Blockchain-based Zero Trust Cybersecurity in the Internet of Things

The Internet of Things (IoT) connects a massive number of smart devices to the Internet, in which all data, applications, devices, and users require connectivity, security, and trust. Traditional security approaches assume that all participants within the network perimeter are trustworthy. However, in IoT environment data, applications, devices, and users are gradually moving outside the traditional trusted defence perimeter and have become a source of security risks. Unlike traditional security approaches, which are initially designed for the optimum protection and only act if a process is malicious, the zero-trust security framework upholds the “verify and never trust” principle. Zero trust-based approaches assume that everything within the system is untrustworthy and needs to be verified to prevent threats.

Meanwhile, the blockchain technology shows promises on cyber security and several blockchain security mechanisms have been developed, including access management, user authentication, and transaction security. Due to its prowess in enhancing cyber security, blockchain can provide zero trust security framework with highly accessible and transparent security mechanisms via a visible blockchain, in which all transactions are visible to restricted operators. Zero-trust models can be secured further by a blockchain due to its sheer immutable nature and blockchain technology is expected to recognise them, authenticate their trust, and allow them access. Blockchain-enabled zero trust security can detect suspicious online transaction, isolate connection, and restrict access to the user.

This special issue received in total 37 high-quality submissions. Per journal policy, it was ensured that handling editors did not have any potential conflict of interest with authors of submitted papers. All submitted papers were reviewed by at least three independent potential referees. The papers were evaluated for their rigor and quality, and also for their relevance to the theme of our special issue. After evaluating the overall scores, seven papers were selected by the guest editors and approved by the Editor-in-Chief for inclusion in this special issue.

We will now briefly introduce the accepted papers.

The paper entitled “Three-tier storage framework based on TBchain and IPFS for protecting IoT security and privacy ” by authors Li et al. proposed to use a three-tier blockchain to split transactions in the public blockchain and lock them in a higher-level TBchain to deal with scalability limitations and poor storage extensibility.

The paper entitled “A Blockchain-based Access Control Scheme for Zero Trust Crossorganizational Data Sharing ” by authors Gai et al. use homomorphic encryption technology to encrypt the sensitive data and combine the threshold mechanism and double-trap mechanism to realize the secure computing on the encrypted data so as to ensure that the plaintexts of the final calculation results (e.g., recommendation value and evaluation truth) are only obtained by the authorized subject. A detailed security analysis shows that the proposed scheme can achieve the expected security. In addition, performance comparison results are carried out, demonstrating its effectiveness and accuracy.

The paper entitled “BACKM-EHA: A novel blockchain-enabled security solution for IoMT-based e-healthcare applications” by Mohammad Wazid et al. investigated blockchain-enabled security solution for the Internet of Medical Things (IoMT). A blockchain-enabled access control and key management protocol named “BACKM-EHA” was proposed for IoMT, which is able to protect e-healthcare systems and applications from replay attack, man-in-the-middle attack, impersonation, privileged inside, unauthorised session key computation, and so on. A comprehensive performance and security analysis was conducted and the experimentation results show that the performance of BACKM-EHA is good in terms of communication costs, computation load, security, and functionality features.

The paper entitled “V-Gas: Generating high gas consumption inputs to avoid out-of-gas vulnerability” by Fuchen Ma et al. focused on the out-of-gas vulnerability of smart contract in blockchain systems. A js-evm based new solution ‘V-Gas’ was proposed that can automatically generate inputs that maximise the gas cost and reduce underestimation. The V-Gas was designed based on both static analysis and feedback-directed mutational fuzz testing by building the gas weighted control flow graph (WCFG) and then guide gas consumption to maximise the gas consumption. The experimental results show that the V-Gas generates higher gas estimation with better performance.

The paper entitled “A high compatible verification framework for minimal upgrade to secure the existed edge network” by Zhenyu Li et al. proposed a network verification framework for edge computing environment to minimise the upgrades and enhance the security. The proposed framework includes a new data processing structure named sliding window double ring (SWDR) that can improve the performance.

In the paper entitled “S-BDS: An effective blockchain-based data storage scheme in zero-trust IoT”, Jin Wang et al. proposed a blockchain-based data storage scheme named S-BDS aiming to address the problem of blockchain capacity and scalability without compromising the performance. An Insertable Vector Commitment (IVC) was proposed to replace the Merkle tree to store IoT data in the blockchain. The experimental results show that the S-BDS is able to provide better performance.

The paper entitled “Securing low-power blockchain-enabled IoT devices against energy depletion attack” by Amjad Alsirhani et al. focused on communication issues between edge computing devices in the IoT. The authors proposed a novel protocol based on the low power and lossy network (LLN) to protect devices from multiple DoS attacks, in which a blockchain enabled mitigation scheme named DIS spam attack mitigation (DISAM) was developed. Experiments were conducted to demonstrate the effectiveness of DISAM.

The paper entitled “Privacy-aware traffic flow prediction based on multi-party sensor data with zero trust in smart city” by Fan Wang et al. investigated the privacy issues over traffic-related urban units (vehicles, roads, buildings, etc.). An accurate locality sensitive hashing based traffic flow prediction method was proposed for edge computing devices to address the trade-off between data sharing and data privacy across organization traffic data fusion and prediction.

The guest editors would like to thank the authors for their contributions to the special issue and all of the reviewers for their constructive comments. We are also grateful to the Editor-in-Chief for his support and encouragement, and the journal’s editorial staff for help in the preparation of this special issue.

UESTC, China & UWE Bristol, UK

Email: [email protected]

CSIRO’s Data61 Sydney, Australia

Email: [email protected]

University of Bristol Bristol BS8 1TR, UK

Email: [email protected]

University of Electronic Science and Technology of China Chengdu, China

Email: [email protected]