Secure Management of IoT Devices Based on Blockchain Non-fungible Tokens and Physical Unclonable Functions

One of the most extended applications of blockchain technologies for the IoT ecosystem is the traceability of the data and operations generated and performed, respectively, by IoT devices. In this work, we propose a solution for secure management of IoT devices that participate in the blockchain with their own blockchain accounts (BCAs) so that the IoT devices themselves can sign transactions. Any blockchain participant (including IoT devices) can obtain and verify information not only about the actions or data they are taking but also about their manufacturers, managers (owners and approved), and users. Non Fungible Tokens (NFTs) based on the ERC-721 standard are proposed to manage IoT devices as unique and indivisible. The BCA of an IoT device, which is defined as an NFT attribute, is associated with the physical device since the secret seed from which the BCA is generated is not stored anywhere but a Physical Unclonable Function (PUF) inside the hardware of the device reconstructs it. The proposed solution is demonstrated and evaluated with a low-cost IoT device based on a Pycom Wipy 3.0 board, which uses the internal SRAM of the microcontroller ESP-32 as PUF. The operations it performs to reconstruct its BCA in Ethereum and to carry out transactions take a few tens of milliseconds. The smart contract programmed in Solidity and simulated in Remix requires low gas consumption.