Identity and access management resilience against intentional risk for blockchain-based IOT platforms

Some Internet of Things (IoT) platforms use blockchain to transport data. The value proposition of IoT is the connection to the Internet of a myriad of devices that provide and exchange data to improve people’s lives and add value to industries. The blockchain technology transfers data and value in an immutable and decentralised fashion. Security, composed of both non-intentional and intentional risk management, is a fundamental design requirement for both IoT and blockchain. We study how blockchain answers some of the IoT security requirements with a focus on intentional risk. The review of a sample of security incidents impacting public blockchains confirm that identity and access management (IAM) is a key security requirement to build resilience against intentional risk. This fact is also applicable to IoT solutions built on a blockchain. We compare the two IoT platforms based on public permissionless distributed ledgers with the highest market capitalisation: IOTA, run on an alternative to a blockchain, which is a directed acyclic graph (DAG); and IoTeX, its contender, built on a blockchain. Our objective is to discover how we can create IAM resilience against intentional risk in these IoT platforms. For that, we turn to complex network theory: a tool to describe and compare systems with many participants. We conclude that IoTeX and possibly IOTA transaction networks are scale-free. As both platforms are vulnerable to attacks, they require resilience against intentional risk. In the case of IoTeX, DIoTA provides a resilient IAM solution. Furthermore, we suggest that resilience against intentional risk requires an IAM concept that transcends a single blockchain. Only with the interplay of edge and global ledgers can we obtain data integrity in a multi-vendor and multi-purpose IoT network. © 2021 by the authors. Licensee MDPI, Basel, Switzerland.