Blockchain based privacy-preserving software updates with proof-of-delivery for Internet of Things

摘要

A large number of loT devices are connected via the Internet. However, most of these loT devices are generally not perfect-by-design even have security weaknesses or vulnerabilities. Thus, it is essential to update these loT devices securely, patching their vulnerabilities and protecting the safety of the involved users. Existing studies deliver secure and reliable updates based on blockchain network which serves as the transmission network. However, these approaches could compromise users privacy when updating the loT devices.In this paper, we propose a new blockchain based privacy-preserving software update protocol, which delivers secure and reliable updates with an incentive mechanism while protects the privacy of involved users. A vendor delivers the updates and makes a commitment by using smart contract to provide financial incentive to the transmission nodes who deliver the updates to its loT devices. A transmission node can get financial incentive by providing a proof-of-delivery. In order to obtain the proof-of-delivery, the transmission node uses double authentication preventing signature (DAPS) to carry out fair exchange. Specifically, the transmission node uses the DAPS to exchange an attribute based signature (ABS) of one loT device. Then, it uses the ABS as proof-of-delivery to receive financial incentives. Generally, to generate an ABS, the loT device has to execute complex computations which is intolerable for resource limited devices. We propose a concrete outsourced attribute-based signature (OABS) scheme to overcome the weakness. Then, we prove the security of the proposed OABS and the protocol. Finally, we implement smart contract in Solidity to demonstrate the validity of the proposed protocol. (C) 2019 Elsevier Inc. All rights reserved.