Privacy Preservation in Resource-Constrained IoT Devices Using Blockchain—A Survey

: With opportunities brought by Internet of Things (IoT), it is quite a challenge to assure privacy preservation when a huge number of resource-constrained distributed devices is involved. Blockchain has become popular for its beneﬁts, including decentralization, persistence, immutability, auditability and consensus. With the implementation of blockchain in IoT, the beneﬁts provided by blockchain can be derived in order to make IoT more efﬁcient and maintain trust. In this paper, we discuss some applications of IoT in different ﬁelds and privacy-related issues faced by IoT in resource-constrained devices. We discuss some applications of blockchain in vast majority of areas, and the opportunities it brings to resolve IoT privacy limitations. We, then, survey different researches based on the implementation of blockchain in IoT. The goal of this paper is to survey recent researches based on the implementation of blockchain in IoT for privacy preservation. After analyzing the recent solutions, we see that the blockchain is an optimal way for preventing identity disclosure, monitoring, and providing tracking in IoT.


Introduction
With the recent advancements in the field of Information Technology, a complex system called IoT evolved. It consists of several computing devices connected with each other through Internet and able to process and transfer data among each other with minimal human interaction needed. This system grew rapidly as the devices kept increasing and number of links increased automatically. Cisco Inc. predicted 50 billion devices by 2020, and it is still growing. IoT applications are increasing the level of convenience and efficiency in everyday life at low costs. For example, home automation and healthcare systems. An overview of IoT is given in Section 2.
However, with huge growth in the number of devices in IoT, the challenges also keep increasing. IoT devices can be as small as a watch; apart from processing, storage and networking limitations faced by such IoT devices, security is a serious concern of researchers and technicians. The growing number of devices makes attack surface broader. These security and privacy issues make IoT less trustworthy for organizations that have sensitive data and maintaining customer's privacy and data security are their top priorities. Also it becomes hard to manage a large number of devices and to have an consensus between them.
IoT's privacy and security with interconnected devices causes security challenges in the area of network computing. It means at any moment from anywhere, an attack can be launched on these devices that includes threats like denial of service, fabrication of identity, physical threats, communication channel targeting and many more. One of the biggest challenges in this research field is consumption of power resources and computational overheads on IoT devices. Many solutions have been proposed by the researchers in which strategies based on blockchain, homomorphic encryption, and attribute-based encryption are provided.
The exchange of data among physically connected devices related to their infrastructure and behaviors in the form of groups is known as IoT. From the Gartner report shown in Table 1, it was expected that almost 5.8 Billion interconnected devices would be having a vast share in market of $3 trillion in 2020 [1], while the forecasts of international data co-operation report that the expected market value of IoT devices is $1.1 trillion for 2023-the market of full stack systems, like RIOT [2] and Contiki [3] that enabled IoT devices functionality, is also expected to expand. IoT brings improvement in quality of life in various domains. IoT devices play a huge role in different aspects of life, for example security, energy, safety, healthcare, smart grid, VANETs, industry and entertainment, but in terms of battery power, network protocol, complex computation and infrequent connectivity, these devices are fundamentally constrained in resources.
IoT bears the risk of not having a standard security scheme implementation, which results in security concerns like data misuse [2,3]. IoT devices collect personal information of a user such as his identity, contact number, energy consumed, and location. These devices also reveal a user's behavior, by collecting information about his lifestyle and daily activities-including watching movies, playing games, home activities, gatherings, etc. Therefore, the exposure of the user's personal data to non-trusted private and public servers can pose serious privacy-related issues, and the data gathered by these devices can be misused against the user. These threats make it crucial to focus on the security and privacy designs of IoT devices.
Since the application of blockchain in bitcoin cryptocurrency [4], it has become quite popular. Blockchain is being deployed in a large number of fields, such as education, healthcare, banking, agriculture, etc., for the opportunities that it brings.
One of the most important features of blockchain is decentralization. It is also used as a consensus mechanism to enable trust between all parties involved in decentralized networks, one example is cryptocurrency-for example, Bitcoin and Ethereum. IoT devices are decentralized and hence can be benefited by the blockchain.
There are many survey papers recently published that cover various aspects of blockchain in different environments [5][6][7][8][9]. Bitcoin overview was presented in [6] by Sankar et al. [7], in which challenges related to blockchain research are presented. Recently, in [10], an overview of blockchain-based IoT applications is presented. In [11], a comprehensive discussion about blockchain applications and framework implementations has been presented by Gao et al. The authors in [12] provide smart contract-based blockchain-dependent banking ledgers transactions overview. In many smart applications implementing blockchain, a systematic survey was provided in [13]. An overview of blockchain security services like confidentiality, privacy, access control and authentication has been given by Salman et al. in [14].
Many surveys on IoT security and Privacy-related issues and their solutions have been published. An analysis of privacy issues in IoT is given by Ziegeldorf et al. in [15]. The focus of this survey is on classification of privacy and security challenges in IoT devices. The challenges faced by industrial IoT devices are introduced by Sadeghi et al. in [16]. In [17], security-related challenges and their solutions are discussed. The authors have categorized security-related issues in mobile devices based on authenticity, confidentiality, trust, security, and access control. The ongoing research challenges and their status is discussed by Suo et al. [18]. Privacy preservation mechanisms based on encryption have also been discussed and some mechanisms are developed for private communication.
Many solutions have been proposed by the researchers recently for integration of blockchain in different IoT applications. The integration of blockchain with IoT and the pros and cons of this integration are examined by Christidis and Devetsikiotis in [19], and Atzori et al. in [20], whereas a comprehensive survey on IoT applications is presented in [21] [24].
Recently, a survey on publicly deployed blockchain on different network principals has been provided by Neudecker and Hartenstein, in which design trade-offs of public blockchain and potential attacks are also presented [25]. The privacy issues in blockchain and their solutions are presented in [26,27]. The authors provided literature review comprehensively on privacy aspects of blockchain with their solution strategies and presented a zero knowledge proof, signature and cryptographic approaches analysis in [26]. Whereas in [27], Feng et al. presented privacy issues insights in a detailed manner, technical details summary and different defence mechanism were analyzed.
In this paper, we survey the deployment of blockchain in constrained IoT devices in order to achieve privacy and security.
In Section 2, we present an overview of IoT, its applications and privacy-related challenges. We present an overview of blockchain technology in Section 3, and we highlight some applications and strengths of blockchain. In the same section, We highlight different consensus mechanisms used by blockchain, and smart contracts that come with it. A review of applications of blockchain in IoT is presented in Section 4. At different layers of IoT, privacy mechanisms and issues are analyzed. Future challenges and their solutions are provided in Section 6. The conclusion of our paper is provided in Section 5. Future directions are given in Section 6.
All the researches highlighted above have mainly discussed strengths and limitations of either blockchain or IoT. Many researches are based on the integration of blockchain in IoT to achieve consensus, decentralization, or smart contracts. While there are a huge number of surveys that discuss the security parameters, such as integrity, non-repudiation, transparency and immutability, provided by blockchain to IoT, this survey focuses mainly on privacy preservation in resource-constrained IoT devices using blockchain. In this survey, we present state-of-the-art literature on privacy preservation assurance in IoT using blockchain. Contributions of this survey, as compared to other surveys, are as follows.

•
We highlight some applications of IoT in different fields and see how much it impacts our lives and how crucial it is to preserve user privacy in IoT. • We highlight privacy-related issues faced by IoT. We discuss the literature on techniques used for privacy preservation in IoT using blockchain.
• We discuss some of the most important applications of blockchain to show how it is being used in different industries. We highlight the strengths of blockchain that IoT can benefit from. • We provide an analysis on the integration of blockchain in IoT systems. We mainly focus on blockchain's potential to preserve data privacy in IoT scenario. • We provide future directions on privacy preservation in IoT.

Overview
IoT is a system formed by the connection of multiple uniquely identified devices, such as computers, smartphones, sensors, software, cars, vending machines, thermostats, etc., to process and share data without the need of a human interaction. It relies on the Internet for communication purposes among these devices [28] to keep the data synchronized. The devices can be controlled remotely to perform desired actions.
Kevin Ashton used the term "Internet for things" for the first time in 1999. Originally it was called "Internet for things" and then it became "Internet of things". Since then, this framework became popular for the convenience it brought into everyday life. Today there are billions of IoT devices operating in a large number of fields ( Figure 1). Although it is not feasible to discuss all applications of IoT, but Figure 1 shows some fields, including military [29,30], industry [31], smart cities [32], consumer [33], security [34] and home automation [35], and respective IoT applications. With time, IoT has become more humanfriendly by processing large amounts of data with minimal human efforts put. Today IoT is not just limited to the personal use, but it is being used to detect weather, monitor surgeries, manage energy, monitor environment and manage transportation.

•
Intelligence: A lot of IoT devices are set to perform some specific actions when need arises, such as generating an alarm when a wearable sensor senses a high blood pressure for a patient. The decisions taken by a certain device depend on the sensitivity. Artificial intelligence and machine learning are making IoT devices smarter. • Complexity: There is a huge number of devices, links, and actors in IoT, that keep increasing on a rapid rate. • Heterogeneity: The devices are different from each other on the basis of hardware, software and networks. • Connectivity: The devices in IoT are connected with each other through Internet to share data. For example, the sensors used to collect patient data on regular intervals need to transmit this data to the concerned medical personnel [36]. The state of data and devices keep changing. Therefore, it is important to keep the devices synchronized. • Interoperability: The IoT devices are different from each other in nature but yet compatible when it comes to performing the tasks that involve the use of multiple devices at the same time. • Decentralization: IoT comprises of billions of devices connected with each other using the Internet throughout the globe. No one "owns" IoT. The elements such as access, control and ownership are spread across the actors/nodes that make up IoT.

Privacy-Related Issues in IoT
The environment saturation with smart objects to perform daily tasks is provided by IoT. Sensors, micro controllers and transmitters that exchange and transmit data refer to nonstandard networking devices, which enable decision making support and smart interactions. For the collection and exchange of surroundings' data in industrial and consumer's devices, IoT is planted. IoT is remotely controlled via Internet or directly, which causes physical environmental changes. The safeguard protection techniques and collection of data in IoT are much lower than the momentum at which the devices are developed for customer use.

IoT Device Limitations
Resource constrained devices have a certain capability of weight, size and network connection, which directly impacts the complexity of IoT devices in data rates, unreliable links, packet sizes and power consumption. Many challenges in IoT environment are pointed out by various scholars.
The main challenge is preserving user privacy and their employed status with other connected smart objects. The smart objects that IoT uses are continuously producing data, it becomes more complex as these objects become anonymous. The objects' interaction with each other is one the most important aspects of IoT security.
A privacy preservation approach in a multiple IoT scheme has been proposed by the Serena et al. in [37], which prevents feature disclosure. The approach is based on t-closeness and k-anonymity notions from the database theory. These two notions derive group's robustness from privacy expectations. It prevents feature disclosure as well as information disclosure. Their scheme also protects from disruptive effects that occur from the malicious objects analysis. The key point in this paper is multi-network representation which depends on the correspondence on network of every identified group. In terms of node, every object can be modeled. Same group relationships between objects inside the present communication network are known as inner arcs, while in different group relationships they are known as cross arcs.
Some statistics of compromised IoT are given in Table 2. Shodan [38], Zoomeye and Censys are popular search engines for IoT devices vulnerabilities. The observations made by authors regarding IoTs include host-based approaches being more vulnerable than network-based in IoT platform, and traditional security measures for IoT devices are not properly secure. The main challenge is that the devices are resource constrained. Other than blockchain, many solutions have also been proposed for privacy preservation in IoT, including holochain [39,40], machine learning [41,42], IOTA [43,44], and intrusion detection system [45].

Complex Heterogeneity Impact on IoT
In the design of IoT protocols, heterogeneity plays a vital role. Interaction of resourceconstrained IoT devices such as cloudlets, web servers and blockchain either involve gateways or direct communication. The lightweight security mechanisms need to be implemented for secure end-to-end communication, as access policy and data summarization related mechanisms that enable transparency are controlling our lives silently. Figure 2 shows heterogeneous structure of IoT. It includes four layers; sensors, networks, cloud servers and consumer applications. • Sensing: In this layer, the architecture of IoT provides sensing information for cloud computing to make appropriate decisions by recording and monitoring user data with the help of different kind of sensors e.g. color, camera, motion, flame, etc. Node location leakage is one vulnerability in such kind of heterogeneous IoT which can be address by smart sensor nodes. • Networking: For forwarding data from source to destination, network layer is responsible in heterogeneous IoT. Due to which, higher transmission rates are provided by the network models like hybrid, star, mesh, and tree networks. The transmission of data through super nodes and relay units to cloud servers is done by network models. They also manage efficient construction mechanisms. Data throughput, energy consumption and malicious attacks are the limitations of network models. • Cloud Computing: Heterogeneous IoT is accurately handling the large amounts of data with cloud computing. Its main function is to receive and transmit data to and from other architecture layers [46]. Strong analytical computing, storage of data, emergency response strategies and efficient decision making are the advantages of cloud computing.

Applications
The applications of IoT range from healthcare to smart homes. The rapidly growing number of IoT applications makes it a technology that changes the way things work.
Authors in [47] discuss key technologies of industry 14.0, including IIoT. The structure of IIoT technology is shown, including four layers; sensing layer, network layer, service layer and interface layer. Authors show that IIoT requires real-time data availability and high reliability, unlike IoT, to increase product efficiency.

IoT's Security Mechanism Deployment
To preserve Confidentiality, infrastructure, data integrity, security and privacy, strong security mitigation mechanisms are required. Figure 3 shows trends of methods used by researchers for countermeasures and mitigation of attacks in IoT. Figure 3 shows that authentication is most popular security technique which is used by 49%, almost half of other techniques altogether, trust management is second most popular technique due to detection and prevention abilities while blockchain is the last.

Overview
In recent years, we have seen that the IoT's potential of delivering services is increasing in several sectors by using different kinds of domains. The data transfer among a huge number of IoT devices is a major challenge. Recently blockchain [5,49,50] has been covering all the major areas of IoT with trustful and anonymous transactions in decentralized environment. Table 3 points to other survey papers addressed in this survey. Table 3. Content discussed in different surveys based on Blockchain (x is for not covered, * is for partially covered).
Due to uniqueness and advanced features like immutability, integrity, transparency, authorization, auditability and transactional privacy, blockchain has been used in different sectors before cryptocurrencies. Identity management [69], mobile crowd sensing [70], Internet of energy [11,[71][72][73], agriculture [74], supply chain management and industry 4.0 [75,76] are some areas of it. Figure 4 shows the structure of blockchain, which is a combination of different blocks linking together in a linear fashion. In a peer-to-peer network of blockchain nodes, digital signed transactions are maintained in a public ledger. Two types of keys are used in blockchain, public key is used for encryption of data while the corresponding private key is used to decrypt the ciphertext. A user also uses private key for signing and public key for unique addressing. Transaction broadcasting and signing are done at the initial stage. When transaction is received by the peers, validation of transaction and its dissemination over the network takes place. To achieve consensus, validation of the newly issued transactions is done by all the nodes present in the network. Miners act like special nodes in a distributed consensus that participate in transaction issuance. The block, once generated, is broadcast by the miners in the network. In this way, every node in the network has a copy of the transaction and can verify it. Verification only involves computing a hash, which is not computationally expensive as opposed to transaction generation, this is why any node in the network can verify a transaction.
Blockchain is divided into three categories, public blockchain, which is permissionless, private blockchain, which is permissioned and consortium blockchain, which is a combination of both. All types provide immunity against malicious and faulty ledger users. Table 4 shows properties of all four types of blockchain. Their detailed example is presented in [10] by T. M. Fernández et al. Strengths of blockchain include accuracy, cost reduction, decentralization, efficiency, immutability, transparency and privacy.  In an IoT scenario, blockchain's classification is done by authentication and authorization of IoT devices. Nowadays, in industries [77], investments are made in a huge amounts. Technical issues and challenges related to blockchain technology are gaining significant interest of researchers. Some challenges include forking, consensus protocol targeting, 51% vulnerability and problems with the creation of new blockchain [78]. Another important challenge is the huge amount of power required for blockchain maintenance.

Applications
Blockchain is being used in a number of fields in our everyday life. Some of the applications are discussed here. Figure 5 shows some applications of blockchain in different fields, including IoT, healthcare, finance, agriculture and cryptocurrency.
In IoT, blockchain is used to secure smart appliances [79,80] and supply chain management [81]. In healthcare, applications of blockchain include medical supply chain [82], drug traceability [83], secure record keeping [84], patient identity validation [85] and smart contracts [86,87]. In finance industry, the blockchain solutions include insurance [88], payments [89], asset management [90] and real estate management in smart cities [91]. In agriculture industry, some of blockchain applications include food supply chain [92], agriculture insurance [93] and smart farming [94,95]. Cryptoccurrency applications of blockchain include bitcoin and ethereum. Although it is infeasible to discuss all applications, we describe some of the most important applications of blockchain in the following subsections.

Banking
As blockchain ensures secure storage and immutability, it makes exchanging of funds more secure. Transactions, using blockchain, become transparent and private.
In [96], the authors have discussed the strengths of blockchain integration in commercial banking. This research analyzes the advantages for different aspects, including overseas payments, billing operations and asset security. The authors have concluded that the blockchain technology has the potential to decrease transaction costs and provide better efficiency.
A theoretical model is proposed in [97] in order to analyze the pattern, which allows enterprises to assess bank loans using blockchain. The authors demonstrate that blockchain allows consensus regarding the debt payments and other activities including lending and borrowing. This results in low-risk and high-quality of a small and medium sized enterprise's credibility.
In [98], Wang et al. proposed a model called IBPS (Inter-Bank Payment System) that utilizes Hyperledger Fabric enterprise blockchain technology. The proposed model provides efficiency and secure payment services.

Healthcare
Healthcare industry is benefiting from blockchain in many ways. Medical records can be stored in blockchain to be made more secure. The interaction among different IoT devices and wearable sensors is crucial in healthcare systems. There are systems that immediately notify the medical personnel upon an "event". An example of this event could be high sugar in a patient detected by a device that she is wearing.
The advantages of using blockchain in healthcare IoT are numerous, including security of records, secure management of data, privacy preservation of sensitive data, reliable remote monitoring of patients, non-repudiation, immutability and decentralization, as pointed out by [52]. The authors point out that most blockchain-based healthcare solutions use Ethereum platform. It is also shown that the healthcare systems mostly utilize private blockchain.
A blockchain-based framework is proposed in [99] that allows continuous patient monitoring using IoT. This scheme provides role-based access control and improves security and authentication in patient's smart devices.
To resolve issues regarding data sharing, scalability and quality of service, a blockchainbased solution is proposed in [100]. The proposed scheme is called ssHealth (smart and secure Healthcare system). This scheme allows remote monitoring of students while addressing the issues mentioned above.
In order to resolve security and privacy related challenges, a blockchain-based scheme is proposed in [101], which utilizes consortium blockchain in addition to a new consensus algorithm called MBFT (Mixed Byzantine Fault Tolerance). The proposed scheme provides privacy, fault tolerance and and better transaction handling. In [102], a scheme is proposed to eliminate single-point-of-failure, man-in-the-middle and data sniffing attacks using public blockchain. This scheme preserves data privacy, provides immutability and efficient identity management.

Supply Chain
Blockchain is used by suppliers to record the supplies purchased or to be purchased. An advantage provided by default by blockchain benefits supply chain greatly, which is non-repudiation. Due to non-repudiation, a buyer cannot deny purchasing materials from a seller.
In [103], a multi-ledger tracking framework is proposed that simplifies supply chain management. The proposed framework consists of two layers; layer 1 uses multiple private sub-ledgers and layer 2 utilizes a public ledger. A single shipment is represented by the sub-ledgers. Public ledger is used to track information, which is publicly available. The framework consists of index server, peers, admin node and external monitoring nodes. A record of all activities is maintained by the admin node. The index server stores the addresses of the nodes in the network, peers include nodes, admin node is used to keep record of all networking activities and external nodes verify and track the shipment status.
Chen et al. have proposed a blockchain-based conceptual framework in [103] to improve supply chain management. The proposed framework consists of four layers; IoT sensors layer, data layer, contract layer and business layer. In this way, the functionalities of each service are provided. Sensor layer is used to track the goods, data layer consists of blockchain and smart contracts, the contract layer ensures data quality and contract layer executes the processes related to business management.

Electronic Voting
Election fraud is prevented using blockchain. Blockchain in voting works in the way that a block is added to the blockchain upon a successful vote. As blockchain brings immutability and integrity, it ensures that the records cannot be changed. Voting also benefits from transparency that blockchain brings, as the records are kept transparent in the network. In this subsection, we briefly discuss the strengths of blockchain-based voting schemes proposed in recent literature. Blockchain-based electronic voting is discussed in detail in [53]. This survey reviews the literature and discusses its strengths and limitations. The authors point out that transparency and decentralization are most useful features of blockchain to be used by electronic voting systems, whereas limitations include scalability issues and coercion resistance.
In [104], a blockchain-based transparent ballot box protocol has been proposed that follows e-voting properties and provides decentralization. The proposed scheme allows the elector to modify the vote in allowed voting phase. A protocol has been proposed in [105] called VYV (Verify Your Vote) based on blockchain. This protocol provides fairness, vote privacy and verifiability. In [106], a scheme is proposed to eliminate the need of a third party and decentralize the voting network using blockchain. The strengths of this scheme include public verifiability, consistency, auditability, transparency and user anonymity. A blockchain-based protocol is proposed in [107] that utilizes homomorphic ElGamal encryption. The authors claim that their scheme guarantees privacy preservation and anonymity.

Smart Cities
Blockchain smart contracts can be integrated with properties like cars, houses, patents, etc. Decentralization, immutability, pseudonymity and transparency are useful features of blockchain for smart cities. In [51], authors review recent literature on blockchain-based energy consumption systems. Authors conclude that energy consumption in smart cities can be made efficient using blockchain, because blockchain provides decentralization, anonymity, transparency, and tamper-proofing.
In [108], blockchain is used to propose personal archive storage scheme to provide authenticity, accuracy and transparency. The different actors in the proposed scheme include subject, certifier, client and stake node. Subject owns digital artifacts, certifier issues a certificate to the subject, client is someone who requests to access personal digital artifacts and stake node maintains blockchain ledger. This scheme provides secure storage and efficient authentication.
In [109], a blockchain-based framework called BC-PDS (Blockchain-based Personal Data Store) has been proposed for personal data storage. This scheme utilizes existing OpenPDS/SafeAnswers framework. For anonymization, this scheme uses AutoNomybased Access Control (ANAC).

Smart Contracts
In public blockchain, all participating nodes have the privilege to deploy smart contracts without needing any prerequisites. In Ethereum, solidity language is used for creating contracts while Metamask is used for ID creation and Remix IDE is used for its online demonstration and results of applications.
Computer programs and codes that can work anonymously are known as smart contracts. They provide an agreement or a consensus between the two parties involved. Users cannot alter or delete a smart contract once it is published on the blockchain network. No central authority involvement is needed for validation of tasks. The results computed by the nodes in the network do not have any interference from outside the network. Banking, supply chain, IoT and insurance industries are deploying permissioned smart contracts.
In [110], Rathee et al. proposed a framework for connected and autonomous vehicles (CAV), in which smart contracts with blockchain are implemented for security assurance of vehicles. Verification of registration providers and tracking or alteration of user data can be handled through it.
Through smart contracts, mobility services and smart transportation are implemented and defined by IPFS in [111], in which DLTs (Distributed Ledger Technologies)-based infrastructure with distributed data management technologies have been used for data sharing and providing smart services. In [112], Ethereum smart contract and IOTA-based architecture for authenticity has been proposed by Zichichi et al., in which the entities' coordination, access authorization, and privacy of users have been achieved. Zero knowledge proof for privacy offering and the guarantee for proof of location has been used.
A system CHORUS mobility in [113], whereas, in [114], a decentralized system has been presented for smart transportation system with the combination of VANETs and Ethereum for rules enforcement.

Consensus
An important part and key contribution of blockchain is its consensus mechanisms. Consensus mechanisms are used to make agreement between different parties in a distributed environment to append blocks in the blockchain. There are two main types of consensus mechanisms; proof-based consensus and voting-based consensus. Proof-based consensus involves adding blocks by the qualified individuals and voting-based mechanism involves sharing the results of transaction in order to make the final decision. A very important and basic part of bitcoin is POW (Proof of Work) [4], which involves intensive mathematical computations. In terms of resource and energy consumption, POW is very expensive. Given the heaviness and cost of the task, PoW still seems the best solution because it prevents spamming and DoS attacks.
POW is hard to be performed but it is easy to be verified once performed. In case of bitcoin, this task is performed by the miners and verifiable by everyone in the network who is a part of blockchain peer-to-peer network. Miners are given incentives because the task they perform successfully is fundamentally very expensive. A new block in blockchain can only be added after solving an expensive mathematical task.

Proof-Based Consensus
There are following proof-based consensus algorithms.  Table 5. It shows properties of both the consensus mechanisms and hybrid consensus mechanism. However, some schemes use a hybrid of both PoS and PoW consensus mechanisms.
The key advantage of using this hybrid is getting the advantages from both of these schemes and using one scheme to overcome the limitation of the other one. A hybrid consensus mechanism has been used by Decred cryptocurrency.

Voting-Based Consensus
Voting-based consensus algorithms include the following.
• Proof of Capacity (PoC) Consensus: Started with Burstcoin, the PoC mechanism decreases the usage of computational resources and uses storage resources. Before mining is started, miners store the set of possible solutions of the puzzle. The miner who has more storage tends to store more solutions. Thus, the miners with more storage space have higher chances of mining. • Proof of Burn (PoB) Consensus: A concept named "eater address" is used in PoB. Before starting mining, the miners send coins to an invalid address randomly. Blocks are created and these addresses are changes. The coins sent to these addresses are not usable anymore because of the fact that these addresses are invalid and unknown. The process is repeated until there is only one miner left that has some more coins to invest. This miner receives the mining coins and the transaction fees as a reward. Miners that have been investing in creation of blocks in the past are given more privileges. PoB is used by Slimcoin. • Proof of Importance (PoI) Consensus: PoI is a score-based protocol that was first used with NEM cryptocurrency. The individual who invests more coins in the network makes the higher score. This score is affected by the number of transactions and the size of transactions. The lower limit for investing coins in 10,000 coins. The user with highest score has the highest chance of being a validator.

Integration of Blockchain and IoT
Many researches integrate blockchain in IoT to enhance security and provide an efficient data storage system. In [56], authors review the recent literature on blockchain's integration with IoT. It is pointed out that blockchain helps to improve security and scalability in IoT scenarios. In [62], authors highlight some attacks that IoT systems are prone to, and review the researches that use blockchain to mitigate privacy-related issues in IoT.
This section explains why blockchain is useful in an IoT environment.

Opportunities Brought by Blockchain in IoT
Blockchain brings many opportunities in IoT. Integration of blockchain in IoT has been increasing in IoT since Bitcoin.

Secure Storage
IoT devices collect data and transmit it across other devices. These devices are connected to each other through Internet, and a lot of IoT devices use cloud computing in order to keep the data synchronized. This data, if compromised, can result in loss of security and privacy of a user. Blockchain can be used to securely use and transmit this data across the network. Also, blockchain makes the records immutable, so no records can be modified by a malicious user, specifically healthcare records that need to be kept secure.

Decentralization
As IoT devices are distributed, blockchain provides an efficient and convenient solution for decentralization. Data can be maintained in the blockchain and published without the fear of potential modifications to be made by a malicious third party. As seen in bitcoin, blockchain provides decentralization solution in P2P networks [4]. The data are distributed using blockchain among other IoT devices in a decentralized fashion. In this way, the use of blockchain also eradicates the need of a central entity, such as a cloud server. Another advantage that comes from this property of blockchain is removal of a single-point-of-failure, because when a central entity is involved, it becomes a target of malicious users.

Encryption
Blockchain stores hashes of the data in the ledger, which makes it light-weighted, as hash functions generate a small and fixed size of output for any size of input. The actual data are usually stored on a cloud server and hashes are kept in the blockchain. Blockchain usually utilizes SHA-256 algorithm for hashing. Symmetric encryption in blockchain provides user and transaction security, prevents double-spending problem and verification of digital asset transfer. Because of secure encryption mechanisms that blockchain provides, authors of [58] point out that it can be used to guarantee privacy preservation in IoT and IIoT. It is concluded that blockchain can help to pave better and more efficient ways for businesses in IoT industry, such as mobile commerce, food logistics management, electric vehicles, etc.

Access Control
Traditional access control systems are shifting toward blockchain in IoT-based environments. Blockchain provides attribute-based and fine-grained encryption, granular attribute-based, and role-based access control solutions [36] for IoT.
Zhao et al. [115] proposed a message encryption scheme using symmetric key encryption. In this scheme, the data owner uses attribute-based encryption to encrypt a message with default attributes and sends the ciphertext to the encryption proxy server. Xu et al. [116] utilize smart contracts with capability-based solutions that achieve high scalability and interoperability while focusing on delegation. However, authorization model is not provided in the paper.
A blockchain-based architecture for IoT privacy preservation is proposed by Rahulamathavan et al. [117], in which an attribute-based encryption has been used with Testbed platform to achieve data privacy and confidentiality, but there is a slight time increase due to involvement of multiple attribute authorities and using PoW consensus mechanism.

Applications of Blockchain in IoT
This section describes the uses of blockchain in different IoT scenarios.

Healthcare System
Different sensors have been introduced to detect and upload patient's information on cloud in emergency situations from a remote location. These sensors/devices can automatically communicate with the medical personnel upon detecting a certain threshold. Using IoT, patients can be checked up from remote locations through these sensors and it is often possible. In addition to checkup, it is also used to treat the patients. This can, in many cases, help save a life and provide medical help to patients in emergency situations in time. Blockchain comes with many benefits that could be helpful for IoT when it comes to healthcare systems. It can protect the privacy and security of critical data stored in eHealth systems. When needed, it can also allow to use the data without modifying it.

Software Defined Network
Software defined networking technology has been proposed for increasing bandwidth of IoT devices. The processing of decision making is simplified and intelligent routing is provided. An example is DiskBlockNet; an IoT network architecture with distributed network that provides flexibility and scalability without central controlling server. In this distributed network of blockchain, two kinds of nodes are present, verification node for maintaining the information flow of tables and responding node to update table flow rules.

Crowdsensing Applications
Crowdsensing is a novel kind of mobile IoT, like geo sensing. On blockchain cryptocurrencies, privacy preservation incentive mechanism was developed by Wang et al. [70]. Which eliminates privacy and security issues like impersonation attacks, with the help of transparent blockchain and data verification by the miners.

Energy Systems
Future of energy systems is known as smart grids which are the replacement of traditional energy systems due to the involvement of ICT (Information and Communication Technology). Because of various advantages like cost effectiveness, uninterrupted power supply and two-way communication, smart grid is considered as the next generation of energy systems [118].

Internet of Vehicles
Establishment of smart communication between heterogeneous networks and vehicles (V) like V to Road, V to V, V to Infrastructure, V to Sensor, V to Everything and V to Human are some emerging technologies in IoT. Many authors proposed various decentralized security models like LNSC, for managing charging pile and electric vehicle [119] by using ECC and hash functions.

Blockchain-Based IoT Privacy Preserving Schemes
As IoT consists of billions of devices accross the world, it poses serious threats to the privacy of the users. Other than providing decentralization, consensus and smart contracts for IoT, blockchain is being used at a large scale to assure privacy preservation in IoT. Table 6 presents a summary of recent researches based on the scheme utilizing blockchain for privacy preservation in IoT. Recently, many schemes have been proposed for blockchain-based privacy preservation in IoT. For electric vehicles, a blockchain-based privacy preserving charging system has been proposed in [125]. In this scheme, for every session, a new pair of keys are generated by the system. Other than that, for providing anonymity protection in blockchain, the techniques like ring signatures, non-interactive zero knowledge and mixing services are frequently used.
Some limitations of anonymization include high computation cost, de-anonymization and loss of meaningful information through generalization and suppression.

Ring Signatures
To improv privacy in blockchain significantly, a set of choices need to be made without the need of a central manager. For generation of anonymous signatures from possible signers group, without identity disclosure, a scheme is proposed by fujisaki et al. in [126]. Linkability and anonymity are properties that are achieved through ring signatures-based privacy preserving mechanisms [127][128][129].
In [127], Saberhagen et al. proposed CrptoNote. In this scheme, with single private key, the user can sign one valid transaction. It is a modification of ring signatures, which mitigates the attacks like double spending by replacing tags with image of key computing. The signer identity can only be disclosed when he uses the same pair of keys for second signature.
RingCT is an improvement of CryptoNote, which provides transactional privacy as well as identity privacy by Noether et al [128]. Ring signatures with Greg Maxwell's Confidential Transaction [130]a are used for hiding the amount whereas the amount is placed at MLSAG (Multilayer Linkable Spontaneous Anonymous Group Signature) [131]. Monero is a strong implementation of this approach [129]. In [132], heavily centralized intermediaries were used but they are also vulnerable to security attacks. In Creditcoin [57], anonymized ring signatures announcements have been proposed in which user's privacy can achieved. In this work, an incentive-based network has also been created.
Limitation of ring signatures include the following: • Large size of transactions increases the storage space of blockchain records. • Size of ring signature is directly proportional to the number of participants, that is why only limited number of outputs are generated. • Auditing difficulty is also faced due to hidden amount.

Non Interactive Zero Knowledge
It is an alternative approach of zero knowledge proof. Message verification can be done in an anonymous way because of not having an interaction between verifier and prover. A scheme was proposed by Blum et al. [133], in which, the correctness of assertion can be proven without leaking any information.
ZeroCash [134] and ZeroCoin [135] are two blockchain-based anonymization schemes in which ZKP concept has been used for the prevention of transactional data leakage. At high computational cost, Zerocash achieves the highest level of anonymization. In contrast, Hawk [136] is the first work to provide programmability and transactional privacy in blockchain.
Limitations of non interactive zero knowledge include high computational cost of transactions proof, fixed coin dominations in zerocoin and unprotected public transaction lists.

Mixing
For mitigation of analytical attack, which is used for accessing the sender or receiver transaction's privacy information, in a blockchain system, mixing approach has been used, which is also known as laundry or tumbler. Chaum [137] presented the service, in which communication content as well as sender and receiver information can be hidden.
Currently, to reduce de-anonymization risk and obfuscation of transaction history, the researchers are focusing on centralized and decentralized mixing strategies. Many mixing websites like onion bc, bitcoin fog, bitmixer, helix by grams, bit laundry, send shared and bitblender are available. By providing some fees they can provide anonymous mixing transaction service. Some services are only provided through TOR network, on which, free worldwide anonymous communication has been enabled.
By not transferring data to the receiver, the attacker steals the user asset [138]. Disclosure of personnel data is not ensured by the system because, in transactions, routing the service provider keeps the user log. Conditional execution is the first solution, in which the mixer only gets reward when it correctly operates, otherwise it does not get any rewards from the user. CoinSwap is a bitcoin mixing protocol introduced by Gregory et al. [130], in which transactions are done in escrow mechanism structure with hash lock protection. An accountable mechanism based on signatures, Mixcoin has been proposed by Bonneau et al. [139] that exposes the misbehaving mixer by unambiguous proof made by the users.
Another solution is Blind signature scheme, in which a message is blinded by the system before the signing of the message. Blinding, signing and unblinding are three steps. It is publicly verifiable, whereas the origin and connection is hidden from the signer. Blindcoin [140] is a combination of append-only public log with blind signature scheme for accountability of mixing process. For mixing fairness and providing anonymity, smart contracts with blind signatures are applied by Hielman et al. in [141].
Dash [142] made the first anonymity attempt in digital currency environment which was released in 2014. Removal of a user's unique information on blockchain is done in this project, called PrivateSend. To avoid coin theft and achieve complete unlinkability, TumbleBit [143] was proposed. A strategy for financial transactions decentralization, CoinShuffle by Ruffing et al. [144] was introduced. Through decentralized blockchain behavior mixing with third party, removal has been ensured.
Mixing Limitations include the following: • For fair exchange of transactions, the executional process or online participants waiting creates a huge delay. • A single point of failure exists due to centralized nature of the server. This makes the server vulnerable to DoS attacks. • High mixing fees are a problem for users in fair exchange of transactions. Due to low anonymity level, mixing protocol can easily be compromised through Sybil attacks [145]. • The leakage of transaction privacy through backtracking analysis of transactional graph is a serious issue.

Differential Privacy
To achieve the data confidentiality without leakage risks through privacy preservation, a technique has been proposed known as differential privacy by C Dwork, who made a database protection mechanism which adds noise at each query evaluation [146]. For protection of health care systems, data perturbation mechanism has been used by Dagher et al. in [147]. In [148], a scheme is presented to protect a smart home resident's privacy through multiple pseudonym techniques. Traffic encryption has been done for providing data authenticity, access control and confidentiality.
Differential privacy limitations include: • Differential privacy provides privacy-utility trade-off. Precision in Data and loss of certainty are the results of increasing noise addition for enhancing the privacy level [149]. • It is prone to timing analysis attack in traffic flow obfuscation mechanisms [150].

Conclusions
Despite of all the opportunities that IoT brings, it suffers from issues like heterogeneity of IoT devices, resource constraints, and poor interoperability between these devices. Other important challenges in IoT include privacy, availability, confidentiality and integrity. Blockchain comes with opportunities like immutability, decentralization, transparency, integrity, consensus, confidentiality, non-repudiation, privacy and security in a distributed network. When blockchain is implemented in IoT, it provides solutions to the problems faced.
The aim of this paper has been to provide a comprehensive survey of the problems faced by IoT and the solutions provided by the blockchain technology. We first discussed blockchain and IoT separately. We looked at the applications, advantages and limitations of both of these technologies. We then analyzed the impact that blockchain has on IoT. We discussed how IoT is benefited by blockchain, based on the opportunities and strengths of blockchain. We reviewed researches based on the implementation of blockchain in IoT in resource constrained environments. It is highlighted that the use of blockchain is increasing in IoT and providing the solutions that it needs, from healthcare to smart homes to military.
IoT uses a large number of devices and most of these devices are resource-constrained. Blockchain being light-weighted is a great solution for privacy preservation in resourceconstrained devices. The privacy aspect of blockchain comes from its ability to provide transparency in a distributed network. We have seen that the use of blockchain, other than providing immutability, decentralization, and consensus, it helps preserving user's privacy in IoT environment.

Future Research Directions and Challenges
Privacy preservation is important because users' data is collected by almost all IoT devices. We present some future research directions in terms of privacy preservation.

IOTA Ledger
In order to provide security and privacy, integration of the Tangle in IoT can be very useful. Tangle is a data structure that IOTA is based on. It utilizes a directed acyclic graph and utilizes less energy as compared to a blockchain network. IOTA is light-weighted and quantum resistant. Another important advantage is that IOTA does not need miners. The network participants issue new transactions without having to involve another node that has better computing resources. Having no miners makes IOTA fee-less.

Strong Privacy Preservation Mechanisms
Strong privacy preservation is still a challenge when using blockchain. For example, in order to resist Sybil attack, a certain amount of honest participants are required in decentralized mixing protocol. Hawk reinitializes and creates a different trusted process for every smart contract, so privacy preservation having few trust assumptions needs to be enhanced.

Security Framework
A single security solution for all blockchain-based IoT devices cannot fulfill security requirement due to resources-constrained nature of devices. The designs of such kinds of frameworks are required to provide dynamic and adaptable security. Implementation of other privacy preserving solutions, such as data anonymization and differential privacy along with blockchain, can provide better privacy. A framework is needed that can preserve privacy using both the techniques, keeping resource-constrained nature of IoT devices in mind.

Blockchain-Based Infrastructure
The storage in decentralized large-sized blockchain is also an issue, as we have seen that IoT devices are storing data continuously whether it is useful or not which increases the blockchain data and makes it heavy. Since all nodes in the blockchain network are required to keep a local copy of the ledger, it becomes infeasible for light-weighted devices to store a copy of the ledger. A framework is required that reduces the storage overhead on small IoT devices caused by blockchain maintenance.

Conflicts of Interest:
The authors declare no conflict of interest.