Blockchain-Based Self-Sovereign Identity Management Mechanism in AIoT Environments
Abstract
1. Introduction
- (1)
- Design of a zero-trust and blockchain-based SSI integration framework. By combining the SSI with zero-trust SSI, this framework establishes trusted device identity management and real-time permission verification mechanisms within the continuous verification process, laying the foundational trust for AIoT environments.
- (2)
- The proposal of a selective disclosure SSI management mechanism. It allows users or devices to disclose only the minimum necessary identity information. Leveraging blockchain technology together with cryptographic commitments, aggregated signatures, and Zero-Knowledge Proofs (ZKP), the mechanism enables efficient attribute-based authentication while avoiding the exposure of sensitive information, thus improving both privacy protection and verification efficiency in high-concurrency AIoT scenarios.
- (3)
- The proposal of a dynamic permission management mechanism combining context awareness and SD technology. This mechanism dynamically adjusts access permissions based on device behavior, network conditions, and AI task requirements. It enforces fine-grained least-privilege control, thereby effectively preventing identity misuse and privilege escalation.
2. Related Work
2.1. Self-Sovereign Identity Management in the IoT
2.2. Decentralized Identity Management in AI Environments
2.3. Zero-Trust-Based Self-Sovereign Identity Management
3. Blockchain-Based Self-Sovereign Identity Management Mechanism
3.1. Mechanism Overview
- Key Generation Center (KGC) [34]: An entity responsible for assisting in the generation and management of keys within a decentralized network.
- Users: The owner and user of identity information, serving as the core of the entire mechanism. It is responsible for generating local portions of private and public keys and submitting registration requests to the KGC to complete identity initialization.
- Blockchain: Serves as the underlying technology for decentralized storage and management of credentials.
- AIoT Devices/Resources: The objects users ultimately access and interact with.
- Self-Sovereign Identity Management Mechanism (SSIM): The core logic module for handling identity credentials, responsible for constructing, aggregating, and validating credentials.
- Dynamic Permission Generation Mechanism: This module is critical for implementing zero-trust “continuous verification” and the principle of least privilege. It handles real-time decision-making and permission management while enforcing access control.
3.2. User Identity Registration and Key Generation
3.2.1. Parameter Generation
- Set a t-bit prime number p and a generator P.
- Define the additive cyclic group and the elliptic curve .
- Choose the master private key denoted as , which is jointly selected by the decentralized network or generated through distributed key generation. The system’s public key is computed as .
- Choose four secure hash functions to support subsequent operations such as identity generation, encryption, and signing. Now, the system publishes the parameters and keeps y confidential.
3.2.2. User Node Registration
3.2.3. Complete Key Pair Generation
3.3. Construction and Aggregation of Selective Disclosure Credentials
3.3.1. Credential Construction
3.3.2. Credential Aggregation
3.3.3. Credential Verification and Tracking
3.4. Dynamic Permission Management
3.4.1. Credential Verification
3.4.2. Permission Evaluation Based on Selective Disclosure Credentials
3.4.3. Dynamic Policy Configuration
3.4.4. Dynamic Permission Generation Algorithm
Algorithm 1 Dynamic permission generation algorithm |
|
4. Security Analysis
4.1. Security of Key Generation
4.2. Privacy of Selectively Disclosed Credentials
4.3. Validity of Aggregate Signatures
4.4. Correctness of the Least Privilege Principle
- (1)
- Completeness: All necessary permissions are included;
- (2)
- Minimality: No redundant permissions exist.
5. Performance Analysis
5.1. Environmental Configuration
5.2. Computational Efficiency
5.3. Information Entropy and Attack Success Rate
5.4. Dynamic Permission Generation Time
5.5. System Overhead
6. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Li, X.; Song, Z.; Yang, J. Federated adversarial learning: A framework with convergence analysis. In Proceedings of the International Conference on Machine Learning. PMLR, Honolulu, HI, USA, 23–29 July 2023; pp. 19932–19959. [Google Scholar]
- Ren, Y.; Leng, Y.; Cheng, Y.; Wang, J. Secure data storage based on blockchain and coding in edge computing. Math. Biosci. Eng. 2019, 16, 1874–1892. [Google Scholar] [CrossRef]
- Xie, G.; Hou, G.; Pei, Q.; Huang, H. Lightweight privacy protection via adversarial sample. Electronics 2024, 13, 1230. [Google Scholar] [CrossRef]
- Fredrikson, M.; Jha, S.; Ristenpart, T. Model inversion attacks that exploit confidence information and basic countermeasures. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12–16 October 2015; pp. 1322–1333. [Google Scholar]
- Weigl, L.; Barbereau, T.; Fridgen, G. The construction of self-sovereign identity: Extending the interpretive flexibility of technology towards institutions. Gov. Inf. Q. 2023, 40, 101873. [Google Scholar] [CrossRef]
- Ren, Y.; Lv, Z.; Xiong, N.; Wang, J. HCNCT: A cross-chain interaction scheme for the blockchain-based metaverse. ACM Trans. Multimed. Comput. Commun. Appl. 2024, 20, 1–23. [Google Scholar] [CrossRef]
- Nasr, M.; Shokri, R.; Houmansadr, A. Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 20–22 May 2019; pp. 739–753. [Google Scholar]
- Chen, J.; Cai, Z.; Qi, J.; Fang, B. Design of a Decentralized and Distributed Digital Identity Framework for Cross-Border Scenarios. Strateg. Study Chin. Eng. Sci. 2025, 27, 88–97. [Google Scholar]
- He, Y.; Huang, D.; Chen, L.; Ni, Y.; Ma, X. A survey on zero trust architecture: Challenges and future trends. Wirel. Commun. Mob. Comput. 2022, 2022, 6476274. [Google Scholar] [CrossRef]
- Nookala, G.; Gade, K.; Dulam, N.; Thumburu, S.K.R. Zero-Trust security frameworks: The role of data encryption in cloud infrastructure. MZ Comput. J. 2023, 4, 1–17. [Google Scholar]
- Han, C.; Chen, H.; Qiu, Z. Design and implementation of a data-flowing oriented zero-trust security situational awareness framework. In Proceedings of the International Conference on Network Simulation and Evaluation, Shenzhen, China, 22–24 November 2023; pp. 133–147. [Google Scholar]
- Gambo, M.L.; Almulhem, A. Zero trust architecture: A systematic literature review. arXiv 2025, arXiv:2503.11659. [Google Scholar]
- Ren, Y.; Leng, Y.; Qi, J.; Sharma, P.K.; Wang, J.; Almakhadmeh, Z.; Tolba, A. Multiple cloud storage mechanism based on blockchain in smart homes. Future Gener. Comput. Syst. 2021, 115, 304–313. [Google Scholar] [CrossRef]
- Murcia, J.M.B.; Cánovas, E.; García-Rodríguez, J.; Zarca, A.M.; Skarmeta, A. Decentralised identity management solution for zero-trust multi-domain computing continuum frameworks. Future Gener. Comput. Syst. 2025, 162, 107479. [Google Scholar] [CrossRef]
- Zhang, P.; Sun, H.; Zhang, Z.; Cheng, X.; Zhu, Y.; Zhang, J. Privacy-Preserving Recommendations With Mixture Model-Based Matrix Factorization Under Local Differential Privacy. IEEE Trans. Ind. Inform. 2025, 21, 5451–5459. [Google Scholar] [CrossRef]
- Feng, J.; Wu, Y.; Sun, H.; Zhang, S.; Liu, D. Panther: Practical Secure Two-Party Neural Network Inference. IEEE Trans. Inf. Forensics Secur. 2025, 20, 1149–1162. [Google Scholar] [CrossRef]
- Veeramachaneni, V. Emerging authentication technologies for zero trust in IoT systems. J. Adv. Res. Mob. Comput. 2025, 7, 7–21. [Google Scholar]
- Shahrani, A.M.; Rizwan, A.; Sánchez-Chero, M.; Cornejo, L.L.C.; Shabaz, M. Blockchain-enabled federated learning for prevention of power terminals threats in IoT environment using edge zero-trust model. J. Supercomput. 2024, 80, 7849–7875. [Google Scholar] [CrossRef]
- Dintakurthy, Y.; Innmuri, R.K.; Vanteru, A.; Thotakuri, A. Emerging applications of artificial intelligence in Edge computing: A comprehensive review. J. Mod. Technol. 2024, 1, 175–185. [Google Scholar] [CrossRef]
- Ren, Y.; Zhou, Z.; Han, Z.; Ge, C.; Huang, H. AdaptiveShard: Enhancing Throughput and Security of Sharded Blockchain with Adaptive Verifiable Coding. IEEE Trans. Inf. Forensics Secur. 2025, 20, 7927–7939. [Google Scholar] [CrossRef]
- Wang, C.; Yang, Q.; Shen, J.; Wu, Q.M.J.; He, D. BM-PDA: Blockchain Based Multifunctional Private-Preserving Data Aggregation for E-Health Systems. IEEE Trans. Dependable Secur. Comput. 2025, 1–14. [Google Scholar] [CrossRef]
- Xiao, Z.; Wang, C.; Shen, J.; Jonathan Wu, Q.M.; He, D. Less Traces Are All It Takes: Efficient Side-Channel Analysis on AES. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 2025, 44, 2080–2092. [Google Scholar] [CrossRef]
- Fedrecheski, G.; Rabaey, J.M.; Costa, L.C.; Ccori, P.C.C.; Pereira, W.T.; Zuffo, M.K. Self-sovereign identity for IoT environments: A perspective. arXiv 2020, arXiv:2003.05106. [Google Scholar]
- Popa, M.; Stoklossa, S.M.; Mazumdar, S. Chaindiscipline-towards a blockchain-iot-based self-sovereign identity management framework. IEEE Trans. Serv. Comput. 2023, 16, 3238–3251. [Google Scholar] [CrossRef]
- Bartolomeu, P.C.; Vieira, E.; Hosseini, S.M.; Ferreira, J. Self-sovereign identity: Use-cases, technologies, and challenges for industrial iot. In Proceedings of the 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), Zaragoza, Spain, 10–13 September 2019; pp. 1173–1180. [Google Scholar]
- Weingaertner, T.; Camenzind, O. Identity of things: Applying concepts from self sovereign identity to IoT devices. J. Br. Blockchain Assoc. 2021, 4. [Google Scholar] [CrossRef]
- Sakib, N.; Ali, M.Y.; Momo, N.M.; Mumu, M.I.; Nahid, M.A.; Chowdhury, F.R.; Ferdous, M.S. Secure ownership management and transfer of consumer internet of things devices with self-sovereign identity. arXiv 2024, arXiv:2408.17184. [Google Scholar] [CrossRef]
- Kaul, D. AI-driven decentralized authentication system using homomorphic encryption. Int. J. Adv. Res. Eng. Technol. 2021, 12, 74–84. [Google Scholar]
- Chamola, V.; Goyal, A.; Sharma, P.; Hassija, V.; Binh, H.T.T.; Saxena, V. Artificial intelligence-assisted blockchain-based framework for smart and secure EMR management. Neural Comput. Appl. 2023, 35, 22959–22969. [Google Scholar] [CrossRef] [PubMed]
- Le, A.; Nguyen, N.; Tran, T.; Nakano, T. Securing digital futures: Exploring decentralised systems and blockchain for enhanced identity protection. In Proceedings of the International Conference on Intelligence of Things, Ho Chi Minh City, Vietnam, 25–27 October 2023; pp. 200–212. [Google Scholar]
- Mamoshina, P.; Ojomoko, L.; Yanovich, Y.; Ostrovski, A.; Botezatu, A.; Prikhodko, P.; Izumchenko, E.; Aliper, A.; Romantsov, K.; Zhebrak, A.; et al. Converging blockchain and next-generation artificial intelligence technologies to decentralize and accelerate biomedical research and healthcare. Oncotarget 2018, 9, 5665. [Google Scholar] [CrossRef] [PubMed]
- Nash, A. Decentralized intelligence network (DIN). arXiv 2024, arXiv:2407.02461. [Google Scholar] [CrossRef]
- Nasrin, S. Securing vaccination data using self-sovereign identity, hyperledger fabric and zero trust model. In Proceedings of the 2023 International Conference on Information and Communication Technology for Sustainable Development (ICICT4SD), Dhaka, Bangladesh, 21–23 September 2023; pp. 290–294. [Google Scholar]
- Verma, R.; Indra, G. ZIADA: Zero trust-based identity attestation framework for DLT verified AI-enabled industrial internet of things. In Proceedings of the 2024 IEEE Region 10 Symposium (TENSYMP), New Delhi, India, 27–29 September 2024; pp. 1–6. [Google Scholar]
- Li, S.; Doh, I.; Chae, K. A group authentication scheme based on lagrange interpolation polynomial. In Proceedings of the 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), Fukuoka, Japan, 6–8 July 2016; pp. 386–391. [Google Scholar]
- Kittur, A.S.; Pais, A.R. Batch verification of digital signatures: Approaches and challenges. J. Inf. Secur. Appl. 2017, 37, 15–27. [Google Scholar] [CrossRef]
- Bojič Burgos, J.; Pustišek, M. Decentralized iot data authentication with signature aggregation. Sensors 2024, 24, 1037. [Google Scholar] [CrossRef]
- Li, Z. A verifiable credentials system with privacy-preserving based on blockchain. J. Inf. Secur. 2022, 13, 43–65. [Google Scholar] [CrossRef]
Symbolic | Definition |
---|---|
p | a t-bit prime number |
KGC’s system public key, | |
y | KGC’s master private key |
P | generator of an additive cyclic group |
multiplicative group of integers modulo p | |
elliptic curve equation, , where |
Scheme | Complexity | Security | Storage | Advantages/Limitations |
---|---|---|---|---|
RSA [36] | Weak | High | Simple to implement, but inefficient | |
ECDSA + Merkle Tree [37] | Medium | Medium | Supports incremental verification; complex tree maintenance | |
BLS [38] | Strong | Low | Efficient aggregation; vulnerable to k-forgery attacks | |
Lagrangian Interpolation [35] | Strongest | Lowest | Threshold property + mathematical verifiability |
Scheme | Disclosed | Info | Attack |
---|---|---|---|
Attrs | Entropy | Rate (%) | |
Traditional (Full) | 20 | 0.0 | 98.6 |
Our Mechanism | 1 | 4.2 | 12.4 |
Our Mechanism | 5 | 3.8 | 15.7 |
Our Mechanism | 10 | 2.9 | 28.3 |
Our Mechanism | 15 | 1.5 | 45.6 |
Our Mechanism | 20 | 0.0 | 98.5 |
DP, | 20 | 3.6 | 18.9 |
DP, | 20 | 3.1 | 24.7 |
DP, | 20 | 2.4 | 30.1 |
Users | Storage (KB/User) | Memory (MB) | CPU Usage (%) | Network (KB/Tx) |
---|---|---|---|---|
1000 | ||||
2000 | ||||
3000 | ||||
4000 | ||||
5000 | ||||
6000 | ||||
7000 | ||||
8000 | ||||
9000 | ||||
10,000 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Ren, J.; Zhang, J.; Ren, Y.; Xu, J. Blockchain-Based Self-Sovereign Identity Management Mechanism in AIoT Environments. Electronics 2025, 14, 3954. https://doi.org/10.3390/electronics14193954
Ren J, Zhang J, Ren Y, Xu J. Blockchain-Based Self-Sovereign Identity Management Mechanism in AIoT Environments. Electronics. 2025; 14(19):3954. https://doi.org/10.3390/electronics14193954
Chicago/Turabian StyleRen, Jingjing, Jie Zhang, Yongjun Ren, and Jiang Xu. 2025. "Blockchain-Based Self-Sovereign Identity Management Mechanism in AIoT Environments" Electronics 14, no. 19: 3954. https://doi.org/10.3390/electronics14193954
APA StyleRen, J., Zhang, J., Ren, Y., & Xu, J. (2025). Blockchain-Based Self-Sovereign Identity Management Mechanism in AIoT Environments. Electronics, 14(19), 3954. https://doi.org/10.3390/electronics14193954