Sage Journals: Discover world-class research

Abstract

The Internet of Things (IoT) and blockchain technologies characterizing the era of the fourth industrial revolution have enabled smart home networks to support their various systems and services. In a blockchain-based smart-home network environment, all connected IoT devices must be controlled safely and efficiently. Nevertheless, existing block-chain-based smart-home IoT systems pose a delay issue due to the necessary block generation time. In addition, IoT devices installed in smart homes should be able to prevent forgery attacks such as spoofing because they are often directly associated with personal information. In this study, we proposed an enhanced method to control smart home devices safely and efficiently by applying the zero-knowledge proof combined with a blockchain-based IoT system to protect the public keys of home network devices and the communication among them. The proposed model was approximately 10 s faster than the block generation-based model when it communicated three times in rinkeby, which is one of the test networks of Ethereum.

Keywords

Smart home device control spoofing blockchain zero-knowledge proof

Introduction

The Internet of Things (IoT) technology, which is a core technology of the Fourth Industrial Revolution, collects and analyzes data using various devices, such as TVs, refrigerators, computers, and smartphones, through the Internet. Recently, with the development of the IoT technology into an intelligent IoT, it can now be used in all industrial sites, smart factories, smart buildings, and smart homes. In other words, the era of hyper-connectivity in which the IoT technology is based on has been activated. Accordingly, cloud and connected devices that form various IoT devices are being developed.^1,2 In a smart home, various IoT devices are interconnected to communicate with each other. Moreover, a system that provides convenience to users by connecting to a cloud server is gradually emerging.^3–5

IoT technology enables a hyper-connected society, but it can expose the entire home network if security is not properly managed.^6–8 The security vulnerabilities of smart-home network-connected devices can be classified into three categories. First, the initial ID or password is used without any change. Here, the device authentication becomes meaningless if the owner uses the default password. Therefore, it is essential to change the password when setting up an IoT system. Second, the device is connected to an unsecured network. Connecting a device to an open network is vulnerable to attacks by malicious parties that acquire network information, such as sniffing. Third, the data can be transmitted in an unprotected manner. In a smart home, sensor data must be encrypted before being transmitted. Data encryption is normally performed using a public key or a symmetric key, and the integrity of the key must be verified.^9,10 Appliances such as light lamps, smoke alarms, power switches, and baby monitors are becoming popular. Accordingly, issues on privacy and security protection are increasing on an unprecedented scale.^11–13 Security for a home network should prevent attacks caused by the exposure of sensitive information and forging data when transmitting unauthorized access to a device.^14–16

The Mirai botnet attack (see Figure 1) that occurred around October 2016 was a computer virus incident. In this case, the Distribute Denial of Service (DDoS) attack was performed after infecting IoT devices.¹⁷. Due to this attack, 76 website connections, including Twitter, Netflix, and The New York Times, were delayed or paralyzed. After a scrutinized network analysis, it was confirmed that IoT devices were DDoS-infected, and the primary vulnerability came from the fact that those infected IoT devices used default ID and passwords as they were shipped from the factory. Second, in the case of Insecam CCTV hacking, personal CCTV with IP was disclosed through the Russian Insecam site. Approximately 76,000 units were hacked worldwide, and the security problem of exposing the private life through personal equipment being used at home was revealed. As an outcome of identifying major causes, it was confirmed that the CCTV device used the initial password as it was assigned from the factory. Moreover, it appeared to have been accessed by an attacker after scanning the device while network protection was not set up properly. As witnessed with such cases, cyberattacks could occur in various ways in smart homes.^18,19

Figure 1.

Illustrated process of the Mirai malware attack.

In smart homes, special attention is required because the exposure of device information can easily be linked to privacy breaching. In this study, we propose a smart home device management scheme that protects the identification of public keys of devices for improving security through an authentication based on zero-knowledge proof with a smart contract. The proposed authentication scheme protects the public key of the device from being exposed by applying a zero-knowledge proof during the device authentication process.

IoT control scheme in a smart home

As smart home network connections have expanded and become more active, various studies have been conducted to protect network security. Security for a smart home can be addressed by studying secure communication coordinated by servers and hacker-free device communication based on blockchain. The centralized secure device communication structure has the advantage of being fast and intuitive, although the entire network may be exposed to risk if the central server is attacked.^11,12 The blockchain-based distributed ledger method protects data by verifying integrity by sharing a hash block using a peer-to-peer (P2P) technique. This distributed ledger method can have strong security verified by multiple nodes. However, it does not proceed as fast as the server-based method. Having studied IoT and medical data security communication, Hu et al.²⁰ proposed a solution that provides Health Insurance Portability and Accountability Act (HIPAA) personal information security based on a hybrid public key infrastructure solution (HPKI). Enhanced security is provided through contract-based management instead of the existing session-based encryption. This contract controls access to the PHI in the sub-processes of cryptographic authentication, encryption, and non-repudiation. Kim²¹ implemented symmetric key cryptography with IoT devices in a system to store encrypted biometric information in a local database using Raspberry Pi for authentication and evaluated its performance. Bokefode et al.²² resolved the security vulnerability of a cloud storage environment by applying AES and RSA encryption technologies to securely upload data collected from IoT devices to cloud storage. In addition, the system manages the data before it is stored in the cloud and uses personal storage when the Internet connection is lost. Qashlan et al.²³ configured a private environment based on an Ethereum smart contract. In addition, security is improved by configuring only authorized devices to communicate by signing the private key of the device account through the smart contract. However, the part where device communication is based on the signs of the other nodes to control the device is inefficient because it must consider the time needed for block generation of Ethereum. Furthermore, the scalability is limited because the action for the device is stored in the smart contract in advance. Qu et al.²⁴ improved the efficiency of data storage by configuring a hypergraph-based blockchain such that the concept of a hypergraph was applied to the blockchain node. Consequently, the system acquired a security enhancement of 51% from the calculations of DDoS and mining attacks. In addition, each node does not contain all the information, and only a part of the information is stored for protection. In addition, through effective node management based on a hypergraph, it is configured to efficiently share blockchain-based data even with small-memory IoT devices. Ali et al.²⁵ studied IoT network applications based on Hyperledger Fabric, and the efficiency was improved by applying a transaction execution sequence technology that separates the execution and consensus of transactions. In addition, device information was registered in the Hyperledger Fabric to control the device through ID-based d matching. However, it has the advantages of low computational volume and short authentication time, and tt is vulnerable to attacks, such as spoofing, without additional security equipment.

Arif et al.²⁶ analyzed a blockchain-based framework for smart homes. They explored the security problems of the centralized server approach and smart home security framework using the distributed ledger method of the blockchain. A simple smart home framework based on a consortium blockchain was implemented and tested using IoT products sold in the real market. As a result, the adopted blockchain in the smart home network has the limitation of delayed response time needed for data processing while enhancing security advantages. Kouzinopoulos et al.²⁷ conducted a study on blockchain-based IoT security as part of a project to ensure that home IoT environments are safe. The security and privacy issues of interconnected terminal components, such as IoT devices and RFID tags, were analyzed. Based on this analysis, a blockchain that can improve IoT network security was proposed. Singh et al.²⁸ suggested a safe and efficient smart-home network architecture that integrates blockchain and cloud-computing technologies. Data integrity was verified by providing a blockchain-based service and duplicating the data transaction collected through the smart home network and storing it in the blockchain. They assessed the performance level of the proposed architecture using diversified parameters, such as data throughput, and claimed that the blockchain would be an efficient security solution for future IoT networks. Giannoutakis et al.²⁹ proposed a method to improve security by managing the network IP of a smart home based on a smart contract. Smart contracts are used to block malicious IPs and ensure the integrity of IoT devices. The proposed framework is efficiently applicable to smart-home networks. Qashlan et al.³⁰ suggested a framework to protect personal information by applying blockchain technology to a smart-home network. In their study, attribute-based access control was applied to a smart contract and differential privacy was adopted based on the stochastic gradient descent (SGD) algorithm. As a result, they proposed a privacy-preserving mechanism for smart home networks that harness blockchain. Mohanty et al.³¹ developed a lightweight integrated blockchain (ELIB) model suitable for an IoT environment. Data reception and transmission are handled, and the advantage of a centralized manager is utilized by creating a shared key in a smart home network. Compared to the existing method that uses the lightweight consensus algorithm, CC (Certificateless), the energy consumption could be reduced by 50%. In the study of Minoli and Occhiogrosso,³² they paid attention to the security of a comprehensive IoT application using blockchain mechanism (BCM). Their analysis concluded that the distributed ledger sharing method of a blockchain could build a transparent database. Thus, it is crucial for IoT application security. However, it was suggested that several potential threats to security must be considered because BCM is part of IoT application security.

Secure communication technique

Public key encryption

Public-key cryptography has been developed since the 1970s and is a cryptographic method that was created to solve the vulnerability in the key transmission of symmetric-key cryptography. In public-key cryptography, a pair of keys are: (1) a private key that only a specific person has and (2) a public key that anyone can have. Information signed with a private key can be verified with the paired public key, whereas information encrypted with a public key can be decrypted only with the paired private key. That is, the public-key encryption method is also called asymmetric key encryption because the keys used for encryption and decryption are different from each other. Public-key cryptography solves the key transfer problem, but it is slower than symmetric-key cryptography because it performs complex mathematical operations for encryption and decryption. Therefore, a method for transmitting the session key using encryption of the public key and adopting symmetric key encryption based on the session key has been developed.³³

Blockchain

In 2009, blockchain is a security technology proposed by Satoshi Nakamoto to prevent various threats that may occur when trading in virtual currency. It is used in various forms depending on its purpose, but its basic structure is similar.³⁴ One of the characteristics of blockchain is that it has distributed storage. In the existing transaction methods, the central server manages most of the data. Therefore, the server has become a target for attackers to alter or remove the data. Because some recent hacking events have occurred because of central server attacks, it is regarded as a real threat.³⁵ However, in a blockchain, it is difficult to falsify data because several nodes store the same data (hash block). To falsify a blockchain network, hacking is virtually impossible because it requires at least 50% CPU power. In addition, the main feature of the blockchain is that it does not require a central administrator. In the central server system, central institutions or central managers, such as banks and governments, are needed because official certification and registration are required. However, in the blockchain, a separate central administrator is not required because multiple nodes store the hash block through P2P and prove it with the private key of each node, and it is possible to identify itself.

Each public key of the user is involved in creating another user signature, as shown in Figure 2. The signature becomes the integrity data of the transaction that occurred before because each transaction data is involved in the signature creation of another user by using the hash function. This process is continuously performed, and a blockchain is formed as each transaction data becomes a structure that certifies the integrity of the other.

Figure 2.

Typical transaction process of the blockchain.

Smart contract

The term smart contract is related to token creation in Ethereum. Ethereum developers use the term “contract” in the sense of “technical consensus,” in which the computer protocol of automatic execution is realized using the Turing completeness language and executed according to the conditions expressed in the Solidity language. Smart contracts were first proposed in 1994 by a cryptographer and programmer, Nick Szabo.³⁶ The entire process of fulfilment, addition, and completion of the contract is extremely complex and time-consuming because traditional written contracts must all be handled by humans, resulting in inefficiency. To simplify the contracting process, Szabo proposed the concept of a digital contract that is automatically fulfilled when the contract terms are achieved.

However, digital contracts existed only as a theory at the time because there is no intermediary. Thus, trust in the contract cannot be guaranteed because it is easy to forge or falsify. However, in 2009, Bitcoin and blockchain by Satoshi Nakamoto appeared. Thus, an environment in which smart contracts are possible was constructed because multiple participants (intermediaries) shared nodes with the same information (cannot be forged or altered). Based on this, research on smart contracts using solidity is being actively conducted.

Zero knowledge proof technology

Zero-knowledge proof is based on an interactive proof system and a non-interactive proof system, and proves owning the key without exposing the key to the other party.^37,38 A zero-knowledge proof must satisfy the conditions of completeness, soundness, and zero knowledge. Completeness means that if a condition is true, a trusted verifier can convince the fact through a trusted prover, and soundness means that if a condition is false, an untrusted prover can never convince the verifier that the condition is true through falsehood. Zero-knowledge means that, the verifier has no knowledge of any information other than the fact that this condition is true when a condition is true. The Alibaba cave experiment used as an example of a zero-knowledge proof is as follows: The prover first enters the cave, moves to the door lock, and then calls a verifier into the cave. The verifier stands at the crossroads between A and B and instructs it to come out on a specific path. The prover emerges on the path directed by the verifier. Through this process, the prover can prove that it has a key without exposing it to the verifier. Because there is a possibility that the prover came to the right path by chance, this process was repeated to increase the probability.

Zero-knowledge proofs can be divided into interactive and non-interactive methods. In the interactive method,³⁷ authentication is possible only when two devices are online and exchange data in real-time. The non-interactive method can send data even if one of the two devices is not online, and checks the data after a period. The non-interactive method is highly scalable in that it can be used even when it is not online, but has a disadvantage in that the computation process is more complex than the interactive method. In this study, because authentication is required to control and monitor online devices in a smart home, it was constructed based on the Fiat–Shamir³⁹ protocol, which is an interactive method of zero-knowledge proof. The characteristics of the interactive method and non-interactive method are as follows.

The interactive method consists of an interactive prover with infinite computational capability and an interactive verifier with polynomial computational capability. It is an interactive method only when both the completeness and soundness conditions are satisfied. As the first condition, problem X is accepted as the common input information, and if S is the solution to problem X, the prover must prove to the verifier that the solution is S with a certain probability. Second, if problem X is accepted as the common input information, and if S is not the solution to problem X, the random prover satisfies all soundness conditions in which the probability to prove to the verifier that S is the solution to the problem X is less than a certain probability. In the case of condition 1, completeness, if the answer to problem X is S,t the verifier must accept it with overwhelming probability. In the case of condition (soundness) s, if the answer to problem X is not S, the probability of acceptance by the verifier should be negligibly small.⁴⁰

For the zero-knowledge interactive method, the premise that the prover and verifier must always be online is essential. Because this premise is inefficient when communicating with other users, ZKNIP (Zero Knowledge Non-Interactive) which is a non-interactive proof method, was proposed to prove whether the prover and verifier are online. The non-interactive method means that the exchange of messages between the prover and verifier must be minimized. The core of the non-interactive authentication method is that the message must be guaranteed even if the connection is disconnected after the prover sends a message required for verification. Although there is such an advantage, in the case of the non-interactive proof method, there is also a disadvantage that it may take a considerable time to complete verification of the proof because the number of operations increases exponentially. To solve this problem, Snark(zk-SNARKs), the core technology underlying Zcash, is currently maximizing the practicality of the non-interactive method by reducing the size of the proof data of the prover to enable rapid verification.^41,42 However, in the non-interactive method, a higher computational processing capability is still required, depending on the complexity of the communication for transactions between parties.

Blockchain-based smart home device management model

In this study, the proposed model is an enhanced method of controlling smart home devices by applying zero-knowledge proof in a blockchain-activated environment. Previously, blockchain-based smart home device control methods affected the block generation time of blockchains. However, those methods that rely on block generation have limitations in terms of the data transfer rate and amount of data. To address these problems, we proposed a smart contract-based control in a smart home. The public-key hash value of a participating device stored in a smart contract authenticates that the device is registered during a communication session. For a safe data communication instance, a session key is generated based on the authenticated public key. Although a message can be encrypted based on a public key such that it can be used for communication, the encryption performance is limited in a typical IoT environment. Therefore, session-key-based encryption is required. In addition, zero-knowledge proofs prevent any device from attempting public-key authentication, which can lead to an enhanced security structure by allowing authorized devices to access authentication systems.

System configuration

Figure 3 shows the smart home structure proposed in this study. It is assumed that each device and user is connected to the Internet through a router. A cloud server (ec2 on Amazon) allows each device and user to access a smart contract. Ethereum cannot only participate in public blockchain networks but also configure private blockchain networks through Ethereum clients, such as Geth (go-ethereum) and Parity. In this test, all nodes were configured in the Ethereum geth environment. For the device node, rinkeby, one of the test nodes, was used. For the test, before it was conducted, the appropriate ether was stored in each node. Each device was tested using a Raspberry Pi 4. After building the node js environment on the Raspberry Pi 4 board, a light node of the geth was built to access the smart contract. The ether exchange between nodes requires knowledge of the addresses of each other such that the user initially retrieves and stores the address of the device when registering the device. The authentication process for users to control the device was configured based on zero-knowledge proof, and the hash value of each public key was stored in a smart contract for enhanced security. Ethereum configured the development environment using Reimix, a web browser-based integrated development environment, and Metamask, which is a Google Chrome extension, for managing Ethereum wallets.

Figure 3.

Blockchain based data transaction process in a smart home.

Smart contract based data transfer process

We proposed a smart home device management model with improved security, which was based on the need to manage smart home devices using smart contracts. The main algorithm stores the hash value of the public key of each smart home device in a smart contract, encrypts data using the public key to verify the integrity of the key of the device, and authenticates the device based on zero-knowledge proof. The process structure and parameters used in the proposed model are shown in Figure 4 and Table 1.

Figure 4.

UML diagram depicting the device control process with smart contract.

Table 1.

Notations used in the proposed model.

Notation	Description
I_d	The value used for the device’s zero-knowledge proof, which means the mod n value after squaring the device’s secretkey of the device.
I_u	The value used for the user’s zero-knowledge proof, that is, the mod n value after squaring the user’s secret key.
X_i	Value generated through a random variable and used to verify the device through a zero-knowledge proof.
Y_i	Value generated through a random variable and used to verify the user through a zero- knowledge proof.
pk_di	Public key of the home device’s i.
pk_u	Public key of the user.
H()	Hash function (sha-256 algorithm was used).
sk	The secret key is used in the stream cipher.
dsa	Digital signature algorithm.
s_d	The secret key of the device.
n	This refers to the global value for the zero-knowledge proof and is created by multiplying a large prime number.
r	Random value.

Main functions of smart contract

The main function used in this study is to store the hash value of the smart home device public key in the Ethereum smart contract environment and encrypt the message using the public key value of the devices. In addition, a function that supports authenticating devices, contracts, and devices using zero-knowledge proof was utilized. The features of the utilized function are the following:

In the register() function, the user initially registers the authentication information of the smart home device. The user selects a smart home device to use via Bluetooth communication before proceeding with the register() process.

In the approve() function, devices are approved and registered through the register() function. In this process, the hash value of the authentication information of the selected device is stored in the smart contract.

In the getPubHash() mapping function, the hash value used for the zero-knowledge proof and the hash of the device of the public key are mapped. This function allows the device to be authenticated through a zero-knowledge proof with a verified public key by obtaining the hash of the public key through the smart contract.

The getAuthInfo() function obtains device information from the smart contract during the initial communication. This function is restricted such that it can be called only by devices previously registered in the community through register() and approve() functions.

The getPubInfo() function verifies the public key when the device, whose safety has been verified through zero-knowledge proof, proceeds with the public key algorithm. The difference from the getPubHash() function is that it manages the values used in the public-key algorithm.

Device authentication

After the device is authenticated, device registration and removal were performed by the user. First, device registration is performed using the register() function of the smart contract after device authentication. This process is performed after the user selects a smart home device through short-range communication such as Bluetooth. Second, device removal can be performed using the removal() function of the smart contract after device authentication. The device whose authentication information has been removed from the smart contract through the remove() function must store the device information in the smart contract via the register() and approve() functions in the next use. Equations (1)–(5) show the process of storing the authentication information of the smart home device to the smart contract through the register() and approve() functions and authenticating the device with zero-knowledge proof. The device generates a public key pair for registration in the Ethereum blockchain. With the private key, the I value is extracted, which is used for the zero-knowledge proof.

I = S_{d} 2 \mod n

(1)

x_{i} = r_{i} 2 \mod n

(2)

e_{i} = ({e_{i}}_{1} \cdot \cdot \cdot e_{ik})

(3)

Y_{i} = r_{i} s_{i} \mod n

(4)

X_{i} = r_{i} I \mod n

(5)

After extracting the I value using h (1, 2), the register() function of the smart contract is called to deploy pkd_i and H(I). The user requests I and X_i from the device. The device calculates X_i and returns the previously calculated I. Then, the user checks whether the H(I) value is in the participant list using the getAuthInfo() function. If there is a matching value in the participants, as shown in (3), the binary vector used for the zero-knowledge proof is calculated and transferred to the device. The y_i value as shown in (4), transfers it for verification to the user. The user verifies the obtained y_i as shown in (5) and performs the above process t times to verify that the device has the correct key. If the device is authenticated through the above verification process, it becomes a trusted device through a zero-knowledge proof.

Device communication

Communication between devices proceeds when each device becomes a reliable state through a zero-knowledge proof. First, the user transmits I_u to the connected device. H(I_u) is already registered in the smart contract. The device hashes the I_u to verify that the H(I_u) is on the list of trusted participants in the smart contract. In the verified state, the public key hash of the device can be obtained using the getPubHash() function in the smart contract. The connected device receives sk encrypted with its own public key and is signed with the private key of the device. Then, the user checks the integrity of the public key by comparing the decrypted public key to the public key stored in the smart contract via the getPubInfo() function. After the verification is completed, secure communication is performed using the received sk.

Results and discussion

The efficiency and security aspects of our proposed model were analyzed in comparison with other previous research models. Figure 5 shows the relationship between transaction count and response time for blockchain-based IoT communication. The test in this study was simulated in rinkeby selected from various test networks of Ethereum. Although block generation time may vary for each block chain network, it could be tested in Ethereum rinkeby, which is a general network, because the time to retrieve the stored data of a block is faster than the block generation time. Experiments were repeated approximately 30 times, and the average value was calculated to ensure the accuracy of the test results. For the initial device setting of our proposed model, the storing process of the hash value in the contract was additionally required, resulting in the occurrence of the communication that created five blocks in the blockchain.

Figure 5.

Comparison of response time associated with alternative block chain communication methods.

The device calculates the y_i block generation-based model of the blockchain, four blocks were generated during the same communication duration. The results of the test of the proposed model show an improved speed compared to the model based on block generation of the blockchain because it allowed communication between devices based on the data stored in the smart contract. The experiment compared our proposed model, which has five initial settings and communicated three times, with the block generation-based model that had four initial settings and communicated three times. Initially, the model relying on block generation was found to be slightly faster. However, overall, our proposed model showed a faster performance by approximately 10 s. In addition, the proposed model has a higher performance over time because it can communicate between devices.

Our proposed model was also evaluated by comparing its security performance with other previously studied models (see Table 2). Symbol O indicates that the algorithm satisfies the designated requirement well, whereas symbol Δ indicates that it partially satisfies the requirement, X means that the requirement may not be satisfied, and d and n/a indicate that a specific requirement is not applicable to the algorithm.

Table 2.

Security performance comparison of various models.

Scheme	Device integrity	Device authentication	Spoofing attack	Block chain	Public key integrity
Hu²⁰	Δ	O	Δ	X	n/a
Kim²¹	O	O	Δ	X	n/a
Bokefode et al.²²	O	O	Δ	X	Δ
Qashlan et al.²³	O	O	O	O	Δ
Qu et al.²⁴	O	O	O	O	Δ
Ali et al.²⁵	O	O	O	O	Δ
Proposed model	O	O	O	O	O

In Hu et al.,²⁰ proposed a hybrid public key infrastructure solution (HPKI) that complies with the Health Insurance Portability and Accountability Act regulations. Confidentiality and data integrity were ensured by using the public key system to allow patients to control their protected health information (PHI) with an encryption key. Moreover, the authentication part can be resolved because the user receives a card from the smartcard trust center (STC) and uses the service through the medical center server (MCS). However, it may be vulnerable to spoofing attacks because the security for device integrity is weak. Kim²¹ developed an IoT authentication system using Raspberry Pi. They proposed a structure to store and use images in a cloud system using AES-256 encryption. Although this structure is simple, it has the disadvantage that it may also be vulnerable to spoofing attacks because the device authentication aspect is not considered. Bokefode et al.²² developed a method to safely store data in a cloud aligned with an IoT environment using access control and encryption. Safety is secured in terms of device integrity and authentication by implementing RSA and AES-based encryption. However, there is still the possibility of a spoofing attack because the public key is not protected separately and IP management is not preceded by access control.

Qashlan et al.²³ proposed a blockchain-based IoT control method. They used a block chain and Raspberry Pi as an IoT device in a smart home. Device integrity and authentication are guaranteed because IoT device control is processed as a transaction in the blockchain. Although protection against spoofing attacks was possible, there was a problem in that responding speed was limited because the device was controlled based on transaction. Qu et al.²⁴ developed a blockchain model based on a hypergraph to enhance energy efficiency while also strengthening the security of IoT. As in Qu et al.,²⁴ a distributed IoT system was built by controlling the devices with transactions. However, the problem of delayed transaction time owing to increased IoT data has not been completely solved. Ali et al.²⁵ also developed a hyperledger blockchain-based IoT system. In this system, device integrity and device authentication were guaranteed based on the blockchain, and it was able to respond to DDoS well. However, there is still an issue with the response speed because it carried out communication based on block transactions. A comparative analysis was performed in terms of confidentiality, access control, integrity, device authentication, and protection of public keys to demonstrate the security advantages of our proposed model. The security of the proposed model was analyzed in terms of confidentiality, access control, integrity, device authentication, and the protection of the public key.

Confidentiality

The information of the device must be kept confidential because smart home devices contain personal and sensitive information. In this study, the proposed model stores the hash value for zero-knowledge proof in the storage of the blockchain (smart contract). As the hash of the trusted device is guaranteed by the smart contract, this hash value is used to prove the identity of the device when the device authenticates and the attacker cannot authenticate and control the device. In addition, the scheme proposed in this study provides improved security with a session key that is shared through a public key algorithm after authentication with a zero-knowledge proof.

Access control

In a smart home environment, DDoS and privacy attacks are possible. Thus, only authorized devices should be able to access the home network. The proposed model proceeds with double authentication using smart contracts. First, only devices authorized through the device registration process can be authenticated through zero-knowledge verification. Subsequently, only the authenticated device exchanges the session key through the public key algorithm. Thus, unauthorized devices or users cannot access this communication with the smart contract.

Device integrity

In a smart home environment, devices can be transformed into bots because of malicious software or malicious codes, and can damage other servers through home networks with DDoS attacks. To protect against these attacks, zero-knowledge proof and public key signatures were used in this study. For example, the home network cannot be deceived for two reasons if an attacker performs a spoofing attack. First, the attacker cannot obtain the hash of the public key of the trusted device. Second, it is difficult for an attacker to identify a device because e device identification is preceded by a zero-knowledge proof, making it difficult to find an attack target. In addition, even if one device is infected with a malicious code, it is possible to protect the entire network of the smart home because the information of the authorized device is managed in the smart contract. The proposed model provides improved security by using authentication through a proof of zero knowledge when controlling devices.

Device authentication

Accessing unauthorized devices can threaten smart home services. If there is a vulnerability in device authentication, zombie devices perform DDoS attacks using smart home devices. Therefore, in a smart home, the devices must communicate after authentication. The proposed model was authenticated with zero-knowledge proof and the verification of the signature of the private key, making it safe from threats of unauthorized device authentication.

Protection of public key

When authenticating a device, the verification of the integrity of the public key is essential for defending against man-in-the-middle attacks. In this study, the public key was verified during device authentication by storing the hash of the public key registered in secure storage of the smart contract. In addition, because the public key identification on the blockchain can be combined with other information by the attacker, and a secondary attack can proceed, devices are authenticated with zero-knowledge proof to prevent the identification of the public key of the device.

Conclusion

With the advent of the Fourth Industrial Revolution and the development of device network technology, the monitoring and control of various devices is increasing in smart homes. The transferred data may contain personal sensitive information when a device communicates through a smart home network. Therefore, the security in communication emerges as an important issue. Hence, device authentication and authorization are essential for ensuring the security of the entire network of smart homes. The model proposed in this study presented a method for managing smart home devices based on the Ethereum blockchain with zero-knowledge proof security enhancement. The model proposed two major processes. First, authentication was performed by storing the public key hash of trusted devices based on smart contracts. This process guarantees that the value used for authentication in a smart contract when communicating with a device, thereby preventing device information tampering attacks, such as spoofing. Second, the proposed model authenticated the device through a zero-knowledge proof during device communication and then shared the session key with a public-key cryptosystem. Generally, device communication was performed through public-key cryptosystems by sharing public keys, but the exposed public key can make devices vulnerable. The device can be easily identified when the public key of the device was exposed, which can help attackers gather home network information.

Therefore, evading device identification through a zero-knowledge proof improves the security of a smart home. Compared to using only the blockchain technology,^37–39 the model proposed in this study provides enhanced security in device authentication provided that the user selects a device and stores authentication information to a trusted place on the smart contract with zero-knowledge proof. In addition, because smart contracts are used for storing and authenticating information such as a certificate agency (CA), the authentication time is relatively faster than in Zhang et al.,³³ which depends on the block generation time of the blockchain. The proposed model showed a speed improvement of approximately 10 s compared to the model affected by the block generation time of the blockchain, as shown in Figure 5. Although the degree of speed improvement differs depending on the type of blockchain or network, the proposed model could maintain a relatively high response speed between smart home devices because it would not be affected by the block generation time. In this study, we proposed an enhanced device management scheme that provides improved security by authenticating each device using a smart blockchain contract and zero-knowledge proof when authenticating the device in a smart home. In a future study, we plan to study a privacy model based on zero-knowledge proof and develop a model that provides improved access control between devices.

Footnotes

Acknowledgements

The authors would like to pay special thanks to Yesuel Kim for providing reviews and comments on the paper.

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This research(work) was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. 2022R1A2C2010985), and was also financially supported by the Korean Ministry of Land, Infrastructure, and Transport (MOLIT) “Innovative Talent Education Program for Smart City.”

ORCID iD

Junbeom Park

References

Ing

Summers

. Technological design considerations for home-based health care. Meas Control 2015; 48(6): 183–188.

Touqeer

Zaman

Amin

, et al. Smart home security: challenges, issues and solutions at different IoT layers. J Supercomput 2021; 77(12): 14053–14089.

Wang

Yang

. Smart home information: a framework for integration and management. Meas Control 2008; 41(10): 300–304.

Yao

Yang

Xia

. A ZigBee based home automation: system design and implementation. Meas Control 2008; 41(10): 310–314.

Garg

Yadav

Jamloki

, et al. IoT based home automation. J Inf Optim Sci 2020; 41(1): 261–271.

Ren

Leng

, et al. Multiple cloud storage mechanism based on blockchain in smart homes. Future Gener Comput Syst 2021; 115: 304–313.

Zhou

Jia

Peng

, et al. The effect of iot new features on security and privacy: new threats, existing solutions, and challenges yet to be solved. IEEE Internet Things J 2019; 6(2): 1606–1616.

Yassine

Singh

Hossain

, et al. IoT big data analytics for smart homes with fog and cloud computing. Future Gener Comput Syst 2019; 91: 563–573.

Baig

Szewczyk

Valli

, et al. Future challenges for smart cities: cyber-security and digital forensics. Digit Invest 2017; 22: 3–13.

10.

Jiang

Chen

, et al. A survey on the security of blockchain systems. Future Gener Comput Syst 2020; 107: 841–853.

11.

Banerjee

Sameen Chishti

Kumar

. Implementing secure smart home using existing infrastructure. Sistemas y Telemática 2017; 15(43): 9–18.

12.

Wazid

Das

Odelu

, et al. Secure remote user authenticated key establishment protocol for smart home environment. IEEE Trans Dependable Secure Comput 2020; 17(2): 391–406.

13.

Kumar

Braeken

Gurtov

, et al. Anonymous secure framework in connected smart home environments. IEEE Trans Inf Forensics Secur 2017; 12(4): 968–979.

14.

Tian

Luo

Qiu

, et al. A distributed deep learning system for web attack detection on edge devices. IEEE Trans Ind Inform 2020; 16(3): 1963–1971.

15.

Mbarek

Pitner

. Trust-based authentication for smart home systems. Wirel Pers Commun 2021; 117(3): 2157–2172.

16.

Zhang

Gao

, et al. APDP: attack-proof personalized differential privacy model for a smart home. IEEE Access 2019; 7: 166593–166605.

17.

McDermott

Isaacs

Petrovski

. Evaluating awareness and perception of botnet activity within consumer Internet-of-Things (IoT) networks. Informatics 2019; 6(1): 8.

18.

Aydos

Vural

Tekerek

. Assessing risks and threats with layered approach to Internet of Things security. Meas Control 2019; 52(5–6): 338–353.

19.

Senthil Kumar

Prabakaran

. Security and privacy enforced wireless mobile communication using PI-MAKA protocol design. Meas Control 2019; 52(7–8): 788–793.

20.

Chen

Hou

. A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Comput Stand Interfaces 2010; 32(5–6): 274–280.

21.

Kim

. IoT based authentication system implementation on Raspberry Pi. J Korea Ind Inf Syst Res 2017; 22(6): 31–38.

22.

Bokefode

Bhise

Satarkar

, et al. Developing a secure cloud storage system for storing IoT data by applying role based encryption. Procedia Comput Sci 2016; 89: 43–50.

23.

Qashlan

Nanda

. Automated ethereum smart contract for block chain based smart home security. In: Somani

Shekhawat

Mundra

, et al. (eds.) Smart Systems and IoT: Innovations in Computing (SSIC 2019). Singapore: Springer, 2019, pp. 313–326.

24.

Tao

Yuan

. A hypergraph-based blockchain model and application in internet of things-enabled smart homes. Sensors 2018; 18(9): 2784.

25.

Ali

Musa

, et al. Towards secure IoT communication with smart contracts in a blockchain infrastructure. Int J Adv Comput Sci Appl 2018; 9(10): 578–585.

26.

Arif

Khan

Rehman

, et al. Investigating smart home security: is blockchain the answer? IEEE Access 2020; 8: 117802–117816.

27.

Kouzinopoulos

Spathoulas

Giannoutakis

, et al. Using blockchains to strengthen the security of internet of things. In: International ISCIS security workshop, London, 26–27 February 2018, pp. 90–100. Springer.

28.

Singh

Meng

, et al. SH-BlockCC: a secure and efficient Internet of things smart home architecture based on cloud computing and blockchain technology. Int J Distrib Sens Netw 2019; 15(4): 1550147719844159.

29.

Giannoutakis

Spathoulas

Filelis-Papadopoulos

, et al. A blockchain solution for enhancing cybersecurity defence of IoT. In: 2020 IEEE international conference on blockchain (blockchain), Rhodes, Greece, 2–6 November 2020, pp. 490–495. New York, NY: IEEE.

30.

Qashlan

Nanda

, et al. Privacy-preserving mechanism in smart home using blockchain. IEEE Access 2021; 9: 103651–103669.

31.

Mohanty

Ramya

Rani

, et al. An efficient lightweight integrated blockchain (ELIB) model for IoT security and privacy. Future Gener Comput Syst 2020; 102: 1027–1037.

32.

Minoli

Occhiogrosso

. Blockchain mechanisms for IoT security. Internet Things 2018; 1–2: 1–13.

33.

Zhang

Deng

Han

, et al. Secure smart health with privacy-aware aggregate authentication and access control in Internet of Things. J Netw Comput Appl 2018; 123: 89–100.

34.

Nakamoto

. Bitcoin: a peer-to-peer electronic cash system. Decentralized Bus Rev 2008; 21260.

35.

Turkanovic

Druzovec

Holbl

. Inference attacks and control on database structures. Trends Endocrinol Metab 2015; 4(1): 3.

36.

Szabo

. Smart contracts: building blocks for digital markets. Extropy 1996; 16(18): 2.

37.

Goldwasser

Micali

Rackoff

. The knowledge complexity of interactive proof systems. SIAM J Comput 1989; 18(1): 186–208.

38.

Goldreich

. Providing sound foundations for cryptography: on the work of Shafi Goldwasser and Silvio Micali. New York, NY: ACM, 2019, p. 329.

39.

Feige

Fiat

Shamir

. Zero-knowledge proofs of identity. J Cryptol 1988; 1(2): 77–94.

40.

Wang

. A survey of noninteractive zero knowledge proof system and its applications. The Scientific World Journal 2014; 2014: 1–7.

41.

Polic

. Implementing audit ability with non- interactive zero knowledge proofs. Metal Int 2012; 17(11): 106.

42.

Kim

Lee

. Simulation-extractable zk-SNARK with a single verification. IEEE Access 2020; 8: 156569–156581.

Secure device control scheme with blockchain in a smart home

Abstract

Keywords

Introduction

IoT control scheme in a smart home

Secure communication technique

Public key encryption

Blockchain

Smart contract

Zero knowledge proof technology

Blockchain-based smart home device management model

System configuration

Smart contract based data transfer process

Main functions of smart contract

Device authentication

Device communication

Results and discussion

Confidentiality

Access control

Device integrity

Device authentication

Protection of public key

Conclusion

Footnotes

Acknowledgements

Declaration of conflicting interests

Funding

ORCID iD

References