This repository represents the device module of a blockchain-based IoT software update platform. When the manufacturer registers a new software update on the blockchain, the device detects the event, purchases the update, downloads the encrypted update package from IPFS, verifies its integrity, decrypts it, and installs it. The installation status is then recorded on the blockchain.
- Detect a new software update event on the blockchain and receive the update notification
- Purchase the update package
- Download the encrypted update file (Es) from IPFS
- Compute the SHA3-256 hash of the file and verify it against the registered reference hash (hEbj)
- Decrypt the symmetric key (kbj) from the CP-ABE encrypted key (Ec)
- Derive the AES-256 key by serializing kbj and applying SHA-256 hashing, then decrypt the update file to restore the original file (bj)
- Install the verified update on the device and record the installation result on the blockchain via smart contract
- IoT Device: AIoT AutoCar Prime X
-
AiOT AutoCar Prime X is an AI-enabled model car equipped with the Nvidia Jetson Xavier NX module, offering sufficient computing power to run advanced applications.
-
In our project, we chose this car as the IoT device because the manufacturer’s update files were designed to deliver autonomous driving services. The device was set up to subscribe to these updates, so that each update installation would add new autonomous driving features. While we demonstrated our system on the AutoCar Prime X, the service is also designed to be compatible with other IoT devices such as Raspberry Pi.
-
- OS:
- Programming Language:
- Configured a Docker-based Ubuntu environment using the Python 3.10-slim (arm64) image
- Development Tools:
-3776AB?style=flat&logo=python&logoColor=white){kind=icon}
-
Upload the signature, update price, version, description, hash of the encrypted file, IPFS hash, and the encrypted symmetric key to the blockchain.
-
Ensure atomic software distribution and purchase between manufacturer and device
-
Verify update request and installation integrity using ECDSA signature validation
-
Interact with the blockchain using Web3 libraries
-
Download encrypted update files from IPFS with distributed storage support
-
Decrypt update files using AES-256 symmetric key to retrieve the original file
-
Decrypt the encrypted symmetric key using CP-ABE with the device’s secret key, ensuring that decryption is only possible when the key matches the update policy defined by the manufacturer.
-
Verify file integrity by comparing SHA3-256 hash with blockchain values
-
Detect blockchain events in real-time for update monitoring
-
Device backend server built with Flask.
See install.md for installation and usage instructions.
Blocker_Device/
├── backend/
│ └── api.py # Backend API entry point
├── blockchain/
│ └── registry_address.json # Blockchain registry address/config
├── client/
│ ├── device_client.py # Implements the device update process
│ └── keys/
│ ├── device_secret_key_file.bin # Device CP-ABE private key
│ └── public_key.bin # Device Manufacturer Public key
├── crypto/
│ ├── cpabe/
│ │ └── cpabe.py # CP-ABE (attribute-based encryption) implementation
│ ├── hash/
│ │ └── hash.py # SHA3-256 Hash utilities
│ └── symmetric/
│ └── symmetric.py # AES-256 Symmetric-key encryption utilities
├── ipfs/
│ └── download/
│ └── download.py # IPFS download logic
├── Dockerfile # Root application Docker build config
├── docker-compose.yml # Service orchestration config
└── requirements.txt # Python dependencies list
This project is licensed under the MIT License. See LICENSE for details.
This distribution includes several third-party software components. For an overview of included third-party libraries and their license types, please see NOTICE.txt.
For the complete license texts, refer to the LICENSES directory.
Contributions and questions are always welcome through Issues and Pull Requests. For detailed contribution guidelines, please refer to the Contribution Guide.
Contributions and questions are welcome via Issues and Pull Requests. For more information about the overall project, visit the HSU-Blocker GitHub organization.
