Publicação

Decentralised and Scalable Security for Internet of Things Devices via Blockchain Applied Security

Ver documento

Detalhes bibliográficos
Resumo:The rapidly expanding Internet of Things (IoT) ecosystem faces critical security challenges in device identity management and authentication. With exponential growth in the deployment of IoT devices, attack surfaces expand dramatically, requiring scalable security solutions. Traditional mechanisms relying on centralised architectures create single points of failure and struggle to scale effectively.The contributions in this thesis use services supported by blockchain technology to address these challenges. Blockchain is an interdisciplinary technology built upon cryptography, distributed systems, and computer networks. It creates a trustworthy and secure environment that allows trusted interactions among participants. This thesis presents five interconnected contributions that progressively build upon one another. It begins by introducing a blockchain-based device identity management system that leverages decentralisation, immutability, and transparency to create a secure device registry enabling peer-to-peer authentication between IoT devices. This foundational layer eliminates reliance on centralised authorities while providing tamper-resistant identity verification. Building upon this foundation, the thesis then presents a consensus-based device authentication mechanism for IoT deployments. It then provides an enhanced Group Domain of Interpretation (GDOI) authentication mechanism with device integrity protection. A case of GDOI use in smart grids, where the protocol inherits the security properties of the underlying device identity and authentication layers. Furthermore, the thesis presents an inter-ledger authorisation scheme that enables secure cross-domain operations. It builds upon established device authentication management to enable delegated authorisation, benefiting multi-cloud applications. It then presents a blockchain-based trusted auditing mechanism for distributed software development. It leverages a device identity registry for participant verification and the authentication mechanism for secure access control, providing trust management and traceability in large-scale collaborative projects. Finally, this thesis explores how hardware security extensions can complement these blockchain solutions, including Physical Unclonable Function (PUF)s and Trusted Execution Environment (TEE)s. Performance evaluations confirm the solutions' feasibility at scale. The identity management layer provides a robust foundation for device authentication, while the consensus authentication mechanism shows favorable latency improvements compared to certificate-based approaches. The improved GDOI protocol demonstrates increased resilience, while the inter-ledger authorisation scheme reduces centralised dependencies, and finally, the auditing mechanism enhances accountability in distributed environments. These contributions address fundamental limitations, providing comprehensive approaches spanning from device identity management, smart grid protection, cloud-based continuum security, and distributed software development.
Autores principais:Mukhandi, Munkenyi Shomari
Assunto:IoT segurança autenticação de dispositivos contratos inteligentes gestão da identidade dos dispositivos tecnologia de cadeia de blocos IoT security blockchain technology device authentication device identity management smart contracts
Ano:2026
País:Portugal
Tipo de documento:tese de doutoramento
Tipo de acesso:acesso aberto
Instituição associada:Universidade de Coimbra
Idioma:inglês
Origem:Estudo Geral - Universidade de Coimbra
Descrição
Resumo:The rapidly expanding Internet of Things (IoT) ecosystem faces critical security challenges in device identity management and authentication. With exponential growth in the deployment of IoT devices, attack surfaces expand dramatically, requiring scalable security solutions. Traditional mechanisms relying on centralised architectures create single points of failure and struggle to scale effectively.The contributions in this thesis use services supported by blockchain technology to address these challenges. Blockchain is an interdisciplinary technology built upon cryptography, distributed systems, and computer networks. It creates a trustworthy and secure environment that allows trusted interactions among participants. This thesis presents five interconnected contributions that progressively build upon one another. It begins by introducing a blockchain-based device identity management system that leverages decentralisation, immutability, and transparency to create a secure device registry enabling peer-to-peer authentication between IoT devices. This foundational layer eliminates reliance on centralised authorities while providing tamper-resistant identity verification. Building upon this foundation, the thesis then presents a consensus-based device authentication mechanism for IoT deployments. It then provides an enhanced Group Domain of Interpretation (GDOI) authentication mechanism with device integrity protection. A case of GDOI use in smart grids, where the protocol inherits the security properties of the underlying device identity and authentication layers. Furthermore, the thesis presents an inter-ledger authorisation scheme that enables secure cross-domain operations. It builds upon established device authentication management to enable delegated authorisation, benefiting multi-cloud applications. It then presents a blockchain-based trusted auditing mechanism for distributed software development. It leverages a device identity registry for participant verification and the authentication mechanism for secure access control, providing trust management and traceability in large-scale collaborative projects. Finally, this thesis explores how hardware security extensions can complement these blockchain solutions, including Physical Unclonable Function (PUF)s and Trusted Execution Environment (TEE)s. Performance evaluations confirm the solutions' feasibility at scale. The identity management layer provides a robust foundation for device authentication, while the consensus authentication mechanism shows favorable latency improvements compared to certificate-based approaches. The improved GDOI protocol demonstrates increased resilience, while the inter-ledger authorisation scheme reduces centralised dependencies, and finally, the auditing mechanism enhances accountability in distributed environments. These contributions address fundamental limitations, providing comprehensive approaches spanning from device identity management, smart grid protection, cloud-based continuum security, and distributed software development.