Abstract
Security has always been the main concern for the internet of things (IoT)-based systems. Blockchain, with its decentralized and distributed design, prevents the risks of the existing centralized methodologies. Conventional security and privacy architectures are inapplicable in the spectrum of IoT due to its resource constraints. To overcome this problem, this paper presents a Blockchain-based security mechanism that enables secure authorized access to smart city resources. The presented mechanism comprises the ACE (Authentication and Authorization for Constrained Environments) framework-based authorization Blockchain and the OSCAR (Object Security Architecture for the Internet of Things) object security model. The Blockchain lays out a flexible and trustless authorization mechanism, while OSCAR makes use of a public ledger to structure multicast groups for authorized clients. Moreover, a meteor-based application is developed to provide a user-friendly interface for heterogeneous technologies belonging to the smart city. The users would be able to interact with and control their smart city resources such as traffic lights, smart electric meters, surveillance cameras, etc., through this application. To evaluate the performance and feasibility of the proposed mechanism, the authorization Blockchain is implemented on top of the Ethereum network. The authentication mechanism is developed in the node.js server and a smart city is simulated with the help of Raspberry Pi B+. Furthermore, mocha and chai frameworks are used to assess the performance of the system. Experimental results reveal that the authentication response time is less than 100 ms even if the average hand-shaking time increases with the number of clients.