Smart-PKI: A Blockchain-based Distributed Identity Validation Scheme for IoT Devices

Internet of Things (IoT) devices have achieved rapid development but most of them are vulnerable to spoofing attacks and spoofing-related attacks. It is crucial to verify source identity at the near-source end to defend against attacks, save network forwarding resources, and relieve the authentication pressure on the receiver end. In this paper, we propose Smart-PKI, a blockchain-based distributed identity validation scheme for IoT Devices. In the architecture of Smart-PKI, near-source forwarders can verify the authenticity of the source identity of packets and can filter spoofed packets. Besides, we apply Merkle Patricia Trie (MPT) to the Smart-PKI blockchain to enable lightweight blockchain copy storage and efficient retrieval and verification of identity information on forwarders. Meanwhile, Smart-PKI proposes an identity restoration mechanism and enables solutions for the attacks caused by public and private key compromise. Furthermore, we implement Smart-PKI on Network Simulator Version 3 (NS3) and evaluate its performance against reflection denial-of-service (DDoS) attacks. The simulation results demonstrate the effectiveness and efficiency of Smart-PKI and it outperforms existing blockchain-based PKI solutions for IoT devices in terms of network latency for verifying certificates.