See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/334612159

Enhanced Security of IoT Data Sharing Management by Smart Contracts and

Blockchain

Conference Paper · September 2019

DOI: 10.1109/ISCIT.2019.8905219

CITATIONS READS
13 1,412

2 authors:

Hoang-Anh Pham Van Le

Ho Chi Minh City University of Technology (HCMUT) Ho Chi Minh City University of Technology (HCMUT)
56 PUBLICATIONS 254 CITATIONS 22 PUBLICATIONS 128 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Hoang-Anh Pham on 06 September 2019.

The user has requested enhancement of the downloaded file.

 Enhanced Security of IoT Data Sharing
Management by Smart Contracts and Blockchain
Hoang-Anh Pham, Trung-Kien Le, Thi-Ngoc-My Pham, Hoai-Quoc-Trung Nguyen, and Thanh-Van Le
Faculty of Computer Science and Engineering, Ho Chi Minh City University of Technology, VNU-HCM
{anhpham, 1511640, 1512049, 1410432, ltvan}@hcmut.edu.vn
Abstract—In recent years, the incredible growth and diversity
of IoT systems and applications have generated an enormous
amount of sensing data which play an essential role in IoT-based
smart systems. So far, it has consumed much time and cost to col-
lect these sensing data enough for these intelligent systems, which
is the main reason leading to the needs of sharing available data
to shorten time-consuming and cost savings for the data collection
process. However, there are many challenges in ensuring integrity,
security, and fairness in the data sharing process. In this paper,
the authors propose a model leveraging the emerging Blockchain
technology as an alternative solution to enhance the security
of IoT data sharing management in terms of three principal
criteria including confidentiality, integrity, and availability. Our
prototype on Ethereum Blockchain demonstrates the feasibility
of the proposed model.
Index Terms—IoT, Blockchain, Smart Contract, Data Integrity,
Data Security, IoT Data Management
I. I NTRODUCTION
Internet of Things (IoT) is one of the core technologies
in the Industry 4.0 era. It is a network of home appliances,
transport vehicles, or any physical device that integrates the
electronic components, software, and network connection ca-
pability. IoT helps connected devices become smarter because
they can communicate and interact together through the Inter-
net without direct human interaction.
IoT is a convergence of sensor technology, big data, artifi-
cial intelligence, and network infrastructure. In IoT systems,
sensors act as senses to collect data about their surrounding
environment. These collected data can be locally processed at
IoT end-devices or sent to remote servers to perform complex
analysis. Based on the analytical results, IoT devices can
perform actions through actuators.
Cisco predicted that the number of IoT devices would reach
50 billion by 2020 [1] and IoT increasingly plays a vital
role in our lives and most areas. They can be smart bulbs,
smart air-conditioners, health monitoring devices (e.g., smart-
watches, blood pressure meters, and wearable devices), or
even smart traffic lights. Thanks to these IoT devices, new
concepts of smart houses, smart offices, smart farms, smart
factories, or even smart cities are no stranger. Moreover, a
series of communication technologies have been developed to
serve IoT networks such as Bluetooth Mesh, Zigbee, Z-Wave,
6LoWPAN, NFC, LoRa, NB-IoT, and recently 5G-IoT.
The smart IoT devices, applications, and services have
been conventionally developed from analytical results on data
sets so-called knowledge bases that have been built from
sensing data collected in a long time. Therefore, to shorten
the time to market, development of new IoT applications and
services usually utilizes the existing data collection systems
such as shared IoT data marketplaces. However, it is necessary
to have appropriate and efficient solutions for data sharing
management since it can cause sensitive data lost, such as
personal health information, or device access control.
Conventionally, IoT end-devices are limited in storage and
processing capability to handle complex algorithms and tasks
such as data sharing management, which will be handled by
centralized servers instead. However, the centralized model
still has significant issues such as availability, transparency,
and security because it is easy to manipulate from inside and
attack from outside. Meanwhile, after the great success of
Bitcoin [2] in finance, Blockchain technology is emerging as a
potential solution in many other areas such as logistics, supply
chain management, education, healthcare, and public services
due to its dominant features.
In a simple manner, Blockchain is a cryptographically se-
cure protocol for building an immutable digital data structure,
which is used to maintain a continuously growing list of
records of asset transactions between members in public, or
a private peer-to-peer network. The decentralized architecture
enables Blockchain operating efficiently without the need of
the central authority. In specific, it allows participants to
transact safely, although they might not trust one another
in a trustless network. Blockchain has become a trending
research topic in both academic institutes and industries.
In [3], the authors systematically investigated the potential
use cases of Blockchain beyond cryptocurrencies, especially
Blockchain can mitigate some problems in IoT such as access
control [4], identity management [5], [6], and data trading
management [7], [8]. The combination of Blockchain and IoT
becomes more applicable with smart contracts, a computer-
based program, which can be self-executing and self-enforcing
the contract terms and conditions after being compiled and
stored on Blockchain. Every participant in the network can
activate functions in the smart contract by generating a
Blockchain transaction to the corresponding contract. Thanks
to Blockchain, the execution of smart contracts is accurate and
transparent to all participants. Blockchain and smart contracts
together have motivated numerous decentralized applications
such as Golem [9], Augur [10], or Status [11].
In this paper, the authors present a model leveraging smart
contract and Blockchain as an alternative architecture for the
current centralized model to enhance the integrity and security 4) Once receiving a valid request from smart contracts,
of IoT data sharing management. The remainder of this paper the gateway will extract and decrypt the data from the
is organized in the following manners. Section 2 presents the off-chain storage corresponding to data type, amount
architecture of our proposed model with explanation in details. of data, and device. Then, the gateway re-encrypts this
Section 3 describes the detailed design and prototype of the data with the consumer’s public key. Additionally, the
proposed model. The data security of our proposed model in gateway will perform hashing the data and attach this
terms of integrity, confidentiality, and availability is discussed hash into the data before sending to the consumer.
in Section 4. We summarize some related works in Section 5) The gateway sends requested data through the APIs pro-
5, and Section 6 provides the final concluding remarks and vided by the consumer. Then, the gateway will confirm
future works. on the smart contract that the data was sent.
6) The data consumer will receive an event from the smart
II. P ROPOSED M ODEL
contract for informing that the requested data was sent
Different from the traditional model, the proposed system together with the hash value.
eliminates the role of the third-party service (e.g., server) 7) The data consumer examines the integrity of the received
during data exchange between Data Owner who has data data based on the attached hash value and the hash value
to share or sell, and Data Consumer who wants to buy the provided by the data owner. If the data is valid, the
data. Our proposed model employs a decentralized architecture consumer will confirm on the smart contract that the
by using Blockchain to enhance the security of the data data was precisely received.
exchange process, in which all operations are executed via 8) The smart contract activates a transaction to transfer data
smart contracts. rental fee paid by the data consumer to the data owner
Fig. 1 depicts the architecture of our proposed model that once the data consumer sends the confirmation of valid
consists of two processes, including data collection and data data reception.
exchange. Regarding data collection process, each data owner
can have multiple IoT end-devices to collect IoT data that
will be then transferred to the Off-chain Storage through the
IoT Gateway. The detail of the data collection process can be
summarized as follows:
• IoT end-devices are connected and send collected data to
an authorized gateway. The data includes sensing data
and corresponding timestamps. Additionally, each IoT
end-device will be assigned a unique number for device
identity management.
• Once receiving data from IoT end-devices, the gateway
will encrypt these data by the owner’s private key and
then push them to the off-chain storage by pre-established
protocols. The data on off-chain storage will be catego-
rized by data type and device ID. Since IoT data are
time-series data, off-chain storage should support real-
time database to be suitable for IoT data sharing.
Regarding the data exchange process, the owner will register
and publish the data wanted to share on Blockchain via smart
contracts. Data consumer must send the corresponding amount
of money by a transaction to the smart contract for requesting
data from the owner. A general data exchange process is
performed in eight steps as numbered in Fig. 1 and described
as follows.
1) The data owner shares the information of available IoT
devices and their data to others via the smart contract.
2) Every data consumer has to send the data rental fee to
the smart contract corresponding to the device and data
that they want to retrieve the shared data. The transaction Fig. 1. The architecture of the proposed model
will be executed precisely the terms and conditions in
the contract, such as the rental fee and the amount of
data and selected IoT devices. III. D ESIGN AND P ROTOTYPING
3) The IoT gateway listens to events from smart contract In order to evaluate the feasibility of our proposed model,
for data request. we have developed a prototype of an application for IoT
data sharing management on Ethereum Blockchain that is
described in Fig. 2. Basically, there are three major objects in
our proposed model, including Data Owner, Data Consumer,
and Smart Contract. Each data owner or data consumer is
an externally owned account (EOA), which is controlled by
a public/private key pair, in the Ethereum Blockchain system.
The smart contract is to handle the data exchange process
between the data owner and the data consumer.
Fig. 2. Prototyping of the proposed model
A. Data Owner
Each data owner has to handle the data collection process,
register authorized devices, and publish the smart contract that
includes the data sharing terms and conditions on Blockchain
via a web-based application. The data owner can monitor
the data collection from IoT devices and data request from
consumers.
Regarding data collection, we employ an Arduino and
a DHT11 sensor (temperature and humidity sensor) as an
IoT end-device that communicates with the IoT gateway
implemented by Raspberry Pi via protocols using Johnny-
Five library. We utilize Googgle FireBase supporting realtime
database as the off-chain storage.
On the Raspberry Pi, we implement the IoT gateway
functions based on Nodejs Express framework meanwhile
we adopt Eth-Crypto for data encryption (e.g., encrypt data
collected from IoT end-devices before forwarding to the off-
chain storage) as well as data decryption (e.g., decrypt data
extracted from the off-chain storage and then re-encrypt data
before sending to the consumer). Additionally, IoT gateway
communicates with smart contracts via Web3.js.
B. Data Consumer
We develop a web-based application to enable data con-
sumers performing the following functions.
• Create a new wallet (i.e. Ethereum wallet) or import an
existing one to do payment for data request.
• Search data owners and their IoT data sharing information
(e.g., IoT devices, data type, data fee, etc.)
• Send data request and validate the data received from data
owners
C. Smart Contract
Each participant (e.g., data owner and data consumer) in the
system will be identified by a unique number string that is also
the address in Ethereum Blockchain. Smart contract stores a
list of data owners, which will be provided to data consumers
when they do searching. Each data owner will own a list of
registered and authorized IoT devices and their deviceID. The
data owner also has to provide information about the data they
want to share, such as data type, rental fee.
Since smart contracts are executed in the Ethereum virtual
machine (EVM) environment, they can not inform the outside
what is happening inside EVM. However, smart contracts
support creating events that can attach certain information for
whom outside of Blockchain network.
Fig. 3 depicts the whole sequence diagram of the data
exchange process between the Data Owner and the Data
Consumer based on events and execution of the corresponding
smart contracts. This sequence diagram executes correctly to
eight steps described in the proposed model.
1) The data owner calls registerDevice to registers a new
device to the system. If the registration is successful,
the system will emit an event N ewDeviceAdded to all
participants for updating information.
2) The data consumer call requestData to ask for sharing
data from the selected data owner. The data consumer
has to attach API for data reception and pay for data
fee.
3) Smart contract validates the data request from the data
consumer. If the request is valid, the system will emit
an event RequestDataSuccess to all participants.
4) Once the gateway received the event
RequestDataSuccess, it calls getData to extract
the corresponding data from the off-chain storage.
Then, it performs data decryption by the data owner’s
private key and re-encryption by the data consumer’s
public key before sending to the data consumer.
5) The gateway calls sendData to send requested data
with the corresponding hash value to the data con-
sumer. Simultaneously, the gateway confirms on the
smart contract that the data was sent by calling
conf irmSentData.
6) The system will emit an event DataSent to all partici-
pants once receiving confirmation from the gateway.
7) The data consumer validates the integrity of the re-
ceived data. If the data is valid, the consumer calls
 conf irmReceivedData to confirm that the data was
precisely received.
8) The smart contract transfers the data fee to the data
owner once the data consumer confirms the validity of
data reception. Additionally, the system emits an event
DataReceived to complete the data exchange process.
IV. E VALUATION AND S ECURITY D ISCUSSION
By leveraging smart contracts and Blockchain, the proposed
model eliminates the third-party in the traditional model. All
operations in the data exchange process will be executed
via smart contracts. Therefore, the implementation of smart
contracts is a critical requirement.
Before deploying our prototype into Ethereum TestNet for
integration test of the whole system, we adopt the Truffle
framework, a software tool for developing DApp on Ethereum
Blockchain, to perform unit tests for smart contracts. We
create a virtual Ethereum network and 100 users who will
perform functions provided in our proposed model via smart
contracts. All testing results including unit tests and integration
tests show that all services offered by smart contracts work
correctly.
Regarding the processing time, compared to practical trans-
actions in real-world, the proposed system can speed up
transactions due to avoiding bottleneck or disputes. How-
ever, these transactions will be limited by processing speed
of the Blockchain platform (e.g., at least 12 seconds/block
in Ethereum Blockchain). Consequently, the system will be
significantly affected if the number of transactions explodes.
We also performed fifty experiments to measure processing
time from a data request sent until the consumer received data.
The experimental result of the processing time is 111 seconds
on average.
In addition, we discuss the data security of the proposed
model in terms of three principal criteria as follows:
• Confidentiality: The asymmetric encryption based on
public and private key pairs in Ethereum Blockchain
enables only the data owner and authorized consumers
to access and read the shared data.
• Integrity: During the data exchange process, the hash
value is evidence to validate data integrity. Additionally,
Blockchain ensures that transactions are not manipulated
and the entire transaction process is transparent and
traceable.
• Availability: The decentralized architecture of
Blockchain networks avoids single-point of failure
and mitigates DoS attacks to the services provided
by smart contracts and thereby increases the service
availability.
V. R ELATED W ORKS
Many research efforts in both academic and industrial works
have been studied to demonstrate the potential of incorporating
Blockchain into IoT. In [12], the authors gave a detailed review
of how blockchain and smart contracts make a good fit for
IoT in which they concluded that the combination would
cause a significant impact on several industries. Similarly,
Banerjee et al. [13] conducted a series of surveys on intrusion
prevention and detection models in IoT, thereby giving nine
research directions related to the security of IoT systems using
Blockchain. Jesus et al. [14] also presented a survey of various
options and practical systems combining IoT and Blockchain.
Khan et al. [15] presented current security issues in IoT
and asserted that blockchain would be a key solution. Some
other works [16], [17] outline aspects and use cases where
blockchain can be combined with IoT. However, none of these
works illustrates the integration in detail.
Dorri et al. [18] proposed a lightweight Blockchain network
for IoT-based case study of smart home systems. These authors
conducted further studies and summarized in [19]. They also
proposed a blockchain-based model for automotive software
update in [20].
IOTA [21] build an innovative data structure called Tangle
based on Blockchain. The IOTA system uses cryptocurrency
named IOTA to pay for transaction fees in exchanging IoT
data. Meanwhile, by utilizing the re-encryption key, the au-
thors in [22], [23] used Blockchain nodes as proxy servers to
safely forward data between parties.
In [24], the authors presented an access control mechanism
using blockchain. They described the system thoroughly with
detailed designs and protocols. Nevertheless, all the operations
are executed off-chain, that is, they did not exploit the smart
contracts in their work. Therefore, they missed out some great
advantages of smart contracts such as accuracy, transparency,
and trust.
The work by Shafagh et al. [25] is the most closely related
to ours. They presented a blockchain-based system for IoT that
enabled a secured data sharing without the need of any central
authority. However, they also did not take the advantages
of smart contracts. Furthermore, as they enabled third-party
services to retrieve data directly from the off-chain storage,
users could not track how their data were being accessed.
In our proposed models, all data requests are recorded on
the Blockchain and the operations are explicitly visible to all
participants which eliminates the possibility of manipulation.
VI. C ONCLUSION
In this paper, we proposed a model as an alternative solution
for access control and IoT data management by adopting smart
contracts to enable a trustless data sharing mechanism without
need of the third-party, like in the traditional centralized
model. In the proposed model, The data owners have full
control over their data; for example, they can choose which
data are allowed to access; and they can track all transactions
since the entire transaction process is transparent and traceable.
Taking advantages of the existing public and private key
pairs of Ethereum Blockchain in asymmetric encryption en-
sures data security and integrity because of avoiding a man-in-
the-middle attack. Furthermore, the decentralized architecture
of Blockchain increases service availability. Consequently, the
proposed model meets three primary criteria of data security,
including confidentiality, integrity, and availability.
 Fig. 3. Sequence diagram of data exchange between data owner and data consumer
The prototype of our proposed model has feasibly demon-
strated how smart contracts and Blockchain can be utilized to
enhance data security in an application of IoT data sharing
management.
ACKNOWLEDGMENT
This research was supported by Infinity Blockchain Labs
(IBL) and Vietnam Blockchain Corporation (VBC).
R EFERENCES
[1] D. Evans, “The internet of things: How the next evolution of the internet
is changing everything,” CISCO white paper, vol. 1, no. 2011, pp. 1–11,
2011.
[2] S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” Bitcoin
Whilte Paper, 2008. [Online]. Available: https://bitcoin.org/bitcoin.pdf
[3] M. Conoscenti, A. Vetr, and J. C. De Martin, “Blockchain for the
internet of things: A systematic literature review,” in Proceedings of
the IEEE/ACS 13th International Conference of Computer Systems and
Applications, 2016, pp. 1–6.
[4] G. Zyskind, O. Nathan, and A. Pentland, “Enigma: Decentralized
computation platform with guaranteed privacy.” [Online]. Available:
http://enigma.media.mit.edu/enigma full.pdf
[5] C. Fromknecth, D. Velicanu, and S. Yakoubov, “Certcoin: A
namecoin based decentralized authentication system.” [Online].
Available: https://courses.csail.mit.edu/6.857/2014/files/19-fromknecht-
velicann-yakoubov-certcoin.pdf
[6] L.Axon, “Privacy-awareness in blockchain-based pki.” [Online].
Available: http://goo.gl/3Nv2oK
[7] Y. Zhang and J. Wen, “An iot electric business model based on the pro-
tocol of bitcoin,” in Proceedings of The 18th International Conference
on Intelligence in Next Generation Networks, 2015, pp. 184–191.
[8] D. Wörner and T. von Bomhard, “When your sensor earns money:
Exchanging data for cash with bitcoin,” in Proceedings of the 2014 ACM
International Joint Conference on Pervasive and Ubiquitous Computing:
Adjunct Publication. ACM, 2014, pp. 295–298.
 [9] “Golem.” [Online]. Available: https://golem.network/
[10] “Augur — a decentralized oracle & prediction market protocol.”
[Online]. Available: https://www.augur.net/
[11] “Status, a mobile ethereum os.” [Online]. Available: https://status.im/
[12] K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for
the internet of things,” Ieee Access, vol. 4, pp. 2292–2303, 2016.
[13] M. Banerjee, J. Lee, and K.-K. R. Choo, “A blockchain future for
internet of things security: a position paper,” Digital Communications
and Networks, vol. 4 (3), 2018.
[14] E. F. Jesus, V. R. L. Chicarino, C. V. N. Albuquerque, and A. A. A.
Rocha, “A survey of how to use blockchain to secure internet of things
and the stalker attack,” Security and Communication Networks, vol.
2018, 2018.
[15] M. A. Khan and K. Salah, “Iot security: Review, blockchain solutions,
and open challenges,” Future Generation Computer Systems, vol. 82,
pp. 395–411, 2018.
[16] N. Kshetri, “Can blockchain strengthen the internet of things?” IT
Professional, vol. 19, no. 4, pp. 68–72, 2017. [Online]. Available:
doi.ieeecomputersociety.org/10.1109/MITP.2017.3051335
[17] S. Huckle, R. Bhattacharya, M. White, and N. Beloff, “Internet of
things, blockchain and shared economy applications,” Procedia Comput.
Sci., vol. 98, no. C, pp. 461–466, Oct. 2016. [Online]. Available:
https://doi.org/10.1016/j.procs.2016.09.074
[18] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Blockchain for
iot security and privacy: The case study of a smart home,” in Proceedings
View publication stats
of 2017 IEEE Conference on Pervasive Computing and Communications.
IEEE, 2017, pp. 618–623.
[19] A. Dorri, S. S. Kanhere, and R. Jurdak, “Towards an optimized
blockchain for iot,” in Proceedings of the 2nd International Conference
on Internet-of-Things Design and Implementation. IEEE, 2017, pp.
173–178.
[20] M. Steger, A. Dorri, S. S. Kanhere, K. Römer, R. Jurdak, and M. Karner,
“Secure wireless automotive software updates using blockchains: A
proof of concept,” in Advanced Microsystems for Automotive Applica-
tions 2017. Springer International Publishing, 2018, pp. 137–149.
[21] S. Popov, “The tangle,” IOTA White Paper, 2016. [Online]. Available:
https://www.iota.org/research/academic-papers
[22] T. D. Nguyen, H.-A. Pham, and M. T. Thai, “Leveraging blockchain to
enhance data privacy in iot-based applications,” in Proceedings of the 7th
International Conference on Computational Data and Social Networks.
Springer, 2018, pp. 211–221.
[23] O. Agyekum, Q. Xia, E. Sifah, J. Gao, H. Xia, X. Du, and M. Guizani,
“Secured proxy-based data sharing module in iot environments using
blockchain,” Sensors, vol. 19 (5), 2019.
[24] G. Zyskind, O. Nathan et al., “Decentralizing privacy: Using blockchain
to protect personal data,” in Security and Privacy Workshops (SPW),
2015 IEEE. IEEE, 2015, pp. 180–184.
[25] H. Shafagh, L. Burkhalter, A. Hithnawi, and S. Duquennoy, “Towards
blockchain-based auditable storage and sharing of iot data,” in Proceed-
ings of the 2017 on Cloud Computing Security Workshop. ACM, 2017,
pp. 45–50.