Internet of Things 25 (2024) 101019

Contents lists available at ScienceDirect

Internet of Things
journal homepage: www.elsevier.com/locate/iot

Research article

Securing IoT devices: A novel approach using blockchain and

quantum cryptography
Shalini Dhar a , Ashish Khare a , Ashutosh Dhar Dwivedi b ,∗, Rajani Singh c
a Department of Electronics and Communication, University of Allahabad, Prayagraj, India
b Cyber Security Group, Department of Electronic Systems, Aalborg University, Copenhagen, Denmark
c
Department of Digitalization, Copenhagen Business School, Frederiksberg, Denmark

ARTICLE INFO ABSTRACT

Keywords: This paper delves into the crucial challenge of safeguarding data sensitivity and preventing
Quantum Key Distribution security breaches, which can result in substantial losses, including significant financial costs and
Internet of Things potential loss of lives. Notably, the United States faces the highest financial burden, with data
Blockchain
breaches costing approximately USD 5.09 million. With the proliferation of Internet of Things
Multimedia
(IoT) devices, enormous volumes of data are collected from diverse sources. However, the
Privacy
inherent limitations in computational power and memory of IoT devices render them susceptible
targets for malicious attacks. This study focuses on fortifying the security of multimedia data,
encompassing audio, video, and images, obtained from IoT devices. Cutting-edge technologies
such as blockchain and quantum cryptography are explored as promising avenues to bolster
multimedia security and preserve privacy. Quantum Key Distribution (QKD) emerges as an
alternative to classical encryption and key distribution methods, offering heightened data
security. Simultaneously, blockchain leverages hash functions to augment the overall security
posture. By harnessing the principles of quantum mechanics, QKD facilitates secure key
exchange between involved parties for data encryption and decryption. Additionally, the paper
introduces innovative methodologies to enhance the security, privacy, and anonymity of IoT
devices.

1. Introduction

Multimedia security encompasses the protection of audio, video, text, or images from unauthorized modification, access, or
distribution. In today’s interconnected world, the transmission of multimedia data over insecure channels on the internet exposes
it to potential interception, tampering, or unauthorized dissemination by eavesdroppers. The ramifications of data breaches can be
severe, resulting in substantial reputational and financial losses. An illustrative example is the data breach that occurred in India
in 2020, incurring a significant cost of 1.9 million USD. However, when sensitive data is linked to ministries or higher authorities,
the potential impact can escalate, affecting the entire country and causing widespread repercussions. It is therefore imperative to
implement robust security measures to protect multimedia data and mitigate the risks associated with unauthorized access and
manipulation. One notable instance of a large-scale data breach that underscored the importance of robust multimedia security
measures took place in the United States in 2013. This incident stands out as one of the most significant military data breaches
in the nation’s history. The breach resulted in the compromise of the personal information of millions of government employees,
including military personnel. The magnitude of this breach demonstrated the critical risks associated with inadequate multimedia

∗ Corresponding author.
E-mail address: addw@es.aau.dk (A.D. Dwivedi).

https://doi.org/10.1016/j.iot.2023.101019
Received 7 July 2023; Received in revised form 16 September 2023; Accepted 26 November 2023
Available online 2 December 2023
2542-6605/© 2023 The Author(s). Published by Elsevier B.V. This is an open access article under the CC BY license
(http://creativecommons.org/licenses/by/4.0/).
S. Dhar et al. Internet of Things 25 (2024) 101019

Table 1
Challenges and solutions in cryptography
Challenges Solutions
Security Symmetric encryption, asymmetric encryption,
cryptographic algorithms, cryptographic protocols
Authentication Digital signatures, public key infrastructure (PKI),
authentication protocols (e.g., OAuth, Kerberos)
Privacy Private key encryption, secure key exchange,
secure multiparty computation
Integrity Hash functions, message authentication codes (MAC),
digital certificates
Key Management Key distribution centers (KDC), key derivation functions,
key escrow
Non-repudiation Digital signatures, timestamping,
non-repudiation protocols

security, as it not only exposed sensitive personal data but also potentially jeopardized national security. Such breaches can have far-
reaching consequences, including the potential for identity theft, espionage, and other malicious activities. The incident served as a
wake-up call, emphasizing the urgent need for enhanced security measures to protect multimedia data and safeguard the integrity of
sensitive information. Governments, organizations, and individuals must prioritize the implementation of robust security protocols
and technologies to mitigate the risks and ensure the protection of valuable data from unauthorized access, manipulation, and
exploitation. Various techniques have been employed in the past to provide authentication, integrity, and security to multimedia
data. These techniques encompass digital signatures, watermarking, encryption, and more. Digital signatures serve as a means
of verifying the authenticity and integrity of multimedia data, ensuring that it has not been tampered with during transmission.
Watermarking techniques can be utilized to embed imperceptible markers within multimedia content, aiding in the identification
of unauthorized use or distribution. Encryption, on the other hand, is a widely adopted method that transforms multimedia data
into an unreadable form, thus protecting its confidentiality from unauthorized individuals. However, it is crucial to note that each
technique possesses its own set of strengths and weaknesses.
In addition to these approaches (see Table 1), the emergence of the Internet of Things (IoT) has introduced a new dimension
of concern for multimedia security. As IoT devices become increasingly prevalent in our daily lives, they generate vast amounts of
multimedia data. However, the limited computational power and memory of these devices often render them susceptible targets
for attackers. Furthermore, the transmission of multimedia data from IoT devices through insecure channels further amplifies the
security risks. To tackle these challenges, innovative solutions are being explored to enhance the security of multimedia data
in the context of IoT. These solutions incorporate elements such as device authentication, secure communication protocols, and
robust encryption algorithms specifically tailored for resource-constrained IoT devices. By implementing effective security measures
at both the device and network levels, the integrity, confidentiality, and availability of multimedia data can be better protected
within the IoT ecosystem. Sustained research and development in the realm of multimedia security, encompassing both traditional
multimedia data and the distinct challenges presented by IoT devices, is imperative to proactively combat evolving threats. Achieving
a harmonious equilibrium between usability, efficiency, and steadfast security is an ongoing pursuit that necessitates the exploration
of innovative techniques and the continual enhancement of established ones. Through the mitigation of vulnerabilities and the
utilization of emerging technologies, it becomes feasible to reinforce the security of multimedia data, encompassing conventional
environments as well as the rapidly expanding IoT landscape.
Several standard encryption algorithms can be utilized to secure data, but their effectiveness relies on the encryption key
remaining uncompromised and undisclosed to potential attackers. However, a significant challenge arises if an attacker manages
to gain access to the hidden key and intercepts encrypted messages within the network. In such scenarios (see Fig. 1), the attacker
(Bob) can decrypt the message, read its contents, re-encrypt it, and send it back to the recipient undetected. Neither the sender
(Alice) nor the receiver (Bob) would be aware that their data was accessed or distributed by an unauthorized party (Bob). To
address this critical issue, Quantum Key Distribution (QKD) emerges as a vital solution. QKD ensures that any attempt to steal the
encryption key will be detectable, providing a high level of security. This technology holds exceptional significance in contexts
where security is paramount, such as government, military, or financial data. Notably, Denmark has witnessed several successful
demonstrations of Quantum Key Distribution-based technology. In 2019, the Danish Technological Institute, in collaboration with
a company, showcased QKD communication between different regions of Denmark. Recently, Denmark was chosen as the site for
a Quantum Technology-based center, with the Niels Bohr Institute in Copenhagen serving as the host. Additionally, Denmark has
embarked on a significant project to develop a quantum communication network between various ministries, including the Danish
Ministry of Defence, Ministry of Foreign Affairs of Denmark, Ministry of Higher Education and Science, and Ministry of Industry,
Business, and Financial Affairs. In India, the Indian Institute of Technology (IIT) Kanpur has made significant advancements in the
field of Quantum Key Distribution (QKD). They have successfully developed a QKD network by utilizing the existing optical fiber
cable network, establishing a secure key exchange between two devices located 25 kilometers apart.
To further enhance the security and privacy aspects, we are also incorporating Blockchain and Zero Knowledge Proof tech-
nologies. Blockchain, in particular, has the potential to provide an advanced level of security to multimedia data by offering

2
S. Dhar et al. Internet of Things 25 (2024) 101019

Fig. 1. Data transfer challenge (without QKD).

a secure, decentralized, and tamper-proof platform. Extensive research has been conducted on the applications of Blockchain in
various domains, including voting schemes, fake news detection, forestalling pandemics, and healthcare. For instance, studies [1]
have demonstrated the effectiveness of Blockchain in ensuring secure voting systems. Additionally, the use of Blockchain has been
explored in detecting fake news [2,3], preventing pandemics [4], and improving healthcare services [5]. By leveraging these
innovative technologies, we can establish a robust and trustworthy framework for securing multimedia data in various sectors.
However, in this paper, the use of blockchain is primarily limited to storing the hash value of the data. It is important to note that
blockchain has certain limitations, such as its storage capacity. Each block in a blockchain can typically accommodate only 2–3 MB
of data, which is more suitable for transactional data rather than multimedia-related data. Additionally, addressing scalability,
throughput, storage, and latency issues is crucial for effectively utilizing blockchain in large-scale systems. To overcome these
challenges, the InterPlanetary File System (IPFS) is employed as a decentralized platform for storing data. In the IPFS system,
multimedia files are distributed and identified using unique hashes. Access to a specific file requires presenting the corresponding
hash value. IPFS finds applications in hosting websites, streaming videos, and creating decentralized digital identity systems, among
others. Furthermore, Zero Knowledge Proofs (ZKPs) play a vital role in this paper, providing privacy to the data. ZKPs enable a
party to prove possession of certain information without revealing the actual information itself. This cryptographic technique finds
applications in confidential transactions, secure data sharing, authentication, and more. Blockchain also utilizes ZKPs, allowing
individuals to prove ownership of sufficient funds without disclosing their actual balance. Similarly, for authentication purposes,
a user can demonstrate knowledge of a password without revealing the password itself. ZKPs also hold significant importance
in the healthcare sector, where they help preserve the privacy of patient data. Patients can prove specific medical conditions to
doctors or insurance companies without disclosing their complete medical history. Secure communication is another important
application, enabling two parties, such as Alice and Bob, to prove possession of correct encryption keys without revealing the keys
themselves. The fusion of blockchain technology and Zero-Knowledge Proofs (ZKPs) holds the potential to redefine the landscape
of both mobile networks and Internet of Things (IoT) devices. Blockchain’s decentralized and transparent nature offers enhanced
security and accountability for mobile networks, streamlining processes such as user authentication and data sharing. In the realm
of IoT, blockchain ensures data integrity and authenticity while enabling seamless peer-to-peer interactions among devices. ZKPs, on
the other hand, introduce a new dimension of privacy and security. They empower mobile networks to authenticate users without
exposing personal information, and for IoT devices, ZKPs enable data validation without revealing the underlying content. By
combining blockchain’s robustness with ZKPs’ privacy-preserving capabilities, a holistic solution emerges that can reshape how
mobile networks and IoT devices interact, ensuring a secure, private, and efficient ecosystem. Similarly for mobile or IoT devices
Quantum Key Distribution (QKD) offers a groundbreaking solution to bolster the security of mobile networks. By creating encryption
keys through the principles of quantum physics, QKD ensures unbreakable protection for data transmitted over these networks. This
advancement guarantees secure authentication, robust defense against potential quantum attacks, and the ability to detect any
eavesdropping attempts. By incorporating QKD, mobile networks can provide users with enhanced privacy and confidence in the
security of their communications, addressing both current and future threats in the evolving digital landscape.
Overall, this paper employs advanced techniques that enhance the security and privacy of multimedia data. Such a model is
particularly valuable in applications where data security and privacy are of paramount importance.

2. Related work

In their paper [6], the authors conducted a comprehensive survey on the security and privacy of multimedia data, providing
valuable insights into the classification of data based on varying security requirements and different application domains. Moreover,

3
S. Dhar et al. Internet of Things 25 (2024) 101019

they extensively analyzed and discussed several multimedia security schemes specifically designed for IoT devices. Their analysis
encompassed traditional approaches like watermarking and cryptography, which have been widely employed in the field, as well as
emerging technologies such as federated learning and blockchain. By examining both established and novel methods, the authors
offered a holistic view of the evolving landscape of multimedia security, highlighting the diverse range of techniques available to
address the unique challenges faced by IoT devices in safeguarding multimedia data.
The authors’ work in [7] centers around addressing the security concerns associated with surveillance recordings. They recognize
that traditional methods like steganography or watermarking often introduce significant latency and complexity when analyzing
real-time data. To overcome these limitations, the authors propose a novel approach based on blockchain technology for protecting
surveillance recordings. In their study, they develop a real-time system that utilizes blockchain and virtualization techniques to
create a distributed ledger. By leveraging the immutability and transparency provided by blockchain, their model aims to enhance
the security and integrity of surveillance recordings, ensuring that they are tamper-proof and resistant to unauthorized modifications.
The authors in [8] have developed a privacy-preserving authentication system that relies on advanced cryptography techniques
known as Zero Knowledge Proof (ZKP). In domains like healthcare, it is crucial to ensure the privacy of sensitive data, preventing
unauthorized access while allowing for verification by authorized parties. ZKP proves to be an essential tool in safeguarding the
privacy of various types of data. Similar research has been conducted by authors in [9,10], and [11], where they have utilized
blockchain technology in conjunction with ZKP to protect multimedia data. The combination of blockchain and ZKP offers robust
security and privacy measures, allowing for secure storage, transmission, and verification of sensitive information across various
applications.
In [12], the authors have developed an innovative simulation model that utilizes quantum key distribution to enhance the security
of cloud data. They employed Non-Abelian Encryption (NAE) as the encryption technique, and quantum keys were utilized for data
decryption or access in the cloud. The distribution of keys was achieved through a quantum channel using fiber optic cables. The
authors addressed various challenges related to data privacy, reliability, data confidentiality, and authorization in their model.
Another solution proposed in [13] involves the use of Advanced Encryption Standard (AES) combined with quantum key
cryptography to enhance cloud security. The results demonstrated that the complex keys generated by quantum keys are highly
unpredictable, making it extremely difficult to compromise the security of data stored in the cloud. In a similar vein, in [14], the
authors employed quantum cryptography to secure the cloud environment and provided a faster computation of keys. By leveraging
the principles of quantum mechanics, they were able to enhance the efficiency and effectiveness of key generation for cloud security
purposes.

3. Security and privacy issues

Several challenges are associated with multimedia data specially when Internet of Things devices are involved to collect them
from users. Here is highlighting some drawbacks and security issues associated with multimedia and IoT security:

• Limited Resources: IoT devices often have limited resources and may lack robust security features, making them susceptible
to attacks and exploitation by hackers.
• Privacy Concerns: The collection and storage of multimedia data in IoT devices raise privacy concerns, as personal and sensitive
information can be compromised if not properly protected.
• Data Authentication: Data authentication is crucial as it involves storing sensitive information on user computers or cloud
services that must be securely transferred to networks.
• Anonymity of users: Anonymity is a significant concern when transferring multimedia data through IoT. Without proper
security measures, user identities can be exposed, compromising their privacy.
• Centralization: Centralization refers to the concentration of control and decision-making in a single entity or authority. In the
context of multimedia data and IoT (Internet of Things), centralization can pose several issues. It may result in a single point of
failure, where a breach or malfunction can disrupt the entire system. Additionally, centralization can lead to privacy concerns,
as a central authority may have access to sensitive data.
• Eavesdropping: Last but not least, Eavesdropping refers to the unauthorized interception and monitoring of communication or
data transmission between two parties. It is a security issue where an attacker gains access to sensitive information by secretly
listening to or intercepting the communication. Eavesdropping can lead to the compromise of privacy, confidentiality, and
integrity of the transmitted data.

4. Our solution

This paper makes a significant contribution by addressing the critical issue of eavesdropping in communication systems and
providing solutions to enhance security and privacy. The primary focus is on developing effective strategies to mitigate the risks
associated with eavesdropping, ensuring that sensitive information remains protected during data transmission. Additionally, the
paper explores innovative approaches to address the unique challenges posed by resource-constrained devices, such as IoT, by
optimizing security measures while considering the limitations of these devices. By offering practical solutions and insights, this
research aims to enhance the overall security and privacy of communication systems, especially in scenarios where resource
limitations and eavesdropping threats are prevalent.

4
S. Dhar et al. Internet of Things 25 (2024) 101019

• Lightweight Ciphers: Standard cryptographic algorithms like AES cannot be efficiently applied to resource-constrained IoT
devices. Therefore, it is advisable to utilize ARX or any other lightweight ciphers for encrypting data. These lightweight ciphers
employ simple operations such as Addition, Rotation, and XOR to perform encryption effectively. ASCON is one of the cipher
that is the winner of CAESAR and NIST competition under lightweight category and can be used with IoT devices.
• Zero Knowledge Proof (ZKP): ZKP is a cryptographic technique that allows one party to prove the validity of certain information
to another party without revealing any specific details about the information itself. In the context of IoT and multimedia
data, ZKP can be used for secure authentication, confidential transactions, and data sharing while preserving privacy. It
enables parties to demonstrate knowledge of information without disclosing the actual content, ensuring the integrity and
confidentiality of IoT and multimedia data.
• Data Authentication: Digital signatures play a crucial role in ensuring the authenticity and integrity of data in the context of
IoT and multimedia. They are cryptographic mechanisms that provide a way to verify the identity of the sender and guarantee
that the data has not been tampered with during transmission. In IoT, digital signatures can be used to authenticate devices,
ensuring that only authorized devices can access or communicate with the network. This helps prevent unauthorized access and
protects against malicious activities. For multimedia data, digital signatures can be applied to verify the integrity and origin of
the content. By digitally signing the data, the sender can prove their identity and protect against unauthorized modifications
or tampering of the multimedia content.
• Anonymity: Ring signatures are cryptographic techniques that provide privacy and anonymity in the context of multimedia
and IoT. They allow a user to sign a message on behalf of a group without revealing their identity within that group. In the
realm of IoT, ring signatures can be employed to preserve the privacy of IoT device owners or users. By using a ring signature,
a device can authenticate itself or participate in a transaction without revealing its unique identity. This helps to protect the
privacy and anonymity of IoT users and maintain the confidentiality of their activities. Ring signatures provide a powerful
tool for privacy protection in multimedia and IoT domains, allowing individuals and devices to engage in secure transactions
while maintaining their anonymity within a group.
• Decentralization: In the realm of multimedia, decentralization enables the distribution and sharing of content without relying
on a centralized platform or server. It allows users to directly interact and exchange multimedia data with each other,
fostering a more peer-to-peer and collaborative environment. This can result in greater efficiency, scalability, and resilience
in multimedia distribution, as well as reduced dependence on a single point of failure. For IoT, decentralization is crucial
for overcoming scalability and reliability limitations. By distributing computational tasks, data storage, and decision-making
capabilities across the network of IoT devices, decentralization promotes efficiency, fault tolerance, and adaptability. It enables
devices to operate autonomously, collaborate with each other, and collectively make decisions without the need for constant
centralized control.
• Quantum Key Distribution: Quantum Key Distribution (QKD) is a cryptographic technique that utilizes the principles of
quantum physics to establish secure communication channels. It leverages the inherent properties of quantum mechanics,
such as the uncertainty principle and the no-cloning theorem, to ensure the secure exchange of encryption keys between two
parties. Unlike traditional encryption methods that rely on mathematical algorithms, QKD offers an unconditional level of
security. It achieves this by using the principles of quantum mechanics to detect any eavesdropping attempts. The security of
QKD is based on the fundamental principle that any attempt to measure or intercept quantum states will disturb them, and
this disturbance can be detected by the communicating parties. It can solve the issue of eavesdropping that we discuss later
in detail.

5. System framework

1. IoT Devices: These are the physical devices embedded with sensors, actuators, and communication capabilities to interact
with the physical world. They collect data from the environment and send it to the cloud for processing and storage. Examples
of IoT devices could include temperature sensors, motion detectors, smart appliances, and industrial machines (see Fig. 2 for
the framework).
2. Cloud Infrastructure: The cloud infrastructure provides the computational and storage resources required to process and
store the data generated by the IoT devices. It consists of servers, databases, and networking infrastructure hosted in a data
center or a cloud service provider. The cloud infrastructure handles the processing, storage, and analysis of the data.
3. Quantum Key Distribution (QKD): Quantum key distribution is a cryptographic protocol that allows two parties to securely
exchange encryption keys using the principles of quantum mechanics. In this framework, QKD is used to generate a secure
key for encrypting the data transmitted from the IoT devices to the cloud. QKD ensures the confidentiality and integrity of
the encryption keys.
4. Satellite Communication: A satellite is used to deliver the quantum bits, known as qubits, required for QKD. The satellite
acts as a relay between the IoT devices and the cloud infrastructure, enabling secure transmission of the qubits over long
distances. The satellite communication system ensures the integrity and authenticity of the qubits during transmission.
5. Blockchain: The blockchain is a decentralized and distributed ledger that records and stores transactional data in a secure
and tamper-resistant manner. In this framework, the hash of the data generated by the IoT devices is stored on the blockchain.
The blockchain provides immutability and transparency, ensuring that the integrity of the data cannot be compromised.

5
S. Dhar et al. Internet of Things 25 (2024) 101019

Fig. 2. Execution of the model.

System workflow

1. IoT devices collect data from the environment, such as sensor readings or device states.
2. The data is encrypted using the encryption key generated through the QKD process. The qubits required for QKD are
transmitted from the satellite to the IoT devices securely
3. The data is encrypted using the ASCON cipher with the encryption key generated from QKD.
4. Zero-knowledge proofs (ZKP) are employed between the cloud and IoT devices to establish the authenticity and integrity of
the communication.
5. The encrypted data is transmitted from the IoT devices to the cloud infrastructure using secure communication protocols.
6. In the cloud, the encrypted data can be decrypted using the same encryption key generated through the QKD process.
7. The hash of the data is calculated, and the hash value is stored on the blockchain. This ensures the integrity and
tamper-resistance of the data.
8. Authorized users can access the data stored in the cloud by interacting with the blockchain.
9. Periodically, the blockchain is updated with new hashes as new data is generated by the IoT devices, providing an auditable
trail of data integrity.

6. Implementing cryptographic algorithms for secure communication between the sender and receiver

In this section, we will delve into a detailed discussion of various cryptographic elements that are employed to enhance the
security of this model. By implementing these elements, we aim to bolster the overall protection and ensure the integrity of the
system.

6.1. BB84 protocol implementation:

The BB84 protocol (see Algorithm 1 and Fig. 3) is a quantum key distribution protocol developed by Bennett and Brassard in
1984. It allows two parties, Alice and Bob, to establish a secure shared key through the transmission of quantum bits (qubits) over a

6
S. Dhar et al. Internet of Things 25 (2024) 101019

Fig. 3. BB84 algorithm.

noisy channel. It is important to note that BB84 only provides the generation of a secure key; it does not directly provide encryption
or decryption of messages. However, once the shared key is established, it can be used with traditional encryption algorithms, such
as the Advanced Encryption Standard (AES), to securely encrypt and decrypt the actual data being transmitted. To generate the
key between cloud and IoT devices, we have used BB84 protocol. To explain the setup we used Alice bob scenario to make it more
clear.

Step 1: Initial setup

Alice generates a random bit string, 𝐴, of length 𝑛 (e.g., 𝐴 = 010110). She also generates another random bit string, 𝐵, of the
same length to determine the encoding basis for each bit (e.g., 𝐵 = 101001).

Step 2: Quantum bit generation

For each bit 𝐴𝑖 in 𝐴, Alice prepares a qubit in one of two possible states, depending on the corresponding bit 𝐵𝑖 . If 𝐵𝑖 = 0, she
prepares the qubit in the standard basis ({|0⟩, |1⟩}), and if 𝐵𝑖 = 1, she prepares the qubit in the Hadamard basis ({|+⟩, |−⟩}).

Step 3: Quantum bit transmission

Alice sends the prepared qubits to Bob over the quantum channel.

Step 4: Measurement

Upon receiving the qubits, Bob randomly chooses a basis, 𝐵 ′ , for each qubit, similar to Alice in Step 1. For each qubit, he
measures it in the chosen basis and records the result as 𝐵𝑖′ .

Step 5: Error estimation

Alice and Bob publicly announce their respective basis strings, 𝐵 and 𝐵 ′ , over the classical channel. They compare the bits where
their bases match (e.g., 𝐵𝑖 = 𝐵𝑖′ ) and discard the rest.

Step 6: Key extraction

Alice and Bob retain the bits of 𝐴 and 𝐵 ′ , respectively, corresponding to the matching bases. These bits form the shared secret
key. For example, if 𝐵𝑖 = 𝐵𝑖′ , Alice and Bob keep the bit 𝐴𝑖 as part of the shared key.

Step 7: Security verification

To verify the security of the key, Alice and Bob publicly compare a subset of their key bits and check for discrepancies. If the
error rate is below a certain threshold, they can be confident that no eavesdropping has occurred.

7
S. Dhar et al. Internet of Things 25 (2024) 101019

Actual key generation

Let us consider a numerical example with 𝑛 = 6.

𝐴 = 010110
𝐵 = 101001

Alice prepares the qubits based on the encoding basis:

𝐴1 → |0⟩ (Standard basis)

𝐴2 → |1⟩ (Hadamard basis)
𝐴3 → |0⟩ (Standard basis)
𝐴4 → |1⟩ (Hadamard basis)
𝐴5 → |1⟩ (Hadamard basis)
𝐴6 → |0⟩ (Standard basis)

Alice sends the qubits to Bob, who randomly chooses the measurement basis:

𝐵1′ → Standard basis

𝐵2′ → Hadamard basis
𝐵3′ → Hadamard basis
𝐵4′ → Standard basis
𝐵5′ → Standard basis
𝐵6′ → Standard basis

Comparing the bases, Alice and Bob discard the bits where the bases do not match. The remaining bits are used as the shared
key.

Algorithm 1 BB84 Protocol

1: Input: Bit string to transmit: 𝑏1 𝑏2 … 𝑏𝑛
2: Output: Shared secret key: 𝑘1 𝑘2 … 𝑘𝑛
3: Alice’s Steps:
4: Randomly select a basis for each bit: 𝑏′1 𝑏′2 … 𝑏′𝑛
5: for 𝑖 in 1 to 𝑛 do
6: Prepare a photon in the corresponding polarization state: 𝑏𝑖 , 𝑏′𝑖
7: end for
8: Transmit the photons to Bob
9: Bob’s Steps:
10: for 𝑖 in 1 to 𝑛 do
11: Randomly select a basis for each photon: 𝑏′′ 𝑏′′ … 𝑏′′
1 2 𝑛
12: Measure each photon’s polarization in the chosen basis
13: Record the measurement result: 𝑏𝑖 ′′′

14: end for

15: Public Communication:
16: Alice and Bob communicate publicly, indicating their basis choices for each transmission
17: Basis Matching:
18: Discard measurement results where Alice and Bob used different bases
19: Error Estimation:
20: Publicly disclose a subset of matching basis choices
21: Estimate the error rate based on the comparison of measurement results for this subset
22: Privacy Amplification:
23: Perform error correction and privacy amplification to extract a shorter secure key from the matching bit string
24: Final Secure Key:
25: Obtain the final shared secret key, which is identical for both Alice and Bob

6.2. Digital ring signature

We employ lightweight Ring signature technology [15], which enables a signer to anonymously sign data. In a ring signature (see
Figs. 4 and 5), the signature is mixed with signatures from other members of a group (referred to as a ring), making it impossible

8
S. Dhar et al. Internet of Things 25 (2024) 101019

Fig. 4. Digital signature.

Fig. 5. Digital ring signature.

for anyone, except the actual signer, to determine the identity of the signer. The concept of Ring Signature was initially proposed
by Rivest in 2001 [16]. We can successfully achieve both the objectives of ensuring Signers’ Anonymity and guaranteeing Signature
Correctness.

• Signature Correctness: Our approach ensures that a signature is considered valid if it meets the required criteria, and any
signature that fails to meet the criteria is always rejected.
• Signers Anonymity: With our method, a signature is generated by a member selected from a set of public key holders. As a
result, the identity of the actual signer remains concealed within the network, preventing anyone from determining the true
signer based solely on the signature.

The digital ring signature algorithm (see Algorithm 2) allows an IoT device to securely transfer data to a cloud server while
preserving the anonymity of the device. The algorithm utilizes a ring signature scheme, where a group of users collectively sign the
data, and the cloud server can verify the signature without knowing the specific signer.

Algorithm steps:

Example usage

Let us consider an example usage scenario:

Cloud Server:

• Generate a set of public keys 𝑃 𝐾 = {𝑃 𝐾1 , 𝑃 𝐾2 , 𝑃 𝐾3 , 𝑃 𝐾4 }

IoT Device:

• Obtain the data to be transferred, 𝐷

• Select a signer’s secret key 𝑆𝐾𝑖 corresponding to its public key 𝑃 𝐾𝑖
• Sign the data using the Sign procedure: 𝜎 = Sign(𝐷, 𝑃 𝐾, 𝑆𝐾𝑖 )
• Send the data 𝐷 and the digital ring signature 𝜎 to the cloud server

Cloud Server:

9
S. Dhar et al. Internet of Things 25 (2024) 101019

Algorithm 2 Digital Ring Signature Algorithm

1: Input: Data 𝐷, Set of public keys 𝑃 𝐾 = {𝑃 𝐾1 , 𝑃 𝐾2 , ..., 𝑃 𝐾𝑛 }, Signer’s secret key 𝑆𝐾𝑖
2: Output: Digital ring signature 𝜎
3: procedure Sign(𝐷, 𝑃 𝐾, 𝑆𝐾𝑖 )
4: Randomly select a subset of public keys 𝑃 𝐾 ′ ⊂ 𝑃 𝐾 such that 𝑃 𝐾𝑖 ∈ 𝑃 𝐾 ′
5: Compute the ring signature 𝜎 using 𝐷, 𝑃 𝐾 ′ , and 𝑆𝐾𝑖
6: return 𝜎
7: end procedure
8: procedure Verify(𝐷, 𝑃 𝐾, 𝜎)
9: for all 𝑃 𝐾𝑖 ∈ 𝑃 𝐾 do
10: if Verification of 𝜎 using 𝐷, 𝑃 𝐾𝑖 succeeds then
11: return valid
12: end if
13: end for
14: return invalid
15: end procedure

• Receive the data 𝐷 and the digital ring signature 𝜎

• Verify the signature using the Verify procedure: Verify(𝐷, 𝑃 𝐾, 𝜎)
• If the signature is valid, process the data

6.3. Store IoT or cloud data hash into blockchain

In this algorithm (see 3), the input includes the IoT data (d) and the blockchain (B). The output is the updated blockchain (B’).
The algorithm computes the hash value of the IoT data using a hash function. Then, it creates a new block containing the hash value.
Finally, it adds the new block to the existing blockchain, resulting in an updated blockchain. Please note that this is a simplified
example and require further modifications depending on the specific blockchain implementation or protocol we are using. We need
to consider additional steps such as verification and consensus mechanisms to ensure the integrity and security of the blockchain.

Algorithm 3 Store IoT Data Hash into Blockchain

1: Input: IoT data 𝑑, Blockchain 𝐵
2: Output: Updated blockchain 𝐵 ′
3: Compute the hash value: ℎ ← Hash(𝑑) ⊳ Hash function
4: Create a new block: 𝑏𝑙𝑜𝑐𝑘 ← NewBlock(ℎ) ⊳ Create a new block with the hash value
5: Add the block to the blockchain: 𝐵 ′ ← AddBlock(𝐵, 𝑏𝑙𝑜𝑐𝑘) ⊳ Append the new block to the blockchain
6: Output: 𝐵 ′

6.4. Zero-knowledge proofs

Zero-Knowledge Proofs (ZKPs) are cryptographic protocols that allow one party (the prover) to prove to another party (the
verifier) that a certain statement is true, without revealing any specific information about the statement itself. In other words, a
ZKP allows the prover to demonstrate knowledge of something without revealing what that knowledge is. This concept ensures
privacy and security in scenarios where proving knowledge is necessary without disclosing sensitive information.

Key concepts:

1. Completeness: If the statement is true, an honest verifier will be convinced by an honest prover.
2. Soundness: If the statement is false, no dishonest prover can convince an honest verifier otherwise.
3. Zero-Knowledge: The verifier learns nothing about the underlying information except the fact that the statement is true.

Example — The Color of a Graph:

Imagine Alice wants to prove to Bob that she knows a valid coloring of a graph without revealing the actual colors. The graph’s
nodes represent regions, and the edges connect adjacent regions. Alice wants to prove that she can color the regions such that no
adjacent regions have the same color.

10
S. Dhar et al. Internet of Things 25 (2024) 101019

Algorithm overview:

1. Setup: The prover (Alice) and verifier (Bob) agree on a graph, the statement to be proven (valid coloring), and a common
commitment scheme.
2. Commitment Phase: Alice assigns random colors to each region and commits to these colors using the commitment scheme.
She sends the commitments to Bob.
3. Challenge Phase: Bob chooses a random region and asks Alice for the color of that region. Alice reveals the color, and Bob
chooses another region, repeating the process multiple times.
4. Response Phase: For each challenge, Alice sends the actual colors of the chosen regions.
5. Verification: Bob verifies that the colors Alice revealed match the commitments she made earlier. If they match and no
adjacent regions have the same color, Bob becomes convinced that Alice knows a valid coloring without learning the colors
themselves.

Use Cases:

1. Authentication: A user can prove knowledge of a password without revealing the actual password.
2. Digital Signatures: A signer can prove the validity of a signature without disclosing the private key.
3. Privacy-Preserving Transactions: Proving possession of certain attributes (like being over 18) without revealing other
personal information.
4. Anonymous Credentials: Verifying attributes like age or membership without disclosing identity.

Zero-Knowledge Proofs provide a powerful tool for privacy-preserving authentication and verification. They have applications in
blockchain, digital identity, secure voting systems, and more, ensuring information can be verified without exposing sensitive data.

6.5. Implementing ZKP between IoT or cloud data

In this algorithm (see Algorithm 4), the input includes the IoT data (d) and proof parameters (P). The output is the verification
result, which can be either True or False. The algorithm generates a random secret (r) and computes a commitment (c) using the
data, the secret, and the proof parameters. The commitment is sent to the cloud. The cloud then sends a challenge (x) to the IoT
device. The device computes a response (s) using the challenge and the data. The response is sent to the cloud. Finally, the cloud
verifies the response and provides the verification result (V) to the IoT device. Based on the verification result, the algorithm outputs
either True or False. Please note that this is a simplified example and may require further modifications depending on the specific
zero-knowledge proof protocol or cryptographic primitives we are using.

Algorithm 4 Zero-Knowledge Proof for Data Verification

1: Input: IoT data 𝑑, Proof parameters 𝑃
2: Output: Verification result True or False
3: Initialize: 𝑠 ← 0
4: Choose a random secret: 𝑟 ← Random number
5: Compute the commitment: 𝑐 ← ComputeCommitment(𝑑, 𝑟, 𝑃 )
6: Send the commitment: 𝑐 to the cloud
7: Receive a challenge: 𝑥 from the cloud
8: Compute the response: 𝑠 ← 𝑟 + 𝑥 ⋅ 𝑑
9: Send the response: 𝑠 to the cloud
10: Receive the cloud’s verification result: 𝑉 from the cloud
11: if 𝑉 is True then
12: Output: True
13: else
14: Output: False
15: end if

6.6. Lightweight encryption algorithm

To encrypt the data, we propose to use lightweight cipher ASCON [17]. ASCON is a symmetric key encryption algorithm designed
for lightweight and resource constrained devices, making it suitable for applications in the Internet of Things (IoT) and multimedia
systems. ASCON emerged as a result of the CAESAR competition, which aimed to find new authenticated encryption schemes suitable
for lightweight devices. ASCON was one of the finalists in the competition and gained recognition for its performance, security, and
flexibility. During the NIST competition, ASCON also gained attention as a candidate for standardization and it was the winner of
competition under lightweight category. The NIST Lightweight Cryptography Team extensively evaluated the finalists by thoroughly
analyzing their submission packages, assessing the progress made through status updates, reviewing third-party security analysis

11
S. Dhar et al. Internet of Things 25 (2024) 101019

Table 2
Recommended parameters for Ascon authenticated encryption.
Cipher Key size Nonce size Tag size Rate Capacity Rounds
Ascon-128 128 bits 128 bits 128 bits 64 bits 256 bits 12
Ascon-128a 128 bits 128 bits 128 bits 128 bits 192 bits 12

Fig. 6. Ascon authenticated encryption [17].

papers, examining implementation and benchmarking results, and carefully considering the feedback received during workshops and
through the lwc-forum. It provides both confidentiality and integrity protection for data. ASCON was developed with a focus on
efficiency, security, and simplicity. It offers a high level of security while minimizing the computational and memory requirements.
The cipher is resistant against various cryptographic attacks, including differential and linear cryptanalysis.
Ascon employs a duplex-sponge-based mode of operation to achieve authenticated encryption (see Fig. 6). For enhanced security,
it is recommended to use a key length, tag length, and nonce length of 128 bits. The sponge construction operates on a state of
320 bits, accommodating message blocks of either 64 or 128 bits (see Table 2). Figures and other descriptions of this cipher in this
document are adapted from the research paper authored by Dobraunig et al. [17]. The encryption process encompasses four distinct
phases:

1. Initialization: The state is initialized with the key 𝐾 and nonce 𝑁.

2. Associated Data Processing: The state is updated with the associated data blocks 𝐴𝑖 .
3. Plaintext Processing: Plaintext blocks 𝑃𝑖 are injected into the state, producing corresponding ciphertext blocks 𝐶𝑖 .
4. Finalization: The key 𝐾 is injected once again, and the resulting tag 𝑇 is extracted for authentication purposes.

The use of ASCON in multimedia and IoT systems brings several benefits. Firstly, its lightweight nature ensures that it can be
efficiently implemented on resource-constrained devices without consuming excessive power or memory. This makes it suitable for
low-power IoT devices, where energy efficiency is crucial. Secondly, ASCON provides authenticated encryption, which guarantees
the integrity and authenticity of the transmitted data. This is particularly important in multimedia applications, where tampering
with or modifying the content can result in significant consequences. Furthermore, ASCON offers a high degree of flexibility. It
supports various key sizes and can accommodate different security requirements based on the specific use case. This adaptability
makes it well-suited for multimedia systems that handle diverse types of data, such as images, audio, and video.

6.7. Experimental evaluation

To comprehensively evaluate the effectiveness and efficiency of ASCON, a series of experiments were meticulously conducted,
encompassing a wide array of systems. These experiments serve as a crucial benchmarking exercise, allowing for the assessment
of ASCON’s performance and suitability across various contexts, ensuring that it meets the stringent requirements of applications
related to IoT systems. Ascon-128a, a distinguished member of the CAESAR Hardware API, is a cryptographic algorithm celebrated
for its exemplary blend of security and efficiency, particularly relevant to the realm of Internet of Things (IoT) applications. Boasting
a 128-bit block size and key length, Ascon-128a ensures robust cryptographic protection against a spectrum of security threats. The
inclusion of a 128-bit nonce enhances its suitability for secure IoT device communications, enabling the management of a vast array
of unique nonces. Furthermore, Ascon-128a generates a 128-bit authentication tag, guaranteeing data integrity – a vital aspect
in safeguarding the integrity of data transmitted between IoT devices. Its lightweight and computationally efficient design aligns
perfectly with the resource constraints typically encountered in IoT environments, solidifying its position as a preferred choice for
securing data in diverse IoT applications, where security and efficiency are paramount (see Table 3).
We have analyzed ASCON with most powerful attack called SAT based attack. We have evaluated multiple SAT solvers for
possible inclusion, including CryptoMiniSat, plingeling, treengeling, and glucose. These solvers have exhibited strong performance
in recent SAT competitions [18], particularly in the parallel track category. Following an extensive series of tests, we have
determined that in our experiments, plingeling consistently outperforms the other solvers and thus chosen it for our purposes.
As expected, our SAT solver is able to find the secret key for 2 rounds only. The time taken by the solver is roughly equivalent
to 232 ASCON encryptions. We have considered 3- and 4-round variants with some bits guessed in the middle (e.g., 64 bits
after 1.5 rounds), but these instances turned out to be too difficult for the solver. Link for the code is available at github
https://github.com/ashudhar7/ASCON-experiments.

12
S. Dhar et al. Internet of Things 25 (2024) 101019

Table 3
Ascon-128a (CAESAR Hardware API) design parameters.
Design Area (GE) Throughput (Mbps)
1 round 9680 7326
2 rounds 13 249 11 743
4 rounds 20 380 16 675

7. Robustness and resilience in a quantum key distribution (QKD) system

Robustness in QKD:

A robust system [19] can handle both anticipated and unanticipated situations without failing or compromising its functionality.
In the context of security, a robust system can withstand various attacks, vulnerabilities, and attempts to breach its defenses.

• Robustness in a QKD system refers to its ability to operate reliably under various conditions, including potential attacks, noise,
and other uncertainties inherent to quantum systems.
• Implement error correction and fault tolerance mechanisms to counteract errors and imperfections introduced during the
transmission of quantum states. This ensures that even in the presence of noise or disturbances, the system can still generate
accurate and secure key material.
• Use advanced quantum protocols that are resilient against common attacks, such as the BB84 protocol with decoy states to
mitigate photon number splitting attacks.

Resilience in QKD:

Resilience [20] refers to the ability of a system or organization to absorb shocks, recover from disruptions, and continue operating
effectively. A resilient system can bounce back from adverse events, such as cyberattacks, natural disasters, or hardware failures,
while minimizing the impact on its functionality and integrity.

• Resilience in a QKD system is about its ability to recover and continue functioning after facing disruptions, attacks, or
unexpected events.
• Develop comprehensive incident response plans that outline steps to take in case of security breaches or system failures. These
plans should include procedures for detecting and containing attacks, recovering from security incidents, and restoring normal
operations.
• Implement redundancy and backup measures to ensure that communication can continue even if certain components fail or
are compromised. This might involve having backup QKD devices, communication paths, and authentication mechanisms.

Integration of robustness and resilience:

• Integrate robustness and resilience considerations from the design phase of the QKD system. This includes selecting reliable
hardware components, designing fault-tolerant protocols, and establishing secure communication channels.
• Regularly update and upgrade the QKD system’s software and hardware to address emerging vulnerabilities and to stay ahead
of potential threats.
• Implement continuous monitoring to detect unusual activities or patterns that might indicate an attack. Rapid detection allows
for quick response and containment.

Testing and verification:

• Rigorously test the QKD system under various conditions, including simulated attacks and unexpected inputs, to ensure its
robustness.
• Conduct penetration testing and vulnerability assessments to identify potential weaknesses and vulnerabilities in the system.
Address the findings to improve the system’s overall resilience.

Education and training:

• Train personnel who are responsible for operating and maintaining the QKD system in security best practices, incident response
procedures, and techniques for detecting and mitigating attacks.
• Foster a security-aware culture within the organization to encourage everyone to contribute to the robustness and resilience
of the QKD system.

13
S. Dhar et al. Internet of Things 25 (2024) 101019

Table 4
Requirement and solution.
Requirement Solution
Authorization Lightweight Digital Signature
Integrity Hashing of data blocks
Anonymity Lightweight Ring Signature
Security Lightweight ASCON encryption
Key security BB84 protocol

7.1. Security evaluation

The proposed framework, integrating IoT devices, blockchain, and cloud technology, along with quantum key distribution (QKD),
satellite communication, zero-knowledge proofs (ZKP), lightweight ring signatures, and the ASCON cipher, is evaluated (see Table 4)
against different types of attacks:

1. Eavesdropping: The use of QKD for key generation and satellite communication for qubit transmission enhances the security
of the system against eavesdropping attacks. The quantum properties of the qubits and the secure satellite channel protect
the confidentiality and integrity of the encryption keys and data during transmission.
2. Man-in-the-Middle (MitM) Attacks: The framework employs various security measures to prevent MitM attacks. The QKD
process ensures secure key exchange, while zero-knowledge proofs and lightweight ring signatures establish the authenticity
and integrity of the communication between the cloud and IoT devices. These measures reduce the risk of unauthorized
interception, tampering, or impersonation.
3. Cryptographic Attacks: The ASCON cipher used for data encryption is a well-vetted and secure algorithm that provides
confidentiality and integrity. Its resistance against known cryptographic attacks ensures the protection of data during
transmission and storage. Proper key management and secure implementation practices mitigate potential cryptographic
vulnerabilities.
4. Data Tampering: The blockchain technology used in the framework provides tamper-resistance for stored data. The hash
values of the data are recorded on the blockchain, making it difficult for attackers to modify the data without detection. The
decentralized and distributed nature of the blockchain adds an additional layer of security, as multiple nodes validate and
verify the integrity of the data.
5. Sybil Attacks: The use of blockchain technology helps mitigate Sybil attacks by providing a decentralized and consensus-
driven system. Multiple nodes in the network validate transactions and maintain the integrity of the blockchain, making it
difficult for an attacker to create multiple fake identities to manipulate the data.
6. Physical Attacks: Physical attacks on the IoT devices, satellite infrastructure, or quantum key distribution components can
compromise the security of the system. Implementing robust physical security measures, such as tamper-resistant hardware,
secure facilities, and strong access controls, is crucial to prevent physical attacks and maintain the overall security of the
system.

It is important to note that while the proposed framework offers significant security measures, regular security audits, updates,
and patches are necessary to address emerging vulnerabilities and maintain the system’s security over time. Secure development
practices and adherence to industry standards further enhance the resilience of the framework against potential attacks.

7.2. Challenges in quantum key distribution implementation

Implementing Quantum Key Distribution (QKD) introduces several cybersecurity and associated challenges that need to be
addressed for a secure and effective deployment. Here are some of the key challenges:

1. Quantum Channel Security:

• Channel Vulnerabilities: QKD relies on the transmission of quantum bits (qubits) over a physical channel. Ensuring
the security of this channel against eavesdropping and interference is critical.
• Physical Attacks: Quantum channels, such as optical fibers, are susceptible to physical attacks. Adversaries could tap
into or manipulate the channel to intercept or modify qubits.
• Quantum Trojan Horses: Attackers might try to introduce malicious components (quantum Trojan horses) into the
communication setup, compromising the security of the quantum channel.

2. Device Security and Reliability:

• Side-Channel Attacks: Quantum devices used in QKD implementations can leak information through side channels,
which attackers might exploit to gather secret keys.
• Device Calibration and Misalignment: Accurate device calibration and alignment are crucial for maintaining qubit
integrity. Errors in these areas can lead to key leakage or loss.

14
S. Dhar et al. Internet of Things 25 (2024) 101019

3. Photon Detection and Noise:

• Photon Detection Efficiency: Accurate and efficient photon detection is necessary for reliable QKD. Lower photon
detection efficiency can lead to information leakage.
• Noise and Loss: Noise and loss in the quantum channel affect qubit transmission, reducing the signal-to-noise ratio and
potentially enabling attackers to intercept or manipulate qubits.

Addressing these challenges requires a multidisciplinary approach involving quantum physics, cryptography, network security,
and engineering. As quantum technologies advance, ongoing research and collaboration are essential to ensure the security and
reliability of QKD implementations.

8. Open problems for the future:

1. Scalability: Explore ways to enhance the scalability of the framework to accommodate a larger number of IoT devices
and handle increasing data volumes efficiently. This may involve optimizing the cloud infrastructure, blockchain consensus
mechanisms, and data processing algorithms.
2. Privacy Enhancements: Investigate techniques to further enhance privacy within the framework. This could involve the
exploration of advanced cryptographic protocols, such as secure multiparty computation (SMC) or homomorphic encryption,
to enable secure data analysis and computation while preserving data privacy.
3. Resilience against Quantum Attacks: With the advent of quantum computers, it is crucial to evaluate the resilience of the
framework against quantum attacks. Future work could focus on integrating post-quantum cryptographic algorithms that are
resistant to attacks by quantum computers, ensuring long-term security.
4. Energy Efficiency: Explore methods to optimize energy consumption in IoT devices, as energy efficiency is a critical
factor in the success of IoT deployments. This could involve researching low-power communication protocols, lightweight
cryptographic algorithms, and energy harvesting techniques.
5. Standardization and Interoperability: Develop standards and protocols to ensure interoperability and seamless integration
between different IoT devices, cloud platforms, and blockchain networks. Standardization efforts can enhance the security,
reliability, and compatibility of the framework across diverse IoT ecosystems.
6. Threat Modeling and Risk Assessment: Conduct thorough threat modeling and risk assessments to identify potential
vulnerabilities and attack vectors within the framework. This could involve simulating and analyzing different attack scenarios
to evaluate the system’s robustness and identify potential security gaps.
7. Usability and User Experience: Focus on improving the usability and user experience of the framework for both IoT
device users and administrators. This could involve developing intuitive interfaces, clear documentation, and streamlined
deployment processes to encourage wider adoption and ease of use.
8. Real-world Implementation and Validation: Conduct real-world implementation and validation of the framework in
various IoT use cases and domains. This could involve pilot deployments, performance evaluations, and user feedback to
assess the framework’s practicality, effectiveness, and security in real-world scenarios.

By addressing these areas, future work can further strengthen the security, scalability, privacy, and usability of the proposed
framework, paving the way for its successful implementation in diverse IoT applications.

9. Conclusion

In conclusion, the proposed framework, which combines IoT devices, blockchain, and cloud technology, along with quantum
key distribution, satellite communication, zero-knowledge proofs, lightweight ring signatures, and the ASCON cipher, offers a
robust and secure solution for data collection, transmission, and storage in IoT systems. It addresses key security concerns such
as eavesdropping, man-in-the-middle attacks, cryptographic vulnerabilities, data tampering, Sybil attacks, and physical attacks. The
integration of quantum key distribution and satellite communication ensures secure key generation and transmission, while zero-
knowledge proofs and lightweight ring signatures establish communication authenticity and integrity. The ASCON cipher provides
robust encryption, and the blockchain technology enhances data tamper-resistance. Regular security audits, updates, and adherence
to secure implementation practices are necessary to maintain the framework’s security over time. Overall, this framework provides
a strong foundation for secure and trustworthy IoT deployments.

Declaration of competing interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared
to influence the work reported in this paper.

Data availability

No data was used for the research described in the article.

15
S. Dhar et al. Internet of Things 25 (2024) 101019

Acknowledgment

The work of Shalini Dhar is supported by University Grant Commission (UGC) Fellowship for PhD students.

References

[1] G. Srivastava, S. Dhar, A.D. Dwivedi, J. Crichigno, Blockchain education, in: 2019 IEEE Canadian Conference of Electrical and Computer Engineering,
CCECE 2019, Edmonton, AB, Canada, May 5-8, 2019, IEEE, 2019, pp. 1–5, http://dx.doi.org/10.1109/CCECE.2019.8861828.
[2] G. Srivastava, A.D. Dwivedi, R. Singh, PHANTOM protocol as the new crypto-democracy, in: K. Saeed, W. Homenda (Eds.), Computer Information Systems
and Industrial Management - 17th International Conference, CISIM 2018, Olomouc, Czech Republic, September 27-29, 2018, Proceedings, in: Lecture Notes
in Computer Science, vol. 11127, Springer, 2018, pp. 499–509, http://dx.doi.org/10.1007/978-3-319-99954-8_41.
[3] G. Srivastava, A.D. Dwivedi, R. Singh, Crypto-democracy: A decentralized voting scheme using blockchain technology, in: P. Samarati, M.S. Obaidat (Eds.),
Proceedings of the 15th International Joint Conference on E-Business and Telecommunications, ICETE 2018 - Volume 2: SECRYPT, Porto, Portugal, July
26-28, 2018, SciTePress, 2018, pp. 674–679, http://dx.doi.org/10.5220/0006881906740679.
[4] A.D. Dwivedi, R. Singh, S. Dhall, G. Srivastava, S.K. Pal, Tracing the source of fake news using a scalable blockchain distributed network, in: 17th
IEEE International Conference on Mobile Ad Hoc and Sensor Systems, MASS 2020, Delhi, India, December 10-13, 2020, IEEE, 2020, pp. 38–43,
http://dx.doi.org/10.1109/MASS50613.2020.00015.
[5] A.D. Dwivedi, L. Malina, P. Dzurenda, G. Srivastava, Optimized blockchain model for internet of things based healthcare applications, in: N. Herencsar (Ed.),
42nd International Conference on Telecommunications and Signal Processing, TSP 2019, Budapest, Hungary, July 1-3, 2019, IEEE, 2019, pp. 135–139,
http://dx.doi.org/10.1109/TSP.2019.8769060.
[6] W. Yang, S. Wang, J. Hu, N.M. Karie, Multimedia security and privacy protection in the internet of things: research developments and challenges, Int. J.
Multim. Intell. Secur. 4 (1) (2022) 20–46, http://dx.doi.org/10.1504/IJMIS.2022.121282.
[7] Z. Ma, L. Zhu, F.R. Yu, J. James, Protection of surveillance recordings via blockchain-assisted multimedia security, Int. J. Sens. Netw. 37 (2) (2021) 69–80,
http://dx.doi.org/10.1504/IJSNET.2021.118486.
[8] A.D. Dwivedi, R. Singh, U. Ghosh, R.R. Mukkamala, A. Tolba, O. Said, Privacy preserving authentication system based on non-interactive zero knowledge
proof suitable for internet of things, J. Ambient Intell. Humaniz. Comput. 13 (10) (2022) 4639–4649, http://dx.doi.org/10.1007/s12652-021-03459-4.
[9] R. Singh, A.D. Dwivedi, R.R. Mukkamala, W.S. Alnumay, Privacy-preserving ledger for blockchain and internet of things-enabled cyber-physical systems,
Comput. Electr. Eng. 103 (2022) 108290, http://dx.doi.org/10.1016/j.compeleceng.2022.108290.
[10] R. Singh, A.D. Dwivedi, G. Srivastava, P. Chatterjee, J.C.-W. Lin, A privacy preserving internet of things smart healthcare financial system, IEEE Internet
Things J. (2022) 1, http://dx.doi.org/10.1109/JIOT.2022.3233783.
[11] S. Dhar, A. Khare, R. Singh, Advanced security model for multimedia data sharing in internet of things, Trans. Emerg. Telecommun. Technol. (2022)
http://dx.doi.org/10.1002/ett.4621, Epub ahead of print. Published online: 07 August 2022..
[12] S. Sasikumar, K. Sundar, C. Jayakumar, M.S. Obaidat, T. Stephan, K.-F. Hsiao, Modeling and simulation of a novel secure quantum key distribution (SQKD)
for ensuring data security in cloud environment, Simul. Model. Pract. Theory 121 (2022) 102651, http://dx.doi.org/10.1016/j.simpat.2022.102651, URL
https://www.sciencedirect.com/science/article/pii/S1569190X22001216.
[13] G. Sharma, S. Kalra, A novel scheme for data security in cloud computing using quantum cryptography, in: Proceedings of the International Conference
on Advances in Information Communication Technology & Computing, AICTC ’16, Association for Computing Machinery, New York, NY, USA, 2016,
http://dx.doi.org/10.1145/2979779.2979816.
[14] S. Fatima, S. Ahmad, Quantum key distribution approach for secure authentication of cloud servers, Int. J. Cloud Appl. Comput. 11 (3) (2021) 19–32,
http://dx.doi.org/10.4018/IJCAC.2021070102.
[15] L. Malina, J. Hajny, P. Dzurenda, S. Ricci, Lightweight ring signatures for decentralized privacy-preserving transactions, in: P. Samarati, M.S. Obaidat
(Eds.), Proceedings of the 15th International Joint Conference on E-Business and Telecommunications, ICETE 2018 - Vol. 2: SECRYPT, Porto, Portugal,
July 26-28, 2018, SciTePress, 2018, pp. 692–697, http://dx.doi.org/10.5220/0006890506920697.
[16] R.L. Rivest, A. Shamir, Y. Tauman, How to leak a secret, in: C. Boyd (Ed.), Advances in Cryptology - ASIACRYPT 2001, 7th International Conference
on the Theory and Application of Cryptology and Information Security, Gold Coast, Australia, December 9-13, 2001, Proceedings, in: Lecture Notes in
Computer Science, vol. 2248, Springer, 2001, pp. 552–565, http://dx.doi.org/10.1007/3-540-45682-1_32.
[17] C. Dobraunig, M. Eichlseder, F. Mendel, M. Schläffer, Ascon v1.2: Lightweight authenticated encryption and hashing, J. Cryptol. 34 (3) (2021) 33,
http://dx.doi.org/10.1007/s00145-021-09398-9.
[18] A.D. Dwivedi, M. Kloucek, P. Morawiecki, I. Nikolic, J. Pieprzyk, S. Wójtowicz, SAT-based cryptanalysis of authenticated ciphers from the CAESAR
competition, in: P. Samarati, M.S. Obaidat, E. Cabello (Eds.), Proceedings of the 14th International Joint Conference on E-Business and Telecommunications
(ICETE 2017) - Volume 4: SECRYPT, Madrid, Spain, July 24-26, 2017, SciTePress, 2017, pp. 237–246, http://dx.doi.org/10.5220/0006387302370246.
[19] W.J. Zhang, Y. Lin, On the principle of design of resilient systems – application to enterprise information systems, Enterp. Inf. Syst. 4 (2) (2010) 99–110,
http://dx.doi.org/10.1080/17517571003763380, arXiv:10.1080/17517571003763380.
[20] W. Lin, M. Xu, J. He, W. Zhang, Privacy, security and resilience in mobile healthcare applications, Enterp. Inf. Syst. 17 (3) (2023) 1939896,
http://dx.doi.org/10.1080/17517575.2021.1939896, arXiv:10.1080/17517575.2021.1939896.

16