Implementation of IoT System using BlockChain

with Authentication and Data Protection

Chan Hyeok Lee Ki-Hyung Kim

Dept. of Knowledge Information Engineering Ajou Univ
Ajou Univ Suwon Gyeonggi-do, Korea
Suwon Gyeonggi-do, Korea kkim86@ajou.ac.kr
leechanhyeok@ajou.ac.kr

Abstract— In a block-chain IoT environment, when data or Block chain has been applied to bitcoin and etherium using
device authentication information is put on a block chain, security technologies such as electronic signatures, public keys,
personal information may be leaked through the proof-of-work and hash functions. The bitcoin developed by Satoshi
process or address search. In this paper, we apply Zero- Nakamoto is getting attention, and it is also studying the
Knowledge proof to a smart meter system to prove that a prover utilization method in financial and non-financial areas
without disclosing information such as public key, and we have including virtual currency. In the bitcoin, the block chain is a
studied how to enhance anonymity of block chain for privacy kind of distributed digital book that stores the history of the bit
protection . coin, which is a currency issued periodically[7]. This ledger is
made of cryptographic techniques that can not be counterfeited
Keywords—IoT; Security; Block Chain; Smart Grid
or modulated and is made as a verification step to prevent
forgery and tampering of transactions through transaction
I. INTRODUCTION processes and hash values as shown in Figure 1. for the transfer
The IoT is the abbreviation of the Internet of Things, which of ownership[8].
enables objects to share and control data between objects
because things are connected to the Internet. It is possible to
commit malicious attacks, such as data tampering, or privacy
infringement, while sharing data on objects over the Internet.
This paper introduced a block chain to prevent security
threats such as data counterfeiting, which could occur using
smart meters. Zero-Knowledge proof, a block chain anonymity
enhancement technology, was introduced to prevent security
threats such as personal information infringement through
block inquiry. It was proposed to use smart contracts to prevent
smart meter data forgery and personal information
infringement We suggest.

II. RELATED WORK

Smart grids are intelligent grids that combine IT technology
Fig. 1. Transactions in a block chain
with traditional grids to enhance the efficiency of the energy
utilization[1]. In a smart grid environment, each Advanced
Mitigation Infrastructure (AMI) is deployed in users and In order to judge whether or not it is falsified or altered,
facilities, and can be used to measure energy production and transaction information is collected and a hash of the block is
utilization and provide services such as resale[2]. In a smart created. In this case, the hash value of the previous block is
grid environment, smart meters are needed to measure power also included to affect the hash of the block. These blocks are
consumption. The smart meter is installed at the end of each connected as shown in Figure 2., which is called a block chain.
device to record the power consumption and production of the A user who finds a block that meets the condition receives the
device, and the accumulated data can analyze the power usage value of the new bitcoin[9].
pattern[3]. Security vulnerabilities for smart meters have
privacy concerns that analyze patterns using power usage
eavesdropping and traffic analysis[4]. There is also the risk of
moderating the power data transmitted from the smart meter to
charge lower or higher costs. So we need to introduce smart
meter authentication technology[5].

Fig. 2. Block Chain Concept Map

978-1-5386-2290-2/18/$31.00 ©2018 IEEE 936 ICOIN 2018

 Smart Contract was first introduced by Nick Szabo in 1994
and is defined as a protocol that enables the computerized
transactions to be encoded by coding the necessary elements of
the contract[10]. This is a technology that enables the need for
a reliable third party to be minimized[11].
Ethereum is a representative block chain with smart
contracts. Etherium was proposed by Vitalik Buterin in 2013
and introduced smart contracts as well as virtual currency,
enabling developers to implement applications directly.
Software updates can be used to create application platforms
that can implement various DAPPs, such as IoT or application
services[12].
Block chains with anonymity include Monero, Dash,
ZCASH and so on. An anonymous block chain is a block chain
that makes it impossible to trace an account and transaction
contents, such as an account, etc., in order to prevent personal
information infringement. They implemented an anonymous
block chain using different security technologies. Monroe
applied a technology to prevent tracing of existing bit coins
with digital assets using Cryptonote protocol. It used a special
encryption technique called Ring Signatures, One-time keys. It
is very difficult for a third party to confirm the contents of a
transaction because the key is mixed in a certain group and a
private key is required to confirm the transaction[13]. Dash is a
technique of concealing transaction records through the
technique of coin joining. It started with the name of Dark
Coin, but changed its name to Dash Coin for image
enhancement. It is difficult to track transactions using a
technique of mixing coins to be traded by constructing a new
type of node called a master node[20]. ZCASH is a block chain
of cryptographic based on zero knowledge proof technology.
Other than the information provided by the provider, it is
designed so that it can not be known by the recipient.
Depending on the choice, the provider may provide
information such as the existing block chain. ZCASH,
implemented as a zero-knowledge proof, distributes
anonymized, non-traceable technology in collaboration with
Etherium and ZPMorgan[17].
A Zero knowledge proof is a method of proving that
information is known without disclosing any information. The
concept of the zero knowledge proof introduced in the block
chain is a proof method that can prove a transaction or a work
without exposing the information or transaction information of
the virtual money to the outside. It is a proof method which
satisfies three properties of completeness, impracticality, and
Zero Knowledge.
Fig. 3. Examples of Zero Knowledge Proof
937
In Figure 3., the content of the paper that introduces the zero
knowledge proof to the cave easily is illustrated[14]. The
prover can open the door through the secret key, and the
verifier does not know the secret key, but verifies that the
prover is correct. The prover enter to the secret door with road
of A or B , and the verifier tells the prover to return to road of
A. If the prover knows the secret key, the probability of the
prover coming back is 100%. However, even if you do not
know the secret key that is not a prover, the likelihood of
returning via A is 50%. If you continue this process n times,
the probability of not returning will increase if you are not a
prover. This method of verification through probability is
called the proof of zero knowledge. In other words, by using
the zero knowledge proof in the block chain, the verifier can
confirm that the transaction party is correct without knowing
the information of the transaction party, transaction contents.
III. PROPOSAL OF AUTHENTICATION AND DATA PROTECTION
SYSTEM USING BLOCK CHAIN
As a proposed system environment, Mobius IoT open
server platform[14] was used to implement a system that can
share sensor data from device to application and upload it to a
block chain server. In the block chain environment, Etherium's
smart contract is used to put the power data on the block chain
network so that all users can prove it and increase the
reliability. Using the smart contract created with the Zero-
Knowledge Proof function, We used anonymity-enhanced
block chains to prevent account information or data from being
disclosed.
Fig. 4. Proposed system architecture using block chain
Figure 4. shows the configuration of smart grid system
including smart meter, prosumer power trading and electric car
charger using the proposed block chain. There are three types
of devices that generate transactions by putting data in a block
chain smart contract. The first is a consumer who uses
electricity, and the second is a prosumer that produces
electricity and sells it to consumers. The third is a prosumer
that sells electricity through its own electric charger. Each
device has a module for measuring the amount of power and is
stored in a block-chain smart contract function depending on
the situation. In general electric users, the electricity used
through the smart meter is stored together with the usage time, pattern of the user. An attacker is at risk of a second crime,
and in the case of the prosumer, the electric prduction is stored such as theft, because the user can see if the house is empty.
in the smart contract. In the case of an electric car charger, Therefore, in this paper, we propose a method to protect the
when a consumer plugs in a charger, the electricity generated personal information of the proposed system by adding a proof
by the prosumer is consumed, the electricity consumed is of zero knowledge that can prove the information is correct
stored in the contract, and the electricity generated by the without providing information to the verifier.
prosumer is reduced and stored. Through the application, the
general user can search the used electricity quantity and pay the
electricity bill according to the period with call the smart
contract function. The prosumer can search for the electricity
generated and the consumer using the electric car charger can
search the charger to find the amount of electricity that can be
charged and the amount of electricity charged by the vehicle.

Fig. 6. Zero Knowledge Proof Authentication Protocol

Fig. 5. Device authentication and data transmission sequence diagram

As shown in Figure 6, the client generates a public key and
In the proposed system, the authentication method and the stores it together with the ID, unlike the system that hashes the
data transmission method of the smart meter are the same as existing password to the server directly. This has the advantage
the sequence diagram of Figure 5. The user transmits the of preventing cracking breaking the hash encryption of existing
'device ID' and 'user ID' and 'password to be used as the block systems. It is a protocol that can be proved without sending a
chain password' of the smart meter through the Mobius server hashed password to the server when the user login[16].
to register the member. The Mobius server requests a new
account in the block chain with the password from the
transmitted member information and receives the account
address response. Mobius stores the user ID, device ID, and
account address sent to the member application in the database.
When the Smart Meter is executed, the Smart Meter receives
and executes the power measurement source code stored in the
server by ftp, and stores the amount of power consumed by the
Smart Contract in the block chain by selecting the account
address in the server's database. The smart contract
accumulates the power data transmitted from the smart meter
and requests the transaction by calculating the charge by the
calculation method applying the progressive tax on the day and
month. After the block is created, the user sends the member
ID to the Mobius server to retrieve the power consumption or
to pay the fee, and the server retrieves the data uploaded to the
block through the block chain address matched to the ID in the
database and displays it in the user application.
In the proposed system, if the verifier or a third party
knows only the address of the user, the amount of power
consumed and the amount of the fee paid can be inquired
through the block. This is a problem of personal information Fig. 7. Zero knowledge proof block chain system diagram
infringement because it can analyze the power consumption

938
 Using the zero knowledge proof authentication protocol, IV. SECURITY ANALYSIS
the public key is stored in the block chain without storing the Data collected through smart meters is used for power
original data in the block chain, and the original data is stored
pricing. Therefore, the collected data must be integrity
in the server database. When the proof is completed through
the zero knowledge proof process together with the public key protected to prevent it from being tampered with. For
stored in the block chain, the data is called so that the data can example, a user might want to pay less than the amount of
be prevented from being modulated. It also protects your power user used, so user is likely to tamper with the data. In
privacy because you do not put your original data directly in addition, the power provider is likely to modulate the data to
the block chain. charge more power charges than the user has consumed.
Therefore, it is possible to generate blocks by verifying the
data transmitted by the smart meter and to disperse the ledger
to make data impossible to be modulated and to maintain
integrity.
Also, if the data collected through the smart meter is
scattered and distributed among several people by the block
chain, the malicious attacker can analyze the life pattern of the
user by searching the power consumption over time, and the
attacker can save the time consuming the minimum power
consumption Based on this, the attacker can know whether
user is going out or vacationing. As such, if the data collected
through the smart meter is directly exposed by the block chain,
it may infringe the privacy of the user and damage the
property of the user. In the proposed system, the public key
generated by proving zero knowledge is stored in order to
maintain confidentiality without causing privacy invasion. In
Fig. 8. Block Chain Authentication and Data Protection Proposal System addition, the original data can be stored on the server to
Using Zero Knowledge maintain availability and can be used for electricity pricing or
electricity usage searches.
V. EXPERIMENT AND IMPLEMENTATION
As shown in Figure 8, the proposed system consists of
registration and authentication a two-step process and a three
stages of client, server, and block chain. In the block chain, the
registration phase and the authentication phase are
implemented as a non - interactive zero knowledge
verification[19] function using the smart contract. In the
registration step, the data x to be protected by the client is input
to generate a random number g and p, which are prime
numbers, and the data is regarded as a secret key, and a public
key pub is generated. The data x to be protected on the server
and the generated pub are transmitted and the server stores it in
the database. Also, in the block chain, the random values g and
p and the public key pub generated without transmitting the
data x to be protected are transmitted and stored in the block to
complete the registration. When calling the data in the
proposed system, the authentication process is performed.
When the client calls the data x stored in the server, it selects
the public key pub of x stored in the server's database. In the
stored block chain, if the query is made through pub, the
random values g and p stored in the registration step are called.
Through the g and p transmitted from the block chain, the Fig. 9. Data protection transaction results using zero knowledge proof
server generates R1 and w by the non-interactive zero
knowledge proof with low communication burden, and If the data matches the first time it is registered, the
transmits to the block chain. The smart contract in the block verification will indicate success, and if it has been tampered,
chain executes the proof function using the received R1 and w
the verification will report a failure. The transaction does not
and computes the value of R2. Through this, it can be proved
that the value of stored data x in the server can not be display the original data. This allows you to meet data
modulated even if it is not stored directly in the block chain. integrity, confidentiality, and availability..

939
 VI. CONCULUSION [3] Luan, Shang-Wen, et al. "Development of a smart power meter for AMI
based on ZigBee communication", Power Electronics and Drive
In this paper, we propose smart contract and system using Systems, 2009. PEDS 2009. International Conference on. IEEE, 2009.
Zero-knowledge proof to protect data. IoT data is stored in the [4] Common Criteria for Information Technology Security Evaluation,
block chain, which can prevent IoT device authentication and Version3.1, CCMB, Setp.2006.
data tampering. Zero-knowledge proof technology is applied to [5] Youngu Lee, A Study for PKI Based Home Network System
prevent third parties from checking the user's original data Authentication and Access Control Protocol, KICS '10-04Vol.35No.4
through block retrieval. The current system of measuring and [6] Kepco, Prosumer Power Trading, http://home.kepco.co.kr
charging the amount of electricity through the smart meter [7] Andreas M, Masteing Bitcoin: Unlocking Digital Cryptocurrencies,
applies a block chain because there are various problems such pp.49-68, O’REILLY, 2015
as forgery and alteration of data and errors in the calculation of [8] Sung-Hoon Lee, Device authentication in Smart Grid System using
charges, and furthermore, Through Smart contracts that have Blockchai, KAIST, 2016.
Zero-knowledge proof can make transactions such as car [9] Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System,
2008.
chargers, prosumer power trading convenient and safe.
[10] Nick Szabo, Smart Contracts, 1994.
[11] Nick Szabo, The Idea of Smart Contracts, 1997.
ACKNOWLEDGMENT [12] The Cointelegraph, A Brief History of Ethereum From Vitalik
This study was conducted as a result of the research result [13] Buterin’s Idea to Release, 2015
of 'Future Creation Science Department' and 'Korea Internet [14] Jean-Jacques Quisquater, How to Explain Zero-Knowledge Protocols to
Promotion Agency' “Master degree program support project of Your Children,1989.
knowledge information engineering department with [15] KETI, Mobius IoT server platform, http://iotocean.com
employment contract type”. [16] Ryan Cheu, An Implementation of Zero Knowledge Authentication,
2014
[17] Eli Ben-Sasson, Zerocash: Decentralized Anonymous Payments from
REFERENCES Bitcoin, 2014
[18] Surae Noether, Review of Ctyptonote White Paper, 2016
[19] Charles RackoffDaniel R. Simon, Non-Interactive Zero-Knowledge
[1] Gungor, V. Cagri, et al. "A survey on smart grid potential applications Proof of Knowledge and Chosen Ciphertext Attack, Annual
and communication requirements." Industrial Informatics, Vol.9, No.1, International Cryptology Conference, 1991
2013, pp. 28-42.
[20] Evan Duffield,Daniel Diaz ,Dash: A Privacy-Centric Crypto-Currency,
[2] Gangale, Flavia, Anna Mengolini, and Ijeoma Onyeji., "Consumer 2015.
engagement: An insight from smart grid projects in Europe.", Energy
Policy, Vol.60, 2013, pp.621-628.

940