[Thesis defense] 18/12/23: Julio Cesar Perez Garcia: "Contribution to security and privacy in the Internet of Things based on Blockchain: Robustness, reliability, and scalability." (LIA)

Title of the thesis

Contribution to security and privacy in the Internet of Things based on Blockchain: Robustness, reliability, and scalability.

Date and place

18 December 2023
Avignon University, Hannah Arendt campus, salle des thèses, 2.00 pm

Discipline

Computer science

Laboratory

Avignon Computer Laboratory

Framing

• Mr BENSLIMANE Abderrahim, LIA, University of Avignon

Composition of the jury

• Mr BENSLIMANE Abderrahim, LIA, University of Avignon
• Ms ÖNEN Melek, Digital Security Department, EURECOM
• Mr KüPPER Axel, Service-Centric Networking, Technischen Universität Berlin
• Mr HAYEL Yezekael, LIA, University of Avignon
• M. MAMMERI Zoubir, IRIT, Paul Sabatier University
• Mr BONNIN Jean-Marie, Network Systems Department, IMT Atlantique

Summary of the thesis

The Internet of Things (IoT) is a diverse network of interconnected objects, usually via the internet. Because of the sensitivity of the information exchanged in IoT applications, it is essential to guarantee security and privacy. This problem is compounded by the open nature of wireless communications and the power and computational resource constraints of most IoT devices. At the same time, existing IoT security solutions are based on centralised architectures, which pose scalability and single point of failure issues, making them susceptible to denial of service attacks and technical failures.

Blockchain is seen as an attractive solution to the problems of security and centralisation in the IoT. Blockchains reproduce a permanent record, in appendix only, of all the transactions carried out on a network between several devices, keeping them synchronised by a consensus protocol. Using blockchain can involve high computing and energy costs for devices. As a result, solutions based on Fog/Edge Computing have been considered for integration with the IoT. This approach transfers the higher computational load and energy consumption to devices with higher resource availability, the Fog/Edge devices. However, the cost of using the Blockchain needs to be optimised, particularly in the consensus protocol, which has a significant impact on the overall performance of the system.

Permission-based blockchains are better suited to the requirements of IoT applications than permissionless blockchains, due to their high transaction processing rates and scalability. This is because the consensus nodes, the validators, are known and predetermined. In the existing consensus protocols used in permissioned blockchains, the validators are generally a set of predefined or randomly selected nodes, which affects both system performance and fairness between users.

The aim of this work is to propose solutions to improve security and privacy in the IoT by integrating Blockchain technology, as well as to maximise fairness levels during consensus. The study is organised in two distinct parts: one deals with the critical aspects of IoT security and proposes solutions based on the Blockchain, while the other focuses on optimising fairness between users during the execution of the consensus algorithm on the Blockchain.

We present an authentication mechanism inspired by the uTesla authentication protocol, which uses symmetric keys forming a hash chain and obtains asymmetric properties by revealing the key used a little later. Thanks to this mechanism and the use of the Blockchain to store keys and facilitate authentication, our proposal guarantees robust and efficient authentication of devices, without the need for a trusted third party. In addition, we present a Blockchain-based key management system for group communications, adapted to IoT contexts. The use of elliptic curve cryptography ensures low computational cost while enabling secure distribution of group keys. In both security solutions, we provide formal and informal proofs of security in the defined attack model. A performance impact analysis and a comparison with existing solutions are also conducted for the proposed solutions, showing that the proposed solutions are secure and efficient and can be used in multiple IoT applications.

The second part of the work proposes an algorithm to select validation nodes in allowed Blockchains maximising social welfare, using alpha-Fairness as an objective function. A mathematical model of the problem is developed, and a method for finding the solution in a distributed manner is proposed, using Evolutionary metaheuristic algorithms and a search space division strategy. The security of the proposed algorithm and the quality of the solutions obtained are analysed. The result of this work is the introduction of two Blockchain-based security protocols for IoT, as well as a distributed algorithm for maximising social welfare among users in a permission-based Blockchain network.