Nikos Fotiou, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos and Dmitrij Lagutin
We address the limitations of existing information security solutions when applied to the cyber-physical world. In particular, we consider the case of Internet of Things (IoT) actuation and we argue that it is hard to secure such a process. To this end, we propose a “damage control” approach, where service time is divided into slots and users perform microservice transactions, paying essentially in advance for each one, corresponding to one service slot. Under these circumstances, in the case of service disruption, a user, in the worst case, may lose the amount of money that corresponds to a single micro-service transaction in a single time slot. We implement our solution by leveraging blockchain-based smart contracts, off-chain payments, and one-time Hash-based Message Authentication Code (HMAC) passwords. Our solution supports IoT devices with limited processing capabilities and which are not necessarily connected to the Internet. Moreover, with our solution, IoT devices do not interact directly with the blockchain. In fact, they are oblivious to the use of blockchain technology. They do not store any usersensitive information, neither are payments made to or is value stored on the devices.