Blockchain Technologies for the Internet of Things: Research … · 2018-06-26 · 1 Blockchain Technologies for the Internet of Things: Research Issues and Challenges Mohamed Amine

Blockchain Technologies for the Internet of ThingsResearch Issues and Challenges

Mohamed Amine Ferrag Makhlouf Derdour Mithun Mukherjee Member IEEE Abdelouahid DerhabLeandros Maglaras Senior Member IEEE Helge Janicke

AbstractmdashThis paper presents a comprehensive survey ofthe existing blockchain protocols for the Internet of Things(IoT) networks We start by describing the blockchains andsummarizing the existing surveys that deal with blockchaintechnologies Then we provide an overview of the applicationdomains of blockchain technologies in IoT eg Internet ofVehicles Internet of Energy Internet of Cloud Fog computingetc Moreover we provide a classification of threat models whichare considered by blockchain protocols in IoT networks into fivemain categories namely identity-based attacks manipulation-based attacks cryptanalytic attacks reputation-based attacksand service-based attacks In addition we provide a taxonomyand a side-by-side comparison of the state-of-the-art methodstowards secure and privacy-preserving blockchain technologieswith respect to the blockchain model specific security goalsperformance limitations computation complexity and commu-nication overhead Based on the current survey we highlightopen research challenges and discuss possible future researchdirections in the blockchain technologies for IoT

Index TermsmdashBlockchain Consensus Security Threats IoT

I INTRODUCTION

In the last few years we have witnessed the potential ofInternet of Things to deliver exciting services across severalsectors from social media business intelligent transportationand smart cities to the industries [1] [2] [3] IoT seamlesslyinterconnects heterogeneous devices with diverse functional-ities in the human-centric and machine-centric networks tomeet the evolving requirements of the earlier mentioned sec-tors Nevertheless the significant number of connected devicesand massive data traffic become the bottleneck in meetingthe required Quality-of-Services (QoS) due to the computa-tional storage and bandwidth-constrained IoT devices Most

(Corresponding author Mohamed Amine Ferrag)M A Ferrag is with Department of Computer Science Guelma Uni-

versity 24000 Algeria and also with Networks and Systems Laboratory(LRS) Badji Mokhtar-Annaba University 23000 Annaba Algeria e-mailmohamedamineferraggmailcom ferragmohamedamineuniv-guelmadzphone +213661-873-051

M Derdour is with Department of Mathematics and Computer Sci-ence University of Larbi Tebessi Tebessa 12002 Algeria e-mailmderdouryahoofr

M Mukherjee is with the Guangdong Provincial Key Laboratory of Petro-chemical Equipment Fault Diagnosis Guangdong University of PetrochemicalTechnology Maoming 525000 China e-mail mmukherjeeieeeorg

A Derhab is with Center of Excellence in Information Assurance (CoEIA)King Saud University Saudi Arabia e-mail abderhabksuedusa

L Maglaras is with School of Computer Science and Informatics DeMontfort University Leicester UK and also with General Secretariat ofDigital Policy Athens Greece e-mail leandrosmaggmailcom

H Janicke is with School of Computer Science and Informatics DeMontfort University Leicester UK e-mail heljanicdmuacuk

Manuscript received 2018

Block 65

Transaction

Proof of Work (65)

Hash Previous (65)

Block 64

Transaction

Proof of Work (64)

Hash Previous (64)

Block 63

Transaction

Proof of Work (63)

Hash Previous (63)

Hash Previous (64) = Proof of Work (63)Hash Previous (65) = Proof of Work (64)

Fig 1 Blockchain structure

recently the blockchain [4] [5] [6] [7] a paradigm shift istransforming all the major application areas of IoT by enablinga decentralized environment with anonymous and trustfultransactions Combined with the blockchain technology IoTsystems benefit from the lower operational cost decentralizedresource management robustness against threats and attacksand so on Therefore the convergence of IoT and blockchaintechnology aims to overcome the significant challenges ofrealizing the IoT platform in the near future

Blockchain a distributed append-only public ledger tech-nology was initially intended for the cryptocurrencies egBitcoin1 In 2008 Satoshi Nakamato [8] introduced the con-cept of blockchain that has attracted much attention over thepast years as an emerging peer-to-peer (P2P) technology fordistributed computing and decentralized data sharing Dueto the adoption of cryptography technology and without acentralized control actor or a centralized data storage theblockchain can avoid the attacks that want to take controlover the system Later in 2013 Ethereum a transaction-basedstate-machine was presented to program the blockchain tech-nologies Interestingly due to its unique and attractive featuressuch as transactional privacy security the immutability ofdata auditability integrity authorization system transparencyand fault tolerance blockchain is being applied in severalsectors beyond the cryptocurrencies Some of the areas areidentity management [9] intelligent transportation [10] [11][12] [13] [14] [15] supply-chain management mobile-crowdsensing [16] agriculture [17] Industry 40 [18] [19] Internet

1Apart from Bitcoin there are several cryptocurrencies such as LitecoinPeercoin Swiftcoin Peercoin and Ripple

Private key Public key Encrypted transaction

HashTime stampDescription

Block appended

Blockchain

A user signs a transaction by its private key and broadcasts to its peers

A miner packs valid transactions into a block and broadcasts back to the network

A block is appended only if

a) the block is validated after distributed strict cryptographic rules

b) hash matching with previous block

Fig 2 An illustration of blockchain working methodology

of energy [20] [21] [18] [22] and security in mission criticalsystems [23]

As shown in Fig 1 the blockchain structure is composed ofa sequence of blocks which are linked together by their hashvalues In the blockchain network a public ledger maintainsthe digitally signed transactions of the users in a P2P networkIn general a user has two keys a public key for other usersfor the encryption and a private key to read an encryptedmessage as shown in Fig 2 From the blockchain perspectivethe private key is used for signing the blockchain transactionand the public key represents the unique address Asymmetriccryptography is used to decrypt the message encrypted by thecorresponding public key At the initial stage a user signsa transaction using its private key and broadcasts it to itspeers Once the peers receive the signed transaction theyvalidate the transaction and disseminate it over the networkAll the parties who are involved in the transactions mutuallyvalidate the transaction to meet a consensus agreement Oncea distributed consensus is reached the special node calledas miners includes the valid transaction into a timestampedblock The block which is included by the miner is broadcastback into the network After validating the broadcast blockwhich contains the transaction as well as hash-matching itwith the previous block in the blockchain the broadcast blockis appended to the blockchain

Based on the data management and the type of applicationsblockchain can classified either as private (permission) or pub-lic (permissionless) Both classes are decentralized and providea certain level of immunity against faulty or malicious usersfor the ledger The main differences between private and publicblockchains lie in the execution of the consensus protocol themaintenance of the ledger and the authorization to join to theP2P network Detailed examples of these classes are illustratedin [24] In the context of IoT blockchains can be classifiedbased on authorization and authentication As shown in Fig 3in a private blockchain the centralized trusted authority thatmanages the authentication and authorization process selectsthe miners On the other hand in a public blockchain (ingeneral permissionless) there is no intervention of any third-party for the miner selection and joining for a new user to theblockchain network

Recently there is a huge amount of investment from theindustries [25] [26] as well as a significant interest fromacademia to solve major research challenges in blockchaintechnologies For example the consensus protocols are themajor building blocks of the blockchain technologies thus thethreats targeting the consensus protocols become a significantresearch issue in the blockchain Furthermore blockchainforks bring threats to the blockchain consensus protocolsMoreover it is observed that the vulnerability is about 51for a new blockchain [27] At the same time maintenanceof several blockchains requires a significant amount of powerconsumption [28]

A Related Surveys and Our ContributionsThere are related survey papers [7] [29] [30] [31] [24]

[32] that covered different aspects of the blockchain tech-nology For example a brief overview of blockchain forbitcoin was discussed in [29] [30] However these surveysare very limited regarding detailed discussion on researchchallenges in blockchain Moreover Sankar et al [29] brieflypresented the feasibility of various consensus protocols in theblockchain The detailed insights of bitcon were presentedin [7] Recently the surveys [24] presented the overviewof Blockchain-based IoT (BIoT) applications The securityand privacy aspects are presented in [32] [31] for bitcoinone of the blockchain applications Table I summarizes themain focuses and major contributions of the previous com-prehensive surveys on blockchain technologies Although theabove mentioned surveys [7] [31] [24] [32] have laid a solidfoundation for blockchain technologies our survey differs inseveral aspects The main contributions of this paper arebull We provide overviews of the different application do-

mains of blockchain technologies in IoT eg Internetof Vehicles Internet of Energy Internet of Cloud Fogcomputing etc

bull We classify the threat models which are considered bythe blockchain protocols in IoT networks into five maincategories namely identity-based attacks manipulation-based attacks cryptanalytic attacks reputation-based at-tacks and service-based attacks

bull We review existing research on anonymity and privacy inBitcoin systems

TABLE IRELATED SURVEYS ON BLOCKCHAIN TECHNOLOGIES

Year Author Main focuscontributions

2016 Tschorsch andScheuermann [7]

Fundamental structures and insights ofthe core of the Bitcoin protocol and itsapplications

2017 Sankar et al [29] Feasibility and efficiency of consensusprotocols in blockchain

2017 Kaushik etal [30] A brief survey on bitcoin

2018 Khalilov andLevi [31]

An overview and detailed investigationof anonymity and privacy inBitcoin-like digital cash systems

2018Fernaacutendez-Carameacutes andFraga-Lamas [24]

A review on developingBlockchain-based IoT (BIoT)applications

2018 Conti et al [32]A systematic survey that covers thesecurity and the privacy aspects ofBitcoin

bull We provide a taxonomy and a side-by-side comparisonin a tabular form of the state-of-the-art on the re-cent advancements towards secure and privacy-preservingblockchain technologies with respect to blockchainmodel specific security goals performance and limita-tions computation complexity and communication over-head

bull We highlight the open research challenges and discussthe possible future research directions in the field ofblockchain technologies for IoT

The remainder of this paper is organized as follows SectionII presents the application domains of blockchain technolo-gies in IoT In Section III we present the classification ofthreat models that are considered by the blockchain protocolsin IoT networks In Section IV we present a side-by-sidecomparison in a tabular form of the state-of-the-art on therecent advancements towards secure and privacy-preservingblockchain technologies Then we discuss open issues andrecommendations for further research in Section V Finallywe draw our conclusions in Section VI

II BLOCKCHAIN APPLICATIONS FOR THE IOT

As presented in Fig 4 the blockchain technology can beeffectively applied in almost all domains of IoT

A Internet of healthcare things

The usage of IoT in healthcare has allowed to feed theehealthcare systems with clinical data related to the patientstheir family their friends as well as the healthcare providersThe data called electronic medical records (EMRs) is storedby the responsible healthcare provider To facilitate patientdata portability there are the electronic health records (EHRs)which have a richer data structure than EMRs Based onthe idea of distributed online database Esposito et al [33]proposed the design of a blockchain-based scheme for the IoTin healthcare In a model of consortium blockchain a newblock is instantiated and distributed when new healthcare datais created To preserve the privacy of patients and maintain the

Trusted Authority

Fig 3 (a) Public blockchain system (b) Private blockchain system

immutability of EHRs Guo et al [34] introduced an attribute-based signature scheme named MA-ABS which uses multipleauthorities The MA-ABS scheme uses the blockchain tech-nology and can resist to N-1 corrupted authorities collusionattacks In addition the MA-ABS is unforgeable in sufferinga selective predicate attack Therefore Liang et al [35] usedthe blockchain network in mobile healthcare applications forintegrity protection further auditing or investigation

B Internet of things in the 5G era

In the IoT era 5G will enable a fully mobile and connectedsociety for billions of connected objects [44] To solve theprivacy issues in the 5G heterogeneous communication envi-ronment Fan et al [45] proposed a blockchain-based privacypreserving and data sharing scheme Based on the idea ofadding blocks to the blockchain each new block is connectedto the blockchain by its hash value Note that the previoushash value can be known from the block header

C Internet of vehicles

The Internet of Vehicles (IoV) is an emerging conceptwhich allows the integration of vehicles into the new era ofthe IoT in order to establish the smart communication be-tween vehicles and heterogeneous networks such as vehicle-to-vehicle vehicle-to-road vehicle-to-human vehicle-to-sensorand vehicle-to-everything However some recent works try

Fig 4 Blockchain applications for the IoT

to apply the blockchain technology to IoV Based on thedecentralized security model Huang et al [10] proposeda blockchain ecosystem model named LNSC for electricvehicle and charging pile management The LNSC model useselliptic curve cryptography (ECC) to calculate hash functionselectric vehicles and charging piles To avoid the locationtracking in the IoV Dorri et al [11] proposed a decentralizedprivacy-preserving architecture where overlay nodes managethe blockchain In addition the hash of the backup storage isstored in the blockchain

Without the administration from the central manager Leiet al [12] proposed a blockchain-based dynamic key man-agement for vehicular communication systems Based on adecentralized blockchain structure the third-party authoritiesare removed and the key transfer processes are verified andauthenticated by the security manager network MoreoverKang et al [13] introduced a P2P electricity trading systemnamed PETCON to illustrate detailed operations of localized

P2P electricity trading Using consortium blockchain methodthe PETCON system can publicly audit and share transactionrecords without relying on a trusted third party To solvethe issues of forwarding reliable announcements without re-vealing usersrsquo identities Li et al [14] proposed a privacy-preserving scheme named CreditCoin for sending announce-ments anonymously in the IoV The CreditCoin scheme usesthe blockchain via an anonymous vehicular announcementaggregation protocol to build trust in the IoV communicationsFor data credibility assessment in the IoV Yang et al [15]proposed a blockchain-based reputation system which canjudge the received messages as either true or false based onthe sendersrsquo reputation values

D Internet of Energy

The Internet of energy (IoE) provides an innovative conceptto increase the visibility of energy consumption in the SmartGrid Based on the sovereign blockchain technology Gao

TABLE IIMAJOR ATTACKS ON BLOCKCHAIN

Threat model Countermeasures Resistant protocols

Key attack - Elliptic curve encryption is used to calculate the hash functions LNSC protocol [10]

DDoSDoS attack

- Distributed SDN architecture DistBlockNet protocol [36]

- Decentralized mixing service CoinParty protocol [37]

- Ring signature using ECDSA Liu et alrsquos protocol [38]

-Block size limitation attribute-based signatures and multi-receivers encryption BSeIn protocol [39]

Replay attack- Elliptic curve encryption is used to calculate the hash functions LNSC protocol [10]

- The freshness of publicprivate key pairs BSeIn protocol [39]

Hiding Blocks - An immutable chain of temporally ordered interactions is created for each agent TrustChain protocol [40]

False data injection attack - Blockchain consensus mechanisms Liang et alrsquos protocol [21]

Tampering attack - Public-key cryptosystem Wang et alrsquos protocol [41]

Impersonation attack

- Elliptic curve encryption is used to calculate the hash functions LNSC protocol [10]

- Distributed incentive mechanism based blockchain and the node cooperationbased privacy protection mechanism

Wang et alrsquos protocol [16]

- Attribute-based signatures BSeIn protocol [39]

Refusal to Sign - Not interacting with the malicious agent or splitting the transactions in smalleramounts

TrustChain protocol [40]

Overlay attack - Every transaction is embedded with a Time-Stamp to mark the uniqueness Wang et alrsquos protocol [41]

Double-spending attack- Multi signatures and anonymous encrypted message propagation streams Aitzhan and Svetinovicrsquos protocol [22]

- Time-Stamp and the Proof-of-Work mechanism Wang et alrsquos protocol [41]

Modification attack- Elliptic curve encryption is used to calculate the hash functions LNSC protocol [10]

- The attribute signature and the MAC BSeIn protocol [39]

Collusion attack - Blockchain-based incentive mechanism He et alrsquos protocol [42]

Whitewashing attack - Lower priorities are given to the agents of new identities TrustChain protocol [40]

Quantum attack - Lattice-based signature scheme Yin et alrsquos protocol [43]

Man-in-the-middle attack- Elliptic curve encryption is used to calculate the hash functions LNSC protocol [10]

- Secure mutual authentication BSeIn protocol [39]

Sybil attack - An immutable chain of temporally ordered interactions is created for each agent TrustChain protocol [40]

et al [20] introduced a monitoring system on Smart Gridnamed GridMonitoring for ensuring transparency provenanceand immutability The GridMonitoring system is based onfour layers namely 1) Registration and authentication layer2) Smart meter 3) Processing and consensus nodes and4) Data processing on the smart grid network In modernpower systems Liang et al [21] proposed a data protectionframework based on distributed blockchain which can resistagainst data manipulation that are launched by cyber attackers(eg false data injection attacks) To guarantee data accuracyLiangrsquos framework uses the consensus mechanism which isautomatically implemented by every node and has the rep-resentative characteristics namely 1) Setting of publicprivatekey update frequency 2) Block generation 3) Miner selectionand 4) Release of meterrsquos memory periodically For secureenergy trading in Industrial Internet of Things (IIoT) Li et al[18] introduced the energy blockchain which is based on theconsortium blockchain technology and the Stackelberg gameAitzhan and Svetinovic [22] implemented a token-based pri-vate decentralized energy trading system for in decentralizedsmart grid energy which can be applied to the IoE

E Internet of Things devices

In the Internet of Things devices attackers seek to exfiltratethe data of IoT devices by using the malicious codes in

malware especially on the open source Android platformBy utilizing statistical analysis method Gu et al [46] intro-duced a malware detection system based on the consortiumBlockchain named CB-MDEE which is composed of de-tecting consortium chain by test members and public chainby users The CB-MDEE system adopts a fuzzy comparisonmethod and multiple marking functions In order to reducethe false-positive rate and improve the detection ability ofmalware variants To protect the embedded devices in theIoT Lee et al [47] a firmware update scheme based on theblockchain technology which the embedded devices have thetwo different operation cases namely 1) response from averification node to a request node and 2) response from aresponse node to a request node

F Access Management in IoT

For managing IoT devices Novo [48] proposed a distributedaccess control system using the blockchain technology Thearchitecture of this system is composed of six componentsnamely 1) Wireless sensor networks 2) Managers 3) Agentnode 4) Smart contract 5) Blockchain network and 6)Management hubs This system brings some advantages forthe access control in IoT such as 1) mobility which can beused in isolated administrative systems 2) accessibility whichensures that the access control rules are available at any time

3) concurrency which allows that the access control policiescan be modified simultaneously 4) lightweight which meansthat the IoT devices do not need any modification to adoptthis system 5) scalability as the IoT devices can be connectedthrough different constrained networks 6) transparency wherethe system can preserve the location privacy

G Collaborative video delivery

The diffusion of high-quality content in the IoT nowadayschallenges for the internet service providers However Herbautand Negru [49] proposed a decentralized brokering mechanismfor collaborative blockchain-based video delivery which isrelying on advanced network services chains Specifically thismanagement mechanism is composed of three blockchainsnamely 1) the content brokering blockchain 2) the deliverymonitoring blockchain and 3) the provisioning blockchain Inaddition this management mechanism is deployed with theopen source project Hyperledger-Fabric 2 where the resultsshow that the number of nodes slightly increases the conver-gence time

H Internet of Cloud

In the Internet of Cloud (IoC) billions of IoT devicesupload their data to the cloud through the internet connectionutilizing virtualization technology Xu et al [50] introduced anintelligent resource management for cloud datacenters basedon the blockchain technology in order to save and reduce thetotal cost of energy consumption Specifically the users usetheir individual private keys to sign a transaction while theneighboring users verify the broadcast transaction The blockis discarded when it does not pass verification ThereforeSharma et al [51] proposed a distributed cloud architec-ture that uses three emerging technologies namely software-defined networking (SDN) fog computing and a blockchaintechnique The SDN controllers of the fog node are used toprovide programming interfaces to network management op-erators The blockchain technique is used to provide scalablereliable and high-availability services In addition Xia et al[52] proposed a blockchain-based data sharing system namedMeDShare for cloud service providers This system uses fourlayers namely 1) User layer 2) Data query layer 3) Datastructuring and provenance layer and 4) Existing databaseinfrastructure layer

I Intrusion Detection

Many techniques for implementing intrusion detection sys-tems (IDSs) in the IoT environment have been proposed whichare based in machine learning To improve the collaborativeintrusion detection systems (CIDSs) Alexopoulos et al [53]introduced the idea of utilizing blockchain technology inorder to secure the exchange of alerts between the collab-orating nodes Meng et al [54] discussed the applicabilityof blockchain technology in a intrusion detection systemsModern intrusion detection systems must be based on collabo-rative communication among distributed IDSs [55] demanding

2wwwhyperledgerorgprojectsfabric

extensive data sharing among entities and trust computationIn order to deal with the privacy concerns that are raised by thedata exchange and to suppress insider attacks the blockchaintechnology is applied In this way the use of trusted thirdparty which is also a single point of failure that is needed intraditional collaborative IDSs can be avoided

J Software-defined networking

To increase IoTrsquos bandwidth researchers have been propos-ing the Software Defined Networking (SDN) technologywhich provides intelligent routing and simplifies decision-making processes by the SDN controller [56] RecentlySharma et al [36] proposed a distributed IoT network archi-tecture named DistBlockNet Based on the blockchain tech-nology DistBlockNet architecture can provide scalability andflexibility without the need for a central controller The dis-tributed blockchain network uses two type of nodes namely 1)the controllerverification node which maintains the updatedflow rules table information and 2) the requestresponse nodewhich updates its flow rules table in a blockchain network

K Fog computing

Fog computing also called edge computing is a highlyvirtualized platform that enables computing and storage be-tween end-users and the data Center of the traditional cloudcomputing [5] Without the third parties Fog devices can com-municate with each other However the blockchain techniquecan be used to facilitate communications between fog nodesand IoT devices Huang et al [57] proposed a fair paymentscheme for outsourcing computations of Fog devices Basedon the bitcoin this scheme considers the following securityproperties namely completeness fairness and accountability

L Distributed P2P Applications

In distributed peer-to-peer (P2P) applications for the IoTthe IoT devices self-organize and cooperate for a new breedof applications such as collaborative movies forwarding filesdelivering messages electronic commerce and uploading datausing sensor networks To incentivize users for cooperationHe et al [42] proposed a truthful incentive mechanism basedon the blockchain technique for dynamic and distributed P2Penvironments To prevent selfish users and defend against thecollusion attacks this scheme proposed a pricing strategywhich allows intermediate nodes to obtain rewards fromblockchain transactions due to their contribution to a success-ful delivery

M Crowdsensing Applications

The emerging mobile crowdsensing paradigm is a novelclass of mobile IoT applications (eg geographical sensingapplications) Wang et al [16] is an interesting incentive mech-anism for privacy-preserving in crowdsensing applicationsbased on the blockchain cryptocurrencies Specifically thismechanism can eliminate the security and privacy issues usingthe minersrsquo verifiable data quality evaluation to deal with theimpersonation attacks in the open and transparent blockchain

In addition to achieve k-anonymity privacy protection themechanism uses a node cooperation method for participatingusers

N Data storage

The data storage can deal with heterogeneous data resourcesfor IoT-based data storage systems How to share and protectthese sensitive data are the main challenges in IoT datastorage Based on the blockchain technology Jiang et al [58]proposed a private keyword search named Searchain fordecentralized storage The Searchain architecture includes twocomponent namely 1) transaction nodes in a peer-to-peerstructure and 2) a blockchain of all the ordered blocks Inaddition the Searchain architecture can provide user privacyindistinguishability and accountability

O Bitcoin

Launched in 2009 Bitcoin is the peer-to-peer (P2P) pay-ment network that does not need any central authorities Basedon the core technique of blockchain Bitcoin users do not usereal names instead pseudonyms are used Therefore Bitcoinis based on three main technical components transactionsconsensus Protocol and communication network

The existing research on anonymity and privacy for Bitcoinsystem are presented in Tab III Khalilov and Levi [72]have published an interesting investigation on anonymity andprivacy in Bitcoin-like digital cash systems Specifically thestudy classified the methods of analyzing anonymity andprivacy in Bitcoin into four categories namely 1) Transacting2) Utilizing off-network information 3) Utilizing network and4) Analyzing blockchain data

As discussed by Wang et al [71] Bitcoin works in practicebut not in theoryand the main issue is how to protect thepotential buyersrsquo privacy in Bitcoin using the public key infras-tructure Wang et al [71] studied the designated-verifier proofof assets for bitcoin exchange using elliptic curve cryptogra-phy Specifically the authors proposed a privacy-preservingscheme named DV-PoA which can satisfy unforgeabilityNote that the DV-PoA scheme uses elliptic curve discrete log-arithm problem elliptic curve computational Diffie-Hellmanproblem and collision-resistance of cryptographic hash func-tion In addition to protect the privacy of simplified paymentverification (SPV) clients Kanemura et al [70] proposed aprivacy-preserving Bloom filter design for an SPV client basedon γminusDeniability

By removing the trusted third party Qin et al [73] proposeda distributively blockchain-based PKI for Bitcoin systemnamed Cecoin To ensure the consistency Cecoin uses anincentive mechanism and a distributed consensus protocolTo provide multi-certificate services and identity assignmentCecoin converts a triple (address domain cert) to a tuple(key address cert) and key represents path of cert in the treeTherefore to protect the transaction privacy in Bitcoin Wanget al [41] proposed a framework by adding the homomorphicPaillier encryption system to cover the plaintext amounts intransactions To solve the trust problem in Bitcoin Huang et al[57] proposed a commitment-based sampling scheme instead

of ringer which can be used for generic computations in theoutsourcing computing

III THREAT MODELS FOR BLOCKCHAIN

In this section we present and describe the threat modelsthat are considered by the blockchain protocols in IoT net-works A summary of 16 attacks are given in Table II andare classified into the following five main categories identity-based attacks manipulation-based attacks cryptanalytic at-tacks reputation-based attacks and service-based attacks aspresented in Figure 5

A Identity-based attacks

The attacks under this category forge identities to masquer-ade as authorized users in order to get access to the system andmanipulate it We classify four attacks namely Key attackReplay attack Impersonation attack and Sybil attackbull Key attack This attack is defined in the context of a

system combining electric vehicles and charging pilesas follows If the private key of an electric vehiclethat has been used for longtime leaks the attacker canimpersonate this electric vehicle to deceive others [10]To deal with this attack LNSC protocol [10] providesa mutual authentication mechanism between the electricvehicles and charging piles To this end it employs theelliptic curve encryption to calculate the hash functionsand hence it ensures resiliency against the key leakageattack

bull Replay attack The aim of this attack is to spoof theidentities of two parties intercept their data packetsand relay them to their destinations without modifica-tion To resist against this attack LNSC [10] uses theidea of elliptic curve encryption to calculate the hashfunctions On the other hand BSein [39] uses a freshone-time publicprivate key pair which is generated foreach request to encrypt the message and compute theMessage Authentication Code (MAC) In this way thereplay attack can be detected

bull Impersonation attack An adversary tries to masqueradeas a legitimate user to perform unauthorized operationsAs presented in Table II there are three methods thatare proposed to protect against this attack The idea ofelliptic curve encryption to calculate the hash functionsis proposed by LNSC protocol [10] Wang et al [16]propose a distributed incentive-based cooperation mech-anism which protects the userrsquos privacy as well as atransaction verification method of the node cooperationThe mechanism hides the userrsquos privacy informationwithin a group and ensures their protection from theimpersonation attack BSeIn [39] on the other handuses the idea of attribute-based signatures ie onlylegitimate terminals can generate a valid signature andhence any impersonation attempt will be detected whenits corresponding authentication operation fails

bull Sybil attack Under this attack an adversary creates manyfake identities By performing many interactions in thenetwork the adversary can gain a large influence within

TABLE IIIEXISTING RESEARCH ON ANONYMITY AND PRIVACY FOR BITCOIN SYSTEMS

Year Protocol Countermeasures Security models

2013 CoinSwap [59] - The protocol requires four published transactions - Anonymity

2013 CoinJoin [60] - Each user check the mixing transaction before signing on it - Anonymity

2013 ZeroCoin [61] - Decentralized e-cash scheme with a tuple of randomized algorithms (SetupMint Spend Verify)- RSA accumulators and non-interactive zero-knowledge signatures ofknowledge

- Anonymity

2014 Mixcoin [62] - Cryptographic accountability- Randomized mixing fees

- Anonymity

2014 Xim [63] - Anonymous decentralized pairing - Anonymity

2014 CoinShuffle [64] - Requires only standard cryptographic primitives - Anonymity

2014 Zerocash [65] - Publicly-verifiable preprocessing zero-knowledge - Privacy-preserving

2015 Blindcoin [66] - Blind signature scheme - Anonymity

2015 CoinParty [67] - Combination of decryption mixnets with threshold signatures - Anonymity

2016 Blindly Signed Contract [68] - Blind signature scheme - Anonymity

2017 TumbleBit [69] - Replaces on-blockchain payments with off-blockchain puzzle solving - Anonymity

2017 Kanemura et al [70] - The privacy metric Deniability - Privacy-preserving

2017 Wang et al [71] - Elliptic curve cryptography - Privacy-preserving

2017 Wang et al [41] - Homomorphic paillier encryption system - Privacy-preserving

2018 Liu et al [38] - Ring signature- Elliptic curve digital signature algorithm

- Privacy-preserving- Anonymity

2018 Huang et al [57] - Commitment-based sampling scheme - Security requirement of completeness- Security requirement of fairness- Security requirement of accountability

Threat models

Identity-based attacks

Manipulation-based attacks

Cryptanalyticattacks

Reputation-based attacks

Service-based attacks

Key attack [10]

Replay at-tack [39] [10]

Impersonationattack [13] [39][10]

Sybil attack [40]

False data injec-tion attack [21]

Tamperingattack [41]

Overlay at-tack [41]

Modificationattack [39] [10]

Man-in-the-middleattack [39] [10]

Quantum at-tack [43]

Hiding Blocksattack [40]

Whitewashing [40]

DDoSDoSattack [36] [37][38] [39]

Refusal to Signattack [40]

Double-spendingattack [41] [22]

Collusionattack [42]

Fig 5 Classification of threat models for Blockchain

the community ie increasingdecreasing the reputationof some agents TrustChain [40] addresses this issue bycreating an immutable chain of temporally ordered inter-actions for each agent It computes the trustworthiness ofagents in an online community with Sybil-resistance byusing prior transactions as input It ensures that agentswho use resources from the community also contributeback

B Manipulation-based attacks

They involve an unauthorized access and tamper of dataIn this category four attacks are classified namely Falsedata injection attack Tampering attack Overlay attack andModification attackbull False data injection attack The aim of this attack is to

compromise the data integrity of the control system tomake it take wrong control decisions Liang et al [21]considers the meter node as a private blockchain network

In addition the interactions among the nodes are basedon a consensus mechanism which consists in executinga distributed voting algorithm Each node can verify theintegrity of the received data The latter is consideredcorrect when a positive agreement is reached

bull Tampering attack The adversary may tamper the bitcointransactions of the bitcoin addresses amounts and otherinformation after signing To prevent this attack Wang etal [41] use a public-key cryptosystem that is compatiblewith the existing Bitcoin system They propose addingthe homomorphic Paillier encryption system to coverthe plaintext amounts in transactions and the encryptedamounts will be checked by the Commitment Proof

bull Overlay attack It means that the attacker adds a forgeryencrypted amount to the original encrypted amount underthe receiverrsquos public key In [41] this attack is detected asevery transaction is embedded with an timestamp to markits uniqueness Different inputs under the same trader canbe distinguished and linked to the different transactionsand hence resistance against the overlay attack is ensured

bull Modification attack It consists in modifying the broadcasttransaction or the response message To deal with this at-tack LNSC [10] uses the idea of elliptic curve encryptionto calculate the hash functions BSeIN [39] on the otherhand employs the attribute signature and the MAC

bull Man-in-the-middle attack An attacker by spoofing theidentities of two parties can secretly relay and evenmodify the communication between these parties whichbelieve they are communicating directly but in fact thewhole conversation is under the control of the attackerTo resist against this attack BSeIn [39] provides securemutual authentication In [10] LNSC provides mutual au-thentication by using elliptic curve encryption to calculatethe hash functions

C Cryptanalytic attacks

They aim to break the cryptographic algorithm and ex-pose its keys In [43] the quantum attack is investigatedin blockchain This attack is designed to solve the ellipticcurve digital logarithm ie derive the private key from theelliptic curve public key In this way an adversary can signunauthorized transactions and forge the valid signature ofusers To deal with this issue Yin et al [43] uses the idea oflattice-based signature scheme which allows deriving manysub-private keys from the seed in the deterministic wallet ofblockchain

D Reputation-based attacks

An agent manipulates his reputation by changing it to apositive one In this category we can find the followingattacks namely Hiding Blocks attack and Whitewashingattackbull Hiding Blocks attack Under this attack an agent only

exposes transactions that have a positive impact on hisreputation and hides the ones with negative reputation In[40] an immutable chain of temporally ordered interac-tions for each agent Since each record has a sequence

number any agent in the network can request specificrecords of others The requested agents cannot refuse toprovide their records Otherwise other agents will stopinteracting with them

bull Whitewashing When an agent has negative reputation itcan get rid of its identity and make a new one There is noway to prevent this behavior However it is suggested in[40] to give lower priorities to the agents of new identitieswhen applying the allocation policy

E Service-based attacks

They aim either to make the service unavailable or make itbehave differently from its specifications Under this categorywe can find the following attacksbull DDoSDoS attack It involves sending a large amount of

requests to cause the failure of the blockchain systemAs shown in Table II there are four methods that areproposed to deal with this attack The idea of distributedSDN architecture is proposed by DistBlockNet protocolin [36] CoinParty [37] proposes the idea of decentralizedmixing service Liu et al [38] employ a ring-basedsignature with Elliptic Curve Digital Signature Algorithm(ECDSA) The resilience against DOS in BSeIn [39] isachieved by limiting the block size checking the maxi-mum number of attribute signatures for the transactioninput and using multi-receivers encryption to provideconfidentiality for authorized participants

bull Refusal to Sign attack A malicious agent can decideto not sign a transaction that is not in his favor Al-though preventing this attack is not possible punishmentmeasures can be taken against the refusal agents It isproposed in [40] to not interact with the malicious agentor split the transactions in smaller amounts If an agentrefuses to sign a transaction the interaction is aborted

bull Double-spending attack It means that the attackers spendthe same bitcoin twice to acquire extra amounts In [41]the Time-Stamp and the Proof-of-Work mechanism isused In [22] a multi-signature transaction is employedwhere a minimum number of keys must sign a transactionbefore spending tokens

bull Collusion Attack Nodes can collude with each other andbehave selfishly to maximize their profit In [42] anincentive mechanism and pricing strategy is proposed tothwart the selfish behaviors

IV EXISTING RESEARCH ON SECURITY AND PRIVACY INBLOCKCHAIN-BASED IOT

Table IV summarizes research for blockchain-based IoTsecurity and privacy

A Authentication

In [78] Lin et al proposed a novel transitively closedundirected graph authentication scheme that can supportblockchain-based identity management systems In compar-ison to other competing authentication schemes their pro-posal provides an additional capability of dynamically adding

TABLE IVEXISTING RESEARCH FOR BLOCKCHAIN-BASED IOT SECURITY AND PRIVACY

Year Scheme Blockchain model Security model Goal Performance (+) and limitation (-) Comp complexity

2016 AitzhanandSvetinovic[22]

- Blockchain technologywith multi signatures andanonymous encryptedmessage propagationstreams

- Privacy preserving - Enables peers to anony-mously negotiate energy pricesand securely perform tradingtransactions

+ Combat double-spending attacks- A formal proof is not provided on the Sybil-resistance

Medium

2017 Otte et al[40]

- Every participant growsand maintains their ownchain of transactions

- Distributed trust - Providing strict bounds onthe profitability of a Sybil at-tack

+ A formal proof is provided on the Sybil-resistance- Authentication is not considered

Up to 2n + 1 max-flow computations

2017 Kanemurael al [70]

- Blockchain technologywith Deniability

- Privacy preserving - Improving the privacy levelof a simplified payment verifi-cation client

+ True positive Bitcoin addresses are hidden by thefalse positives in a Bloom filter- Authentication is not considered

Medium

2017 Wang etal [41]

- Blockchain technologywith the Paillier cryp-tosystem for encryptionand decryption

- Preserving transac-tion privacy

- Achieving delicateanonymity and preventsactive and passive attacks

+ Robust transaction+ Prevent the following attacks Tampering attackOverlay attack Double-spending attack- Sybil-resistance

Tdec = 2Tm +2iTE

2018 Yin et al[43]

- Quantum attack in theblockchain

- Transaction authenti-cation

- Resisting quantum attackwhile maintaining the walletlightweight

+ Strongly unforgeable under chosen message at-tack- The Sybil-resistance is not considered

The length of signa-ture is O(1)

2018 Jong-HyoukLee [74]

- Consortium Blockchain - Identity and authenti-cation management

- Creating a new ID as a Ser-vice

+ It can be implemented as a cloud platform- The threat model is not defined

Medium

2018 Fan et al[45]

- The blockchain is apublic tamper-resistantledger

- Privacy preserving- Access control

- Achieve the goal of everydata ownerrsquos complete control

+ Backward security+ Forward security- The Sybil-resistance is not considered

M + Tm

2018 Wang etal [16]

- Blockchain based in-centive mechanism

- Privacy preserving - Achieve k-anonymity privacyprotection

+ Resist the impersonation attacks in the open andtransparent blockchain- The collusion attacks is not analysed

Medium

2018 Lin et al[75]

- ID-based linearly ho-momorphic signature

- Authentication - Avoiding the shortcomings ofthe use of public key certifi-cates

+ Secure against existential forgery on adaptivelychosen message and ID attack in the random oraclemodel- Adaptation with the Blockchain is not analyzed

2018 Li et al[14]

- Privacy preserving- Authentication

- Achieving privacy-preserving in forwardingannouncements

+ Maintains the reliability of announcements+ Achieve Sybil-resistance- Location privacy is not considered

Medium

2018 Ziegeldorfet al [37]

- Anonymity- Deniability

- Achieving correctnessanonymity and deniability

+ Resilience against DoS attacks from maliciousattackers+ Compatible with other crypto-currencies whichuse the same ECDSA primitive eg Litecoin andMastercoin- Double-spending attacks is not considered

Medium

2018 Yang etal [76]

- The blocks maintain theproofs produced by thecloud server

- Accountable trace-ability

- Achieving public verificationwithout any trusted third party

+ Achieve public verification+ Efficient in communication as well as in compu-tation- Tampering attack is not considered

The data owner con-ducts (2 + log2m)hash computations

2018 Hu et al[77]

- The Ethereumblockchain

- Distributed trust - Saving on the overall deploy-ment and operational costs

+ Low-cost accessible reliable and secure pay-ment scheme- Accountable traceability is not considered

Low bandwidth

2018 Liu et al[38]

- The blockchain basedon the ring signaturewith elliptic curve dig-ital signature algorithm(ECDSA)

- Help Bitcoin users protecttheir account and transactioninformation

+ Resistant to DoS attacks+ Prevent the mixing server from mapping inputtransactions+ Anonymity and scalability- Double-spending attacks is not considered

2018 Lin et al[39]

- The structure of blocksis similar to that in Bit-coin

- Authentication- Access control

- Enforce fine-grained accesscontrol polices

+ Resilience to hijacking attacks user imperson-ation attacks DDoS attacks modification attacksreplay attacks and man-in-the-middle attacks+ Mutual authentication+ Session key agreement+ Perfect forward secrecy- The Sybil-resistance is not considered

Medium

2018 Lin et al[78]

- Authentication - Solving the existing in-tractability issue in transitivesignature

+ Update the certificates without the need to re-sign the nodes+ Provide a proof when the edge between twovertices does not exist- Access control is not considered compared to thescheme in [39]

Signature size 2points in Zlowastq

Notations M The time for one exponentiationTm The size of the ciphertextTdec The time for decryptionTm The unit of modular multiplication timeTE The unit of modular exponentiation time

or deleting nodes and edges Moreover this novel schemethat was built on Ethereum solves the authentication prob-lem of non-existent edges which is a known challenge intransitive signature schemes Lin et alin [39] proposed anovel blockchain-based framework that can ensure a secureremote user authentication The proposed framework combinesattribute-based signatures multi-receivers encryption and Mes-sage Authentication Code In [14] Li et al proposed a novelprivacy-preserving Blockchain-based announcement networkfor Vanets that is based on a threshold authentication protocolcalled Echo-Announcement

Authors in [75] proposed an ID-based linearly homo-morphic signature schemes that can be used for realizingauthentication in blockchains The system allows a signerto produce linearly homomorphic signatures and hence itavoids the shortcomings of public-key certificates In additionit is shown to be robust against several attacks In [74]authors introduced the concept of blockchain as a serviceTheir proposed blockchain based-ID as a Service (BIDaaS)mechanism is a new type of IDaaS that can be used foridentity and authentication management Authentication canbe achieved without the use of any preregistered informationof the user Finally in [43] authors cope with the problem ofkeeping the wallet in a relatively small size while ensuringthe robustness of transaction authentication by introducing anovel anti-quantum transaction authentication scheme

B Privacy-preserving

In the core of blockchain philosophy lies the private keythat can unlock the cryptographic protection of the digitalassets The private key becomes the highest vulnerability ofa blockchain system whether it is stored on a piece of paperscreen disk in local memory or in the cloud Users tend touse digital wallets that can be either software or hardware egTrezor or Keepkey which are vulnerable to various attacks likefault injections [79]

Another solution that is gaining ground nowadays is theuse of hardware security modules (HSMs) a crypto-processorthat securely generates protects and stores keys The entirecryptographic key lifecycle happens inside the HSM An HSMcan be a standalone device that operates offline or can beembedded in a server can be hardened against tampering ordamage and is usually located in a physically secure area toprevent unauthorized access Finally a new generation of ultra-secure PCs that have embedded an HSM and requires two-factor authentication is recently introduced This PC can beprotected against physical attacks with a tamper-proof casingand mechanisms like automatic erasion of the private key incase of any breach of the embedded physical or logical securitycontrols [80] Using trusted computers both as secure digitalwallets and blockchain nodes Security assurance of users andorganizations need in order to trust this new technology canbe provided in the near future

To achieve k-anonymity privacy protection Wang et al [16]use a node cooperation verification approach in which eachgroup contains K nodes to meet the objective of K-anonymityprotection Aitzhan et al [22] proposed an idea that protects

parties from passive eavesdropping by hiding non-content dataFor enhancing the transaction privacy in Bitcoin Wang et al[41] achieve transaction by using cryptographic methods ieemploys the public-key system Through the standard ringsignature and ECDSA unforgeability Liu et al [38] proposedan idea that can achieve the anonymity

One other aspect of privacy in blockchain systems is aboutanonymity Although it is possible to design an almost im-mutable tamper-resistant transaction this transaction can beseen throughout all of the nodes on the blockchain networkOne promising research on supporting private transactionsinside a blockchain is zk-STARKs which combines zCashand Ethereum The combination of both technologies makes itpossible to keep anonymity when conducting payments blindauctions and even voting [73]

C TrustA blockchain-based payment scheme that is stet up in a

remote region setting was introduced in [77] The proposedscheme is assumed to have an intermittent connectivity to abankrsquos central system Distributed trust is accomplished withthe use of a two-layer architecture where the bank authorizesa set of selected villagers to act as miners who on theirturn authorize transactions among villagers with tokens andthe bank In [40] authors present a mechanism where everyparticipant grows and maintains his own chain of transactionsThe proposed approach provides distributed trust without theneed of any gatekeeper while being robust against Sybilattacks

V OPEN QUESTIONS AND RESEARCH CHALLENGES

To complete our overview we outline both open questionsand research challenges that could improve the capabilitiesand effectiveness of blockchain for the IoT summarized inthe following recommendations

A Resiliency against Combined AttacksAs presented in this survey many security solutions for

bloackchain-based IoT have been proposed in the literatureeach of which is designed to tackle different security issuesand threat models The main question that might arise is howto design a security solution that can be resilient against com-bined attacks while taking into account the implementationfeasibility of the solution especially in case of low resource-constrained IoT devices

B Dynamic and Adaptable Security FrameworkHeterogeneous devices are deployed in the IoT network

ranging from low-power devices to high-end servers Hencea single security solution cannot be deployed for all theblockchain-based IoT architectures due to the different amountof resources that are provided Therefore the security solutionshould initially adapt itself to the existing resources anddecide which security services to offer so as to meet theminimum security requirements of the end-users Thus oneof the challenges that should receive more attention in thefuture is how to design such a dynamic and adaptable securityframework for blockchain-based IoT architectures

C Compliance with GDPR

The new regulation that took effect from the 25th of Mayof 2018 grants end-users new powers over personal dataand places new obligations upon data controllers In a purelydecentralized blockchain system there are not any accountabledata processors making the implementation of GDPR difficultAlso on the other hand the right to be forgotten that is one ofthe main guidelines of GDPR is contradictory to the core ideabehind blockchain technology On public blockchains all datais replicated and shared across all machines in the networkand only the combination with trusted hardware solutions cansolve this issue Some initial attempts are already undertaken[81] [82] but this is a promising area of research for the nearfuture

D Energy-efficient Mining

Mining includes the execution of the blockchain con-sensus algorithms such as Proof-of-Work (PoW) Besidesthe blockchain grows as the users store their transactionsTherefore more powerful miners are required to handlethe consensus protocols in the blockchain Several energyefficient consensus algorithms such as Proof-of-Space [83]Deligated Proof-of-Space [84] and Proof-of-Stake [85] andmini-blockchain [86] [87] to store only recent blockchaintransactions are suggested However resource- and power-constrained IoT devices are not always capable of meeting thesubstantial computational and power consumption in the pro-cessing of blockchain consensus and storing of blockchainsTherefore the design of energy-efficient consensus protocolsis one of the significant research challenges in the blockchaintechnologies for IoT

E Social Networks and Trust Management

When we talk about security we have to take in mind thatfake news can be a part of a cyber attack Large-scale rumorspreading could pose severe social and economic damagesto an organization or a nation [88] especially with the useof online social networks Blockchains could be a meansfor limiting rumor spreading as presented in [89] where ablockchain-enabled social network is presented

F Blockchain-specific Infrastructure

The storage-limited IoT devices might not be able to storethe large-size blockchain that grows as the blocks are appendedin the blockchain Moreover it is commonly seen that theIoT devices store the blockchainrsquos data that are not even use-ful for their own transactions Therefore blockchain-specificequipment that supports the decentralized storage of large-size blockchain become a challenging issue Moreover theaddress management and underlying communication protocolsplay significant roles in blockchain infrastructure Besidestrustworthiness among the computational resource-enricheddevices has to be established in the blockchain infrastructureBesides the Application Programming Interface (APIs) shouldbe user-friendly as much as possible

G Vehicular Cloud Advertisement Dissemination

As presented in this survey based on a decentralizedblockchain structure various anonymity schemes are proposedto hide the real identities in IoV Therefore since the ve-hiclersquos real identity vehiclersquos real location and transactioncould possibly be disclosed in vehicular cloud advertisementdissemination [90] critical security issues arise as follows

bull How to design a single-attribute access control protocolbased on blockchain technology for preserving transac-tion privacy in vehicular cloud advertisement dissemina-tion

bull How to devise a privacy-preserving secret sharing schemebased on blockchain technology to acknowledge partici-pation of selected vehicles in transactions eg by usingthe homomorphic Paillier encryption system

bull How to design a low complexity-based authenticationusing the blockchain technology between RSUs and par-ticipating vehicles during the advertisement disseminationprocess

H Skyline Query Processing

Skyline query has become an important issue in databaseresearch eg centralized database distributed database andsimilarity search The surveyed schemes have not yet studiedthe possibility of using the skyline query with blockchainRecently Hua et al [91] proposed a privacy-preserving on-line medical primary diagnosis framework named CINEMAwhich uses the skyline query Specifically CINEMA frame-work can protect usersrsquo medical data privacy and ensure theconfidentiality of diagnosis model based on a skyline diagnosismodel Therefore how to handle the security and privacyissues when a skyline diagnosis model is constructed by a lotof blockchains Hence the privacy-preserving schemes basedon the blockchain with skyline query are major challenges andshould be investigated in the future

VI CONCLUSION

In this paper we surveyed the state-of-the-art of existingblockchain protocols designed for Internet of Things (IoT)networks We provided an overview of the application domainsof blockchain technologies in IoT eg Internet of VehiclesInternet of Energy Internet of Cloud and Fog computingThrough extensive research and analysis that was conductedwe were able to classify the threat models that are consideredby the blockchain protocols in IoT networks into five maincategories namely identity-based attacks manipulation-basedattacks cryptanalytic attacks reputation-based attacks andservice-based attacks There still exist several challengingresearch areas such as resiliency against combined attacksdynamic and adaptable security framework compliance withGDPR energy-efficient mining social networks and trust man-agement blockchain-specific infrastructure vehicular cloudadvertisement dissemination and Skyline query processingwhich should be further investigated in the near future

REFERENCES

[1] ldquoIDC Worldwide Internet of Things Forecast 2015ndash2020rdquo IDC256397

[2] ldquoIDC Worldwide Internet of Things Forecast Update 2015ndash2019rdquo Feb2016 Doc US40983216

[3] D Miorandi S Sicari F De Pellegrini and I Chlamtac ldquoInternet ofthings Vision applications and research challengesrdquo Ad Hoc Netwvol 10 no 7 pp 1497ndash1516 Sept 2012

[4] D Puthal N Malik S P Mohanty E Kougianos and G DasldquoEverything you wanted to know about the blockchain Its promisecomponents processes and problemsrdquo IEEE Consumer ElectronicsMag vol 7 no 4 pp 6ndash14 July 2018

[5] M Mukherjee R Matam L Shu L Maglaras M A Ferrag N Choud-hury and V Kumar ldquoSecurity and privacy in fog computing Chal-lengesrdquo IEEE Access vol 5 pp 19 293ndash19 304 2017

[6] M Swan Blockchain blueprint for a new economy 1st ed OacuteReillyMedia Jan 2015

[7] F Tschorsch and B Scheuermann ldquoBitcoin and beyond A technicalsurvey on decentralized digital currenciesrdquo IEEE Commun Surveys ampTut vol 18 no 3 pp 2084ndash2123 Mar 2016

[8] S Nakamoto ldquoBitcoin A peer-to-peer electronic cash systemrdquo 2008[9] D Wilson and G Ateniese ldquoFrom pretty good to great Enhancing

PGP using bitcoin and the blockchainrdquo in Network and System SecuritySpringer International Publishing 2015 pp 368ndash375

[10] X Huang C Xu P Wang and H Liu ldquoLNSC A security modelfor electric vehicle and charging pile management based on blockchainecosystemrdquo IEEE Access vol 6 pp 13 565ndash13 574 2018

[11] A Dorri M Steger S S Kanhere and R Jurdak ldquoBlockChainA Distributed Solution to Automotive Security and Privacyrdquo IEEECommun Mag vol 55 no 12 pp 119ndash125 dec 2017

[12] A Lei H Cruickshank Y Cao P Asuquo C P A Ogah and Z SunldquoBlockchain-Based Dynamic Key Management for Heterogeneous Intel-ligent Transportation Systemsrdquo IEEE Internet Things J vol 4 no 6pp 1832ndash1843 dec 2017

[13] J Kang R Yu X Huang S Maharjan Y Zhang and E HossainldquoEnabling Localized Peer-to-Peer Electricity Trading Among Plug-inHybrid Electric Vehicles Using Consortium Blockchainsrdquo IEEE TransInd Informatics vol 13 no 6 pp 3154ndash3164 dec 2017

[14] L Li J Liu L Cheng S Qiu W Wang X Zhang and Z ZhangldquoCreditCoin A Privacy-Preserving Blockchain-Based Incentive An-nouncement Network for Communications of Smart Vehiclesrdquo IEEETrans Intell Transp Syst pp 1ndash17 2018

[15] Z Yang K Zheng K Yang and V C M Leung ldquoA blockchain-basedreputation system for data credibility assessment in vehicular networksrdquoin 2017 IEEE 28th Annu Int Symp Pers Indoor Mob Radio CommunIEEE oct 2017 pp 1ndash5

[16] J Wang M Li Y He H Li K Xiao and C Wang ldquoA BlockchainBased Privacy-Preserving Incentive Mechanism in Crowdsensing Appli-cationsrdquo IEEE Access vol 6 pp 17 545ndash17 556 2018

[17] F Tian ldquoAn agri-food supply chain traceability system for China basedon RFID amp blockchain technologyrdquo in Proc IEEE 13th Int Conf onService Systems and Service Management (ICSSSM) June 2016

[18] Z Li J Kang R Yu D Ye Q Deng and Y Zhang ldquoConsortiumBlockchain for Secure Energy Trading in Industrial Internet of ThingsrdquoIEEE Trans Ind Informatics pp 1ndash1 2017

[19] T Ahram A Sargolzaei S Sargolzaei J Daniels and B AmabaldquoBlockchain technology innovationsrdquo in Proc IEEE Technology ampEngineering Management Conference (TEMSCON) June 2017

[20] J Gao K O Asamoah E B Sifah A Smahi Q Xia H Xia X Zhangand G Dong ldquoGridMonitoring Secured sovereign blockchain basedmonitoring on smart gridrdquo IEEE Access vol 6 pp 9917ndash9925 2018

[21] G Liang S R Weller F Luo J Zhao and Z Y Dong ldquoDistributedBlockchain-Based Data Protection Framework for Modern Power Sys-tems against Cyber Attacksrdquo IEEE Trans Smart Grid pp 1ndash1 2018

[22] N Zhumabekuly Aitzhan and D Svetinovic ldquoSecurity and Privacyin Decentralized Energy Trading through Multi-signatures Blockchainand Anonymous Messaging Streamsrdquo IEEE Trans Dependable SecurComput pp 1ndash1 2016

[23] N Kshetri ldquoBlockchainrsquos roles in strengthening cybersecurity andprotecting privacyrdquo Telecommunications Policy vol 41 no 10 pp1027ndash1038 Nov 2017

[24] T M Fernaacutendez-Carameacutes and P Fraga-Lamas ldquoA review on the useof blockchain for the internet of thingsrdquo IEEE Access pp 1ndash23 May2018

[25] ldquoCrypto-currency market capitalizationsrdquo accessed on 15 June 2018[Online] Available httpscoinmarketcapcomhttpscoinmarketcapcom

[26] ldquoBlockchain technology report to the US federal advisorycommittee on insurancerdquo accessed on 15 June 2018[Online] Available httpswwwtreasurygovinitiativesfioDocumentsMcKinsey_FACI_Blockchain_in_Insurancepdf

[27] L Bahack ldquoTheoretical Bitcoin attacks with less than half ofthe computational powerrdquo Dec 2013 arXiv13127013v1 [Online]Available httpsarxivorgpdf13127013pdf

[28] M Ali J Nelson R Shea and M J Freedman ldquoBlockstack A globalnaming and storage system secured by blockchainsrdquo in Proc AnnualTechnical Conference (USENIX ATC) June 2016 pp 181ndash194

[29] L S Sankar M Sindhu and M Sethumadhavan ldquoSurvey of consensusprotocols on blockchain applicationsrdquo in Proc IEEE 4th Int Conf onAdvanced Comput and Commun Syst (ICACCS) Jan 2017

[30] A Kaushik A Choudhary C Ektare D Thomas and S AkramldquoBlockchain-literature surveyrdquo in Proc IEEE 2nd Int Conf RecentTrends in Electronics Information amp Communication Technology (RTE-ICT) May 2017

[31] M C K Khalilov and A Levi ldquoA survey on anonymity and privacy inBitcoin-like digital cash systemsrdquo IEEE Commun Surveys amp Tut pp1ndash1 Mar 2018

[32] M Conti S K E C Lal and S Ruj ldquoA survey on security and privacyissues of Bitcoinrdquo IEEE Commun Surveys amp Tut pp 1ndash39 May 2018

[33] C Esposito A De Santis G Tortora H Chang and K-K R ChooldquoBlockchain A Panacea for Healthcare Cloud-Based Data Security andPrivacyrdquo IEEE Cloud Comput vol 5 no 1 pp 31ndash37 Jan 2018

[34] R Guo H Shi Q Zhao and D Zheng ldquoSecure Attribute-Based Sig-nature Scheme With Multiple Authorities for Blockchain in ElectronicHealth Records Systemsrdquo IEEE Access vol 6 pp 11 676ndash11 686 2018

[35] X Liang J Zhao S Shetty J Liu and D Li ldquoIntegrating blockchainfor data sharing and collaboration in mobile healthcare applicationsrdquo in2017 IEEE 28th Annu Int Symp Pers Indoor Mob Radio CommunIEEE oct 2017 pp 1ndash5

[36] P K Sharma S Singh Y-S Jeong and J H Park ldquoDistBlockNetA Distributed Blockchains-Based Secure SDN Architecture for IoTNetworksrdquo IEEE Commun Mag vol 55 no 9 pp 78ndash85 2017

[37] J H Ziegeldorf R Matzutt M Henze F Grossmann and K WehrleldquoSecure and anonymous decentralized Bitcoin mixingrdquo Futur GenerComput Syst vol 80 pp 448ndash466 mar 2018

[38] Y Liu X Liu C Tang J Wang and L Zhang ldquoUnlinkable CoinMixing Scheme for Transaction Privacy Enhancement of Bitcoinrdquo IEEEAccess vol 6 pp 23 261ndash23 270 2018

[39] C Lin D He X Huang K-K R Choo and A V Vasilakos ldquoBsein Ablockchain-based secure mutual authentication with fine-grained accesscontrol system for industry 40rdquo J Netw Comput Appl vol 116 pp42ndash52 2018

[40] P Otte M de Vos and J Pouwelse ldquoTrustChain A Sybil-resistantscalable blockchainrdquo Futur Gener Comput Syst sep 2017

[41] Q Wang B Qin J Hu and F Xiao ldquoPreserving transaction privacy inbitcoinrdquo Futur Gener Comput Syst sep 2017

[42] Y He H Li X Cheng Y Liu C Yang and L Sun ldquoA Blockchainbased Truthful Incentive Mechanism for Distributed P2P ApplicationsrdquoIEEE Access pp 1ndash1 2018

[43] W Yin Q Wen W Li H Zhang and Z Jin ldquoAn Anti-QuantumTransaction Authentication Approach in Blockchainrdquo IEEE Accessvol 6 pp 5393ndash5401 2018

[44] M A Ferrag L Maglaras A Argyriou D Kosmanos and H JanickeldquoSecurity for 4G and 5G cellular networks A survey of existingauthentication and privacy-preserving schemesrdquo J Netw Comput Applvol 101 pp 55ndash82 jan 2018

[45] K Fan Y Ren Y Wang H Li and Y Yang ldquoBlockchain-based efficientprivacy preserving and data sharing scheme of content-centric networkin 5Grdquo IET Commun vol 12 no 5 pp 527ndash532 Mar 2018

[46] J Gu B Sun X Du J Wang Y Zhuang and Z Wang ldquoConsortiumBlockchain-Based Malware Detection in Mobile Devicesrdquo IEEE Accessvol 6 pp 12 118ndash12 128 2018

[47] B Lee and J-H Lee ldquoBlockchain-based secure firmware update for em-bedded devices in an Internet of Things environmentrdquo J Supercomputvol 73 no 3 pp 1152ndash1167 mar 2017

[48] O Novo ldquoBlockchain Meets IoT An Architecture for Scalable AccessManagement in IoTrdquo IEEE Internet Things J vol 5 no 2 pp 1184ndash1195 Apr 2018

[49] N Herbaut and N Negru ldquoA Model for Collaborative Blockchain-BasedVideo Delivery Relying on Advanced Network Services Chainsrdquo IEEECommun Mag vol 55 no 9 pp 70ndash76 2017

[50] C Xu K Wang and M Guo ldquoIntelligent Resource Management inBlockchain-Based Cloud Datacentersrdquo IEEE Cloud Comput vol 4no 6 pp 50ndash59 nov 2017

[51] P K Sharma M-Y Chen and J H Park ldquoA Software Defined FogNode Based Distributed Blockchain Cloud Architecture for IoTrdquo IEEEAccess vol 6 pp 115ndash124 2018

[52] Q Xia E B Sifah K O Asamoah J Gao X Du and M GuizanildquoMeDShare Trust-Less Medical Data Sharing Among Cloud ServiceProviders via Blockchainrdquo IEEE Access vol 5 pp 14 757ndash14 7672017

[53] N Alexopoulos E Vasilomanolakis N R Ivanko and M MuhlhauserldquoTowards blockchain-based collaborative intrusion detection systemsrdquoin Proc Int Conf Critical Inf Infrastruct Secur 2017 pp 1ndash12

[54] W Meng E W Tischhauser Q Wang Y Wang and J Han ldquoWhenIntrusion Detection Meets Blockchain Technology A Reviewrdquo IEEEAccess vol 6 pp 10 179ndash10 188 2018

[55] T Cruz L Rosa J Proenccedila L Maglaras M Aubigny L Lev J Jiangand P Simotildees ldquoA cybersecurity detection framework for supervisorycontrol and data acquisition systemsrdquo IEEE Transactions on IndustrialInformatics vol 12 no 6 pp 2236ndash2246 2016

[56] K Kalkan and S Zeadally ldquoSecuring internet of things (iot) withsoftware defined networking (sdn)rdquo IEEE Commun Mag 2017

[57] H Huang X Chen Q Wu X Huang and J Shen ldquoBitcoin-based fairpayments for outsourcing computations of fog devicesrdquo Futur GenerComput Syst vol 78 pp 850ndash858 jan 2018

[58] P Jiang F Guo K Liang J Lai and Q Wen ldquoSearchain Blockchain-based private keyword search in decentralized storagerdquo Futur GenerComput Syst sep 2017

[59] G Maxwll ldquoCoinswaprdquo 2013 [Online] Available httpsbitcointalkorgindexphptopic=321228

[60] G Maxwell ldquoCoinjoin Bitcoin privacy for the real worldrdquo in Post onBitcoin forum 2013

[61] I Miers C Garman M Green and A D Rubin ldquoZerocoin AnonymousDistributed E-Cash from Bitcoinrdquo in 2013 IEEE Symp Secur PrivIEEE may 2013 pp 397ndash411

[62] J Bonneau A Narayanan A Miller J Clark J A Kroll and E WFelten ldquoMixcoin Anonymity for Bitcoin with Accountable Mixesrdquo inInt Conf Financ Cryptogr Data Secur Springer Berlin Heidelberg2014 pp 486ndash504

[63] G Bissias A P Ozisik B N Levine and M Liberatore ldquoSybil-Resistant Mixing for Bitcoinrdquo in Proc 13th Work Priv Electron Soc- WPES rsquo14 New York New York USA ACM Press 2014 pp149ndash158

[64] T Ruffing P Moreno-Sanchez and A Kate ldquoCoinShuffle PracticalDecentralized Coin Mixing for Bitcoinrdquo in Eur Symp Res ComputSecur Springer 2014 pp 345ndash364

[65] E B Sasson A Chiesa C Garman M Green I Miers E Tromerand M Virza ldquoZerocash Decentralized Anonymous Payments fromBitcoinrdquo in 2014 IEEE Symp Secur Priv IEEE may 2014 pp 459ndash474

[66] L Valenta and B Rowan ldquoBlindcoin Blinded Accountable Mixes forBitcoinrdquo in Int Conf Financ Cryptogr Data Secur Springer BerlinHeidelberg 2015 pp 112ndash126

[67] J H Ziegeldorf F Grossmann M Henze N Inden and K WehrleldquoCoinparty Secure multi-party mixing of bitcoinsrdquo in Proc 5th ACMConf Data Appl Secur Priv - CODASPY rsquo15 New York New YorkUSA ACM Press 2015 pp 75ndash86

[68] E Heilman F Baldimtsi and S Goldberg ldquoBlindly Signed ContractsAnonymous On-Blockchain and Off-Blockchain Bitcoin Transactionsrdquoin Int Conf Financ Cryptogr Data Secur Springer Berlin Heidelberg2016 pp 43ndash60

[69] E Heilman L AlShenibr F Baldimtsi A Scafuro and S GoldbergldquoTumbleBit An Untrusted Bitcoin-Compatible Anonymous PaymentHubrdquo in Proc 2017 Netw Distrib Syst Secur Symp Reston VAInternet Society 2017

[70] K Kanemura K Toyoda and T Ohtsuki ldquoDesign of privacy-preservingmobile Bitcoin client based on γ-deniability enabled bloom filterrdquo in2017 IEEE 28th Annu Int Symp Pers Indoor Mob Radio CommunIEEE oct 2017 pp 1ndash6

[71] H Wang D He and Y Ji ldquoDesignated-verifier proof of assets for bit-coin exchange using elliptic curve cryptographyrdquo Futur Gener ComputSyst jul 2017

[72] M C K Khalilov and A Levi ldquoA Survey on Anonymity and Privacyin Bitcoin-like Digital Cash Systemsrdquo IEEE Commun Surv Tutorialspp 1ndash1 2018

[73] B Qin J Huang Q Wang X Luo B Liang and W Shi ldquoCecoinA decentralized PKI mitigating MitM attacksrdquo Futur Gener ComputSyst oct 2017

[74] J-H Lee ldquoBIDaaS Blockchain Based ID As a Servicerdquo IEEE Accessvol 6 pp 2274ndash2278 2018

[75] Q Lin H Yan Z Huang W Chen J Shen and Y Tang ldquoAn ID-based linearly homomorphic signature scheme and its application inblockchainrdquo IEEE Access pp 1ndash1 2018

[76] C Yang X Chen and Y Xiang ldquoBlockchain-based publicly verifiabledata deletion scheme for cloud storagerdquo J Netw Comput Appl vol103 pp 185ndash193 feb 2018

[77] Y Hu A Manzoor P Ekparinya M Liyanage K ThilakarathnaG Jourjon A Seneviratne and M E Ylianttila ldquoA Delay-TolerantPayment Scheme Based on the Ethereum Blockchainrdquo jan 2018[Online] Available httparxivorgabs180110295

[78] C Lin D He X Huang M K Khan and K-K R Choo ldquoANew Transitively Closed Undirected Graph Authentication Scheme forBlockchain-based Identity Management Systemsrdquo IEEE Access pp 1ndash1 2018

[79] O Boireau ldquoSecuring the blockchain against hackersrdquo Network Secu-rity vol 2018 no 1 pp 8ndash11 2018

[80] ldquoThis ultra-secure pc self destructs if someone messes withitrdquo httpswwwwiredcom201706orwl-secure-desktop-computer ac-cessed 2018-06-01

[81] J Lind I Eyal F Kelbert O Naor P Pietzuch and E G SirerldquoTeechain Scalable blockchain payments using trusted execution en-vironmentsrdquo arXiv preprint arXiv170705454 2017

[82] I Bentov Y Ji F Zhang Y Li X Zhao L Breidenbach P Daian andA Juels ldquoTesseract Real-time cryptocurrency exchange using trustedhardwarerdquo 2017

[83] S Dziembowski S Faust V Kolmogorov and K Pietrzak ldquoProofs ofspacerdquo in Proc 35th Annual Cryptology Conference on Advances inCryptology Aug 2015 pp 585ndash605

[84] ldquoDPOS description on bitsharesrdquo accessed on 15 June 2018 [Online]Available httpdocsbitsharesorgbitsharesdposhtml

[85] ldquoTelehashrdquo accessed on 15 June 2018 [Online] Available httptelehashorg

[86] B F Franccedila ldquoHomomorphic mini-blockchain schemerdquo pp 1ndash17 Apr 2015 accessed on 15 June 2018 [Online] AvailablehttpcryptoniteinfofilesHMBCpdf

[87] J D Bruce ldquoThe mini-blockchain schemerdquo 2014 accessed on15 June 2018 [Online] Available httpwwwcryptoniteinfofilesmbc-scheme-rev2pdf

[88] N Ayres and L A Maglaras ldquoCyberterrorism targeting the generalpublic through social mediardquo Security and Communication Networksvol 9 no 15 pp 2864ndash2875 2016

[89] Y Chen Q Li and H Wang ldquoTowards trusted social networks withblockchain technologyrdquo arXiv preprint arXiv180102796 2018

[90] Q Kong R Lu H Zhu and M Ma ldquoAchieving secure and privacy-preserving incentive in vehicular cloud advertisement disseminationrdquoIEEE Access vol 6 pp 25 040ndash25 050 2018

[91] J Hua H Zhu F Wang X Liu R Lu H Li and Y Zhang ldquoCinemaEfficient and privacy-preserving online medical primary diagnosis withskyline queryrdquo IEEE Internet of Things Journal pp 1ndash1 2018

I Introduction

I-A Related Surveys and Our Contributions

II Blockchain applications for the IoT

II-A Internet of healthcare things

II-B Internet of things in the 5G era

II-C Internet of vehicles

II-D Internet of Energy

II-E Internet of Things devices

II-F Access Management in IoT

II-G Collaborative video delivery

II-H Internet of Cloud

II-I Intrusion Detection

II-J Software-defined networking

II-K Fog computing

II-L Distributed P2P Applications

II-M Crowdsensing Applications

II-N Data storage

II-O Bitcoin

III Threat models for Blockchain

III-A Identity-based attacks

III-B Manipulation-based attacks

III-C Cryptanalytic attacks

III-D Reputation-based attacks

III-E Service-based attacks

IV Existing research on security and privacy in blockchain-based IoT

IV-A Authentication

IV-B Privacy-preserving

IV-C Trust

V Open questions and research challenges

V-A Resiliency against Combined Attacks

V-B Dynamic and Adaptable Security Framework

V-C Compliance with GDPR

V-D Energy-efficient Mining

V-E Social Networks and Trust Management

V-F Blockchain-specific Infrastructure

V-G Vehicular Cloud Advertisement Dissemination

V-H Skyline Query Processing

VI Conclusion

References