Received: 22 April 2019 Revised: 2 August 2019 Accepted: 4 August 2019

DOI: 10.1002/ett.3741

RESEARCH ARTICLE

Blockchain-based security aspects in heterogeneous

Internet-of-Things networks: A survey

Fabiola Hazel Pohrmen Rohit Kumar Das Goutam Saha

Department of Information Technology,

North-Eastern Hill University, Shillong, Abstract
India
Blockchain is a key technology that enables cryptocurrencies such as Bit-
Correspondence coin, Litecoin, etc. In recent years, researchers have ventured into tapping the
Fabiola Hazel Pohrmen, Department of potential of blockchain-based ecosystems beyond cryptocurrencies. This paper
Information Technology, North-Eastern
Hill University, Shillong-793 022, India.
explores the convergence of blockchain with the Internet of things (IoT) and
Email: fhpohrmen@gmail.com its improved versions like software-defined network (SDN)–based IoT, which
are upcoming technologies in the area. This paper gives a brief description of
the IoT and its challenges, especially the security aspects. It also discusses how
blockchain concept can further resolve these challenges on the SDN-based IoT
platform. This paper first discussed the evolution of conventional IoT to the
SDN-based IoT, which can resolve many drawbacks of a conventional IoT sys-
tem. Also, it is focused on how the concept of blockchain can be converged
with SDN-based IoT system to further improve its security aspects. Although
the convergence of these different technologies has resulted into many advan-
tages, many associated challenges still remain. This paper highlighted these
challenges and opportunities to discover many other research issues that need
to be resolved. The details of current literature on the same issue has also been
highlighted in this paper.

1 I N T RO DU CT ION

The Internet of things (IoT) is a network of heterogeneous devices, which are connected to each other and to the Internet.
The architecture of IoT varies with respect to the application where it has been employed. Among the different types of
IoT architectures, the three-layer architecture consisting of perception, network and application layers, is considered to
be efficient, reliable, and the easiest to implement.1 While designing the architecture and applications of IoT, different
issues such as availability, scalability, flexibility, management, performance, security, and privacy may arise, which need
to be taken care of. Among these issues, security is quite crucial as it inhibits IoT's applicability in real-world scenarios,
especially in the financial domain. It is expected that IoT systems should be able to provide secure mechanisms, which
can help users in transferring critical data in a reliable manner.2
The IoT is a network system where different heterogeneous things (physical objects) are connected to each other via
a predefined network system. These physical objects can be further converted into smart objects by embedding them
with technologies such as radio-frequency identification, communication medium, computing power, etc. The architec-
ture of IoT can be divided into three layers: perception layer, which consists of physical devices; network layer, which
provides the communication medium; and application layer, where different applications can be hosted as shown in
Figure 1. The devices in the perception layer generate data and forward it to the next network layer via a sink node. From
the network layer, the data are transferred to the cloud where it is analyzed and stored. Based on these data, various
applications/services can be provided to the users.1

Trans Emerging Tel Tech. 2019;30:e3741. wileyonlinelibrary.com/journal/ett © 2019 John Wiley & Sons, Ltd. 1 of 26
https://doi.org/10.1002/ett.3741
2 of 26 POHRMEN ET AL.

Application Layer Data Analysis

Internet
Network Layer Server and Cloud

Sink Node

Perception Layer

Forest Agriculture Transport

FIGURE 1 Internet-of-Things architecture1

The applicability of IoT is increasing day by day both in academia and industry. This is due to the growth of its
application in areas such as smart home, smart healthcare, smart transport, smart grid, etc. Due to the upsurge in the
deployment of IoT nodes, proper security, privacy, and scalability aspects need to be addressed in a better way to make
IoT's applicability more reliable.

1.1 Challenges in Internet of things

The IoT ecosystem has numerous opportunities; however, it also faces many challenges. Some of the major IoT challenges
include security issues, privacy issues, performance and scaling, and interoperability. These challenges are discussed as
follows:
• Security: Existing security mechanisms are not adequate enough for reliable IoT application. Some of the challenges
that are experienced while designing a secure IoT system are poor design, security adaptation, lack of standards, policy
maintenance, and communication medium.2 The systems are sometimes poorly designed, which lead to loopholes
through which intruders can further exploit the system. The existing security solutions are difficult to implement in
IoT due to the fact that IoT devices are resource-constrained. The protocols for authorizing and authenticating IoT
devices are not standardized and might provide access to malicious nodes to enter the network. Periodic updates for
new services and devices may also contain dangerous bugs or vulnerabilities. The communication medium of IoT
devices may not always secure the message before transmitting it to the destination.
• Privacy: IoT has the potential to improve the quality of people's lives. However, the nature of the data (IoT users'
location and movements, health conditions, and purchasing preferences, etc) collected by IoT devices has sparked
serious privacy concerns. Protecting privacy is often counterproductive to service providers in the IoT context.
• Interoperability: Heterogeneity has been a great challenge in distributed systems, as a variety of networks, hard-
ware, different operating systems, and programming languages have to coexist within the same ecosystem. To manage
the functioning of such a complex heterogeneous network, seamless communication and cooperation among all the
components are very crucial. Furthermore, in the event of reliable communication among the heterogeneous IoT
components, it is necessary that they should be identified and discovered by other components.
• Performance and scaling: A scalable system continues to work effectively even when the number of resources and
users are increased significantly. With the exponential growth of IoT, the scalability issue (Performance and Scaling)
becomes prominent and needs to be addressed effectively, which can help prevent system downtime. The scalability at
any level should be attainable by the IoT ecosystem, which will help its enhancement of performance.

1.1.1 Layerwise security challenges

There are many security issues that can affect the IoT environment. As every layer is codependent on each other, iden-
tifying the security problems at every layer is critical. When data are transmitted from the perception layer to the upper
POHRMEN ET AL. 3 of 26

Unauthorized
Application Layer Unauthenticated
Access Control

Improper network rules insertion

Denial-of-Service
Internet (DoS) attacks
Network Layer
Server and Cloud

Sink Node
Flooding attacks

Jamming
Perception Layer DoS Attack
Impersonation
Forest Agriculture Transport

FIGURE 2 Internet-of-Things layerwise security issues2

layers, the integrity and confidentiality of that particular data may be compromised if not suitably secured. Some of these
layerwise security attacks are represented in Figure 2. The potential attacks at every layer are described briefly in the
following3 :
• Perception layer attacks: In this layer, the devices should have proper identification mechanisms so that no malicious
nodes can enter the network and impersonate another node. The data generated by the trusted devices should have
secure channels for transmission to prevent attacks like jamming, denial-of-service (DoS), side-channel attacks and
replay attacks, physical capture, brute-force attack, etc.
• Network layer attacks: This layer is prone to attacks with respect to confidentiality and privacy of data due to passive
monitoring, traffic analysis, and eavesdropping. Other threats that can affect the network layer are DoS, compatibility
issues of the packet, cluster security problems, privacy, and disclosure of information.
• Application layer attacks: In this layer, improper access control could lead to privacy and security breaches due
to unauthorized and unauthenticated access. Other threats include data protection and recovery problems, software
vulnerabilities, misconfiguration, and management of system failure.
Proper security mechanisms are required to be adopted in every layer of the architecture to provide trustworthy services
to the users. Due to the limited resources of IoT systems, application of standard security mechanisms may not be feasi-
ble. Open challenges of present-day IoT systems such as reliability, scalability, availability, heterogeneity, management,
security, and privacy are hindrances for the practical implementation. Researchers are endeavoring to overcome these
challenges by incorporating more advanced technologies such as software-defined networks (SDN), fog computing, and
blockchain (BC) with IoT. Blockchain is a state-of-the-art concept that provides secure and decentralized transactions in
the financial domain very successfully.4 If this concept can be introduced in any of the IoT architectures, it will provide
enhanced and much-improved security to the IoT-based networks.

1.1.2 Comparison of present survey with related survey papers

In the literature, several works are available that presented surveys on BC and its various applications on IoT.
Panarello et al5 analyzed the current research of BC technology in an IoT context and covered its different application
domains. They studied and organized the available literature according to their usage patterns, ie, device manipulation
and data management aspects. Reyna et al6 analyzed how BC technology could potentially improve the IoT ecosystem
and investigated out the challenges in BC and its applicability on IoT. It is based on a conventional IoT structure. The
survey done by Ali et al7 presented a comprehensive view of the efforts by academics and industry in the field of BC and
IoT integration. This too is based on conventional IoT architecture. Khan and Salah8 reviewed and categorized popular
security issues with regard to the layered conventional IoT architecture and mapped them against existing solutions. The
present survey differs from the aforementioned papers in some pertinent issues.
4 of 26 POHRMEN ET AL.

• This paper is a survey on an investigation into the integration of heterogeneous networks such as IoT, SDN, BC, and fog
into one paradigm, so that more advanced features can be extracted from this improved IoT structure, which includes
more prominently the security and privacy issues, etc.
• This paper depicts the architectural evolution of conventional IoT into SDN-IoT-fog-BC–based IoT by the amalgama-
tion of different technologies and concepts. This has been represented in Section 5.
The rest of the paper is organized as follows. Section 1 is a general description of IoT and the need for its evolution.
Section 2 deals with description of SDN technology along with its opportunities and challenges in its adaption to the IoT
network system. A detailed description of BC technology is provided in Section 3. Section 4 gives a brief discussion on how
BC can improve IoT security. Section 5 gives a pictorial representation of IoT's architectural evolution from conventional
IoT to SDN-IoT, next to SDN-IoT-Fog, then to BC-IoT and finally BC-SDN-IoT-Fog. The literature review in Section 6
is divided into two sections: The first section discusses the BC-based IoT system, and the second section elaborates the
BC-SDN-IoT system. In Section 7, the opportunities and challenges arising out of this convergence of BC and IoT and
its relevant versions have been discussed. Section 8 is a discussion on the future research issues. In Section 9, the use
cases of BC-based IoT is discussed. Finally, Section 10 concludes the paper with relevant discussion on the issue. A list of
abbreviations and acronyms has been provided in Table A1 of the appendix.

2 SOFTWARE-DEFINED NETWORK

The basic operation of SDN is to decouple the control and data plane of networking devices.9 The control plane of the SDN
is run by the controller, which provides the basis of rule or flow that governs the management of devices and data, topology,
configuration of fault, policymaking, performance and security, etc, of the network, Thus, the most powerful entity of
the SDN is the controller. There have been several attempts in the past to improve the overall efficiency of IoT in terms
of security by incorporating the features of SDN in the IoT system. By adapting SDN's programmability and its dynamic
nature, adaptive distributed DoS (DDoS) protection mechanisms and intrusion detection systems can be implemented to
improved SDN-IoT structure. Thus, this helps in improving security aspects of IoT.10
SDN structure can be divided into three layers as shown in Figure 3. This is similar to the three-layered architecture of
IoT. The infrastructure layer of SDN is the combination of the data plane and other devices (such as OpenFlow switch,
etc). The OpenFlow switches act as forwarding devices, which transmit the data as per the rules provided by the con-
troller. The control layer is the middle layer (control plane) where the controller resides. It communicates with the lower
infrastructure layer through the southbound interface (OpenFlow protocol) and with the upper application layer through
the northbound interface (RESTful). The application layer is the layer where the analysis is performed with application
program interfaces (APIs).

Application Layer Data Analysis

Northbound Interface

Internet
Cloud Server
Control Layer
Control Plane SDN Controller

Data Plane OpenFlow Switch

Southbound Interface

Infrastructure
Layer

Forest Agriculture Transport

FIGURE 3 Three-layered software-defined network (SDN) architecture11

POHRMEN ET AL. 5 of 26

2.1 SDN opportunities and challenges

In recent years, the convergence of SDN with IoT has gained a tremendous amount of emphasis in the research community
of the domain. This integration of SDN and IoT has created various opportunities and challenges for the research domain.
The performance of the IoT network will be greatly affected the incorporation of SDN in IoT networks. This effect is
highly dependent on the type of the SDN controller being used as well as with its placement issues.12

2.1.1 Opportunities of SDN-based IoT network

Some of the significant opportunities of SDN-based IoT network are described as follows:
• Dynamic policymaking: Most of the IoT applications are based on real-time data. In case of an emergency response
system, the SDN controller can make quick policies and decisions to route the emergency packets to its destination.
Hence, it can provide the necessary resources to facilitate with the quick response time.
• Dynamic flow management: The intuitive flow management capability of SDN will reduce the congestion of data
at the receiving points. The SDN controller will route the data towards the less loaded and low latency path for more
efficient delivery of the packets.
• Dynamic network monitoring: The SDN controller can provide a global view of the entire network. This can help the
network administrator with information about the resource or devices available in the network. This information can
be used in an appropriate manner to locate a specific device and take control action needed on the same.
• Dynamic real-time changes: The network monitoring feature of SDN can also help in the configuration of resources if
required in the real-time operation. In the event of arrival of a new device in the network that requires more resources,
the SDN controller will be able to allocate the required amount of resources (if available) to execute its operation during
its runtime.

2.1.2 SDN challenges in IoT network

The integration of SDN in the IoT network will undoubtedly bring more advanced features in the IoT network system
and help the system for evolving out procedures for easy compilation of work. The maneuvering approach for designing
such a system is complicated and challenging. Some of the challenges are given in the following:
• Centralized controller: One of the major drawbacks with the traditional SDN architecture is its single centralized
controller. The challenges for a single controller may arise when there are too many packets to be processed by it. A
single control system is always undesirable for any ecosystem, especially in the IoT network. If the single handling
controller crash or fail to operate, it will make the whole system fail. This centralized controller could be vulnerable
and can become a source of single point of failure.
• Reliability: In SDN, the network services are dependent on the single controller. This dependence on a single controller
could lead to many problems such as bottleneck, congestion, etc. IoT networks constantly monitor the environment
and in case of any anomalies, response time to attend the anomaly should be faster. However, the controller congestion
and bottleneck issues could increase this response time, which is undesirable.
• Scalability: For any new incoming packet in the network, the SDN controller will create the flow table. This generates
additional computational overhead for the single controller, which affects the scalability in terms of processing of a
high rate of incoming packets. Additional factors that also affect the scalability are topology, number of controllers
used, and their placement in the network system.
• Connectivity: IoT applications are highly time sensitive in real-world scenarios. This makes them highly dependent
upon the type of communication technologies with which they are equipped with. For SDNs, generally, the distance
between the data plane and control plane is high. This will increase the latency and decrease the throughput, which
are not desirable for IoT networks. Hence, features such as computation at the edge of the network can greatly help in
reducing the connectivity issue.
• Security: In the SDN-based IoT system, most of the data is going to be handled by the controller. Hence, providing
security to the controller is a very crucial step in this scenario. However, IoT is already burdened with its own security
limitations, providing additional security to the SDN controller will further drain the IoT resources, which are already
very limited.
6 of 26 POHRMEN ET AL.

3 BLOCKCHAIN CO NCEPTS

BC is a distributed ledger technology (DLT) in which an append-only secure ledger database is shared and updated by all
nodes/members, in a peer-to-peer (P2P) network.4 The participating nodes/members each store a copy of the ledger. BC
technology offers a way of recording transactions or any digital interaction in a secure, transparent, resistant, auditable,
and efficient way. It carries the possibility of affecting industries and also enable evolving new business models.13 The
secure and decentralized property of BC has made it a strong contender in the advancement of various fields of research
such as IoT and artificial intelligence (AI). A convergence of the three technologies (BC, AI, and IoT) also has the potential
for technological advancement as industries can maximize the benefits of each of these technologies while also minimiz-
ing the risks and limitations associated with them.14 The BC concept has already been implemented in cryptocurrencies
like Bitcoin, Ethereum, etc, effectively.

3.1 Blockchain types

The classification of BC can be done based on the availability of data and user actions features. There are three BC types:
public, private, and permissioned BC.15 In public BC, anyone can join the BC network without the approval of third
parties. Anyone can act as a simple node or as miner/validator. In private BC, however, network access is restricted. It is
a closed network in which only authorized nodes can maintain consensus, and the owner can control access of the nodes
in the network. Permissioned BC is a hybrid version of public and private BCs. It is not entirely open and is partially
decentralized. The selection of main nodes and access control is defined by consortiums/enterprises to control access
inside the BC.7

3.2 Blockchain core technologies

The core technologies involved in the BC are featured as follows16 :
• Public key cryptography: Public key cryptography or asymmetric cryptography consists of algorithms that use a pair
of keys for encryption and decryption: the public key (PK) and the private key. Some prominent public-key algorithms
are elliptic curve cryptography (ECC) and Rivest-Shamir-Adleman (RSA) algorithm. The elliptic curve digital signature
algorithm (ECDSA) is used for authorization and authentication of transactions in Bitcoin and Ethereum. They both
work with the elliptic curve secp256k1.17 ECDSA also provides identities for participants as the addresses are derived
from their PKs.
• Cryptographic hash functions: Cryptographic hash functions are one-way function in which data of any length can
be taken and a fixed size hash can be generated. Bitcoin's hash function is Secure Hash Algorithm 256 (SHA-256).
Ethereum uses Keccak-256 for the same.18,19
• Merkle trees: The integrity of data can be verified and summarized by using Merkle trees or binary hash trees as shown
in Figure 4. Bitcoin and Ethereum use Merkle trees for summarizing transactions in a block. Each block contains the
Merkle root in the block header. The contents of the block and consistency of multiple ledgers are verified using the
Merkle root. When multiple copies of the BC have the same Merkle root for a block, then all the transactions in that

Block N Block N+1 Block N+2

Previous Hash Timestamp Previous Hash Timestamp Previous Hash Timestamp

List of Transactions List of Transactions List of Transactions

Merkle Root Nonce Merkle Root Nonce Merkle Root Nonce

Hash 01 Hash 23

Hash 0 Hash 1 Hash 2 Hash 3

Transaction 0 Transaction 1 Transaction 2 Transaction 3

FIGURE 4 Blocks, transactions, and Merkle tree16

POHRMEN ET AL. 7 of 26

block are the same. Even a tiny inconsistency would lead to vastly different Merkle roots because of the properties of a
hash.
• P2P network: A P2P network is a distributed, decentralized, open and interconnected network in which the nodes
(computers) that participate in the network, serve as peers to each other. There exists no server, centralized services,
or hierarchy within the network. The same nodes can act as a provider and consumer of services at the same time. In
cryptocurrencies such as Bitcoin, the shared ledger is maintained by these nodes.4

3.3 Consensus protocols

Consensus protocols ensure that no malicious transactions or changes can be made to the BC itself.5 Consensus or agree-
ment on the state of the BC is required in a distributed and decentralized network. The consensus problem in BC, which
is distributed and trustless, can be considered synonymous to Byzantine generals' problem. Thus, the consensus proto-
col must exhibit the Byzantine fault tolerant (BFT) property.20 The classification of some of these consensus protocols is
shown in Table 1. Some existing consensus protocols that are used in BC are discussed in details in the following.
• Proof of work (PoW): In PoW, consensus is achieved by using the miners to solve easily verifiable tasks that are
otherwise computationally intensive for block creation.4 The solution is then published. The new block is added to
the chain and broadcast across the network so that nodes can verify and append it to its local BC copy. However, the
disadvantage of PoW system is that it consumes high energy, it has high latency, and low transaction rates.
• Proof of stake (PoS): In PoS, the probability of the miner's chance to validate a block is based on the amount of cryp-
tocurrency staked by the miner.4 The use of cryptocurrency to be 'staked' prevents bad actors from making fraudulent
validation upon false validation of transactions.
• Delegated PoS (DPoS): In DPoS, token holders are able to cast votes proportional to their stake to appoint delegates for
serving on a panel of witnesses. These witnesses secure the BC network and do not need to have a large stake, but they
must compete to gain the most votes from users. Thus, DPoS provides better scalability compared with PoW and PoS.
• Proof of authority (PoA): In PoA, the validator's reputation acts as the stake. Similar to PoS and DPoS, only a group
of validators secures the BC and is capable of block creation. The identities of all validators' identities are public and
verifiable, hence making their reputation as the stake. PoA is being explored by Ethereum testnets like Rinkeby and
Kovan.
• Proof of elapsed time (PoET): In PoET, each validator is required to wait for a randomly chosen time period. The first
one to complete the designated waiting time, that is, the one with the shortest wait time, wakes up and commits a new
block to the BC, broadcasting the necessary information to the whole peer network.
• Proof of capacity (PoC) or proof of space (PoSpace): In PoC, the miners try to store different solutions for different
problems. The miner who can solve the puzzle fastest is elected as the leader for the purpose of addition of a block to
the BC. PoC is more energy efficient. However, there is still a possibility that multiple users can combine the storage
power which can lead to centralization of the network.

3.4 Blockchain nodes

A node is a device on a BC network. The BC nodes are distributed across a widespread network, which are capable of
carrying out a variety of tasks. The survival of any BC network is dependent on these nodes. The BC node can be any
general computer or other types of hardware devices having network connectivity, so that it can be connected to the
Internet with valid IP addresses. The main roles of a node are to store, process, and validate transactions that have occurred
on the BC.4 Nodes are mainly of two types: full nodes and lightweight or partial nodes. A full node stores the complete
ledger locally. Lightweight nodes, however, do not store the complete ledger but store only the BC transactions, which
are necessary and relevant to their operation.

3.5 Blockchain-based IoT platforms

Due to the growing demand for BC-based IoT applications, a number of platforms suitable for IoT-based application have
been emerged.6 These BC platforms can be categorized into three categories such as public, private or permissioned, as
depicted in Table 1. Some of these platforms are discussed in the following:
8 of 26 POHRMEN ET AL.

TABLE 1 Classification of consensus protocols and blockchain platforms

Consensus Protocol Cryptocurrency Platform Private Public Permissioned
PoW4 Bitcoin, Litecoin ✓
PoW20 (Ethash) Ethereum Ethereum21 ✓ ✓
PoS20 Peercoin ✓
DPoS20 Lisk, EOS Lisk ✓
PoC/PoSpace20 Burstcoin, Spacemint ✓
PoET20 Hyperledger Sawtooth22 ✓
Pluggable/PBFT Ripple Hyperledger Fabric22 ✓ ✓
Pluggable IBM Blockchain23 ✓ ✓
ePoW HDAC HDAC24 ✓ ✓
PoA20 Ethereum testnets ✓
(Rinkeby, Kovan)
PoA20 Azure BaaS25 ✓
Permissions based round-robin/ Multichain26 ✓ ✓
Optional PoW
Federated consensus Chaincore27 ✓
Partitioned consensus Openchain28 ✓
BFT consensus Hydrachain29 ✓ ✓
Multiple Quorum30 ✓
Tendermint BigChainDB31 ✓ ✓ ✓

• Ethereum: Ethereum is more than just a cryptocurrency. It is also a platform, where users can build and use decen-
tralized applications that run on the BC. Ethereum is equipped with an Ethereum Virtual Machine (EVM), which is
an isolated runtime environment for running smart contracts.21
• Azure BC as a service (BaaS): Microsoft's BaaS is an Ethereum-based network. It allows developing and deploying
codes with smart contracts on the Ethereum BC using virtual machines as nodes.25
• BigchainDB: It is a combination of characteristics of database and BC technology. It allows developers to deploy BC
proofs-of-concept, platforms, and applications with a BC database. It supports a wide range of industries and use cases
and supports both public and private networks. Other BC networks can also connect to the BigchainDB network with
the help of oracles or interchain communications protocols. It can be used as part of a solution that uses other BCs to
run smart contracts.31
• Multichain: The MultiChain platform is a fork of Bitcoin core. It allows the creation and deployment of private BCs.
It also allows the management of portfolios, assets, permissions, transactions, etc. It offers a command-line tool for
interacting with the network.26
• Hyperledger: Linux Foundation's Hyperledger project hosts multiple open-source projects to help advance
cross-industry BC technologies. These projects include Hyperledger Fabric, Hyperledger Sawtooth, Hyperledger Cello,
and many others. The Hyperledger Fabric project by IBM is a permissioned DLT. It is modular in nature and allows
components such as consensus protocols, database management service, and membership services to be configured
according to individual needs. Intel developed Hyperledger Sawtooth, a modular BC suite, which uses PoeT consen-
sus. Hyperledger Cello is a BC as-a-service deployment model and supports customized network configurations such
as network size, consensus type, etc.22
• IBM BC: This framework supports development of BC applications. It does not require cryptocurrency. It is being used
commercially in banks, supply chain systems, and cargo shipping companies.23 It builds on Hyperledger Composer,
which is the framework to build BC-based applications and also on top of Hyperledger Fabric, which provides core
features to address specific needs of the network.
• ChainCore: This permissioned BC platform is powered by open-source chain protocol. In this platform, the consen-
sus is reached by a designated set of nodes called a federation. Role-based permissions are utilized for the operation,
access, and participation in a network. Multisignature accounts and smart contracts can also be provided. Transactional
privacy is also maintained in this platform.27
• Quorum: It is a permissioned implementation of the Ethereum BC. It achieves data privacy through cryptography and
segmentation and allows multiple consensus algorithms.30
• Openchain: It manages digital assets and is based on an open-source distributed ledger system. With support for smart
contract modules, the tokens are interoperable with Bitcoin. It is based on partitioned consensus.28
POHRMEN ET AL. 9 of 26

• HDAC: It is a platform and cryptocurrency-enabled public BC that can be effectively used with multiple private BCs.
It is an improved version of the MultiChain platform and uses the ePoW algorithm for the consensus algorithm. It is
applicable to various fields such as IoT, distribution, logistics, and public data management.24
• HydraChain: It extends the Ethereum platform and allows permissioned private and consortium chains. Forks or
reverts are not supported in HydraChain. Smart contracts can be written in Python. Native contracts are interoperable
with EVM-based contracts.29

4 S EC U RI T Y ASPECT S OF B LO C KC HAIN FO R IOT

Many properties of BC could be amalgamated with IoT system to improve many of its features. However, from a security
point of view, the aspects such as integrity, authenticity, confidentiality, nonreputation. and availability play key roles in
ensuring security of the system.32 The IoT can improve its security by leveraging these BC features as discussed in the
following:
• Integrity: In IoT, data integrity is of utmost importance. This is because a breach of integrity might potentially expose
the devices and can also hinder the way the devices operate. In BC-based systems, the integrity of the data or transac-
tions is maintained with the help of hash functions and Merkle trees. Tampering the data could drastically change the
hash values. The use of these hash functions for IoT could help provide data integrity.33,34
• Authentication: Traditional authentication systems are complex and not suitable for IoT due to its resource-
constrained nature. One of the major drawbacks of these systems is that they rely on centralized authorities to register
and verify the identities of all devices on the network. A decentralized BC-based authentication scheme can be used for
signing, verification, encryption, and decryption. The devices will contain the keys for signing and decryption while
the BC will store the keys for verification and encryption. Such schemes can help in mitigation of attacks that are crit-
ical to the IoT system such as phishing, man-in-the-middle, replay attacks, and DDoS attacks, and remove any single
point of failure through which attackers may compromise the system.35
• Confidentiality: Confidentiality protects a user's personal information. It implies that data access by any entity should
be controlled such that only the intended recipient can access the data. In terms of IoT, device and data confidentiality
are also key requirements. To provide data confidentiality for IoT, the data stored on the BC can be encrypted. The key
for decryption and the pointer to the location of data on the BC is then sent to the intended recipient. The sender/source
can transfer the decryption key by encrypting it using the recipient's PK.8
• Nonrepudiation: Nonrepudiation means that the sender/source should not be able to deny it has produced the data.
Each transaction is signed by the sender/source and added to a block on the BC. The transactions and blocks are
hashed to prevent tampering and ease auditability. Hence, the sender/source cannot deny producing particular data.33
In the IoT context, it is of great significance to monitor the status of real-time data. When data exception occurs, BC
will enable the user to exactly pinpoint the time and location of these events. This will thereby pave a way for future
auditing and accountability.
• Availability: Availability of data means that the stored data should be reliably available at all time. Since BC is a
distributed, public ledger, the stored IoT data are easily available. When a node fails, there is no disruption in the
availability of data since the same data are duplicated in multiple nodes.36

5 A RC H I T ECT U R AL E VOLU T ION O F IOT

The architecture of IoT changes with respect to the application in which it has been deployed. There has been a lot of
research in improving conventional IoT applications with the adoption of technologies such as SDN, fog, and BC. This
section depicts this evolution of conventional IoT into SDN-based IoT, SDN-based IoT-Fog, BC-based IoT, and BC-based
SDN, and IoT-Fog architectures, respectively.

5.1 SDN-based IoT Architecture

In SDN architecture, the controller is separated from the networking element and placed in the control plane. This pro-
vides various advantages to configure the network with less time and resources. There can be provisions to include the
controller, which is an intelligent resource of the network, with other types of network such as IoT to enhance their
10 of 26 POHRMEN ET AL.

Application Layer Data Analysis

Application Layer Data Analysis

Internet
Internet SDN Controller Cloud Server
Control Layer
Control Layer SDN Controller Server and Cloud
Fog Layer
OpenFlow Switch Sink Node

Infrastructure
Infrastructure Layer
Layer

Forest Agriculture Transport Forest Agriculture Transport

(A) (B)

Application Layer Data Analysis Blockchain Layer

Blockchain
Network Layer
Fog Layer
Sink Node SDN Controller

Perception Layer Infrastructure

Layer

Forest Agriculture Transport Forest Agriculture Transport

(C) (D)

FIGURE 5 Architectural evolution for Internet of things (IoT). A, Software-defined network (SDN)–based IoT architecture; B, SDN-based
IoT and Fog architecture; C, Blockchain (BC)–based IoT architecture; D, BC–based SDN and IoT-Fog architecture

performance. The researchers from various fields are trying to develop methodologies, which can merge these two
technologies (SDN and IoT) to overcome many of the drawbacks of the IoT networking system.37,38
One such endeavor is to develop a new hybrid architecture combining SDN and IoT. The network layer of SDN and IoT
can be combined for the purpose as shown in Figure 5A. The sink node of IoT can be placed with OpenFlow switch and
monitored by the SDN controller, or they can also be linked together so that better performance of the network can be
achieved. SDN can help in reducing many of the issues of IoT to a considerable extent with the help of the SDN controller.
It has the ability to monitor all the available devices in the network and program them according to the requirement.
The reliability of IoT network can be enhanced by proper installation of SDN controllers and OpenFlow switches. The
programmable OpenFlow protocol39 of SDN makes it more feasible for the IoT system to manage its devices in a more
efficient manner. This will increase the overall network performance in terms of low bandwidth utilization and high
throughput of the network. Here, security aspects remain an important concern.

5.2 SDN-based IoT and Fog architecture

SDN-based IoT architecture can be further improved by integrating fog computing into it. Fog computing enables compu-
tations to be performed at the edge of the network itself. This helps in providing decentralized computing infrastructure,
which can reduce the overall computation load at a particular region of interest.40 As shown in Figure 5B, SDN-based fog
computing can provide efficient network management for IoT system. It will enable the IoT application to process their
data on the edge of the network itself.
POHRMEN ET AL. 11 of 26

Introduction of fog at the edge will reduce the network latency and bandwidth as the processing will be done at more
nearby locations rather than in the cloud.41 This integration will also enable location awareness and real-time interaction
at the edge of the network.42 SDN-based IoT and SDN-IoT fog are improvements to pure IoT. However, these architec-
tures still suffer from many drawbacks, with security being one of them. With the increase in services and devices in the
network, the architecture should be scalable and feasible enough to accommodate such changes in the network. Due to
the limited resources of the IoT system, applying the standard security mechanisms may not be supportable.

5.3 Blockchain-based IoT architecture

The decentralized and distributed nature of BC makes it an ideal solution for the improvement of various IoT aspects.
Single points of failure would be eliminated with this approach and a more resilient ecosystem would be created for devices
to run on. The cryptographic algorithms used by BC would make data more secure. BC in convergence with IoT can aid
in tracking billions of connected devices and enable the processing of transactions and coordination between devices as
shown in Figure 5C.43
In this architecture (see Figure 5C), every application will have various devices at the perception layer. Among the
various devices, the application will have a local miner, which will store transactions (interactions and data) from the
other devices in local BC. These applications will collectively form a cluster, and for each cluster, a cluster head (CH)
is elected. A unique PK is assigned to each CH. This PK (known by all peer CHs) is used for authorization of block
generation. The overlay network maintains a global BC in which the different miners (CHs) store transactions from their
respective clusters. These blocks are linked together with cryptographic hash functions. To decrease the overhead of block
generation, a distributed trust method is used.44,45

5.4 Blockchain-based SDN and IoT-Fog architecture

The BC concept can also be combined with SDN to improve the overall security and privacy of IoT as depicted in Figure 5D.
The SDN-based IoT deployments along with intercloud communication required by any IoT application could give rise to
additional security concerns rise and make them vulnerable to specific types of attacks. Efficient monitoring of all entities
becomes a real challenge due to the overall number of connected nodes. These challenges must be tackled in order to
prevent system degradation and service outage.46
In this architecture (see Figure 5D), the edge network consists of edge nodes with limited computation and resources.
The BC level consists of core miner nodes that have high computation and high storage resources. The responsibility of
the miner nodes is to create blocks and achieve consensus. The nodes are interconnected with each other in a distributed
manner. The access policies and credentials of the locally registered entities are stored in its database, which helps reduce
network bandwidth and latency.47 The distributed nature of this model can make the whole system more resilient to and
limit the impact of attacks even when the node is compromised.
Another prospect can be the inclusion of mobile edge computing (MEC) close to edge computing devices, ie, in the
fog layer. Applications such as emergency response system can be run here. The proximity of MEC nodes to the gate-
way node will result in high response time and more efficient processing of packet for that particular application such
as vehicular ad hoc networks (VANETs). MEC can be equipped with BC nodes so that they can validate the authentic
message exchange between different vehicles. This MEC miner nodes can validate the message exchange with the help
of consensus protocols. The MEC approach can also help in lowering the latency and jitter issue.48,49

6 EXISTING WO RKS

Research investigations on BC-based IoT are still in its nascent stage. The research community has been working on
various aspects of BC-based IoT integration and a BC-based SDN-IoT integration. Some of the notable works by the inves-
tigators in this domain are listed in Tables 2 and 3. The different categories of research issues in which researchers are
currently focused on is depicted in Table 4.

6.1 Blockchain-based IoT frameworks

The BC-based IoT frameworks found in the literature are discussed as follows:
• Zhou et al50 proposed BeeKeeper 1.0, a BC-based IoT system with privacy-preserving homomorphic computation.
Devices may send encrypted data to the BC. Homomorphic computations allow the servers to process the encrypted
 12 of 26

TABLE 2 Blockchain (BC)–based frameworks for Internet of things (IoT)

Author Framework Name and Type Platform Techniques Constraints
BeeKeeper 1.0: BC based IoT system Homomorphic computation: Shamir's
Zhou et al50 with Transactional privacy-preserving Ethereum Secret Sharing (SSS), practical Byzantine fault tolerance Limited efficiency due to dependence on
homomorphic computation consensus, No PKI, secp256k1 based ECC curve Ethereum platform
Decentralized outsourcing computation
BeeKeeper 2.0: Confidential Hyperledger (DOC), SHA-256, homomorphic
Zhou et al51 BC-Enabled IoT System with Fully Fabric, non-interactive verifiable secret (FHNVSS) Throughput bottleneck due to limitations
Homomorphic Computation Hyperledger sharing scheme,secp256k1-based Elliptic of the testing environment (100tx/s)
Caliper Curve Integrated Encryption Scheme
(ECIES), ECDSA
Digital Signature Scheme based on Elliptic
Cha et al52 BC gateway: BC Connected Gateway Ethereum, Curve Discrete Logarithm Problem Delay in Uploading contracts
User privacy preferences for IoT Testbed (ECDLP) and bilinear pairing
Privacy policy controls access to IoT device
Lightweight Consensus algorithm,
LSB: Lightweight Scalable BC distributed trust method, a distributed
Dorri et al45 architecture for IoT Cooja, NS3 throughput management strategy and Increase in energy consumption
separation of the Transaction traffic from
the data flow
Frequent mobility of the vehicles increases
Dorri et al53,54 BC based Distributed Solution to Testbed LSB the packet and processing overhead
Automotive Security and Privacy resulting from the handover process
Packet overhead and delay in the overlay
Edge computing to manage data storage.
Certificateless cryptography for
Li et al55 BC based scheme for large scale IoT authentication system for the BC-based IoT Framework not validated (neither in
data storage and protection applications where BC broadcasts the simulation nor in testbed)
public key of a user
ControlChain: Architecture for Ethereum, Complete decentralized and transparent Limited Efficiency due to dependence on
Pinno et al56 decentralized access control based on Testbed authorization process Ethereum platform, PoW based BC,
the BC privacy.
Block4Forensic: An Integrated No incentive to prevent malicious actors
Cebe et al57 Lightweight BC Framework for Fragmented Ledger for storing Availability is not ensured
Forensics Applications of Connected No method to check the correctness of data
Vehicles
Ouaddah et al58 FairAccess: Privacy preserving Testbed PoW consensus Transaction throughput is 7tx/s
authorization management framework Not privacy preserving

Continues
POHRMEN ET AL.
 POHRMEN ET AL.

TABLE 2 Continued
Author Framework Name and Type Platform Techniques Constraints
The management hub nodes translate the
Novo59 BC-based Access Management system Ethereum messages from the devices into RPC Overhead of waiting for the BC network
for IoT messages and forward them to the BC to issue the access control information.
network
PoW
Rahulamathavan et al60 Privacy-preserving BC-based IoT Testbed Attribute-based encryption (ABE) for data The presence of multiple Attribute
architecture privacy and confidentiality authorities (AAs) increases the security,
however there is also a slight increase in
time complexity.
Alphand et al61 IoTChain: A BC-based Security Ethereum OSCAR architecture and the ACE Limited Efficiency due to dependence on
Architecture for IoT authorization framework Ethereum platform.
Hammi et al62 BCTrust: BC-based authentication Ethereum ECDSA Limited Efficiency due to dependence on
protocol Ethereum platform.
BC for IoT Access Control Smart contracts authenticates users and Ethereum price fluctuations is challenging
Ourad et al63 and Authentication Management Ethereum, then determine if the user is allowed to for smart contract users.
access the resources.
A User Authentication Scheme of IoT With the help of smart contracts, Fog Limited Efficiency due to dependence on
Almadhoun et al64 Devices using BC-enabled Fog Nodes Ethereum Nodes used for authentication of large scale Ethereum platform.
IoT devices
BC-based Ownership Management for Two smart contracts: One is used by the Limited Efficiency due to dependence on
Alblooshi et al65 Medical IoT (MIoT) Devices Ethereum manufacturer for every MIoT device, and Ethereum platform.
the other is used by the owner
Machado et al66 IoT Data Integrity Verification for Ethereum Three-tiered Split BC: IoT, Fog and Cloud Limited Efficiency due to dependence on
Cyber-Physical Systems Using BC tiers creates a chain of trust for IoT data. Ethereum platform.
13 of 26
 14 of 26

TABLE 3 Blockchain (BC)–based software-defined network (SDN) frameworks for Internet of things (IoT)
Author Framework name and type Platform Technique used Constraints
Each local network view comprises OrchApp,
DistBlockNet: SDN-BC Mininet, Controller, and Shelter modules. In hardware test environment, the bandwidth
Sharma et al46 architecture Testbed The Shelter and OrchApp modules in each local started to go down due to the unavailability of
network handle the security attacks at a different ternary content addressable memory in their switch
level.
Sharma et al67 BC-based hybrid network Ethereum, DistBlockNet, Argon2 hashing technique, Limited Efficiency due to dependence on Ethereum
architecture for the smart city Mininet memory-hardened PoW scheme platform, efficient deployment of edge nodes.
A BC-Based Architecture for Ethereum BCs advertise DDoS attacks across multiple Limited Efficiency due to dependence on
Rodrigues et al68 Collaborative DDoS Mitigation domains Ethereum platform.
with Smart Contracts
Two data structures: Service Profile: It is used to
Trustlist: Internet-wide and advertise the trusted IoT servers, gateways, and
Kataoka et al69 distributed IoT traffic Ethereum validators. Limited Efficiency due to dependence on
management using BC and SDN Device Profile: Flexible and specific to an IoT Ethereum platform.
application on devices. The fee of executing
transaction over the Ethereum is quite high
iFogSim, Distributed Fog based SDN nodes are connected
Muthanna et al70 IoT framework with Fog and SDN CloudSim and managed via the BC technology that is used BC not implemented in simulation or testbed.
SDN, for updating flow table in a secure manner
Testbed
POHRMEN ET AL.
POHRMEN ET AL. 15 of 26

Research Issue Research Work TABLE 4 Current areas of interest in blockchain (BC)
45,51,57 Internet of things (IoT) research
Lightweight BC for resource-constrained devices
Consensus protocols 45,66,71

Scalability and processing overheads 51,59,63

Latency and throughput 46,72,73

Energy efficiency 45,74,75

Identity 74,76-78

Auditability and accountability 33,75,79

BC-based authentication schemes 35,63,64,75,80-82

BC IoT privacy schemes 45,51,60,72,75,83

data without learning anything from them. Their system consists of record nodes and light nodes. The record nodes
act as miners that maintain the BC and verify transactions. The consensus is achieved by using a practical BFT (PBFT)
consensus scheme. The light nodes connect to several record nodes and store all block headers, rather than the entire
BC list. Beekeeper 1.0 includes the following limitations: Servers can perform only one-degree homomorphic multi-
plication and only one device can send encrypted data and requests to the servers. The verification of correctness of
responses sent by the servers is done by pairing, which is computationally expensive. Due to these limitations of Bee-
keeper 1.0, Zhou et al51 proposed Beekeeper 2.0, which is much more efficient and functional. In the BeeKeeper 2.0
system, the data can be shared by the devices without disclosing the plaintext data to the servers. Unlike Beekeeper
1.0, the servers in Beekeeper 2.0 can perform any-degree homomorphic multiplications and any number of additions
on encrypted data according to the requests of devices. The verification of the data is also done without interaction.
• BC-connected gateway (BC gateway) prevents users' personal data from being accessed by intruders. In the BC network,
the user's personal preferences are maintained by the BC gateway. They have also incorporated a digital signature mech-
anism for authentication and secure management of privacy preferences. The tamper-resistant nature of BC allows BC
gateway to settle disputes between the users and IoT service providers.52
• Dorri et al45 proposed lightweight scalable blockchain (LSB). In LSB, decentralization is achieved with the help of an
overlay network, where devices with higher resources manage a public BC. This ensures end-to-end privacy and secu-
rity. The overlay consists of distinct clusters, which help in reducing the overheads. Each cluster has a CH, whose
responsibility is to manage the public BC. Several optimizations have been included, such as lightweight consensus
algorithms, distributed trust, and throughput management algorithms. Their consensus algorithm eliminates the need
for PoW, in which miners need to solve a puzzle before adding a block to the BC. LSB also suggests the use of Spon-
gent, a lightweight hash function instead of hash functions currently used in BCs. They have also listed the IoT and BC
security attacks and outlined how LSB protects against these particular attacks. Their simulations have shown that, in
LSB, packet overhead and delay decreases while scalability increases when compared to relevant baselines.
• Dorri et al44,54 also proposed a Blockchain-based distributed solution to automotive security and privacy.44 Their archi-
tecture has the ability to provide a secure and trustworthy way to exchange data to support automotive services while
protecting the security of the end user. To reduce the associated overhead of conventional BCs, their framework is based
on their previous BC instantiation known as LSB. Their framework incorporates all entities in the vehicle life cycle,
including, but not limited to, insurance companies, software or hardware suppliers, and roadside infrastructure. The
interactions, ie, transactions between these parties, are recorded in BC, which provides high auditability. Each partici-
pant is known by a changeable PK, which introduces a level of anonymity. Their security and privacy analysis showed
that the user can monitor the frequency with which his/her devices are accessed.54
• Li et al55 proposed a BC-based scheme for a large-scale IoT data storage and protection. Their scheme eliminates the
centralized server and guarantees data protection by letting a large group of BC miners control the IoT data. They use
edge computing to manage data storage. Certificateless cryptography is used for the authentication system; the BC
broadcasts the PK of a user. Certificateless cryptography highly reduces redundancy brought by traditional PKI and
offers an efficient way to authenticate an IoT device. Their scheme also enables and elaborates on how data can be
efficiently and effectively achieved.
• Pinno et al56 proposed ControlChain for managing access control in the BC network. This architecture can help in mak-
ing the network more scalable and fault tolerant with a wide range of access control to IoT devices. The ControlChain
also provides attributes assignment and relationship management in a secure manner.84 The Ethereum-ControlChain
(E-ControlChain) was created as a ControlChain proof of concept to check ControlChain practical viability for the
16 of 26 POHRMEN ET AL.

IoT. Their cost and performance analysis showed that even limited devices, like a Raspberry Pi, can easily handle the
E-ControlChain requirements.
• Cebe et al57 proposed Block4Forensic, which is a permissioned BC framework for managing the collected vehicle-related
data. Membership establishment and privacy is provided to the BC by a vehicular public key management (VPKI).
This scheme can also reduce the overhead of storage and membership management. A fragmented ledge stores
vehicle-related data, eg, maintenance information/history, car diagnosis reports, etc. The main drawback is that their
fragmented ledger stores only hash values. Their architecture does not ensure data availability and data correctness.
• Ouaddah et al58 introduced FairAccess, authorization management framework with the added advantage of a
privacy-preserving mechanism. It allows users to manage their data. Access can be granted, delegated, or revoked
depending on the transaction. The authors have also adopted the organization-based access control model for express-
ing access control policies in their framework for IoT. Their access control policies have been managed in a fully
distributed and decentralized manner in the first level, which concerns the interactions between cooperatives. At the
second level, due to the resource constraints of IoT devices, a centralized approach is used with the help of an entity
called an Authorization Manager Point for each organization. A new field consisting of an authorization token was
also introduced. The BC ensures the evaluation and enforcement of access policies and also ensures the integrity of
the token integrity and detects if there is any token double spending. The use of these tokens helps ease the burden
of handling a vast amount of access control-related information of IoT devices. The verification and validation can be
done with the access token easily while also removing the need for a centralized entity.
• Oscar Novo's paper introduced a decentralized, Blockchain-based Access Management system for IoT. This system stores
and distributes access control information with the help of a BC. The system architecture can be divided into six
different components: wireless sensor networks, managers, agent node, smart contract, blockchain network, and a
management hubs. The management hub is a node that requests access control information from the BC on behalf of
the IoT devices. Management hubs cannot be resource-constrained devices. All allowed operations for an access con-
trol system were defined in the smart contract. These contracts are unique and cannot be deleted from the system. The
managers are lightweight nodes that interact with the smart contract to define the access control policy of the system.
An agent node is a specific BC node who is the owner of the smart contract during the lifetime of the access control
system. IoT devices have to be registered under a manager's control. The proposed system eliminated the need for a
centralized access control server and the use of multiple management hub nodes distributed across the BC network
improves the flexibility of the system.59
• Rahulamathavan et al60 also proposed a privacy-preserving BC-based IoT architecture. In this architecture, the process-
ing and transmission of the recorded data are done by the cluster heads. BC miners are responsible for the verification
of the transactions and adding them to the BC. Service providers or CHs can act as miners. Attribute-based encryp-
tion (ABE) is used to maintain privacy with minimal computational overhead. Through single encryption, ABE along
with attribute authorities (AAs) can provide both confidentiality and access control. Miners and users are verified by
these AAs based on their attributes. The decentralized ABE consists of the setup, AA setup, key issuing, and encryp-
tion and decryption protocols. The input to the setup protocol is a predefined security parameter, whereas the output
is the system parameter. The public and private keys are generated by the AA setup by using the system parameters
obtained from the previous setup protocol. In key issuing, the interaction between the miners/user and AA is through
the anonymous key issuing protocol. This is done for the determination of the set of users' attributes. The decryption
credentials for those attributes are generated by the AA and are sent to the miners/user. The CH takes inputs as data
from the sensors and uses the encryption algorithm by taking the set of attributes, which are maintained by the AAs.
The output of the CH is the ciphertext, which is appended to the transaction. The miners/users use the decryption
algorithm and credentials for the ciphertext received from the CH.
• IoTChain was proposed by Alphand et al.61 It is a BC-based IoT security architecture, which consists of a flexible and
trustless authorization mechanism based on BC. The architecture consists of two components: an authorization BC
based on the ACE framework and the OSCAR object security model, extended with a group key. The BC provides a
flexible and trustless way to handle authorization by replacing the single ACE authorization server while OSCAR uses
the public ledger to set up multicast groups for authorized clients. In this architecture, the authorization servers, key
servers, and clients act as nodes. It is not necessary for all of them to store the whole BC and participate in the consensus
protocol. The authorization servers and key servers are full nodes, which means that they store the complete history
of the BC. The authorization servers act as miners and verify the transactions on the BC and store them in blocks. A
proof-of-possession (PoP) concept binds the client's identity to an access token.
POHRMEN ET AL. 17 of 26

• Hammi et al62 proposed BCTrust, a BC-based authentication protocol which allows secure, decentralized, and trans-
parent node migration. In this protocol, device trust is established when one device is authenticated in one cluster; it
becomes trustful and accepted by all other clusters. The BC ensures that information is available for all participating
nodes. With the help of a smart contract, only a set of trustful nodes has the writing rights on the BC. These privileged
devices are the personal area network coordinators (CPANs) of the network. Each CPAN has a pair of private /public
keys, allowing it to securely make transactions with the BC. The major processing operations and messages exchange
are realized between a CPAN and the BC, or between a CPAN and another one, which are unlimited capacity devices.
Hence, there are no restraints on energy consumption, storage, or processing capacity. BCTrust provides a global view
of the network and a decentralized authentication system.
• Ourad et al63 proposed BC for IoT access control and authentication management. With the help of Ethereum smart
contracts, the users are authenticated. After authentication, the smart contract then determines if the user is allowed
to access the resources. This scheme ensures availability, scalability, decentralization and is tamper proof. However,
the main drawback of using Ethereum smart contracts is the Ethereum price fluctuations, which is challenging for the
users.
• Almadhoun et al64 proposed a user authentication scheme of IoT devices using BC-enabled fog nodes This scheme is also
based on Ethereum's smart contracts. With the help of smart contracts, fog nodes have been used for the authentication
of a large scale of IoT devices.
• Alblooshi et al65 proposed BC-based ownership management for medical IoT (MIoT) devices. It is an Ethereum-based
ownership management system, which provides user authentication and access control for MIoT devices. This system
utilizes two types of smart contracts: One smart contract is used by the manufacturer for every MIoT device, and the
other smart contract is used by the owner. This scheme provides integrity, availability, and accountability for the system.
However, confidentiality is not assured.
• Machado et al66 proposed an architecture for IoT data integrity verification for cyber-physical systems using blockchain.
Their three-tiered architecture consists of a split BC. In the first-level, IoT, they have proposed the use of a proof
of trust (PoT) between the low-resource and energy nodes. PoT guarantees confidentiality, availability, integrity,
authenticity, and time-determinism for IoT communication. The second-level, Fog, uses proof of luck, which provides
time-deterministic data agreement between a few redundant IoT gateways to tolerate faults and avoid corrupted data.
The third level, Cloud, represents the semitrusted data storage provider used by the gateways and the BC of choice that
supports decentralized data integrity verification without the need of third-party auditors.

6.2 Blockchain SDN-IoT frameworks

The BC-based SDN-IoT frameworks found in the literature are discussed in the following:
• DistBlockNet is a new BC cloud architecture model proposed by Sharma et al.46 Their distributed cloud manages the
data produced by IoT devices. The key technologies used in their architecture are fog computing, SDN, and BC. In this
architecture, all controllers in the IoT network are interconnected in a distributed BC network manner for easy and
efficient communication. The local network view consists of the OrchApp, Controller, and Shelter modules. The shelter
and OrchApp modules in each local network handle the security attacks at a different level. OrchApp mainly functions
at the management or application layers, the controller-application interface, and the control layer. It provides access
control, data protection, and threat intelligence mechanisms. Threat intelligence provides an understanding of threats
and their behavior. Shelter operates at the data layer, the controller-data interface, and the control layer. Shelter is
composed of a flow control analyzer and packet migration components. The authors carried out different experiments
to evaluate the scalability, defense effects, accuracy, and efficiency. They observed that DistBlockNet model constantly
performed superior to the distributed SDN network as the rate of the packet-in arrival increased.
• Sharma et al67 also proposed a BC-based hybrid network architecture for a smart city. They have used DistBlockNet archi-
tecture along with the Argon2 hashing technique. Their hybrid architecture inherits the strengths of both centralized
and distributed network architectures. They also proposed a PoW scheme to ensure security and privacy. Their archi-
tecture consists of two parts: a core network and an edge network. The core network consists of miner nodes with high
computation and storage resources, whereas the edge node has limited storage and computation power. Miner nodes
will be responsible for creating blocks and verifying PoW. Each node is enabled with the SDN controller to achieve high
agility and security, reduce hardware management cost, and realize the ease of deployment in the smart city network
infrastructure. The services for public infrastructure are provided by the edge nodes, which act as centralized servers.
18 of 26 POHRMEN ET AL.

These edge nodes store the policies and credential for registering the local entities in its database. As these are local
entities, low latency and minimum bandwidth are required.
• Rodrigues et al68 proposed a BC-based architecture for collaborative DDoS mitigation with the help of smart contracts
on Ethereum. The architecture consists of three components: Customers, who report to the Ethereum BC via smart
contracts about the whitelisted or blacklisted IP addresses; the autonomous systems publish the reported whitelisted
or blacklisted IP addresses. They also retrieve lists that contain the published IP addresses and have the ability to
implement their DDoS mitigation mechanisms. The Smart contracts on Ethereum BC contains the logic to report IP
addresses. The BCs advertise DDoS attacks across multiple domains in order to prevent DDoS attacks.
• Kataoka et al69 proposed Trustlist, which is an Internetwide distributed IoT traffic management system with BC and
SDN. Trustlist provides trust among the stakeholders. It also provides traffic management for autonomous enforcement
at the edge by the help of BC and SDN integration. The doubts, trust, and authenticity of the IoT services are also
automated by Trustlist to prevent attacks and abuse. Their architecture also used two data structures. One is a service
profile, which is used to advertise the trusted IoT servers, gateways, and validators. The other is a device profile, which
is flexible and specific to an IoT application on devices. Trustlist focuses on the prevention of unwanted traffic from IoT
devices, including DDoS attacks on edge networks. In their implementation, a BC node operates on an SDN controller
and IoT server/validator to circulate the service and device profiles using the smart contract of Ethereum. However,
the fee of executing transaction over the Ethereum is quite high. Each SDN switch maintains two flow rules: In flow
rule 1, the packets from any IoT device will be dropped unless the device matches any other flow rule in the flow table.
The second rule forwards the packet from an IoT device to the controller when its destination IP address is that of a
known validator in the service profile. The controller installs the following host-specific flow rules on the ingress and
intermediate switches to let the packet through and arrives between the device and validator. On successful validation
of the IoT device, the SDN controller will find the device profile in the BC node.
• Muthanna et al70 proposed a framework for secure and reliable IoT networks using fog computing with SDN and BC.
With the SDN network, high reliability and availability of the latency-sensitive IoT applications can be achieved along
with the fog nodes controlled by the SDN controller. The SDN network consists of distributed controllers and switches.
The BC is employed at the top of the network to provide trustful decentralization and high-level security via SDN con-
trollers. In the SDN-based OpenFlow switch, data offloading algorithms were employed to compute different tasks and
processes. Furthermore, the traffic of the networks was handled by their proposed model. Fog nodes at the edge along
with the SDN controller also provide low communication latency for better accessibility to the computing resources.

7 OPPORTUNITIES AND CHALLENGES OF BLOCKCHAIN-BASED IOT

The convergence of BC and IoT brings many attractive opportunities. However, this convergence is not without its
challenges.15,16 This section discusses these opportunities and challenges.

7.1 Opportunities of BC and IoT integration

Some of the opportunities of BC and IoT integration have been listed in the following:
• Decentralization: The BC eliminates the need for centralized authority and governance. Its P2P distributed architec-
ture removes single points of failure and bottlenecks. With decentralization, the fault tolerance and scalability of the
system can also be improved. The majority of participants must verify the transactions in order to approve and add
it to the distributed ledger. There is no single authority that can approve the transactions or set specific rules to have
transactions accepted. Therefore, there is a massive amount of trust included since the majority of the participants in
the network have to reach an agreement to validate transactions. Therefore, the BC will provide a secure platform for
IoT devices and will also eliminate centralized traffic flows and single points of failure of the current centralized IoT
architecture.
• Resilience: The resilience in BC is because each node has its own copy of the ledger that contains all transactions that
have ever made in the network. Even if one node was compromised, the BC would be maintained by every other node.
Having a copy of the data at each node in the IoT will improve information sharing needs.
• Identity of things: Identity and access management for IoT is a major challenge. BC can provide a solution to these
challenges by providing a trustworthy and authorized identity registration for assets.
POHRMEN ET AL. 19 of 26

• Authentication, authorization, and privacy: BC can provide single and multiparty decentralized authentication to
IoT devices. With the help of smart contracts, authorization access rules for connected IoT devices can be specified
with less complexity when compared with traditional authorization protocols.
• Data authentication: The data transmitted by IoT devices connected to the BC network will be cryptographically
signed by the true sender that holds a unique PK. This ensures the authenticity of the data.
• Integrity: The hash functions used in BC will ensure the integrity of transmitted data. Altering the data in the BC
would result in a change in the entire block hash and the Merkle root. Recalculation of the hashes would be impractical;
hence, the malicious block gets discarded. Any changes in the distributed ledger must be verified by the majority of
the network nodes. Therefore, the transaction cannot be altered or deleted easily. Having an immutable ledger for IoT
data will increase security and privacy, which are the major challenges in this technology and all new technologies.
• Security: Current security protocols that are used in IoT, can be improved further by using the BC system. With the
help of smart contracts, BC can store device interactions as transactions, thereby securing communications between
devices. BC has the ability to provide a secure network over untrusted parties which is needed in IoT with its numerous
and heterogeneous devices.
• Anonymity: To process the transaction, both buyer and seller use anonymous and unique address numbers which keep
their identity private. This feature has been criticized as it increases the use of cryptocurrencies in the illegal online
market. However, it could be seen as an advantage if used for other purposes, for example, electoral voting systems.

7.2 Blockchain with IoT convergence challenges

BC and IoT have their own limitations, which make their convergence challenging. Some of the BC-based IoT challenges
have been discussed as follows:
• Processing power and time: IoT devices have very different computing capabilities. The cryptographic algorithms and
consensus algorithms employed in current implementations of the BC require significant computational resources,
which are far beyond the capabilities of most IoT devices.
• Storage: BC eliminates the need for a central server to store transactions/data. However, the global ledger has to be
stored on the nodes themselves. The size of this ledger increases as more and more blocks are added, which is not
feasible in IoT devices, which have very low storage capacity.
• Scalability: In current implementations of the BC, an increase in the number of nodes would lead to significant scal-
ability issues due to high broadcast traffic and processing overheads. Both SDN and IoT already suffer from scalability
issues, which would affect a BC-SDN-IoT convergence. This problem needs to be resolved to improve the performance
of the entire system.
• Consensus algorithms: Current implementations of the BC use consensus protocols (PoW or PoS). These proto-
cols require significant computational resources and are energy-consuming. Resource-constrained IoT devices are
incapable of running these protocols.
• BC platforms: A BC-based IoT application is only as good as the platform it is being executed on. The applications
inherit all the disadvantages of their platform like latency, throughput, etc. As seen in the literature, the IoT applications
on Ethereum platform suffered from latency issues, thus making its adoption in IoT a challenge.
Beyond cryptocurrencies, the possible use cases of BC are immense. The distributed and decentralized nature of BC
has made it an attractive concept in the IoT community. The underlying cryptographic functions implemented in BC
would make IoT data more secure. However, BC-based IoT convergence is still in its nascent stages. Nonetheless, to avoid
disruptive surprises or missed opportunities, strategists, planners, and decision makers across industries and business
functions should pay heed now and begin to investigate applications of the technology. In this paper, we discuss the
existing works available on this convergence, the advantages and challenges arising out of this convergence, and the future
scope of research.
As per the aforementioned discussions, it is clear that BC concept needs larger computational resources. Existing IoT
devices cannot provide the same. So, researchers focused on developing improved IoT architecture, which can solve exist-
ing IoT bottlenecks including security and privacy issues. Recently, IoT architecture has been improved to the extent that
even BC concept can be incorporated into it.
20 of 26 POHRMEN ET AL.

8 R E S E A RC H ISSU E S

The benefits of BC technology make it an ideal solution for addressing the problems in IoT. However, existing implemen-
tations of BC cannot be readily used in the IoT. Current BC architectures cannot be directly implemented as a BC-based
IoT network. IoT-specific secure BC architectures are required to accommodate IoT or similar architectures, which are
more secure. This opens opportunities to further improve the current system. Researchers are currently working in various
research area towards a seamless integration of BC with IoT as depicted in Table 4. From the challenges that arise out of
BC-based IoT convergence, the following research areas need to be focused:

• Lightweight cryptographic schemes: Current implementations of BC use cryptographic schemes such as ECC
and SHA256. These schemes are not ideal for use in BC-based IoT due to the resource-constrained nature of IoT
devices. Lightweight cryptographic schemes need to be explored to improve the efficiency of BC-based IoT without
compromising on security.
• Consensus protocols: Current implementations of BC implement consensus algorithms such as PoW. PoW is
energy-consuming and requires significant computational resources that are not possible for most IoT devices.
BC-based IoT is a distributed system that will also require a consensus protocol. This is a prominent area where further
research investigation can be carried out.
• Scalability and processing overheads: In BC, an increase in the number of nodes in the network leads to scalability
issues. This is because all blocks are verified by all nodes. In the IoT scenario, the scalability of the system is already a
major challenge. A BC-IoT convergence would further affect the scalability of the system.
• Latency and throughput: IoT applications have strict delay requirements. In current BC implementations, there is a
delay in transaction confirmation by nodes participating in the BC. This leads to an increase in latency and a decrease
in throughput.
• Security overheads: Some mechanisms that are necessary for cryptocurrencies (double spending, etc) are not
necessary for BC-based IoT.
• Transactional privacy: Transactional privacy is difficult to attain on the BC. In an IoT environment, however,
transactional privacy is required due to the nature of transactions Involved. This problem might be solved by using
homomorphic encryption, obfuscation, and zero knowledge proofs. However, these methods are resource intensive
and their application on IoT devices might be challenging.
• User identity: Current BC use pseudonyms as user identity. This method does not ensure complete privacy. The
transactions are public and the identity of the user can be revealed by analyzing the transactions.
• Authentication, authorization, and accounting: In current IoT scenario, access management is based on cen-
tralized models. Smart contracts can be used for specifying authentication and authorization access rules for IoT
devices. BC-based access control architecture could help manage the millions of distributed devices in an efficient and
decentralized manner.
• Energy efficiency: BC uses schemes such as consensus protocols, P2P communication, and asymmetric cryptographic
schemes, which consume very high energy in IoT devices. Proper energy-efficient consensus protocols are required
for BC-based IoT. Lightweight cryptographic solutions need to be investigated to ensure that these devices have an
acceptable level of security without draining the devices' energy. Researchers have proposed improvements to existing
P2P protocols to make them more energy efficient.
• Lightweight BC for resource-constrained devices: The resource-constrained nature of IoT necessitates the need to
explore lightweight cryptographic schemes to implement BC-based IoT efficiently. These schemes can greatly improve
the efficiency of BC-based IoT without compromising on security.

9 U S E C A S E S O F BLOCKCH AIN- BASED IOT

BC-based IoT can be applied in numerous fields. Although, the BC concept was designed with the aim of creating a
decentralized currency. Its success in achieving decentralization has made it an attractive solution to many application
areas. These include healthcare, smart vehicles, energy sector, agriculture, supply chain and logistics, smart cities, and
shared homes/assets as shown in Figure 6. Some of these applications are discussed in the following:
• Healthcare: Healthcare data are essential in making a smart healthcare system and improve the quality of healthcare
service. In the healthcare sector, interoperability has proven to be a major challenge. This is mainly due to the lack
POHRMEN ET AL. 21 of 26

FIGURE 6 Blockchain-based Internet-of-Things (IoT) applications

of a universal patient identification system and information blocking. Lack of transparency is also a challenge for the
health sector. The increase in transparency would increase accountability for each and every action that has been
taken by the participants. These challenges can be addressed by the use of BC technology as it has the ability to enable
patients to own, control, and share their own data easily and securely without violating patient privacy. A BC-based
healthcare system the patients are provided identification with a unique hash ID identifier. Since these identifiers are
pseudonymous, the user's identity is secured and private. The transparency provided by BC will allow anyone who is
part of the network to look at how each transaction takes place and whether all the relevant information is getting
passed through or not. BC's hash functions can help preserve data integrity. It is therefore impossible to tamper with
any data that is inside the BC. Other advantages are immutability, security, and traceability. The patients can easily
send and maintain their health records without the fear of data corruption or tampering and without any threat to their
security and privacy. Similarly, the institutes providing healthcare can give proper treatment without the hindrance of
information blocking.85
• Smart vehicles: In recent years, there has been a growing interest in making vehicles which are equipped with facilities
such as sensors that are capable of detecting early damage in engines. This will help in increasing the longevity of the
vehicles as early fault detection will help in prevention of fatal damage in an engine. These types of smart vehicles can
also generate and broadcast messages to improve traffic safety and efficiency using vehicular networks system attached
to it. The exchange of messages in vehicular networks proved to extremely beneficial in terms of real-time applications.
These include information that will help in providing the optimal vehicle traffic routes, accident avoidance information
while the vehicle is in motion, wrong-way driving, and signal violation warning.86 Considering the importance of
the information that a vehicular network will be able to provide, its security and scalability issues should get utmost
importance. Recently, researchers from academia and industry are trying to resolve these issues with the help of BC
integration in vehicular networks system.87 The BC-based vehicular network can operate in a distributed manner to
build a new, reliable, and secure distributed transport management system. Some efforts have already been made in
which BC is used to resolve critical message dissemination issues in VANET.49
• Energy: In the energy sector, IoT is playing an important role as sensors are being installed on pipelines, valves, or other
assets to help in monitoring equipment over time, to identify flaws, and to prevent leaks. Besides this, the distributed
generation of renewable energy is more efficient than a centralized one. Most of the current BC-based applications refer
to the electrical grids, microgrids, and peer-to-peer consumption. Microgrids are small grids that are linked to local
power sources in a decentralized manner. P2P energy trading takes place when a person can generate more energy
from renewable resources than they can consume. In such scenarios, however, there are common security and privacy
challenges caused by untrusted and nontransparent energy markets. Centralized power stations run the risk of being
potential targets for hackers. This has encouraged governments to accelerate the paradigm shift from centralization to
a more decentralized, distributed energy resource management, which helps decrease the risk of terrorist attacks. BC
is capable of getting rid of these intermediaries and enable faster and frequent P2P energy trading.88 There are many
other use cases of BC in the energy sector. One use case is the optimization and management of the electricity supply by
22 of 26 POHRMEN ET AL.

using BC. Some BC-based achievements in the energy sector include LO3 Energy and the Brooklyn Microgrids project,
Electron, PowerLedger, etc.
• Agriculture: Agricultural and environmental monitoring data stored in a distributed cloud allows users to engineer
trust and secure sustainable agricultural development with transparent data with the help of BC technology. BC-based
agricultural systems become immutable and decentralized record management systems.89 In the agricultural sector,
BC has the potential to improve warehouse management and supply chains management effectively. With the help
of IoT, real-time data about crops and livestock can be monitored. Active monitoring would aid farmers in preventing
harvest losses. Use of sensors in monitoring storage techniques can help prevent mold growth and infestation. Other
use cases in the agriculture sector include supply chain technologies that have the potential to increase in value. The
BC can add value to products by allowing buyers to trace the product's provenance and prove quality. Companies such
as OriginTrail and Ripe are exploring BC solutions for this problem. Another project, Agtech has combined machine
learning techniques to help farmers achieve high yields and mitigate risks. BC-based platforms also have the potential
to incentivize more sustainable practices, especially in developing countries. Such incentives will encourage farmers
to grow their produce in an organic, sustainable manner to attain a financial reward. This can lead to a change in the
practices that have led to the degradation of the environment.
• Supply chain and logistics: The lack of visibility of shipment data in as the shipment moves through the supply chain
is a major problem. Delays in the shipment are also caused by intermediaries who have to approve the paperwork. These
problems can be solved by BC-based IoT as key shipment data can be captured by IoT devices attached to products or
components as the shipment moves from source to destination.90 The transaction status of shipments will be updated to
the BC, where everyone can trace the shipment's origin and also prevent tampering of shipment data. Smart contracts
can aid in triggering automatic digital invoicing and payments after proof of delivery. The BC removes the need for a
centralized intermediary and in keeping track of volume across subsidiaries, business partners, and the entire supply
chain network. BC can also aid in the auditing process efficiently without wasting time and efforts.
• Smart cities: Smart cities use information technology to integrate and manage physical, social, and business infrastruc-
tures to provide better services to the residents. BC technology can be integrated with smart devices to provide a secure
communication platform in smart cities.91 The BC-based framework can combine multiple technologies to automate
smart city services while ensuring enhanced security, immutability, resilience, and transparency. Some of the ways that
BC could be used in smart cities are Smart Payments, Identity, Transportation Management, Government Services,
Waste management, Healthcare, Judicial/legislative services, etc. The BC can facilitate all municipal payments and an
Identity Management system based on BC can provide a secure mechanism for storing and validating user identities,
which can curb identity theft. Another use case is transportation management using BC to create a P2P platform for
transportation. Government services can be provided with a transparent e-voting system. Other e-governance services
like can also be automated with the help of BC and smart contracts.
• Shared homes/assets: A sharing economy where objects such as a product, a property, a service, or any asset that can
be shared, needs a shared network. BC has the ability to provide an architecture where interactions are permissioned,
immutable, and shared across service providers with great efficiency. Germany's Share & Charge, Origin, and Slock.it
are examples of providers of a shared network for shared objects. Share & Charge allows owners of charging stations to
share energy with each other. Slock.it allows people to rent, sell, or share objects by fitting the objects with smart locks
that are released when certain conditions are met with the help of smart contracts. This allows the automation of rent-
ing out homes apartments, vehicles, or any other underused asset that people are willing to share without centralized
intermediaries.92

10 CO N C LU S I O N

There is a growing need for applications like smart homes and smart cities in day-to-day activities. These demands have
increased the usage of the IoT system. As a result, a large amount of data is produced which needs suitable protection
systems to be developed, which are compatible with the IoT system. The data are also vulnerable to external attacks. The
IoT system's privacy aspects also need to be ensured. This has called for research initiatives to improve the security and
privacy system of IoT. However, the bottleneck here is that IoT devices are resource and energy-constrained. So, the imple-
mentation of traditional security mechanisms here is very difficult. The convergence of BC concept with IoT can provide
some relief to these difficulties. This is because BC can provide privacy and security mechanisms that are lightweight,
scalable, decentralized, and distributed. However, this convergence is not without its challenges. As seen in the literature
POHRMEN ET AL. 23 of 26

review tables, there exist very few works that actually have implemented BC-based IoT system practically. Research ini-
tiatives in this area are still in their very early stages. The literature indicates that a successful BC IoT convergence will
require a BC system that has been customized specifically for the needs of IoT.

ORCID
Fabiola Hazel Pohrmen https://orcid.org/0000-0002-3284-8407
Rohit Kumar Das https://orcid.org/0000-0001-5431-6236

REFERENCES
1. Al-Fuqaha A, Guizani M, Mohammadi M, Aledhari M, Ayyash M. Internet of Things: a survey on enabling technologies, protocols, and
applications. IEEE Commun Surv Tutor. 2015;17(4):2347-2376.
2. Zhou J, Cao Z, Dong X, Vasilakos AV. Security and privacy for cloud-based IoT: challenges. IEEE Commun Mag. 2017;55(1):26-33.
3. Alaba FA, Othman M, Hashem IAT, Alotaibi F. Internet of Things security: a survey. J Netw Comput Appl. 2017;88:10-28.
4. Antonopoulos AM. Mastering Bitcoin: Unlocking Digital Cryptocurrencies. Sebastopol, CA: O'Reilly Media Inc; 2014.
5. Panarello A, Tapas N, Merlino G, Longo F, Puliafito A. Blockchain and IoT Integration: a systematic survey. Sensors. 2018;18(8):2575.
6. Reyna A, Martín C, Chen J, Soler E, Díaz M. On blockchain and its integration with IoT. Challenges and opportunities. Future Gener
Comput Syst. 2018;88:173-190.
7. Ali MS, Vecchio M, Pincheira M, Dolui K, Antonelli F, Rehmani MH. Applications of blockchains in the Internet of Things: a
comprehensive survey. IEEE Commun Surv Tutor. 2018;21(2):1676-1717.
8. Khan MA, Salah K. IoT security: review, blockchain solutions, and open challenges. Future Gener Comput Syst. 2018;82:395-411.
9. Nunes BAA, Mendonca M, Nguyen XN, Obraczka K, Turletti T. A survey of software-defined networking: past, present, and future of
programmable networks. IEEE Commun Surv Tutor. 2014;16(3):1617-1634.
10. Bawany NZ, Shamsi JA, Salah K. DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab J Sci Eng.
2017;42(2):425-441.
11. Das RK, Maji AK, Saha G. Prospect of improving Internet of Things by incorporating software-defined network. In: Advances in
Communication, Devices and Networking: Proceedings of ICCDN 2018. Berlin, Germany: Springer; 2019.
12. Das RK, Khongbuh W, Pohrmen FH, Maji AK, Saha G. Controller placement and selection strategy for SDN. Int J Comput Intell IoT.
2019;2(2).
13. Banafa A. Secure and Smart Internet of Things (IoT): Using Blockchain and Artificial Intelligence (AI). Sterling, VA: Stylus Publishing, LLC;
2019.
14. Salah K, Rehman MHU, Nizamuddin N, Al-Fuqaha A. Blockchain for AI: review and open research challenges. IEEE Access.
2019;7:10127-10149.
15. Zheng Z, Xie S, Dai H, Chen X, Wang H. An overview of blockchain technology: architecture, consensus, and future trends. Paper presented
at: 2017 IEEE International Congress on Big Data (BigData Congress); 2017; Honolulu, HI.
16. Pohrmen FH, Das RK, Khongbuh W, Saha G. Blockchain-based security aspects in Internet of Things network. In: Advanced Informatics
for Computing Research: Second International Conference, ICAICR 2018, Shimla, India, July 14-15, 2018, Revised Selected Papers, Part II.
Berlin, Germany: Springer; 2018.
17. Mayer H. ECDSA security in Bitcoin and Ethereum: a research survey. Buenos Aires, Argentina: CoinFabrik; 2016.
18. Nakamoto S. Bitcoin: a peer-to-peer electronic cash system. 2008. https://bitcoin.org/bitcoin.pdf. Accessed December 1, 2018.
19. Buterin V. Ethereum White Paper: A Next-Generation Smart Contract and Decentralized Application Platform. Zug, Switzerland:
ethereum.org; 2013. https://github.com/ethereum/wiki/wiki/White-Paper/. Accessed December 2, 2018.
20. Bach L, Mihaljevic B, Zagar M. Comparative analysis of blockchain consensus algorithms. Paper presented at: 2018 41st International
Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO); 2018; Opatija, Croatia.
21. Huh S, Cho S, Kim S. Managing IoT devices using blockchain platform. Paper presented at: 2017 19th International Conference on
Advanced Communication Technology (ICACT); 2017; Pyeongchang, South Korea.
22. Hyperledger-open source blockchain technologies. https://www.hyperledger.org/. Accessed October 11, 2018.
23. IBM blockchain platform. https://www.ibm.com/blockchain/platform. Accessed October 1, 2018.
24. HDAC. https://www.hdactech.com/en/Hdac/hdac.do. Accessed October 11, 2018.
25. Azure BaaS (blockchain as a service). https://azure.microsoft.com/en-us/solutions/blockchain. Accessed October 11, 2018.
26. Multichain. Open platform for building blockchains. https://www.multichain.com/. Accessed September 1, 2018.
27. Chain core. https://chain.com/docs/protocol/papers/whitepaper/. Accessed October 10, 2018.
28. Openchain. Blockchain technology for the enterprise. https://www.openchain.org/. Accessed September 1, 2018.
29. HydraChain. Permissioned distributed ledger. https://github.com/HydraChain. Accessed September 1, 2018.
30. Quorum. https://github.com/jpmorganchase/quorum. Accessed October 11, 2018.
31. BigchainDB. The blockchain database. https://www.bigchaindb.com/. Accessed October 11, 2018.
24 of 26 POHRMEN ET AL.

32. Ferrag MA, Derdour M, Mukherjee M, Derhab A, Maglaras L, Janicke H. Blockchain technologies for the Internet of Things: research
issues and challenges. IEEE Internet Things J. 2018;6(2):2188-2204.
33. Liang X, Zhao J, Shetty S, Li D. Towards data assurance and resilience in IoT using blockchain. Paper presented at: 2017 IEEE Military
Communications Conference (MILCOM); 2017; Baltimore, MD.
34. Maseleno A, Othman M, Deepalakshmi P, Shankar K, Ilayaraja M. Hash function based optimal block chain model for the Internet of
Things (IoT). In: Handbook of Multimedia Information Security: Techniques and Applications. Cham, Switzerland: Springer; 2019.
35. Hammi MT, Hammi B, Bellot P, Serhrouchni A. Bubbles of trust: a decentralized blockchain-based authentication system for IoT. Comput
Secur. 2018;78:126-142.
36. Banafa A. IoT and blockchain convergence: benefits and challenges. IEEE Internet Things. 2017.
37. Flauzac O, Gonzalez C, Hachani A, Nolot F. SDN based architecture for IoT and improvement of the security. Paper presented at: 2015
IEEE 29th International Conference on Advanced Information Networking and Applications Workshops (WAINA); 2015; Gwangju, South
Korea.
38. Dawoud A, Shahristani S, Raun C. Deep learning and software-defined networks: towards secure IoT architecture. Internet Things.
2018;3:82-89.
39. McKeown N, Anderson T, Balakrishnan H, et al. OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput Commun
Rev. 2008;38(2):69-74.
40. Salman O, Elhajj I, Chehab A, Kayssi A. IoT survey: an SDN and fog computing perspective. Computer Networks. 2018;143:221-246.
41. Okay FY, Ozdemir S. Routing in fog-enabled IoT platforms: a survey and an SDN-based solution. IEEE Internet Things J.
2018;5(6):4871-4889.
42. Bonomi F, Milito R, Natarajan P, Zhu J. Fog computing: a platform for Internet of Things and analytics. In: Big Data and Internet of Things:
A Roadmap for Smart Environments. Cham, Switzerland: Springer International Publishing; 2014:169-186.
43. Dorri A, Kanhere SS, Jurdak R. Blockchain in Internet of Things: challenges and solutions. 2016. arXiv preprint arXiv:1608.05187.
44. Dorri A, Kanhere SS, Jurdak R, Gauravaram P. Blockchain for IoT security and privacy: the case study of a smart home. Paper presented
at: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops); 2017; Kona, HI.
45. Dorri A, Kanhere SS, Jurdak R, Gauravaram P. LSB: a lightweight scalable blockchain for IoT security and privacy. 2017. arXiv preprint
arXiv:1712.02969.
46. Sharma PK, Singh S, Jeong Y-S, Park JH. DistBlockNet: a distributed blockchains-based secure SDN architecture for IoT networks. IEEE
Commun Mag. 2017;55(9):78-85.
47. Sharma PK, Chen M-Y, Park JH. A software defined fog node based distributed blockchain cloud architecture for IoT. IEEE Access.
2018;6:115-124.
48. Mach P, Becvar Z. Mobile edge computing: a survey on architecture and computation offloading. IEEE Commun Surv Tutor.
2017;19(3):1628-1656.
49. Shrestha R, Bajracharya R, Shrestha AP, Nam SY. A new-type of blockchain for secure message exchange in VANET. Digit Commun Netw.
2019.
50. Zhou L, Wang L, Sun Y, Lv P. BeeKeeper: a blockchain-based IoT system with secure storage and homomorphic computation. IEEE Access.
2018;6:43472-43488.
51. Zhou L, Wang L, Ai T, Sun Y. BeeKeeper 2.0: confidential blockchain-enabled IoT system with fully homomorphic computation. Sensors.
2018;18(11):3785.
52. Cha S-C, Chen J-F, Su C, Yeh K-H. A blockchain connected gateway for BLE-based devices in the Internet of Things. IEEE Access.
2018;6:24639-24649.
53. Dorri A, Steger M, Kanhere SS, Jurdak R. Blockchain: a distributed solution to automotive security and privacy. IEEE Commun Mag.
2017;55(12):119-125.
54. Dorri A, Steger M, Kanhere SS, Jurdak R. A blockchain-based solution to automotive security and privacy. In: Blockchain for Distributed
Systems Security. Hoboken, NJ: John Wiley & Son; 2019:95-116.
55. Li R, Song T, Mei B, Li H, Cheng X, Sun L. Blockchain for large-scale Internet of Things data storage and protection. IEEE Trans Serv
Comput. 2018.
56. Pinno OJA, Grégio ARA, De Bona LC. ControlChain: a new stage on the IoT access control authorization. Concurrency Computat Pract
Exper. 2019:e5238.
57. Cebe M, Erdin E, Akkaya K, Aksu H, Uluagac S. Block4Forensic: an integrated lightweight blockchain framework for forensics applications
of connected vehicles. 2018. arXiv preprint arXiv:1802.00561.
58. Ouaddah A, Abou Elkalam A, Ait Ouahman A. FairAccess: a new blockchain-based access control framework for the Internet of Things.
Secur Commun Netw. 2016;9(18):5943-5964.
59. Novo O. Blockchain meets IoT: an architecture for scalable access management in IoT. IEEE Internet Things J. 2018;5(2):1184-1195.
60. Rahulamathavan Y, Phan RCW, Rajarajan M, Misra S, Kondoz A. Privacy-preserving blockchain based IoT ecosystem using attribute-based
encryption. Paper presented at: 2017 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS);
2017; Bhubaneswar, India.
61. Alphand O, Amoretti M, Claeys T, et al. IoTChain: a blockchain security architecture for the Internet of Things. Paper presented at: 2018
IEEE Wireless Communications and Networking Conference (WCNC); 2018; Barcelona, Spain.
POHRMEN ET AL. 25 of 26

62. Hammi MT, Bellot P, Serhrouchni A. BCTrust: a decentralized authentication blockchain-based mechanism. Paper presented at: 2018
IEEE Wireless Communications and Networking Conference (WCNC); 2018; Barcelona, Spain.
63. Ourad AZ, Belgacem B, Salah K. Using blockchain for IOT access control and authentication management. In: Internet of Things - ICIOT
2018: Third International Conference, Held as Part of the Services Conference Federation, SCF 2018, Seattle, WA, USA, June 25-30, 2018,
Proceedings. Cham, Switzerland: Springer; 2018.
64. Almadhoun R, Kadadha M, Alhemeiri M, Alshehhi M, Salah K. A user authentication scheme of IoT devices using blockchain-enabled
fog nodes. Paper presented at: 2018 IEEE/ACS 15th International Conference on Computer Systems and Applications (AICCSA); 2018;
Aqaba, Jordan.
65. Alblooshi M, Salah K, Alhammadi Y. Blockchain-based ownership management for medical IoT (MIoT) devices. Paper presented at: 2018
International Conference on Innovations in Information Technology (IIT); 2018; Al Ain, United Arab Emirates.
66. Machado C, Fröhlich AAM. IoT data integrity verification for cyber-physical systems using blockchain. Paper presented at: 2018 IEEE
21st International Symposium on Real-Time Distributed Computing (ISORC); 2018; Singapore.
67. Sharma PK, Park JH. Blockchain based hybrid network architecture for the smart city. Future Gener Comput Syst. 2018;86:650-655.
68. Rodrigues B, Bocek T, Lareida A, Hausheer D, Rafati S, Stiller B. A blockchain-based architecture for collaborative DDoS mitigation with
smart contracts. In: Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous
Infrastructure, Management, and Security, AIMS 2017, Zurich, Switzerland, July 10-13, 2017, Proceedings. Berlin, Germany: Springer; 2017.
69. Kataoka K, Gangwar S, Podili P. Trust list: internet-wide and distributed IoT traffic management using blockchain and SDN.
Paper presented at: 2018 IEEE 4th World Forum on Internet of Things (WF-IoT); 2018; Singapore.
70. Muthanna A, Ateya AA, Khakimov A, et al. Secure and reliable IoT networks using fog computing with software-defined networking and
blockchain. J Sens Actuator Netw. 2019;8(1):15.
71. Puthal D, Mohanty SP. Proof of authentication: IoT-friendly blockchains. IEEE Potentials. 2019;38(1):26-29.
72. Samaniego M, Deters R. Using blockchain to push software-defined IoT components onto edge hosts. In: Proceedings of the International
Conference on Big Data and Advanced Wireless Technologies; 2016; Blagoevgrad, Bulgaria.
73. Stanciu A. Blockchain based distributed control system for edge computing. Paper presented at: 2017 21st International Conference on
Control Systems and Computer Science (CSCS); 2017; Bucharest, Romania.
74. Awasthi S, Johri P, Khatri SK. IoT based security model to enhance blockchain technology. Paper presented at: 2018 International
Conference on Advances in Computing and Communication Engineering (ICACCE); 2018; Paris, France.
75. Hong H, Hu B, Sun Z. Toward secure and accountable data transmission in narrow band Internet of Things based on blockchain. Int J
Distributed Sens Netw. 2019;15(4). https://doi.org/10.1177/1550147719842725.
76. Zhu X, Badr Y, Pacheco J, Hariri S. Autonomic identity framework for the Internet of Things. Paper presented at: 2017 International
Conference on Cloud and Autonomic Computing (ICCAC); 2017; Tucson, AZ.
77. Abbasi AG, Khan Z. Veidblock: verifiable identity using blockchain and ledger in a software defined network. In: Companion Proceedings
of the 10th International Conference on Utility and Cloud Computing; 2017; Austin, TX.
78. Kravitz DW, Cooper J. Securing user identity and transactions symbiotically: IoT meets blockchain. Paper presented at: 2017 Global
Internet of Things Summit (GIoTS); 2017; Geneva, Switzerland.
79. Boudguiga A, Bouzerna N, Granboulan L, et al. Towards better availability and accountability for IoT updates by means of a blockchain.
Paper presented at: 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW); 2017; Paris, France.
80. Wu L, Du X, Wang W, Lin B. An out-of-band authentication scheme for Internet of Things using blockchain technology. Paper presented
at: 2018 International Conference on Computing, Networking and Communications (ICNC); 2018; Maui, HI.
81. Lee CH, Kim K-H. Implementation of IoT system using block chain with authentication and data protection. Paper presented at:
2018 International Conference on Information Networking (ICOIN); 2018; Chiang Mai, Thailand.
82. Moinet A, Darties B, Baril J-L. Blockchain based trust & authentication for decentralized sensor networks. 2017. arXiv preprint
arXiv:1706.01730.
83. Ouaddah A, Elkalam AA, Ouahman AA. Towards a novel privacy-preserving access control model based on blockchain technology in IoT.
In: Europe and MENA Cooperation Advances in Information and Communication Technologies. Cham, Switzerland: Springer International
Publishing; 2017:523-533.
84. Pinno OJA, Gregio ARA, De Bona LC. ControlChain: blockchain as a central enabler for access control authorizations in the IoT. Paper
presented at: 2017 IEEE Global Communications Conference (GLOBECOM); 2017; Singapore.
85. Yue X, Wang H, Jin D, Li M, Jiang W. Healthcare data gateways: found healthcare intelligence on blockchain with novel privacy risk
control. J Med Syst. 2016;40(10):218.
86. Karagiannis G, Altintas O, Ekici E, et al. Vehicular networking: a survey and tutorial on requirements, architectures, challenges, standards
and solutions. IEEE Commun Surv Tutor. 2011;13(4):584-616.
87. Shrestha R, Nam SY. Regional blockchain for vehicular networks to prevent 51% attacks. IEEE Access. 2019;7:95021-95033.
88. Li Z, Kang J, Yu R, Ye D, Deng Q, Zhang Y. Consortium blockchain for secure energy trading in industrial Internet of Things. IEEE Trans
Ind Inform. 2018;14(8):3690-3700.
89. Lin Y-P, Petway JR, Anthony J, et al. Blockchain: the evolutionary next step for ICT e-agriculture. Environments. 2017;4(3):50.
90. Miller D. Blockchain and the Internet of Things in the industrial sector. IT Professional. 2018;20(3):15-18.
26 of 26 POHRMEN ET AL.

91. Sun J, Yan J, Zhang KZ. Blockchain-based sharing services: what blockchain technology can contribute to smart cities. Financial
Innovation. 2016;2(1):26.
92. Ayoade G, Karande V, Khan L, Hamlen K. Decentralized IoT data management using blockchain and trusted execution environment.
Paper presented at: 2018 IEEE International Conference on Information Reuse and Integration (IRI); 2018; Salt Lake City, UT.

How to cite this article: Pohrmen FH, Das RK, Saha G. Blockchain-based security aspects in heterogeneous
Internet-of-Things networks: A survey. Trans Emerging Tel Tech. 2019;30:e3741. https://doi.org/10.1002/ett.3741

APPENDIX

TABLE A1 Abbreviations and Acronyms AA Attribute Authority

ABE Attribute-Based Encryption
ACE Authorization for Constrained Environments
API Application Program Interface
BC Blockchain
CH Cluster Head
CPAN Personal Area Network Coordinator
DoS Denial-of-Service
DDoS Distributed Denial-of-Service
DOC Decentralized Outsourcing Computation
DPoS Delegated Proof-of-Stake
ECC Elliptic Curve Cryptography
ECDSA Elliptic Curve Digital Signature Algorithm
ECDLP Elliptic Curve Discrete Logarithm Problem
ECIES Elliptic Curve Integrated Encryption Scheme
EVM Ethereum Virtual Machine
IoT Internet of Things
LSB Lightweight Scalable Blockchain
MEC Mobile Edge Computing
OSCAR Object Security Architecture
PK Public Key
PKI Public Key Infrastructure
PoA Proof-of-Authority
PoC Proof-of-Capacity
PoET Proof-of-Elapsed Time
PoL Proof-of-Luck
PoP Proof-of-Possession
PoS Proof-of-Stake
PoSpace Proof-of-Space
PoSV Proof-of-Stake-Velocity
PoT Proof-of-Trust
PoW Proof-of-Work
P2P Peer-to-Peer
RFID Radio-Frequency Identification
SDN Software Defined Network
SHA-256 Secure Hash Algorithm 256
VANET Vehicular Adhoc Network