Abstract

The Internet of Things (IoT) has revolutionized industries such as healthcare, transportation, agriculture, and industrial automation by enabling real-time data exchange, monitoring, and automation. However, the widespread adoption of resource-constrained and heterogeneous IoT devices introduces significant security and privacy challenges, particularly in identity and access management (IAM). Centralized IAM systems are prone to single points of failure, increasing risks of spoofing, unauthorized access, and large-scale breaches. This study proposes a blockchain-based decentralized IAM framework to address these vulnerabilities, focusing on four key components: decentralized identity management, immutable identity records, smart contracts, and public key cryptography. Through a comprehensive literature review and a proposed methodology, this study demonstrates how blockchain’s tamper-proof, transparent, and distributed ledger enhances device authentication, prevents spoofing, and ensures accountability. Decentralized identity management enables self-sovereign identities, immutable records provide auditable logs, smart contracts automate access control, and public key cryptography secures communications. Challenges such as scalability, interoperability, privacy, and computational constraints are analyzed, with proposed solutions including lightweight cryptography and off-chain storage. The study introduces a formal framework with performance metrics from a proof-of-concept (PoC), addressing gaps in empirical validation. This work contributes a practical, scalable, and secure IAM model for IoT, laying the groundwork for real-world deployment and future research.

Key words: Internet of Things (IoT), Blockchain, Identity and Access Management (IAM), Decentralized Identity, Smart Contracts, Public Key Cryptography