NFT-Based Authentication: Securing IoT Assets in Smart City Infrastructure

By Soham NandiReviewed by Susha Cheriyedath, M.Sc.Nov 17 2023

In an article published in the journal Nature, researchers introduced a groundbreaking Non-Fungible Token (NFT)-based authentication structure for IoT assets in smart city infrastructure. The innovative architecture digitized devices, enhanced security, and operated independently of centralized entities. Leveraging blockchain, it used Externally Owned Addresses (EOA) for robust digital representation, eliminating the need for additional hardware upgrades like Physical Unclonable Functions (PUF).

Background

In the realm of smart city architecture, the integration of IoT-enabled devices poses challenges in security and authentication. Previous research has explored blockchain-based solutions, particularly utilizing NFTs, to enhance device identification and authentication. However, existing efforts often lack consideration for the heterogeneity and constraints of IoT devices and may require additional hardware upgrades, such as PUFs, leading to practical limitations.

This research addressed these critical gaps by proposing an innovative NFT-based authentication structure tailored for smart city infrastructure. The architecture encompassed Owners, Users, fog, and IoT nodes, providing a comprehensive solution for digitizing IoT assets. Notably, it operated independently of centralized entities, fostering a more autonomous and secure infrastructure. Leveraging EOA in blockchain architecture, the study established NFTs as digital representations of smart devices. This adaptation enhanced the portrayal of smart devices, offering a more robust solution compared to the existing ERC721 standard.

A distinctive feature of this proposed architecture was its focus on software-based digital representation and authentication of IoT-enabled smart assets. By eliminating the need for additional hardware upgrades, the study overcame practical challenges associated with PUFs, making the proposed solution more accessible and cost-effective.
To validate the effectiveness of the proposed architecture, the researchers conducted rigorous evaluations, including assessments of security services, efficiency, and latency. Deployments on both private and public ledgers, such as Hyperledger Besu and the Goerli Testnet, provided practical insights into the real-world applicability of the proposed solution.

Methodology

The research methodology is a comprehensive framework that introduced an extended NFT standard for cyber-physical systems (CPSs) in smart cities. It innovatively expanded the ERC721 protocol, enabling the digitization of IoT assets with robust authentication mechanisms. The proposed methodology employed cryptographic primitives, ensuring data integrity and confidentiality. Deployment on both public and private blockchains facilitated real-world evaluations.

The working mechanism involved a smart contract for NFT declaration, associating IoT assets with metadata, and enhancing security without hardware upgrades. The architecture supported multiple smart contracts for diverse CPSs and included an authentication layer using SHAIII encryption. The consensus mechanism, IBFT 2.0, ensured secure user authentication, and the verification and blockchain layer provided essential security services, establishing decentralized identification in CPSs. The methodology achieved its objectives by offering an innovative, secure approach to digitize and authenticate IoT assets, contributing significantly to blockchain-based solutions for IoT in smart cities.

Design and Implementation

Smart contracts, written in Solidity on Remix IDE, were deployed on the Ethereum-based Goerli testnet. Utilizing ERC-721, the architecture enhanced asset representation, introducing novel attributes like User ID (UID), Device ID (DID), and FogID. The modular components accommodated various cyber-physical systems in smart cities. The authentication process involved secure session connections, device mapping, and user authentication through NFT minting.

Gas consumption analysis revealed efficiency, and transaction postings on Goerli demonstrated successful authentication. The proposed design, with pseudo-codes and algorithms, ensured clarity in deploying the architecture across diverse settings. Source code accessibility on GitHub enabled public exploration and deployment on the Goerli testnet, validating the architecture's functionality and security services.

Results and Discussion

The proposed NFT-based architecture demonstrated enhanced security services, including confidentiality, availability, and integrity, filling a gap identified in existing literature. The implementation ensured confidentiality by restricting smart contract access to the owner, validated through failed transactions for unauthorized access attempts. Availability is assured by the owner's exclusive control over smart contract assets. Authorization is reinforced by an "OnlyOwner" modifier, limiting access to approved entities.

The use of the SHA-III encryption protocol in minting functions ensured integrity. Gas consumption analysis on the Goerli testnet revealed efficiency, with the proposed architecture outperforming a PUF-based NFT solution regarding execution cost. The proposed functions exhibited low gas consumption, providing an efficient and secure solution for IoT asset authentication. Time complexity analysis affirmed low latency, with validation on a private blockchain and Goerli testnet supporting the architecture's effectiveness.

Conclusion

In conclusion, this study presented a novel blockchain-based model using NFTs to enhance security in smart city cyber-physical systems. The architecture, built on private and testnet blockchains, integrated robust consensus mechanisms and achieved security objectives, including confidentiality, integrity, availability, and authorization.

The proposed NFT functions demonstrated efficiency, with lower gas consumption compared to existing solutions. Innovative call() functions enhanced time complexity, reducing transaction costs. The architecture aimed to authenticate users and devices through unique NFTs, providing a promising solution for secure and efficient smart city implementations. Future testing in real-world scenarios will further validate its effectiveness.