Rapid proliferation of smart home IoT devices has intensified the demand for secure, scalable, and autonomous firmware authentication mechanisms. Traditional centralized solutions face challenges related to privacy concerns, limited scalability, and vulnerability to single point of failure. In this paper, we propose DIDAuth-IoTFW, a novel decentralized identity and firmware authentication framework that uniquely integrates Ethereum Layer-2 Arbitrum, InterPlanetary File System (IPFS), and W3C-compliant Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). DIDAuth-IoTFW provides a complete firmware authentication life cycle, from decentralized identity registration to real-time, on-chain verifiable revocation. While enabling autonomous, cryptographic verification directly on resource-constrained IoT devices and ensuring reliable performance even when gateways are compromised or unavailable. Our proof-of-concept implementation on ESP32 and Raspberry Pi achieved complete resistance to replay, forgery, and revocation threats with verification consistently under 1.2 s. Compared to prior work, DIDAuth-IoTFW uniquely combines firmware–VC hash binding, contract binding that prevents cross-registry replay, and device-side enforcement resilient to gateway compromise. Experimental results indicate a robust, privacy-preserving, and scalable alternative to centralized firmware-update pipelines for smart-home IoT.
各種検索
サポート
ヘルプ