Decentralized authorization in constrained IoT environments exploiting interledger mechanisms.

We present models that utilize smart contracts and interledger mechanisms to provide decentralized authorization for constrained IoT devices. The models involve different tradeoffs in terms of cost, delay, complexity, and privacy, while exploiting key advantages of smart contracts and multiple blockchains that communicate with interledger mechanisms. These include immutably recording hashes of authorization information and policies in smart contracts, resilience through the execution of smart contract code on all blockchain nodes, and cryptographically linking transactions and IoT events recorded on different blockchains using hash-lock and time-lock mechanisms. In the case of two ledgers, an authorization and a payment ledger, the authorization ledger can be a private Ethereum network or a permissioned ledger such as Hyperledger Fabric. For decentralized authorization where a subset of m-out-of-n authorization servers are required, we present two policies for selecting the m servers. The first policy can utilize statistics of the authorization servers such as transaction cost and response time. The second policy selects the first m servers that respond. The proposed models are evaluated on the public Ethereum testnets Rinkeby and Ropsten, and for different implementations on the Hyperledger Fabric permissioned ledger, in terms of execution cost (gas), delay, and reduction of data that needs to be sent to the constrained IoT devices.