Blockchain-enabled secure, lightweight self-sovereign identification and authentication framework for access management of IoT devices
摘要
The increasing interconnection of diverse Internet of Things (IoT) devices has heightened vulnerabilities related to centralized identity management, privacy breaches, and unauthorized access. Traditional Identity and Access Management (IAM) systems rely on third-party authorities for device identification and authentication, which can expose credentials and personal data to breaches, forgeries, and spoofing. Additionally, the limited resources of IoT devices constrain their ability to perform complex cryptographic tasks and to perform ongoing verification. To overcome these issues, this paper introduces BSLIAF—a blockchain-enabled, secure, and lightweight self-sovereign identification and authentication framework—that provides decentralized, privacy-preserving, and energy-efficient access control for large-scale IoT environments. BSLIAF combines self-sovereign identity (SSI) principles, layer-2 blockchain technology, and zero-trust architecture to remove dependence on centralized authorities while supporting autonomous identity ownership and continuous mutual verification. Its hybrid cryptography, which combines dual-layer hashing and asymmetric encryption, enhances confidentiality with minimal computational overhead. Meanwhile, resource-intensive blockchain operations are handled by gateways to ensure lightweight, energy-efficient operation. Formal verification with ProVerif and AVISPA confirms the protocol’s safety under the Dolev–Yao and typed adversarial models. Experimental results show that BSLIAF reduces computational costs, energy consumption, and authentication latency by 30–35%, storage costs by 30%, and communication overhead by 13%, compared with SCAB-IoT, LSB, and Bubble of Trust. These findings validate BSLIAF as a secure, lightweight, privacy-focused, scalable, and resource-efficient access control solution for next-generation IoT ecosystems.