Blockchain based Privacy-Preserving Software Updates with Proof-of-Delivery for Internet of Things
A large number of IoT devices are connected via the Internet. However, most of these IoT devices are generally not perfect-by-design even have security weaknesses or vulnerabilities. Thus, it is essential to update these IoT devices securely, patching their vulnerabilities and protecting the safety of the involved users. Existing studies deliver secure and reliable updates based on blockchain network which serves as the transmission network. However, these approaches could compromise users privacy when updating the IoT devices. In this paper, we propose a new blockchain based privacy-preserving software updates protocol, which delivers secure and reliable updates with an incentive mechanism, as well protects the privacy of involved users. The vendor delivers the updates and it makes a commitment by using a smart contract to provide financial incentive to the transmission nodes who deliver the updates to the IoT devices. A transmission node gets financial incentive by providing a proof-of-delivery. The transmission node uses double authentication preventing signature (DAPS) to carry out the fair exchange to obtain the proof-of-delivery. Specifically, the transmission node exchanges an attribute-based signature from a IoT device by using DAPS. Then, it uses the attribute-based signature as a proof-of-delivery to receive financial incentives. Generally, the IoT device has to execute complex computation for an attribute-based signature (ABS). It is intolerable for resource limited devices. We propose a concrete outsourced attribute-based signature (OABS) scheme to resist the weakness. Then, we prove the security of the proposed OABS and the protocol as well. Finally, we implement smart contract in Solidity to demonstrate the validity of the proposed protocol.
READ FULL TEXT