Toward secure and accountable data transmission in Narrow Band Internet of Things based on blockchain

Abstract

The developments of Narrow Band Internet of Things have attracted much attention from both academia and industry nowadays. While Narrow Band Internet of Things is gradually designed for commercial applications, it also confronts with several security concerns such as identification and privacy. Blockchain technique is equipped with authentication, auditing, and accountability, and thus it can serve as a promising tool for providing secure data communication on the network. To enhance the security level and achieve reliable data authentication and accountability for Narrow Band Internet of Things system, in this article, we combine the merits of blockchain technique and propose a blockchain-based architecture for Narrow Band Internet of Things. The presented architecture consists of three layers which are sensing layer, transport layer, and transaction layer. We describe the interaction processes between each layer in detail and construct the algorithms which are used to conduct data authentication and blockchain generation. By evaluation, our scheme is demonstrated to obtain favorable performances in terms of privacy, authentication, accountability, and efficiency, which makes it an appropriate method to be applied for secure data communication in Narrow Band Internet of Things systems.

Keywords

Narrow Band Internet of Things blockchain security efficiency

Introduction

Narrow Band Internet of Things (NB-IoT) is a new type of IoT which is constructed on cellular networks and can be directly deployed to Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), and Long-term Evolution (LTE).¹ It reduces the cost of deployments, achieves smooth upgrade, supports short-time standby, and provides high connection efficiency among various facilities. Compared to traditional IoT system, the main advantages of NB-IoT can be summarized in four aspects:^2–5

Wide coverage. Compared to traditional GSM networks, the base station (BS) of NB-IoT can provide much wider signal coverage which normally covers a distance of 10 km. Furthermore, the BS of NB-IoT improves the transmission gain by 20 db compared to BSs in traditional LTE or General Packet Radio Service (GPRS) networks. This property makes it possible for NB-IoT networks work normally in some places where signals are hard to reach such as underground garage and underground pipeline.

Massive connections. In NB-IoT system, a BS is capable of providing 100,000 connections at frequency bands of 200 KHz. The massive connections can cover many aspects of human life thus providing a variety of smart services according to users’ demands.

Low consumption. NB-IoT introduces the power-saving technique of extended discontinuous reception (eDRX) for the purpose of reducing the energy consumption of the embedded batteries. This technique allows a node to conduct communication intermittently instead of keeping the status of monitoring thus avoiding the unnecessary activation during data transmission.

Inexpensive cost. NB-IoT supports optimized network architecture with low delay sensitivity and device consumption. It is estimated by industry enterprises that the cost of a single NB-IoT module is below $5 and can be further reduced with the rapid developments of mass production.

Due to above properties, NB-IoT can be applied to many vertical industries such as smart cities, remote meter reading systems, asset tracking, and smart agriculture. The typical application scenarios of NB-IoT are illustrated in Figure 1.

Figure 1.

Typical application scenarios of NB-IoT.

While NB-IoT is gradually making for maturity, it also confronts with several security concerns such as authentication, privacy, and fault tolerance. For instance, NB-IoT system is facing with a variety of data sources, how to ensure the data accountability is an urgent problem to be tackled.

Blockchain is the supporting technology of Bitcoin, which was first proposed by Satoshi in 2008. The unparalleled advantage of blockchain lies in its novel design to construct a decentralized system over distributed networks.⁶ The first application of blockchain technology is cryptocurrencies, where the key property is being able to securely update truth states in a peer-to-peer (P2P) network. Blockchain is a data structure which links different data blocks into a chain in chronological order and achieves unforgeability by utilizing cryptography techniques. The invention of blockchain tackles two major concerns in digital currencies: Byzantine generals’ problem and double spending. Byzantine generals’ problem can be described as how to transfer messages to generals located in distributed areas, without knowing who of them are traitors. Double spending problem arises from digital currencies, which results in same amount of money being spent more than one time. Before the invention of blockchain, the solution to double spending problem is introducing a trusted third party such as bank to record each transaction so that the same amount money can only be spent once.

Blockchain takes the advantages of “proof of work” and some other cryptographic techniques to tackle the above issues.⁷ It establishes trust mechanism between distributed network nodes by utilizing pure mathematical theories and forms a trusted distributed system. The system is fully decentralized and can create transactions and record the detailed information of each transaction at the same time. Furthermore, blockchain adopts a unique incentive mechanism to attract miners to provide their computation resources and complete the billing task. Thus, the whole network will be operating robustly unless more than a half of the nodes break down. Due to these advantages, blockchain technique has been designed to provide data protection in several scenarios such as digital cryptocurrency, cloud computing, logistics management, and IoT.⁸ Blockchain technique can also serve as a promising tool to enhance the security and robustness of NB-IoT system.

To enhance the security level and provide data authentication and accountability in NB-IoT, in this article, we propose a new NB-IoT architecture based on blockchain. The proposed architecture combines the merits of blockchain technique and NB-IoT characteristics, which not only realizes secure data collection but also achieves full-time accountability and auditing. Specifically, the following works are established.

To begin with, we analyze the potential security threats and propose a blockchain-based architecture for NB-IoT. The proposed architecture consists of sensing layer, transport layer, and transaction layer, and the function of each layer is introduced in detail.

Furthermore, we illustrate the interaction processes between each layer and construct the algorithms which are used in authentication as well as blockchain generation. We give the formulized definitions of each algorithm and construct a concrete scheme based on identity-based cryptography, which demonstrates our scheme is equipped with superior scalability and universality.

Finally, we evaluate our scheme in terms of privacy, authentication, accountability, and efficiency. The high security level and low calculation cost prove our scheme is appropriate to be applied for data communication in NB-IoT systems.

Related works

Blockchain-based IoT systems

Many researchers have designed blockchain-aided IoT systems in order to improve the performance of traditional IoT architecture. Rahulamathavan et al. combined the merits of attribute-based encryption (ABE)^9–11 and blockchain to improve the privacy of IoT systems.¹² They also proved that the calculation cost is acceptable on IoT terminal devices. Caro et al.¹³ developed a blockchain-based IoT system for agri-food supply management, which was capable of providing traceability throughout the overall process of logistics. They also conducted their simulation on some IoT devices to highlight the pros and cons of their scheme in terms of time delay, network usage, and so on. Huh et al.¹⁴ pointed out the limitations in current IoT platform and then proposed a new scheme to achieve flexible management on IoT devices. They adopted Ethereum infrastructure to provide key management and smart contract to prevent the attack from malicious users. Aimed to improve the privacy-preserving level in IoT system, Kravitz and Cooper¹⁵ established a concrete cryptographic mechanism based on blockchain. Equipped with confidentially and authentication, their scheme was suitable to be applied for information protection in IoT system. Li¹⁶ introduced the characteristics of IoT and blockchain, and then put forward the solutions to tackle the security concerns in IoT. It also demonstrated how blockchain-based IoT can be applied to several vertical industries such as intelligent traffic system and wisdom tourism. Kataoka et al.¹⁷ designed an architecture which combines the function of software-defined networking (SDN) and blockchain and established trust mechanism on IoT devices. They also evaluated the computation cost of mining blocks, time consumption for the trust delivery, and the difficulty of generating a new block. Bocek et al.¹⁸ applied blockchain-based IoT to medical delivery industry and their scheme was equipped with the function of recording real-time temperature during the whole lifespan during logistic processes. Ellul and Pace¹⁹ first introduced a split-virtual machine named “AlkylVM,” and then implemented this virtual machine in IoT and blockchain systems. Their scheme innovatively established connections between blockchain and those resource-constrained IoT devices. Tapas et al.²⁰ developed an authentication and proxy calculation model for IoT based on blockchain technology and cloud computing. Specifically, their scheme had been simulated on Ethereum platform and the results showed that the proposed scheme reduced the calculation burden on IoT terminals which provides secure access control at the same time. Awasthi et al.²¹ presented a lightweight architecture to achieve blockchain-based IoT security protection. Their experimental results showed that the architecture was decentralized and open which supported anybody to join the validation system and contribute to the blockchain. Ouaddah et al.²² put forward a new method to achieve fine-grained access control over IoT devices based on blockchain technique. They achieved secure authentication by leveraging token-based cryptography. Urien²³ investigated the computation cost of cryptographic algorithms in blockchain and implemented them on real IoT devices. The proposed scheme was equipped with excellent portability and general applicability. Miraz and Ali²⁴ illustrated the typical application of blockchain and demonstrated how blockchain could be utilized to enhance the overall security of blockchain. Danzi et al.²⁵ studied the synchronization mechanism in IoT and analyzed the traffic between blockchain network and the IoT devices. Their research indicated that the uplink traffic of blockchain protocols required the allocation of considerable downlink resources. Odiete et al.²⁶ innovatively developed a decentralized platform which leveraged blockchain technology to achieve efficient data retrieval in IoT.

Security concerns in NB-IoT

The security requirements of NB-IoT resemble the security demands of traditional IoT; however, differences still remain with respect to sensing layer, transport layer, and transaction layer.

Sensing layer

Sensing layer lies on the bottom of NB-IoT system and provides services for the upper layers in the architecture. The main security threats in sensing layer arise from both active attack and passive attack. In passive attack, attackers do not make any manipulation of the original information, but only eavesdrop and analyze these messages. Since the transmission media of NB-IoT relies on open wireless networks, attackers can acquire the terminal information of NB-IoT nodes by eavesdropping data link and conduct follow-up invasions. Unlike passive attack, active attack includes integrity destruction, forgery, and data tempering and the damage brought by active attack is far greater than passive attack in NB-IoT. For example, in the typical NB-IoT application scenario “intelligent electric meter,” if an attacker captures a terminal electric meter, then he can forge any indicator of the node and the benefit of user will be harmed.

The above attack method can be prevented by some cryptographic techniques such as data encryption and integrity verification. Theoretically, the maximum battery life of a NB-IoT node is 10 years and the throughput of sensing module remains at a low rate. Consequently, cryptographic algorithms with low calculation cost such as block cipher should be deployed in the sensing layer due to the constrained computation resources.

Unlink traditional IoT, the network structure of NB-IoT is clear and explicit. The nodes in sensing layer can communicate with BS directly thus avoiding the potential threat during the process of network construction. Furthermore, the identification between NB-IoT nodes and BS should be bidirectional to prevent the security threats brought by supposititious BS.

Transport layer

Transport layer in NB-IoT serves as a repeater which is responsible for gathering and transmitting information from sensing layer to upper layer. The main security threats in this layer come from the massive accesses from NB-IoT terminal nodes and the open network environment. Normally, a NB-IoT sector can support approximately 100,000 access requests from terminal nodes; thus, how to manage these massive and real-time requests, especially deploying efficient access control management and identification thereby avoiding malicious nodes’ illegal injection, is an urgent issue.

Furthermore, the communication of transport layer totally relies on wireless channel, which has inherent characteristics such as vulnerability and instability. Attackers can send interfering signal to influence the normal communication between nodes and BS. Moreover, since the amount of NB-IoT nodes in a sector is very large, attackers can conduct distributed denial-of-service (DDoS) attack thereby affecting the total performance of communication networks.

To eliminate the above security concerns, several security policies such as end-to-end authentication, key exchange protocols should be established in order to provide confidentiality and integrity for legal messages to be transferred. At present, there are several generic protocols in computer networks such as Secure Sockets Layer (SSL) and Authentication and Key Agreement (AKA); however, how to optimize these protocols so as to deploy them to computation resource-constrained scenarios is a problem to be solved. However, it is essential to introduce intrusion detect mechanism to prevent the illegal accesses from malicious NB-IoT nodes.

Transaction layer

The core target of transaction layer is to store, analyze, and manage the massive data transferred from sublayer and lend support for those data originated applications. Compared to traditional IoT architecture, the volume of data in transaction layer in NB-IoT will increase sharply and thus the main security concerns arise from the following aspects:

Recognition and management on the massive and heterogeneous data. Since the transaction layer contains various applications, data gathered in this layer are massive and heterogeneous. Consequently, how to use the inherent computation capacity to recognize and manage these data is the primary goal of transaction layer. More importantly, it is essential to conduct real-time disaster recovery, back up, and fault-tolerance mechanism on these data so as to maintain the NB-IoT-based applications in some desperate situations.

Data integrity and authentication. Since the data stored in transaction layer are transferred from sensing layer and transport layer, the integrity will be broken if any fault occurs during the process of data collection and transmission. Besides, any illegal operation on these data may also cause the deficiency of integrity. The key to solve this problem is to establish high-efficient data integrity verification and synchronization mechanism while assisting with other security measures such as data de-duplication, data self-destruction, and data auditing thereby providing full security protection during data transmission and storage.

Data access control management. Applications based on NB-IoT usually involve a lot of users, and different groups of users have different access privileges. It is required that each user has his unique access policy according to the privileges he or she owns. Existing access policy mechanism mainly consists of role-based access control and attribute-based access control. For different application scenarios, different access method should be made to guarantee legal data sharing between users and devices.

Architecture and algorithms

The proposed architecture

The architecture of our scheme is illustrated in Figure 2. The core of our architecture is to realize private preserving data transmission along with accountable data provenance by combing the merits of NB-IoT and blockchain. It has three layers: sensing layer, transport layer, and transaction layer. The sensing layer contains NB-IoT nodes. In our model, we assume that the data collected by NB-IoT nodes are confidential and kept as ciphertexts during transmission. In the transport layer, we assume that each BS has its own public key and private key.

Figure 2.

Architecture of blockchain-based NB-IoT systems.

Algorithms

Before presenting our algorithms, some notations are defined in Table 1.

Table 1.

Notations and meanings.

Notation	Meaning
$UID$	Unique identifier
$K$	Symmetric key
$PK$	Public key
$SK$	Private key
$CT$	Ciphertext
$M$	Plaintext
$H ()$	Hash function
$E ()$	Encryption algorithm
$D ()$	Decryption algorithm
$V$	Signature
$S ()$	Signature algorithm
$V ()$	Verification algorithm

Registration

In this phase, a global unique identifier $UID$ and a symmetric key $K$ are embedded into each NB-IoT node. Note that $K$ is used for data privacy protection during transmission and shared by a NB-IoT node and its attributive applications. Besides, a NB-IoT node also generates a pair of public key $PK$ and private key $SK$ . $PK$ is associated with its unique identifier and open to public, while the $SK$ is kept secretly.

Authentication

When a NB-IoT node enters a location covered by a BS at the first time, it generates a signature $V$ by leveraging the private key it owns and sends it to the BS. The BS records the $UID$ of the NB-IoT node and returns a signature $V$ generated itself. Furthermore, to reduce the computation complexity of authentication as well as provide confidentially in future communication, BS picks a symmetric secret key x and transfers it to NB-IoT node after encryption over its public key. The NB-IoT node verifies whether it is a valid BS

\begin{matrix} V_{NB - IoT} = S_{SK, NB - IoT} (UI D_{NB - IoT}) \\ V (V_{NB - IoT}, P K_{NB - IoT}) \to Valid \end{matrix}

(1)

V_{BS} = S_{SK, BS} (UI D_{BS})

(2)

X = E_{PK, NB - IoT} (x)

(3)

Transmission

When the authentication is successful, the NB-IoT nodes can transfer data to the BS. Note that in some scenarios, the data to be transmitted is sensitive so that it should be encrypted by the symmetric key $K$ before transmission. Furthermore, a nonce is embedded into the message to prevent the potential replay attack from malicious attackers. Finally, all the above messages are encrypted by the symmetric secret key x shared by NB-IoT node and BS

\begin{matrix} V (V_{BS}, P K_{BS}) \to Valid \\ x = D_{SK, nb - IoT} (X) \\ CT' = E_{x} (E_{K} (M) | | Nonce) \end{matrix}

(4)

Foundation block generation

Since NB-IoT nodes will enter the area of different BSs, the data transmission from node to BS is continuous like flows. When the first time of data transmission from a NB-IoT node is confirmed by a BS, it will generate the foundation block for this data flow. The structure of the block is illustrated in Table 2, and all the elements will be calculated after conducting decryption in equation (5)

CT' = D_{x} (CT)

(5)

Table 2.

Block structure of NB-IoT.

UID	Height
BS ID	Block size
Timestamp	Nonce
Previous Hash	Hash
Message

Blockchain generation

After the foundation block generation is completed, the BS will keep generating new blocks to record the data transmission information from the NB-IoT node. The process is illustrated in Figure 3 and described as follows:

If the NB-IoT node is still in the area covered by the same BS, the process of block generation resembles the steps in foundation block generation.

If the NB-IoT node moves into the area covered by a new BS, then the two BS need to negotiate before data transmission.

First, the authentication between NB-IoT node and BS is conducted as described in equations (1) and (2)

V_{NB - IoT} = S_{SK, NB - IoT} (UI D_{NB - IoT})

(6)

Then, the new BS checks the blockchain of the NB-IoT node and confirms the BS ID of the previous BS recorded in the latest block; without loss of generality, denote BS1 and BS2 to be the former BS and new station, respectively. As long as BS2 confirms that the latest block was generated by BS1, BS2 calculates as follows

\begin{matrix} V_{BS 2} = S_{SK, BS 2} (UI D_{BS}) \\ X = E_{PK, BS 2} (x) \end{matrix}

(7)

Figure 3.

Blockchain generation process.

BS2 sends $V_{BS 2}$ to NB-IoT node. If $V_{BS 2}$ can be verified correctly, then NB-IoT node can conduct data communication with the new base station BS2 using the previous symmetric secret key x and the generation of new blocks resembles the steps in foundation block generation.

Data acquisition

When the application wants to acquire some data from the transport layer, it can conduct data retrieval over the blockchain and obtain the necessary information. Then, it simply recovers the ciphertexts to plaintexts utilizing the symmetric private key $K$ distributed previously. The decryption algorithm is described in equation (8)

M = D_{K} (CT')

(8)

Implement

In this section, we will implement our scheme in identity-based cryptography and construct the concrete algorithms defined in the previous section.

Registration

Let $G_{1}$ and $G_{2}$ be two cyclic groups of prime order $p$ , while g is the generator of $G_{1}$ . Let $\hat{e} : G_{1} \times G_{1} \to G_{2}$ be a bilinear paring. Defines two hash functions: $H_{1} : {0, 1}^{*} \to G_{1}$ and $H_{2} : {0, 1}^{*} \to Z_{p}^{*}$ . Defines a pair of symmetric encryption and decryption algorithm $E (), D ()$ . Assigns a $UI D_{NB - IoT}$ along with a secret number $K$ for each NB-IoT and $UI D_{BS}$ for each BS in the system. Picks a secret number $y \in Z_{p}^{*}$ and calculate $g^{y}$ .

The system public parameters are { $G_{1}, G_{2}, \hat{e}, p, g, H_{1}, g^{y}, UI D_{NB - IoT}, UI D_{BS}$ } and $y$ is kept privately. Note that we have the following preliminaries for bilinear pairings.²⁷

Let $G_{1}$ and $G_{2}$ be two cyclic groups of prime order $q$ . Let g be the generator of $G_{1}$ . A bilinear pairing $\hat{e} : G_{1} \times G_{1} \to G_{2}$ , and $G_{2}$ satisfies the following properties.

Bilinearity

For $a, b \in Z_{q}$ , we have $\hat{e} (g^{a}, g^{b}) = \hat{e} (g, g)^{ab}$ .

Non-degeneracy

There exists $P, Q \in G_{1}$ such that $\hat{e} (g, g) \neq 1$ .

Computability

There is an efficient algorithm to compute $\hat{e} (u, v)$ for any $u, v \in G_{1}$ .

The asymmetric key pair of NB-IoT node ${P K_{N B - I o T}, S K_{N B - I o T}}$ can be denoted by ${H_{1} (UI D_{NB - IoT})$ ${H_{1} {(U I D_{N B - I o T})}^{y}}$ and the asymmetric key pair of BS { $P K_{BS}, S K_{BS}$ } can be denoted by ${H_{1} (UI D_{BS}),$ $H_{1} (UI D_{BS})^{y}}$ , respectively.

Authentication

When a NB-IoT node enters a location covered by a BS at the first time, it generates a signature $V$ by leveraging the private key it owns and sends it to the BS. It first picks a random number $v \in Z_{p}^{*}$ and calculates as follows

\begin{matrix} V_{0} = H_{2} (UI D_{NB - IoT}) \\ V_{1} = H_{1} {(UI D_{NB - IoT})}^{y (v + V_{0})} \\ V_{2} = g^{yv} \end{matrix}

(9)

The signature can be denoted by $V = {V_{0}, V_{1}, V_{2}}$ . It is a valid signature if the following equation holds

\hat{e} (V_{1}, g) = \hat{e} (H_{1} (UI D_{NB - IoT}), V_{2} \cdot g^{y V_{0}})

(10)

Obviously, it is valid signature since

\begin{array}{l} \hat{e} (V_{1}, g) = \hat{e} (H_{1} {(U I D_{N B - I o T})}^{y (v + V_{0})}, g) \\ = \hat{e} (H_{1} {(U I D_{N B - I o T})}^{y v}, g) \cdot \hat{e} (H_{1} {(U I D_{N B - I o T})}^{y V_{0}}, g) \\ = \hat{e} (H_{1} (U I D_{N B - I o T}), g^{y v}) \cdot \hat{e} (H_{1} (U I D_{N B - I o T}), g^{y V_{0}}) \\ = \hat{e} (H_{1} (U I D_{N B - I o T}), V_{2}) \cdot \hat{e} (H_{1} (U I D_{N B - I o T}), g^{y V_{0}}) \\ = \hat{e} (H_{1} (U I D_{N B - I o T}), V_{2} \cdot g^{y V_{0}}) \end{array}

(11)

The BS records the $UID$ of the NB-IoT node and returns a signature $V$ generated itself. The generation process is the same as described in equation (9). When the identities of two parties of communication have been confirmed, the BS picks a symmetric secret key $x$ and transfers it to NB-IoT node after encryption over its public key. The encryption process is as follows.

Randomly picks $r \in Z_{p}^{*}$ and calculates

\begin{matrix} C_{0} = x \cdot \hat{e} {(H_{1} (UI D_{NB - IoT}), g)}^{ry} \\ C_{1} = g^{r} \end{matrix}

(12)

The ciphertext can by denoted by $X = {C_{0}, C_{1}}$ . The symmetric key can be recovered by calculating

x = \frac{C_{0}}{\hat{e} (C_{1}, S K_{NB - IoT})}

(13)

Obviously, the decryption is valid since

\begin{matrix} \frac{C_{0}}{\hat{e} (C_{1}, S K_{NB - IoT})} \\ = \frac{x \cdot \hat{e} {(H_{1} (UI D_{NB - IoT}), g)}^{ry}}{\hat{e} (g^{r},, H_{1} {(UI D_{NB - IoT})}^{y})} \\ = x \end{matrix}

(14)

Transmission

When the process of key negotiation is completed, the data transmission shall be conducted. For message or message For message $M$ , the NB-IoT calculates as follows

CT = E_{x} (E_{K} (M) | | Nonce)

(15)

Foundation block generation

The BS after decrypting the elements in Table 2 can be calculated, respectively, and the foundation block will be generated as shown in Table 3

CT' = D_{x} (CT)

(16)

Table 3.

Foundation block.

UID	Height: 0
BS ID	Block size
Timestamp	$Nonce$
Previous Hash: Null	Hash: $H_{2} (M)$
Message: $M$

Blockchain generation

Without loss of generality, denote BS1 and BS2 to be the former BS and new station, respectively. The authentication between NB-IoT node and BS2 is conducted as described in equation (9)

\begin{matrix} V_{0} = H_{2} (UI D_{BS 2}) \\ V_{1} = H_{1} {(UI D_{BS 2})}^{y (v + V_{0})} \\ V_{2} = g^{yv} \end{matrix}

(17)

Then, BS2 checks the blockchain of the NB-IoT node and confirms the BS1 is the previous BS that generates the blockchain, and the BS2 sends its signature to BS1. The verification process follows the same step described in equations (9) and (10). As long as BS1 confirms the identity of BS2, BS1 calculates as follows

\begin{matrix} C_{0} = x \cdot \hat{e} {(H_{1} (UI D_{BS 2}), g)}^{ry} \\ C_{1} = g^{r} \end{matrix}

(18)

BS2 sends $V_{BS 2}$ to NB-IoT node. If $V_{BS 2}$ can be verified correctly, then NB-IoT node can conduct data communication with the new base station BS2 using the previous symmetric secret key x described in equation (7) and the generation of new blocks resembles the steps in foundation block generation.

Data acquisition

Since we have defined the symmetric encryption algorithm, the user only needs to conduct a simple decryption to recover the plaintext from $CT'$ as equation (8) describes.

Discussions

Data privacy

In some privacy-preserving scenarios such as personal health record (PHR) and military management system, data are very sensitive and should be confidential during transmission process. Furthermore, the BS is usually considered to be semi-trusted, which means it will follow users’ instructions to implement the previous defined algorithms, but may also collude with some malicious attackers to try to capture some valuable information from the data to be transferred.

In our scheme, the original message is encrypted double times before sending and is always transferred as ciphertexts during transmission. First, data are encrypted by a primary symmetric key shared only by the NB-IoT node and its applications so that even the BS cannot obtain any sensitive information about the plaintext. What’s more, the secondary symmetric key is used to provide confidentiality in the wireless communication channels to prevent the illegal access from malicious nodes.

Data authentication and accountability

Our scheme achieves data authentication and accountability by adopting public key mechanism and blockchain technique. At the first stage, the identity authentication is based on public key cryptography and is bidirectional so that malicious NB-IoT nodes and fake BSs are not capable of conducting data communications with legal devices. Besides, the blockchain will record the information and conditions of each NB-IoT node during its whole lifetime, and data accountability can be realized when data exception happens. Take the typical application scenario “smart logistics” for instance, considering the fact that logistics may contain some precious belongings such as emergency medicine and jewelries, it is of great significance to monitor the real-time status (temperature, pressure, humidity, etc.) of these logits. In our model, the data of these status will be recorded in the blockchain and can be traced during the whole process of logistics management. When data exception (such as temperature and pressure exceeding the critical value) occurs, the user can exactly pinpoint the time and location of these events by reading the message and timestamp in the blockchain, thus paving way for future auditing and accountability.

Efficiency analysis

Unlike traditional blockchain-based applications such as Bitcoin, the computation resource in NB-IoT is limited and it is important to reduce the calculation consumption to extend the lifespan of the terminal nodes. In our scheme, we achieve this target by introducing a new authentication mechanism between BS and NB-IoT nodes. It is reported that calculation based on asymmetric cryptography will occupy more computation consumption than that of symmetric cryptography, and consequently, we improve the efficiency of algorithms by eliminating the amount of asymmetric key operations to a large extent. During the process of authentication, the NB-IoT node only needs to do three times of asymmetric key operations at the beginning of entering the area covered by a BS. Afterwards, a symmetric key $x$ is shared by two parties of the communication to protect confidentiality and identification instead of conducting asymmetric key calculations. Moreover, the symmetric key is valid throughout the whole process of blockchain generation, when the NB-IoT node enters the area covered by a new BS, the two associated stations will carry through the secret key transmission and the node does not need to conduct key negotiation with the new BS, hence the efficiency of authentication is greatly improved.

Conclusion

To enhance the security level and achieve reliable data authentication and accountability for NB-IoT system, in this article, we first put forward a blockchain-based architecture for NB-IoT and introduce the function of each layer in detail, and then we describe the interaction processes between each layer and give the formulized definitions of our algorithms. Finally, we evaluate our scheme from the prospective of privacy, authentication, accountability, and efficiency. The high security level and low calculation cost demonstrate our scheme is appropriate to be applied for data communication in NB-IoT systems.

Footnotes

Handling Editor: Ximeng Liu

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This research was supported by the National Natural Science Foundation of China (nos 61672299 and 61802200) and the Natural Science Foundation of Jiangsu Province (no. BK20180745).

ORCID iD

Hanshu Hong

References

Ratasuk

Vejlgaard

Mangalvedhe

et al . NB-IoT system for M2M communication. In: Proceedings of the IEEE wireless communications and networking conference workshops (WCNCW), Doha, Qatar, 3–6 April 2016, pp.428–432. New York: IEEE.

Kim

Cho

et al . Analysis of LTE and NB-IoT coexistence. In: Proceedings of the international conference on information and communication technology convergence (ICTC), Jeju, South Korea, 18–20 October 2017, pp.870–872. New York: IEEE.

Mangalvedhe

Ratasuk

Ghosh

. NB-IoT deployment study for low power wide area cellular IoT. In: Proceedings of the 27th annual international symposium on personal, indoor, and mobile radio communications (PIMRC), Valencia, 4–8 September 2016, pp.1–6. New York: IEEE.

Chang

YCP

Chen

Wang

T-J

. Fog computing node system software architecture and potential applications for NB-IoT industry. In: Proceedings of the international computer symposium (ICS), Chiayi, Taiwan, 15–17 December 2016, pp.727–730. New York: IEEE.

Shin

. Structure of NB-IoT NodeB system. In: Proceedings of the international conference on information and communication technology convergence (ICTC), Jeju, South Korea, 18–20 October 2017, pp.1269–1271. New York: IEEE.

Henry

Herzberg

Kate

. Blockchain access privacy: challenges and directions. IEEE Secur Priv 2018; 16(4): 38–45.

Ehmke

Wessling

Friedrich

. Proof-of-property—a lightweight and scalable blockchain protocol. In: Proceedings of the IEEE/ACM 1st international workshop on emerging trends in software engineering for blockchain (WETSEB), Gothenburg, 27 May–3 June 2018, pp.48–51. New York: IEEE.

Kshetri

. Can blockchain strengthen the Internet of Things? IT Prof 2017; 19(4): 68–72.

Hong

Sun

Xia

. Achieving secure and fine-grained data authentication in cloud computing using attribute based proxy signature. In: Proceedings of the 4th international conference on information science and control engineering (ICISCE), Changsha, China, 21–23 July 2017, pp.130–134. New York: IEEE.

10.

Hong

Sun

. Towards secure data sharing in cloud computing using attribute based proxy re-encryption with keyword search. In: Proceedings of the IEEE 2nd international conference on cloud computing and big data analysis (ICCCBDA), Chengdu, China, 28–30 April 2017, pp.218–223. New York: IEEE.

11.

Hong

Sun

. Sharing your privileges securely: a key-insulated attribute based proxy re-encryption scheme for IoT. World Wide Web 2018; 21(3): 595–607.

12.

Rahulamathavan

Phan

RC-W

Rajarajan

et al . Privacy-preserving blockchain based IoT ecosystem using attribute-based encryption. In: Proceedings of the international conference on advanced networks and telecommunications systems (ANTS), Bhubaneswar, India, 17–20 December 2017, pp.1–6. New York: IEEE.

13.

Caro

Ali

Vecchio

et al . Blockchain-based traceability in agri-food supply chain management: a practical implementation. In: Proceedings of the IoT vertical and topical summit on agriculture—Tuscany (IOT Tuscany), Tuscany, 8–9 May 2018, pp.1–4. New York: IEEE.

14.

Huh

Cho

Kim

. Managing IoT devices using blockchain platform. In: Proceedings of the 19th international conference on advanced communication technology (ICACT), Bongpyeong, South Korea, 19–22 February 2017, pp.464. New York: IEEE.

15.

Kravitz

Cooper

. Securing user identity and transactions symbiotically: IoT meets blockchain. In: Proceedings of the global Internet of Things summit (GIoTS), Geneva, 6–9 June 2017, pp.1–6. New York: IEEE.

16.

. Application of blockchain technology in smart city infrastructure. In: Proceedings of the international conference on smart Internet of Things (SmartIoT), Xi’an, China, 17–19 August 2018, pp.276–382. New York: IEEE.

17.

Kataoka

Gangwar

Podili

. Trust list: Internet-wide and distributed IoT traffic management using blockchain and SDN. In: Proceedings of the 4th world forum on Internet of Things (WF-IoT), Singapore, 5–8 February 2018, pp.296–301. New York: IEEE.

18.

Bocek

Rodrigues

Strasser

et al . Blockchains everywhere—a use-case of blockchains in the pharma supply-chain. In: Proceedings of the 2017 IFIP/IEEE symposium on integrated network and service management (IM), Lisbon, 8–12 May 2017, pp.772–777. New York: IEEE.

19.

Ellul

Pace

. AlkylVM: a virtual machine for smart contract blockchain connected Internet of Things. In: Proceedings of the 9th IFIP international conference on new technologies, mobility and security (NTMS), Paris, 26–28 February 2018, pp.1–4. New York: IEEE.

20.

Tapas

Merlino

Longo

. Blockchain-based IoT-cloud authorization and delegation. In: Proceedings of the 9th international conference on smart computing (SMARTCOMP), Taormina, 18–20 June 2018, pp.411–416. New York: IEEE.

21.

Awasthi

Johri

Khatri

. IoT based security model to enhance blockchain technology. In: Proceedings of the international conference on advances in computing and communication engineering, Paris, 22–23 June 2018, pp.133–137. New York: IEEE.

22.

Ouaddah

Elkalam

Ouahman

. Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In: Á

Rocha

Serrhini

Felgueiras

(eds) Europe and MENA Cooperation advances in information and communication technologies (Advances in Intelligent Systems and Computing, vol. 520). Cham: Springer, pp.523–533.

23.

Urien

. Towards secure elements for trusted transactions in blockchain and blockchain IoT (BIoT) platforms. In: Proceedings of the 2018 fourth international conference on mobile and secure services (MobiSecServ), Miami Beach, FL, 24–25 February 2018. New York: IEEE.

24.

Miraz

Ali

. Blockchain enabled enhanced IoT ecosystem security. In: Proceedings of the international conference on advances in computing and communication engineering, Paris, 22–23 June 2018, pp.133–137. New York: IEEE.

25.

Danzi

Kalør

Stefanović

et al . Analysis of the communication traffic for blockchain synchronization of IoT devices. In: Proceedings of the IEEE international conference on communications (ICC), Kansas City, MO, 20–24 May 2018, pp.1–7. New York: IEEE.

26.

Odiete

Lomotey

Deters

. Using blockchain to support data and service management in IoV/IoT. In: Peng

Wang

Balas

et al . (eds) Security with intelligent computing and big-data services. SICBS 2017 (Advances in Intelligent Systems and Computing, vol. 733). Cham: Springer, pp.344–362.

27.

Hong Sun

. Achieving secure data access control and efficient key updating in mobile multimedia sensor networks. Multimed Tools Appl 2018; 77(4): 4477–4490.