Enhancing Trust in Devices and Transactions of the Internet of Things

Licentiate thesis, 2020

With the rise of the Internet of Things (IoT), billions of smart embedded devices will interact frequently.
These interactions will produce billions of transactions.
With IoT, users can utilize their phones, home appliances, wearables, or any other wireless embedded device to conduct transactions.
For example, a smart car and a parking lot can utilize their sensors to negotiate the fees of a parking spot.
The success of IoT applications highly depends on the ability of wireless embedded devices to cope with a large number of transactions.
However, these devices face significant constraints in terms of memory, computation, and energy capacity.


With our work, we target the challenges of accurately recording IoT transactions from resource-constrained devices. We identify three domain-problems: a) malicious software modification, b) non-repudiation of IoT transactions, and c) inability of IoT transactions to include sensors readings and actuators.
The motivation comes from two key factors.
First, with Internet connectivity, IoT devices are exposed to cyber-attacks.
Internet connectivity makes it possible for malicious users to find ways to connect and modify the software of a device.
Second, we need to store transactions from IoT devices that are owned or operated by different stakeholders.


The thesis includes three papers. In the first paper, we perform an empirical evaluation of Secure Boot on embedded devices.
In the second paper, we propose IoTLogBlock, an architecture to record off-line transactions of IoT devices.
In the third paper, we propose TinyEVM, an architecture to execute off-chain smart contracts on IoT devices with an ability to include sensor readings and actuators as part of IoT transactions.