Decentralized web of trust and authentication for the internet of things

  title={Decentralized web of trust and authentication for the internet of things},
  author={Arnaud Durand and Pascal Gremaud and Jacques Pasquier-Rocha},
  journal={Proceedings of the Seventh International Conference on the Internet of Things},
As the Internet of Thing (IoT) matures, a lot of concerns are being raised about security, privacy and interoperability. The Web of Things (WoT) model leverages web technologies to improve interoperability. Due to its distributed components, the web scaled well beyond initial expectations. Still, secure authentication and communication across organization boundaries rely on the Public Key Infrastructure (PKI) which is a non-transparent, centralized single point of failure. We can improve… 

Figures from this paper

Cyber-physical security for IoT networks: a comprehensive review on traditional, blockchain and artificial intelligence based key-security
A comprehensive quality study for researchers on authentication and session keys, integrating IoT with blockchain and AI-based authentication in cybersecurity, and traditional key security mechanisms are delivered.
A formally verified blockchain-based decentralised authentication scheme for the internet of things
This paper designs an efficient decentralised Blockchain-based authentication scheme aimed at achieving a secure authentication for IoT devices using the token mechanism, and designs the Ethereum Blockchain network model to implement the scheme, in which smart contracts provide secure connectivity between miner nodes and IoT devices.
A Scalable Key and Trust Management Solution for IoT Sensors Using SDN and Blockchain Technology
The combination of an IoT network along with blockchain technology and software-defined networking (SDN) is effectively demonstrated through simulation that is able to store the public keys of IoT devices on the blockchain and route the network traffic efficiently through SDN.
Blockchain-Based Decentralized Authentication Modeling Scheme in Edge and IoT Environment
The analysis and evaluation show that the proposed BlockAuth scheme provides a more secure, reliable, and strong fault tolerance decentralized novel authentication with high-level security driven configuration management in edge and IoT environment.
Sensor-Chain: A Lightweight Scalable Blockchain Framework for Internet of Things
  • A. Shahid, N. Pissinou, Corey Staier, Rain Kwan
  • Computer Science
    2019 International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)
  • 2019
The overall goal of the research is to design a lightweight scalable blockchain framework for IoT of mobile devices, coined as "Sensor-Chain", which promises a new generation of lightweight blockchain management with a superior reduction in resource consumption, and at the same time capable of retaining critical information about the IoT systems of mobile device.
A Survey of Internet of Things node’s transactions Secure through Blockchain Technology
Internet of Things is widely used in various sectors in recent years, due to its efficiency, scalability, feasibility, etc. Thus, need such type of network infrastructure for reducing the human
Systematic Review of Authentication and Authorization Advancements for the Internet of Things
A practical road map to recent research is provided, guiding the reader and providing an overview of recent research efforts, to find the taxonomy of security solutions.
A Mechanism to Secure the Transaction of IoT Devices Using Blockchain Technology
In this study, a mechanism is designed to secure the transactions of IoT devices using Blockchain technology, which will help to protect the data of IoT device from unauthorized access.
A Proposal for an Improved Distributed Architecture for OpenPGP's Web of Trust
This work proposes a trust solution for OpenPGP that improves trust relationships between users and the public key distribution network and could be implemented in a system using cryptographic technology efficiently inopenPGP over an all-new trust approach.
Towards Re-Decentralized Future of the Web: Privacy, Security and Technology Development
The paper focuses on the privacy imperative that might act as a driving force for the re-decentralized Web, and on the technological innovations enabling development of truly decentralized platforms and applications.


Blockchain based trust & authentication for decentralized sensor networks
This work proposes a new security model and its protocol based on the blockchain technology to ensure validity and integrity of cryptographic authentication data and associate peer trust level, from the beginning to the end of the sensor network lifetime.
SCPKI: A Smart Contract-based PKI and Identity System
SCPKI is an alternative PKI system based on a decentralised and transparent design using a web-of-trust model and a smart contract on the Ethereum blockchain, to make it easily possible for rogue certificates to be detected when they are published.
Authentication and Authorization for Constrained Environments (ACE)
This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments. The framework is based on a set of building blocks including OAuth 2.0 and CoAP,
A Probabilistic Trust Model for GnuPG
This paper investigates the drawbacks and weaknesses of the current PGP and GnuPG trust model, and proposes a new approach to handle trust and key validity in a more sophisticated way.
The PGP Trust Model
PGP was created primarily for encrypting email messages using public or conventional key cryptography, and is also designed to work off-line to facilitate e-mail and file encryption, rather than on-line transactions.
Authentication and Authorization for Constrained Environments (ACE). Internet-Draft draft-ietf-ace-oauth-authz-06. IETF Secretariat
  • 2017
Open Registry for IoT
    Authentication and Authorization for Constrained Environments (ACE). Internet-Draft draft-ietf-ace-oauth-authz-06
    • 2017