Blockchain Technology for Access and Authorization Management in the Internet of Things

The Internet of Things (IoT) continues to suffer from security issues, even after 20 years of technological evolution and continuing efforts. While the decentralization of the IoT seems to be a solution for improved resource management and scalability, most of the services remain centralized, exposing IoT systems to malicious attacks. As a result, this leads to functionality failures and endangers user and data integrity. Identity and Access Management (IAM) has the ability to provide defense against a great number of security threats. Additionally, blockchain is a technology which can natively support decentralization, as well as access and authorization management techniques, using the corresponding programmable logic and leveraging cryptographic mechanisms for privacy and security. Using standardized frameworks (e.g., Decentralized Identifiers and Verifiable Credentials), a blockchain-based access and authorization solution can present the basis for a uniform decentralized IAM framework for the IoT. To this end, this paper presents a proof-of-concept design and implementation of an IAM solution based on Solidity smart contracts, targeting two areas: firstly, supporting the fact that blockchain can seamlessly provide the basis for a decentralized IAM framework, while secondly (and most importantly) exploring the challenge of integrating within existing IoT systems, avoiding redesigning and redeveloping on behalf of IoT manufacturers.