Using the blockchain for key management in the Internet of Things
Sophie Dramé-Maigné Maryline Laurent
Gemalto SA, 6 rue de la Verrerie,
92190, Meudon, France
and
SAMOVAR, Télécom SudParis, CNRS,
Université Paris-Saclay,
9 rue Charles Fourier, 91011, Evry, France
Email: sophie.dramemaigne@gmail.com
Abstract—The blockchain, distributed and unalterable ledger,
has lowered the cost of ownership records. This mechanism
that required the involvement of notaries and was once re-
served for expensive items can now be used for every type of
assets. We propose to use it to keep track of the ownership
of IoT (Internet of Things) devices. By registering devices
and their transfer into the blockchain, we build a chain of
ownership that can be used to prove ownership before a sale
and transfer ownership after a purchase, or to track and warn
owners of security threats faced by their devices.
The blockchain produces a recording system that does not
depend on the storing infrastructure of a third party, nor does
it require trust while the infrastructure cost is divided amongst
users. Additionally, the proof of ownership is pseudonymous
and ownership changes are publicly advertized. This last
aspects can lead to the automation of access right revocation
when a device changes hands.
An extension is proposed that facilitates remote configura-
tion and key management. Indeed, when a single owner must
configure a great number of devices, the same mechanism can
be used to register an ownership change and communicate
secrets needed for remote device configuration. Once the new
owner has set up its IoT devices, the blockchain can be used
to store and manage device-related secret.
1. Introduction
In 2008, Bitcoin [1], the decentralized, digital currency,
first cryptocurrency, introduced the blockchain to the world.
Public ledger that enables the decentralized and persistent
recording of transactions, the blockchain has since found
applications outside of the financial world. We can cite for
instance voting [2], online games [3], ride sharing [4], etc.
One of the most immediate application of the blockchain
is the recording of asset ownership. We propose to apply this
principle to IoT devices. The blockchain offers a cheaper
alternative to classic ownership recording methods that in-
volve a third party (e.g. notaries for land titles) and are
SAMOVAR, Télécom SudParis, CNRS,
Université Paris-Saclay,
9 rue Charles Fourier, 91011, Evry, France
Email: maryline.laurent@telecom-sudparis.eu
more cumbersome. The lower cost, increased usability and
transparency make this method suitable for IoT devices.
Additionally, we propose to use the basic ownership
recording mechanism to exchange device-related secrets,
thus enabling remote configuration of the devices and fa-
cilitating the management of multiple device-related secret
for a single owner.
Ownership tracking via a blockchain has already been
implemented. On the Bitcoin blockchain, Colored Coins [5]
can be used to track asset exchanges. On the Ethereum
blockchain [6], smart contracts [7] can be programmed
to do similar things. Other blockchains such as NXT [8]
provide a native asset exchange. These implementations are
not IoT-specific but their general-purpose tokens are IoT-
compatible. They are however only focused on ownership
record and cannot be used for key management or to share
configurations.
In the academic literature, the transfer of ownership in
the IoT is addressed at the device level [9], [10]. Ownership
transfer is defined [11] as “the capability to pass ownership
of a tag to a third party without compromising backward
untraceability for the said party or forward untraceability
for the previous owner.” The focus is on key management
and domain boundaries. The devices that are concerned by
these protocols are RFID tags. No record is kept of past
owners. Our solution precisely focuses on these ownership
records.
Section 2 presents the bases of our blockchain-based
ownership record mechanism. Section 3 enables remote
configuration and secret management. Finally, section 4
concludes this document.
2. Asset Ownership
Motivations. Asset ownership is a common
blockchain application. It is usually applied to expensive
assets such as houses, art work or cars, assets which
ownership would otherwise be recorded using traditional
means i.e. notaries. The blockchain lowers the cost and
administrative hassle associated to these transactions, thus

Figure 1. Ownership records expressed as blockchain transactions
enabling ownership tracking to be applied to other types of
assets like, in our case, IoT devices.
There are different reasons why an IoT device might
change hands. Smart home devices, as all household items,
can be bought second-hand to lower their cost. They can be
sold to be replaced by a newer version or simply because
they are no longer of use. Within a company, devices can
be re-affected to new projects and therefore change owners.
Benefits. Keeping the ownership records on the
blockchain presents many advantages: the process does
not involve trusted third parties, the architecture (i.e. the
blockchain network) is shared with other users, the in-
formation is stored in a decentralized fashion and with
great availability, the process is simpler, more transparent
and lower-cost, ownership records can be traced back as
far as the original owner of a device, ownership can be
proven to a prospective buyer, this proof and the records are
pseudonymous. When an ownership change occurs, clients
of the device can see this change in the blockchain and
revoked their access rights, thus enhancing security and
privacy for the previous owner’s network and data. Finally,
when an incident affecting a large number of devices occurs,
ownership records can be used to track and warn device
owners that would otherwise not follow best security prac-
tices.
Assumptions. In the following we assume that all
actors have a pair of private and public keys linked to a
Bitcoin-like blockchain address that are securely handled.
All actors also have the means to publish transactions to and
read from the blockchain. We assume that the cryptographic
premises that underlie our blockchain (i.e. hashes, signature,
etc) cannot be broken. We also assume that the blockchain
is consistent amongst nodes and over time, meaning that
the transaction history cannot be overwritten. Finally, we
assume that each device has a unique identifier, or serial
number that will be denoted by idD , where D is the device.
Proposal. We consider the following scenario : A
company C wishes to acquire a device D manufactured by
a manufacturer M . The general idea is to link the asset’s
exchange to a blockchain transaction. For that, we consider
two types of transactions: genesis and transfer. Figure 1
illustrates the way these transactions are used to create
ownership records. In this example, Manufacturers M and
M 0 create ownership records for their respective devices (D
for M , D2 and D3 for M 0). Devices D and D3 are then
Figure 2. Proof of ownership and ownership transfer
sold to Company C . The ownership change is recorded with
a transfer transaction.
Genesis transactions create the link between an asset
and its digital counterpart. Transactions that mark a change
in ownership are transfer transactions. Transactions follow
the Bitcoin [1] model of input/output, meaning that each
transaction uses previous transaction outputs as inputs. For
an input to be valid, it must be signed with the private key
corresponding to the output’s destination address. Outputs
are sent to blockchain addresses. Such addresses are ob-
tained by hashing a public key. So if A is a blockchain
user with keys (privA , pubA ), we have the following :
addrA = Hash(pubA ), where addrA is the blockchain
address of A.
Because outputs only carry blockchain addresses, and
because hashes are irreversible, the public key pubA is
needed for the signature validation. Each output in a trans-
action corresponds to a different asset. A genesis-type trans-
action has no input. Its outputs however must include an id
field. This field uses a device’s serial number and therefore
strongly binds a physical IoT device and its digital counter-
part.
Going back to our example, illustrated by Figure 2, M
issues a genesis transaction, tx0 , with a single output sent to
addrM , her own blockchain address, and carrying D’s serial
number, thus creating device D’s digital representation and
registering herself as the original owner. Before a sale can
take place, M must produce a valid proof of ownership
to C . To this effect, C sends a challenge message, m
to M . Because the challenge is chosen by C , M cannot
reproduce an intercepted message. M signs m with privM ,
its blockchain private key. The response to C includes a
pointer to the genesis transaction tx0 , the index of the output
to be considered (here 0 as tx0 only has one output, the
signature of m with privM and the corresponding public
key pubM . Using the transaction’s pointer, C can check for
herself the corresponding transaction in the blockchain and
the designated output, here the 0t h. She validates that the
output has not been spent, meaning that it has not been
used as input in another transaction, and was addressed to
M . C then verifies the provided signature. If the signature
is valid, the proof of ownership is accepted. It is interesting
to note that providing such a proof does not compromise
the owner’s pseudonymity. If the proof is deemed invalid,
the device will not be sold.
Now that M has proven he is the rightful owner of
D, the sale can proceed. When C purchases the device,
M issues a second transaction of type transfer. Figure 1
presents a transaction that is cosigned by both M and
M 0 for illustrative purposes. Figure 2 simply considers the
interactions between M and C . The transfer transaction
issued by M is tx1 . Transaction tx1 has one input, out00 ,
output of index 0 in transaction tx0 , signed with privM ,
and one output, out10 sent to addrC . This second transaction
transfers the ownership of D to C .
3. Configuration and Key Management
Motivations. Security rests on the sharing of secrets.
Regardless of the scheme one uses to secure IoT applica-
tions, some security bootstrap is required. When a device
is manufactured, initial secrets are provisioned to start the
security chain. This means that before using a factory-fresh
device, the initial secrets need to be retrieved from the
manufacturer. The means currently at our disposal to do so
lead to slow and cumbersome deployment processes. What
is needed therefore is a mean of efficiently retrieving that
information in order to be able to remotely and efficiently
configure devices in an industrial context.
Another issue is the management of these secrets. In IoT
scenarios, multiple devices may be owned by the same en-
tity. Furthermore, symmetric cryptography is often preferred
due to the constrained nature of IoT devices. This is another
multiplying factor for the number of keys involved. This
multiplicity implies the need for an efficient management
of secrets over the life a device. Based on the blockchain
ownership records, we propose a solution that both delivers a
device’s secret to its newest owner and allows her to manage
such secrets over the life of the device.
Benefits. The proposed scheme : Greatly simplifies
the deployment process, reduces the associated cost, reduces
the number of secrets that need to be safeguarded and
distributes the storage of the other ones. As an extension
of the proposal from Section 2, to the benefits described
above we add the advantages described in Section 2 that
are inherent to the use of a blockchain as the underlying
mechanism.
Assumptions. For the sake of this proposal, we con-
sider IoT devices as black boxes exposing a number of
functions that can be activated either by physical interactions
or via a communication channel. In both cases, a secret
is required to successfully invoke any function. When the
device is manufactured, an initial secret is provided. As for
any function, the generation of a new secret requires the
current one and can be invoked either by physical interaction
or through the communication channel.
Proposal. The scenario is the following: The man-
ufacturer M sells a batch of n devices {Di }0≤i<n to a
company C . Each device has a unique identifier idi . Addi-
tionally, C owns a master key KC . Used as an input for key
derivation, KC should not be shared and only be known by
C . The symmetric key kC,i is derived from KC and idi .
Key kC,i will be used to encrypt si , secret linked to device
Figure 3. Transferring ownership and delivering device secret
Di . The blockchain still supports two types of transaction,
genesis and transfer.
Figure 3 illustrates the process by which ownership is
transferred and secrets are exchanged :
Step 1 M interacts with each Di and generates a secret si .
This secret si can be an administrative password, a
private key, a pin, etc.
Step 2 M retrieves {kC,i } from C . That information can
be provided along with payment information for
instance. Note that when all devices are purchased
from the same vendor, it is not necessary to use
different kC,i . We assumed {kC,i } to be a symmetric
key that needs to be provided by the buyer. If C
prefers using asymmetric cryptography, the key used
to encrypt si can also be retrieved from a registry
storing public key records. These keys are used for
applicative purposes and should differ from the keys
used for the blockchain protocol. Using {kC,i } or a
single kC , M encrypts each si .
Step 3 M issues a genesis transaction, tx0 , with n outputs
where out0i , the output of index i in tx0 , is linked
to Di through its serial number idi and is sent to
addrM , her own blockchain address. M issues a sec-
ond transaction of type transfer, tx1 , with {out0i } as
inputs, signed with privM . This transaction yields n
outputs, one for each Di , sent to addrC . In addition
to addrC , each output carries EnckC,i (si ), secret
corresponding to device Di and encrypted with kC,i .
Step 4 C retrieves {EnckC,i (si )} from the blockchain and
deciphers them, recovering {si }.
Step 5 Using si , C gains access to each Di . When neces-
sary, si is also used for configuration.
The same process can then be repeated by the new owner
to sell the device to somebody else. tx1 ’s outputs can be
separated allowing for devices to be sold separately.
This scheme involves a lot of keys and secrets but only
KC and privC need to be safeguarded by C . Each si can be
recovered from KC . This greatly simplifies the management
of secrets where many devices are involved.
Furthermore, updates can be made to a device’s secret,
as illustrated by Figure 4. After buying a device Di , the new
owner should change the corresponding si as this secret is
 Figure 4. Publishing a new secret to the blockchain

known to the previous owner. Using si , she can invoke any

function of Di and generates a new secret, snew
i . This secret
can now be stored in the blockchain. The owner simply fur-
thers the ownership chain by sending a transfer transaction
to herself, replacing EnckR,i (si ) by EnckR,i (snew
i ), where
Enc is the encryption algorithm. Such a transaction can also
be made to hide the link between the owner’s identity and
her blockchain address, thus hiding the number of device
belonging to a single owner. This also hides how long an
actor holds on to a device.

4. Conclusion
The blockchain has made the tracking of asset’s owner-
ship relatively inexpensive. It does not have to be reserved
for houses and boats any longer. We therefore propose to
use it to track the ownership of IoT devices. The chain of
ownership can be augmented by adding additional informa-
tion to transfer transactions. That information can be used
to help owners manage their devices and the corresponding
secrets.

References
[1] S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” 2008.
[Online]. Available: http://www.cryptovest.co.uk/resources/Bitcoin%
20paper%20Original.pdf
[2] “Follow my vote,” https://followmyvote.com/, last checked Feb, 16th
2018.
[3] “First blood,” https://firstblood.io/, last checked Feb, 16th 2018.
[4] “Arcade City,” https://arcade.city/, last checked Feb, 16th 2018.
[5] M. Rosenfeld, “Overview of colored coins,” White paper, bitcoil. co.
il, p. 41, 2012.
[6] V. Buterin et al., “Ethereum white paper,” https://github.com/
ethereum/wiki/wiki/White-Paper, 2013, last checked : 23/09/2016.
[7] N. Szabo, “Formalizing and securing relationships on public
networks,” First Monday, vol. 2, no. 9, 1997. [Online]. Available:
http://szabo.best.vwh.net/formalize.html
[8] “Nxt,” https://nxtplatform.org/, last checked: February, 23th 2018.
[9] K. Osaka, T. Takagi, K. Yamazaki, and O. Takahashi, “An efficient
and secure rfid security method with ownership transfer,” in RFID
security. Springer, 2008, pp. 147–176.
[10] B. R. Ray, J. Abawajy, M. Chowdhury, and A. Alelaiwi, “Universal
and secure object ownership transfer protocol for the internet of
things,” Future Generation Computer Systems, vol. 78, pp. 838–849,
2018.
[11] E. Rekleitis, P. Rizomiliotis, and S. Gritzalis, “How to protect security
and privacy in the iot: a policy-based rfid tag management protocol,”
Security and Communication Networks, vol. 7, no. 12, pp. 2669–2683,
2014.