LSM: A Lightweight Security Mechanism for IoT Based Smart City Management Systems using Blockchain

mart cities utilize digital technologies for the improvement of its services’ quality and performance by reducing resources’ cost and consumption, with a commitment of action and efficiency to its citizens. The increased urban migration has led to many problems in cities, such as traffic congestion, waste management, noise pollution, energy consumption, air pollution, etc., as nowadays COVID-19 pandemic has seized the whole world. So, it is necessary to carry out its standard operating procedures (SOPs), including less human interaction. Thus, technology plays a vital role via Internet-of-Things (IoT) based systems. In this paper, a lightweight security mechanism (LSM) is proposed to enrich the IoT based systems. Blockchain technology is integrated, and its completely decentralized peer-to-peer (P2P) technology enables the users’ authentication and authorizes legitimate procedures. The IoT based management system is developed to monitor some of the aforementioned problems and solve solid waste, air, and noise monitoring systems. The Ethereum blockchain is used to implement a smart contract based framework for the system’s security and access control. The evaluation of performance of the LSM demonstrates that it is an efficient and lightweight tool in terms of cost, resources, and computation and superior over related security studies.


INTRODUCTION
According to the 2017 census, Pakistan's urban population was 32% in 1998, which has increased to 40% and is predicted to reach 50% by 2025 [1]. With the rise of population, the burden on city administrations to provide essential services to all citizens has also On the other hand, (P. Velmurugadass et al., 2021) [19] constructed a blockchain based architecture that is used for data integrity and privacy in the IaaS cloud. However, Proof-of-Work (PoW) is not suitable for IoT systems as they are resource constraints. Apart from blockchain, (M. Masud et al., 2021) [20], a one-way cryptographic hash, bitwise XOR, and nounce (number used only once) are used to provide a lightweight and secure communication. In (G. Sharma et al., 2019) [21], (M. Wazid et al., 2019) [22], proposed a lightweight authentication scheme that proved to be as insecure against privileged insider attacks.
Considering and overcoming the issues raised in the aforementioned studies, LSM, a lightweight security mechanism is proposed. LSM has a strong authentication with accurate verification and reduced the computational overhead. Its performance evaluation makes it a lightweight mechanism for security, resources, optimization, and time. The application chosen to demonstrate the LSM feasibility and potential in a real environment, IoT based smart city management system, is developed to monitor and provide a solution to solid waste, air, and noise monitoring management systems. These smart applications aimed to lead automation to reduce human-to-human or human-to-computer interaction due to the COVID-19 pandemic.
Waste management is a primary expenditure in many modern cities since both the cost for the service and the storage of waste in landfills are relatively high. In current scenario, collection and management of waste is quite difficult without the use of modern technology [23], [24]. To overcome these waste management problems, an IoT based system can be deployed to allow the terminals, namely "Smart Bins," to monitor the available data to manage and call the garbage truck when necessary. IoT based system also offers statistics on air quality in saturated areas, parks, and health tracks. In this way, humans can locate the healthiest route outdoors. This provision requires that the air pollution sensors be deployed in the metropolis and share the statistics freely with all authorized residents [25], [26].
The noise is also a form of pollution as the carbon dioxide (CO2) in the air. In this case, the metropolis experts have already issued particular legal guidelines to decrease the quantity of noise in the metropolis [27], [28]. However, despite being written on boards (Quiet zone), people keep making noise in the hospital's regions. IoT based framework will observe noise levels for the authorities to take necessary actions. This service can improve the decorum of hospital areas and the silence at night.
Benefiting from IoT characteristics and the distributed nature of blockchain, proposed LSM: a lightweight security mechanism for IoT based smart city management systems. The main contributions of this paper are given below:  A computationally efficient smart contract based lightweight security mechanism (LSM) for IoT based smart city management system is proposed.  LSM is secure against various attacks like a spoof, Sybil, and replay.  LSM only permits the registered and verified users to access the IoT data through the smart contract they authorized for IoT devices. Section I presents the introduction, literature review, objective and contributions. System architecture and testbed implementation for LSM is provided in section II. Section III evaluates the performance of the LSM in terms of security, time overhead, and benchmark studies. Further, the concluding remarks are offered in section IV.

2.
MATERIAL AND METHODS LSM's architecture is shown in Figure 1. The flowchart of the IoT based smart city management is shown in Figure 2. The architecture of the developed system is consisting of two components whose functionalities are discussed below: Hardware Components: Different sensors and modules are incorporated in this system architecture to represent IoT system. microphone, MQ-6, and ultrasonic sensors are used for noise, air, and garbage monitoring, respectively. Mini-fan is used as a vacuum for demonstration purposes. Wi-Fi, GSM, and GPS modules transmit IoT data, messages, and locations, respectively. All sensors and modules are interfaced with an Arduino-Uno board, which is an 8-bit microcontroller integrated circuit.
Software Components: Arduino-Genuino software is used for code compilation and configuration of the modules. To store data on the cloud, the Thing Speak server is used.
Ethereum is a popular platform that can process any complex algorithm code through Ethereum Virtual Machine (EVM). So, Ubuntu operating system (OS) is used in this system architecture for Ethereum blockchain development. Communication between Ethereum and cloud is done through a python script that includes the JSON-RPC protocol and the Web3py library 1 , which are lightweight and efficient for a resource constraint environment. An Ethereum node can call or deploy a smart contract using Go-Ethereum (Geth) client. A smart contract is a bunch of rules or provisions of an agreement that executes on a blockchain to audit and authorize these concurred terms without the association of an outsider. Solidity, a high-level language, is used to write a smart contract. Remix IDE and Truffle suite are used to develop and deploy the smart contract.
The IoT based smart city management system is implemented to demonstrate the potential to carry out the LSM as a Proof-of-Concept (PoC). The garbage monitoring system will update their data after every five minutes. The air monitoring system will update after every fifteen minutes, and the noise monitoring system will continuously update its data. IoT devices are connected with the cloud to upload their data and communicate with each other. Users are connected to the blockchain. The advantage of this method is that users get IoT data only when they request it. Resource optimization is done via this technique. User authentication is done via a smart contract in the blockchain and brings confidentiality, integrity, authenticity, and various security attacks like a spoof, sybil, and replay. This study aims to get a lightweight security mechanism in IoT as they operate in a resource constraint environment. Table 1 shows the notations used in this paper.

IoT based Garbage System
In this system, ultrasonic sensor and GPS module are attached to the garbage bin through which data and location information is fetched. By using the distance formula "s = v × t", theultrasonic sensor measures the bin status. Through the Wi-Fi module on it, statistics are uploaded on the cloud, enabling the users to monitor it from anywhere. Whenever the garbage bin is full, the message is sent through the GSM module to authorities to take necessary actions.

IoT based Air & Noise Monitoring System
Different sensors such as MQ-6 and microphones are used to fetch the value of noise and air pollution from the surroundings in this system. In addition, GPS module is used to access the location. Through the Wi-Fi module on it, statistics are uploaded on the cloud, enabling the users to monitor it from anywhere. A relay is used to interface the fan with the air sensor. Whenever a gas value passes a specific value, the signal is given to the relay, and the fan is operated.

Blockchain Integration
Ethereum blockchain and its nodes are developed using the Geth implementation on Ubuntu OS. The genesis file is created using puppeth to trigger the Ethereum blockchain. Clique, Proof-of-Authority (PoA), consensus protocol is opted [29]. Keccak256 algorithm is used to create Ethereum addresses [30,31,32]. Elliptic Curve Digital Signature Algorithm (ECDSA) generates private and public keys. The smart contract is developed utilizing the Remix IDE platform. The functionality of the smart contract is presented in Algorithm 1. The Truffle suite is utilized for the deployment of the smart contract. Smart contract transactions cannot be changed and are permanently stored in a transparent framework. The deployed code of the smart contract cannot be changed and is only triggered by the sender's transaction message.

RESULT AND DISCUSSION
The developed IoT based smart city management system is illustrated in Figure 3. The specifications of the devices on which the developed system is evaluated are shown in Table 2. The results are system-dependent. They can vary from system to system as their specifications change. The smart city application's results are taken by deploying the IoT system in Lahore city 2 31.5204° N, 74.3587° E.   The incoming sensor's data is transmitted via a python script using JSON-RPC and Web3py library. The python script loads data from the cloud's URL 3 and directs it to the blockchain. When the user is required to screen any of the IoT's data, it will enter itself's credentials (Signuser) and the required sensor number (IDdevice) from its Ethereum address (EAuser). Then, the smart contract will first check the authenticity of the user by comparing EAuser with the registered users (EAreg.). If the user is authentic, then it will check the combine hash of Signuser and IDdeviceusing Keccak256 algorithm with registered hashes (Hashreg.). Different numbers are assigned to various sensors. The number "0" is given to the microphone and "1" to the ultrasonic sensor, and "2" to the gas sensor. If the hash matches and the user is authorized to access the requested IoT's sensor data, then the respective values are then sent to the requested user; otherwise, it will return "false", as illustrated in Figure 4. The complete sequence diagram of LSM is illustrated in Figure 5.

Security Analysis
 Integrity: For the integrity of the data in the system, data is signed before sending data to the recipient, using the ECDSA algorithm supported by Ethereum. The recipient confirms this against the smart contract's address.  Identification:Signuser and IDdevice is required to access the IoT system. Each device and userregistered with the system has a separate ID and sign. 3 https://thingspeak.com/  Non-repudiation: All transactions are signed with their respective Signuser. Therefore, the sender cannot repudiate having performed a transaction.  Authentication: The user must first be registered with the IoT system. If the user is already registered, the smart contract has the associated credentials. As soon as the smart contract verifies the existence and validity of the details provided by the user, it can interact with the IoT system.  Spoof attack: To successfully launch a spoof attack, attacker need a Signuser,IDdeviceand EAuser.If the attacker somehow gets the IDdevice and EAuser, still needs the Signuser.  Sybil attack: In a Sybil attack, the attacker needs to create a fake identity to enter into the system. In LSM, users and devices are not allowed to have more than one ID. The message is signed with the private key. Therefore, creating a fake identity in the system has been reduced and is almost infeasible.  Replay attack: In LSM, all messages generated in the system are assigned to a unique transaction ID and timestamp. Therefore, a replay message with a previously accepted transaction ID will be rejected. So, protection against replay attacks is coped.

Time Overhead
If users directly access the cloud for the IoT data, the delay is less as compared to the blockchain. Because users are interacting with the cloud direct now, but there is no significant security in the cloud. On the other hand, in blockchain, users interact with the cloud via blockchain due to which processing and propagation delay increases. So, this is our trade-off between delay and security. But, as the number of users increases in the cloud, the total delay increases because of the rise in queuing delay. But in blockchain, despite the increase in the number of users, total delay remains almost constant, as illustrated in Figure  6. The total delay is calculated using the total delay equation, illustrated in Figure 7.  Gas is described as a resource that is paid for transaction verification. By increasing the gas limit, the average block size increases, affecting the increase in cost. A large block size means more space to store the Ethereum blockchain. LSM consumed 26664 gas, illustrated in Figure 8. While (J. K. Mudhar et al., 2020)'s request access smart contract consumed 51402 gas. (P. Velmurugadass et al., 2021) used PoW operations which include more CPU power consumption as compared to PoA. So does the energy consumption also increase in PoW which has a negative effect on the system's delay. PoA is a lightweight consensus protocol, and its equipment is also cost effective as compared to PoW. LSM can scale well regarding the number of devices without affecting the system as the cloud manages it. The computational effort is independent of the number of devices. LSM is tested in a real environment and has a permission access control compared to (J. Oh et al., 2021), and (A. Ouaddah, 2019).

CONCLUSION
This paper demonstrated the lightweight security mechanism LSM for an IoT based smart city application management system by integrating blockchain technology within the network, enhancing the user authentication and access control using the smart contract. The performance evaluation illustrates LSM as a lightweight in terms of cost, resources, and computation. While secure in the spoof, sybil, and replay attacks. In the near future, the plan is to extend the system with more applications and add machine learning/deep learning to make smart cities more efficient and autonomous to cope with the recent and zero-day attacks.

DECLARATIONS
 Acknowledgment: This manuscript has not been published or submitted to any other journals.