DECENTRALIZED IDENTITY AND ACCESS MANAGEMENT IN INTERNET OF THINGS SYSTEMS BASED ON BLOCKCHAIN
DOI:
https://doi.org/10.37943/25DQCA5653Keywords:
Internet of Things, blockchain, decentralized identity, self-sovereign identity, access control, attribute-based access control, verifiable credentialsAbstract
The exponential proliferation of Internet of Things (IoT) devices presents critical challenges to traditional centralized identity and access management systems, which are plagued by issues of scalability, single points of failure, and significant privacy risks. While blockchain technology offers a promising decentralized alternative, its direct application is often hindered by low transaction throughput, high costs, and the computational limitations of IoT devices. This study addresses these challenges by proposing and formally evaluating HybID-AC, a novel hybrid architecture for decentralized identity and access management tailored for large-scale, heterogeneous IoT ecosystems. The methodology involves a dual-layer design that separates global trust anchoring from local execution. A highly scalable, feeless Directed Acyclic Graph (DAG) based distributed ledger serves as a public "anchor layer" for registering W3C standard Decentralized Identifiers (DIDs) and access policy hashes. All high-frequency access control operations are processed off-chain at the "edge layer" using the DIDComm v2 peer-to-peer protocol, Attribute-Based Access Control (ABAC) for fine-grained policy enforcement, and Zero-Knowledge Proofs (ZKP) to ensure privacy-preserving attribute verification. The results of our analytical evaluation demonstrate that the HybID-AC architecture achieves orders-of-magnitude improvements in latency and cost-efficiency compared to fully on-chain models, maintaining consistent performance as the network scales. Furthermore, we introduce an original probabilistic model that provides a quantitative metric for assessing the integral security risk of ABAC policies against attribute compromise. The study concludes that this hybrid approach effectively resolves the inherent trade-offs of blockchain in an IoT context, offering a robust, scalable, and interoperable framework that empowers devices with self-sovereign identity while ensuring security and privacy by design.
References
Rahman, Z., Yi, X., Mehedi, S. T., Islam, R., & Kelarev, A. (2022). Blockchain Applicability for the Internet of Things: Performance and Scalability Challenges and Solutions. Electronics, 11(9), 1416. https://doi.org/10.3390/electronics11091416
Hosseini, S. M., Ferreira, J., & Bartolomeu, P. C. (2023). Blockchain-Based Decentralized Identification in IoT: An Overview of Existing Frameworks and Their Limitations. Electronics, 12(6), 1283. https://doi.org/10.3390/electronics12061283
Obaidat, M. A., Rawashdeh, M., Alja’afreh, M., Abouali, M., Thakur, K., & Karime, A. (2024). Exploring IoT and Blockchain: A Comprehensive Survey on Security, Integration Strategies, Applications and Future Research Directions. Big Data and Cognitive Computing, 8(12), 174. https://doi.org/10.3390/bdcc8120174
Le, H. V. A., Nguyen, Q. D. N., Tadashi, N., & Tran, T. H. (2025). Blockchain‑Based Decentralized Identity Management System with AI and Merkle Trees. Computers, 14(7), 289. https://doi.org/10.3390/computers14070289
Ragothaman, K., Wang, Y., Rimal, B., & Lawrence, M. (2023). Access Control for IoT: A Survey of Existing Research, Dynamic Policies and Future Directions. Sensors, 23(4), 1805. https://doi.org/10.3390/s23041805
Almarri, S., & Aljughaiman, A. (2024). Blockchain Technology for IoT Security and Trust: A Comprehensive SLR. Sustainability, 16(23), 10177. https://doi.org/10.3390/su162310177
Enaya, A., Fernando, X., & Kashef, R. (2025). Survey of Blockchain-Based Applications for IoT. Applied Sciences, 15(8), 4562. https://doi.org/10.3390/app15084562
Ren, J., Zhang, J., Ren, Y., & Xu, J. (2025). Blockchain‑Based Self‑Sovereign Identity Management Mechanism in AIoT Environments. Electronics, 14(19), 3954. https://doi.org/10.3390/electronics14193954
Taherpour, A., & Wang, X. (2025). A high-throughput and secure coded blockchain for IoT. IEEE Transactions on Dependable and Secure Computing. https://doi.org/10.1109/TDSC.2025.3532850
Sarower, A. H., & Hassan, M. M. (2023). Necessity of reliable self-sovereign identity management framework for resource constrained IoT devices. AIP Conference Proceedings, 2579(1), 020003. https://doi.org/10.1063/5.0112785
Alanzi, H., & Alkhatib, M. (2022). Towards Improving Privacy and Security of Identity Management Systems Using Blockchain Technology: A Systematic Review. Applied Sciences, 12(23), 12415. https://doi.org/10.3390/app122312415
Strüker, J., Urbach, N., Guggenberger, T., Lautenschlager, J., Ruhland, N., Schlatt, V., Sedlmeir, J., Stoetzer, J.-C., & Völter, F. (2021). Self-Sovereign Identity – Foundations, Applications, and Potentials of Portable Digital Identities. Project Group Business & Information Systems Engineering, Fraunhofer Institute for Applied Information Technology FIT, Bayreuth.
Satybaldy, A., Ferdous, M. S., & Nowostawski, M. (2024). A taxonomy of challenges for self-sovereign identity systems. IEEE Access, PP, 1–10. https://doi.org/10.1109/ACCESS.2024.3357940
Ramírez-Gordillo, T., Maciá-Lillo, A., Pujol, F. A., García-D’Urso, N., Azorín-López, J., & Mora, H. (2025). Decentralized Identity Management for Internet of Things (IoT) Devices Using IOTA Blockchain Technology. Future Internet, 17(1), 49. https://doi.org/10.3390/fi17010049
Ahsan, M. S., & Pathan, A.-S. K. (2025). A Comprehensive Survey on the Requirements, Applications, and Future Challenges for Access Control Models in IoT: The State of the Art. IoT, 6(1), 9. https://doi.org/10.3390/iot6010009
Zaidi, S. Y. A., Shah, M. A., Khattak, H. A., Maple, C., Rauf, H. T., El-Sherbeeny, A. M., & El-Meligy, M. A. (2021). An Attribute-Based Access Control for IoT Using Blockchain and Smart Contracts. Sustainability, 13(19), 10556. https://doi.org/10.3390/su131910556
Kukut, Melike & Sogukpinar, Ibrahim. (2024). Attribute-Based Access Control in Internet of Things Security. The Eurasia Proceedings of Science Technology Engineering and Mathematics. 28. 23-33. https://doi.org/10.55549/epstem.1519125
Caserio, C., Lonetti, F., & Marchetti, E. (2022). A Formal Validation Approach for XACML 3.0 Access Control Policy. Sensors, 22(8), 2984. https://doi.org/10.3390/s22082984
Papatheodorou, N., Hatzivasilis, G., & Papadakis, N. (2025). The YouGovern Secure Blockchain‑Based Self‑Sovereign Identity (SSI) Management and Access Control. Appl. Sci., 15(12), 6437. https://doi.org/10.3390/app15126437
Namane, Sarra & Ben Dhaou, Imed. (2022). Blockchain-Based Access Control Techniques for IoT Applications. Electronics. 11. 2225. https://doi.org/10.3390/electronics11142225
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Articles are open access under the Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors who publish a manuscript in this journal agree to the following terms:
- The authors reserve the right to authorship of their work and transfer to the journal the right of first publication under the terms of the Creative Commons Attribution License, which allows others to freely distribute the published work with a mandatory link to the the original work and the first publication of the work in this journal.
- Authors have the right to conclude independent additional agreements that relate to the non-exclusive distribution of the work in the form in which it was published by this journal (for example, to post the work in the electronic repository of the institution or publish as part of a monograph), providing the link to the first publication of the work in this journal.
- Other terms stated in the Copyright Agreement.