Ensuring Proof-of-Authenticity of IoT Edge Devices Using Blockchain Technology

摘要

Imposter devices pose serious threats. The majority of low-cost edge devices can easily be counterfeited or cloned; the supply chain is insufficiently secure. Reliability of deployed devices can be called into question simply because they might be counterfeit or cloned. It is a must to identify edge devices' sourcing uniquely and verify their validity periodically at runtime. We integrate blockchain technology to authenticate resource-constrained, low-cost edge devices. We use SRAM-based physically unclonable functions (PUFs)to generate unique “digital fingerprints” (device IDs). Registered manufacturers upload a cryptographic hash of each device ID to a “globally accessible” blockchain instance (key-value store or smart contract). While registering/designating a device locally, the end-user verifies whether the hash is present in that blockchain. We utilize a “locally permissioned” blockchain infrastructure (which is still a globally managed blockchain or, in future, a sidechain)to authenticate edge devices for a defense-in-depth approach. Devices can authenticated periodically to prevent device cloning. Target environments can be large and have varied trust among users and lack a specific perimeter; this “local” blockchain methodology is thus pertinent, especially since blockchains gain security over time. Our approach reduces the potential for classes of information leakage and types of sabotage in a critical infrastructure or large-scale deployment (such as a smart city)arising from imposter devices. This methodology protects against such imposters in mobile settings within an IoT infrastructure too.