The role of Distributed Ledger Technology (DLT) for authorization in environments with constrained IoT devices

Vasilios A.Siris, Athens University of Economics and Business

The majority of devices that will communicate within the Internet of Things will most likely be devices that are constrained in terms of processing and storage resources, but also in terms of network connectivity. Regarding network connectivity, a device can be connected to the Internet intermittently or can connect to some agent or delegate only once during the device’s initialisation; this delegate will subsequently be responsible for handling all the authorisation requests on behalf of the constrained device. One use case can involve electronic door locks in the rooms of a hotel or an apartment that is rented on a short-term basis. The electronic door lock can be opened using a digital key (access token), which a client sends directly to the lock using short range communication such as bluetooth or NFC. A person that wishes to reserve a hotel room or rent the apartment for some number of nights can send a request using her/his smartphone (client) to the delegate that handles authorisation requests on the lock’s behalf. If all authorisation requirements, including paying rental fees, are satisfied, then the person will receive a digital key on his smartphone, which allows him to open the door lock for the number of nights that she/he has paid. Moreover, the same digital key can be transferred to the smart wristband, which is a constrained client device having only short-range communication capabilities, of a second guest that is accompanying the first person.

Scenarios such as the above can benefit from the unique features of Distributed Ledger Technologies (DLTs), which include blockchains. First, DLTs can immutably record digital receipts of the authorisation exchange, as well as proof of payment that are cryptographically linked with authorisation requests (that include the requested number of nights) and responses (that have the access token). Such digital receipts can be presented in the case of disputes.

Second, smart contracts can encode transaction logic and policies, which include the requirements and obligations of both the party requesting access and the IoT resource/service provider. Smart contracts are executed in a transparent manner on all nodes participating in a blockchain. Transparency can help promote best business practices, while facilitating an open business platform that enables new peer-to-peer trading opportunities directly between IoT resource owners and requesters, without requiring intermediaries. Moreover, because smart contracts are executed on all blockchain nodes, they provide a system with high availability for handling authorisation requests.

In order to obtain the above benefits, combining distributed ledger and smart contract technology with IoT authorisation includes a number of challenges. First, recording information and running smart contracts on public blockchains, such as Ethereum, entails a cost and delay; the latter is determined by the block mining time which for Ethereum has an average of 15 seconds. Second, the transparency offered by public blockchains comes at the cost of privacy, since the data that is recorded on the blockchain is replicated on all blockchain nodes. Both of the above challenges can be addressed by utilising a public blockchain with one or more private or permissioned distributed ledgers or by conducting peer-to-peer off-chain transactions; However, to ensure the secure transfer of information or value across ledgers (interledger), without relying on a trusted third party, the transactions residing on different chains must be cryptographically linked.

Smart contracts running on a blockchain provide a trusted and reliable execution environment only for handling on-chain digital assets. When one moves outside the boundaries of a blockchain, such as when interfacing with the Internet or interacting with IoT devices, these guarantees are lost. One approach to address this challenge includes dividing a service into multiple micro-services which are individually purchased through micro-payments using off-chain transactions; this provides a “controlled-damage” approach where in the case of service disruption or unreliability a customer would in the worst-case loose the (small) amount of money that corresponds to a single micro-service. Another approach to address the reliability and trust when interacting with the real world is to embed IoT devices with Trusted Execution Environments (TEE), thus increasing the trust of service provisioning.

More information, including papers and presentations, related to the above topics that the Mobile Multimedia Laboratory at the Athens University of Economics and Business (AUEB) is investigating within the SOFIE project is available at