. 102, pp. 1027–1037, Jan. 2020. NJ, USA. He has over 40 years of industry and
[24] S. S. Panda, B. K. Mohanta, U. Satapathy, D. Jena, D. Gountia, university experience as a Professor, a Researcher, an Assistant Chief
and T. K. Patra, “Study of blockchain based decentralized consensus Scientist, the Executive Director, a Distinguished Member of Technical Staff,
algorithms,” in Proc. IEEE TENCON Region 10 Conf. (TENCON), 2019, a Technology Leader, the Chairman of Department, and the Dean of School
pp. 908–913. with Bell Laboratories, Murray Hill, NY, USA; AT&T Shannon Labs—
[25] B. K. Mohanta, A. Sahoo, S. Patel, S. S. Panda, D. Jena, and Research, Florham Park, NJ, USA; the University of California at Berkeley;
D. Gountia, “DecAuth: Decentralized authentication scheme for IoT the University of Texas at Austin, Austin, TX, USA; the Sharif University
device using Ethereum blockchain,” in Proc. TENCON IEEE Region of Technology, Tehran; the University of Tehran; New York University, New
10 Conf. (TENCON), 2019, pp. 558–563. York, NY, USA; and the Stevens Institute of Technology.

Bhabendu Kumar Mohanta (Member, IEEE)

received the B.Tech. degree in information tech-
nology from VSSUT, Burla, India, in 2007, and
the M.Tech. degree in information technology from
CET, Bhubaneswar, India, in 2012. He is currently
pursuing the Ph.D. degree with the International
Institute of Information Technology Bhubaneswar,
Bhubaneswar.
He has published more than 20 articles which
include international conference and journal. His
research focuses are information security and IoT Amir H. Gandomi (Senior Member, IEEE) received
security and blockchain technology. the Ph.D. degree in engineering from the University
of Akron, Akron, OH, USA.
He was an Assistant Professor with the School of
Business, Stevens Institute of Technology, Hoboken,
NJ, USA, and a Distinguished Research Fellow
Debasish Jena (Member, IEEE) received the with BEACON Center, Michigan State University,
B.Tech. degree in CSE from Gulbarga University, East Lansing, MI, USA. He is a Professor of
Gulbarga, India, in 1991, and the Management data science with the Faculty of Engineering and
degree and the M.Tech degree from Utkal University, Information Technology, University of Technology
Bhubaneswar, India, in 1997 and 2002, respectively, Sydney, Ultimo, NSW, Australia. He has published
and the Ph.D. degree from NIT Rourkela, Rourkela, over 190 journal papers and five books which collectively have been cited
India, in 2010. more than 16 000 times (H-index = 59). His research interests are global
He is currently working as Associate Professor optimization and (big) data mining using machine learning and evolutionary
with IIIT Bhubaneshwar, Bhubaneshwar. In addition computations in particular.
to his responsibility, he was also IT, Consultant to Prof. Gandomi has been named as one of the most influential scientific
Health Society, Government of Orissa for a period minds and the Highly Cited Researchers (top 1%) for three consecutive years
of two years from 2004 to 2006. His research areas of interest are information from 2017 to 2019. He also ranked 18th in GP bibliography among more than
security, cloud security, IoT security and blockchain. 12 000 researchers. He has served as an associate editor, an editor, and the
Dr. Jena professional memberships include IEEE, ACM, ISTE, IACSIT, guest editor for several prestigious journals. He is active in delivering keynote
MIE (I), CSI, and OITS. and invited talks.

Authorized licensed use limited to: CHONGQING UNIV OF POST AND TELECOM. Downloaded on March 18,2021 at 06:05:20 UTC from IEEE Xplore. Restrictions apply.