A constantly growing pool of smart, connected Internet of Things (IoT) devices poses completely new challenges for business regarding security and privacy. In fact, the widespread adoption of smart products might depend on the ability of organizations to offer systems that ensure adequate sensor data integrity while guaranteeing sufficient user privacy. In light of these challenges, previous research indicates that blockchain technology may be a promising means to mitigate issues of data security arising in the IoT. Building upon the existing body of knowledge, we propose a design theory, including requirements, design principles, and features, for a blockchain-based sensor data protection system (SDPS) that leverages data certification. We then design and develop an instantiation of an SDPS (CertifiCar) in three iterative cycles that prevents the fraudulent manipulation of car mileage data. Furthermore, we provide an ex-post evaluation of our design theory considering CertifiCar and two additional use cases in the realm of pharmaceutical supply chains and energy microgrids. The evaluation results suggest that the proposed design ensures the tamper-resistant gathering, processing, and exchange of IoT sensor data in a privacy-preserving, scalable, and efficient manner.
Security and privacy