Blockchain Regulated Verifiable and Automatic Key Refreshment Mechanism for IoT.

Internet of Things (IoT) has proved its applicability in numerous domains, such as healthcare, agriculture, automobile, industrial production, logistics, and supply chain management. Looking at the current trend, we expect a massive proliferation of such IoT devices all around us. However, one of the issues with the widespread use of IoT is the increasing complexity of the underlying architecture, which leads to difficulty in ensuring security compliance. Key refreshment, one of the critical aspects of key management, requires a regular update of the key used to provide strong security. However, in most cases, keys are not updated. If they are updated, the update logs (e.g., time of last key update) are not available for all entities to verify and establish trust in the system. Moreover, the rules for key refreshment are also not defined transparently. In this direction, the present work proposes a blockchain-regulated, secure, verifiable, and automatic key refreshment mechanism for IoT systems. The proposed mechanism enables users to verify the freshness of the security keys (being used), thereby relying on the data from IoT devices and establishing trust in an IoT system. The proposed mechanism is driven by blockchain technology and smart contract. As proof of concept, we have implemented the proposed solution using Ethereum and Hyperledger Fabric blockchains. Cost, scalability, and security (formal and informal) analyses have been carried out for performance analysis. The results show the economic viability and strong security of the proposed mechanism.