Using Intermediate Brokers and Blockchain to Improve the Privacy and Accountability of Smart City Services

Sayed Jahed Hussini, Ph.D. candidate, Computer Science Department, Western Michigan University, Student Member, IEEE; and Ala Al-Fuqaha, Ph.D. Professor and Director, NEST Research Lab, College of Engineering & Applied Sciences, Western Michigan University, Senior Member, IEEE

IEEE Blockchain Technical Briefs, June 2019

Discuss this topic on IEEE Collabratec

IEEE Collabratec


Smart City services rely on data exchanges between producers and consumers that do not necessarily belong to the same administrative domains. In order to facilitate data exchange, services have to use brokers. Broker-based data exchange architectures require both data producers and consumers to trust a third-party (i.e., the broker). The third-party trust however has negative implications on the privacy of consumers and producers. In this study, we propose a federation based broker architecture in order to improve privacy. The architecture introduces a degree of separation between producers and consumers via publisher-facing and subscriber-facing brokers. Furthermore, to improve accountability and data provenance we propose a blockchain augmented architecture.

I. Introduction

The future of urban cities and the services that they provide to their residents have been debated extensively over the past decades. Although some cities are labeled as” Smart,” there is no precise definition of the term that has been agreed upon in the literature [6] [7]. What is clear is that the cities of tomorrow will be smart in the sense that they will use information generated from sensors to improve resource management, energy efficiency, and deliver convenient services to their residents. Hence, internet of things (IoT) will be a huge part of Smart Cities. Efficient usage of IoT sensor produced data requires that it be transferred aptly to consumers. Publish-Subscribe is one of the candidate messaging patterns that can be used to transfer data from producers to consumers. In the Publish-Subscribe pattern, data producers (called Publishers) transmit data to data consumers (called Subscribers) via a third-party entity called “broker”. Broker(s) will always know who is consuming the data produced by publishers and what, where, and when data is consumed. Such an arrangement infringes on the privacy of data consumers and producers. To solve the problems, we must devise a system that preserves publisher-subscriber privacy in a Publish-Subscribe system, such that brokers, as service facilitators between publishers and subscribers, should not be able to infer publisher-subscriber relationships based on data flow and provide non-repudiation and data provenance. To this end, we introduce two different models in Section III to fulfill these two goals.

II. Motivation and Literature

Systems Security and privacy preserving schemes for Publish-Subscribe communication paradigms are studied extensively in the literature [1]. But all the solutions focused on solving security and privacy concerns by using encryption.  But there are challenges to privacy that the current solutions fail to address. The first is the naïve threat assumption. All the models rely on honest-but-curious participants (e.g.,  publishers, subscribers, brokers). Such an assumption, although understandable, does not address systems where brokers might collude with publisher(s) or subscriber(s) to game the system. An example would be a publish-subscribe based market system where subscriber(s) can request information on potential publisher (s) and facilitator (s) (e.g., brokers) would provide such information[2]. Subscriber organizations can submit their interest to companies while publisher organizations could publish information. Such an arrangement provides an opportunity for the market maker organization where it could manipulate the market by revealing publisher or subscriber information to one another and infringing on their privacy. To prevent such scenarios, it’s better to remove the trusted third-party (e.g., broker) altogether, or at least alter the publish/subscribe model in such a way that minimizes the trust in third-party organizations influence. Secondly, the privacy preserving solutions offered in the literature mostly rely on encryption [3] [4] [5]. Despite their success, such solutions introduce extra overhead and require devices to be capable of encryption. But since IoT devices are mostly limited by their form factor and computational capacity, such solutions are not practical for all scenarios. In Section III we offer a solution that does not rely on encryption.

III. Model

In order to preserve publisher-subscriber privacy, such that brokers are unable to easily establish possible connections between data producers and consumers, we introduce Federated Broker models that provide a degree of separation between brokers and data producers/consumers. Furthermore, to provide non-repudiation and data provenance we suggest augmenting the publish-subscribe model with blockchain. In the following section, these proposed models are fully explained.

A. Federated Brokers Model

The Federated Brokers model, as shown in Fig.1, consists of two types of brokers. There are Publisher-Facing Brokers (PFBs) that only connect to data producers. The PFB is similar to traditional brokers, in that it consumes data produced by publishers and sends data to all its clients. But unlike traditional brokers, the PFB clients are not normal data consumers; rather, they are another type of broker called Subscriber-Facing Brokers (SFBs). The SFB consumes data from a PFB and publishes it to its clients that are normal subscribers. By introducing an extra layer of separation between data producers and data consumers, we ensure that intermediaries will not be able to infer the relationship between data publishers and subscribers; hence, preserving privacy. But if we keep the SFBs serving their role for a longtime, there is a danger that PFBs and SFBs could collude to expose the list of data publishers and subscribers. To solve this problem, we introduce a pool of candidate SFBs. The system randomly picks several brokers to be part of the SFBs ring at the beginning. Then to prevent SFBs and PFBs from colluding, periodically, the system randomly selects a broker from the pool of SFBs and replaces it with one of the current SFBs on the ring network. The broker selection process can be independent and similar to the Byzantine Agreement concensus system proposed in Aglorand [8]. To maintain the pool of candidate SFBs, we introduce a system in which the brokers compete with each other to serve on the broker ring network (e.g., a system similar to mining on blockchain, where a miner is rewarded for its efforts). Since in smart cities Machine Type Communications (MTC) are common, we could introduce a credit system where SFBs and PFBs charge subscribers an amount for their services. Such an arrangement would serve as an incentive for brokers to participate in the proposed scheme. A simple realization of the model is shown in Fig.1 where the sequence of events is as follows:

  1. Publisher sends its data to a PFB.
  2. The PFB publishes received data on the ring network that it shares with SFBs.
  3. Subscribers are connected to the SFBs. Whenever SFB receives data from a PFB that subscribers want to consume, it transfers data to subscribers.

B. Blockchain Augmented Model

To ensure that data provenance and nonrepudiation, we can augment the traditional broker model with the blockchain technology as shown in Fig. 2. Augmenting the model with blockchain allows the publisher(s) to store a hash of their data on the blockchain such that when subscribers receive the data they could independently verify its authenticity.

A simple realization of the model is shown in Fig. 2 where the sequence of events is as follows:

  1. The publisher sends its data to broker for delivery.
  2. Publisher also creates a hash of its data and stores it on the blockchain (e.g., by calling a contract stored on the blockchain).
  3. Subsequently, subscriber receives the data from a broker it’s subscribed to.
  4. To prove that the data and its origin were not tampered with during the delivery process, the subscriber can check the hash of data on the blockchain (e.g., by calling the contract on the blockchain and ensuring that the hash of data it received exists on the blockchain).

By trusting the blockchain, which can be any public blockchain (e.g., Bitcoin’s blockchain),  we can be sure of the authenticity of the data we receive and also ensure data provenance and non-repudiation.

Figure 1

Figure 1:  Federated Broker Model


Figure 1

Figure 2: Blockchain Augmented Broker Model

IV. Conclusion

Maintaining privacy between publishers and subscribers that rely on a third-party (i.e., brokers) is crucial in Smart City services. Our proposed model prevents brokers from infringing on the privacy of the publishers and the subscribers. Furthermore, by augmenting our model with blockchain, we ensure data provenance and non-repudiation.



[1] E. Onica, P. Felber, H. Mercier, and E. Rivière, “Confidentiality-Preserving Publish/Subscribe: A Survey,” ACM Comput. Surv., Vol. 49, No. 2, pp. 27:1–27:43, Jun. 2016.

[2] G. Di Crescenzo, B. Coan, J. Schultz, S. Tsang, and R. N. Wright, “Privacy-preserving publish/subscribe: Efficient protocols in a distributed model,” in Data Privacy Management and Autonomous Spontaneous Security, J. Garcia-Alfaro, G. Lioudakis, N. Cuppens-Boulahia, S. Foley, and W. M. Fitzgerald, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2014, pp. 114–132.

[3] S. Kraijak and P. Tuwanut, “A survey on internet of things architecture, protocols, possible applications, security, privacy, real-world implementation and future trends,” in 2015 IEEE 16th International Conference on Communication Technology (ICCT), Oct. 2015, pp. 26–31.

[4] P. Fremantle and B. Aziz, “Oauthing: Privacy-enhancing federation for the internet of things,” in 2016 Cloudification of the Internet of Things (CIoT), Nov. 2016, pp. 1–6.

[5] S. Shin, K. Kobara, C.-C. Chuang, and W. Huang, “A security framework for mqtt,” in 2016 IEEE Conference on Communications and Network Security (CNS), Oct. 2016, pp. 432–436.

[6] R. G. Hollands, “Will the real smart city please stand up?” City, Vol. 12, No. 3, pp. 303–320, Dec. 2008.

[7] A. Cocchia, “Smart and Digital City: A Systematic Literature Review,” in Smart City: How to Create Public and Economic Value with High Technology in Urban Space: Springer International Publishing, 2014, pp. 13–43.

[8] Y. Gilad, R. Hemo, S. Micali, G. Vlachos, and N. Zeldovich, “Algorand: Scaling Byzantine Agreements for Cryptocurrencies,” in Proceedings of the 26th Symposium on Operating Systems Principles, New York, NY, USA, 2017, pp. 51–68.



Sayed Jahed HussiniSayed Jahed Hussini is a Ph.D. student at the Computer Science Department of Western Michigan University since 2014. He received his M.S. degree in Computer Science from the Technical University of Berlin in 2010. Prior to that, he received his B.S. degree from the Chemical Engineering Department at Balkh University.




Ala Al-FuqahaAla Al-Fuqaha (S’00-M’04-SM’09) received Ph.D. degree in Computer Engineering and Networking from the University of Missouri-Kansas City, Kansas City, MO, USA, in 2004. His research interests include the use of machine learning in general and deep learning in particular in support of the data-driven and self-driven management of large-scale deployments of IoT and smart city infrastructure and services, Wireless Vehicular Networks (VANETs), cooperation and spectrum access etiquette in cognitive radio networks, and management and planning of software defined networks (SDN). He is a senior member of the IEEE and an ABET Program Evaluator (PEV). He serves on editorial boards and technical program committees of multiple international journals and conferences.



Zheng YanZheng Yan is currently a full professor at the Xidian University, China and a visiting professor and Finnish academy research fellow at the Aalto University, Finland. She received the Doctor of Science in Technology from the Helsinki University of Technology, Finland. She authored and co-authored about 200 peer-reviewed articles, 8 conference proceedings and solely authored two books. She is an inventor of 60+ granted patents and PCT patents, all of them were adopted or purchased by industry. Some of her granted patents are applied in international standards. She has given 20 keynotes and invited talks in international conferences and universities. Her research interests are in trust, security and privacy; data mining; mobile applications and services; social networking and cloud computing. Prof. Yan serves as an organizational and technical committee member for more than 80 international conferences and workshops. She is an associate editor of IEEE IoT Journal, Information Fusion, Information Sciences, IEEE Access, JNCA, Soft Computing, IEEE Blockchain Technical Briefs, Security and Communication Networks, etc. and a special issue leading guest editor of ACM TOMM, Future Generation Computer Systems, Computers & Security, IJCS, MONET, IEEE Systems Journal, etc. She is a founder steering committee co-chair of IEEE Blockchain conference. She is organizing and has organized 10+ conferences, such as IEEE Blockchain 2018, NSS/ICA3PP/IEEE CIT2017, IEEE TrustCom/BigDataSE/ISPA-2015, IEEE CIT2014, etc. Her recent awards include a number of Outstanding Leadership Awards for the IEEE conference organization; the 2017 IEEE ComSoc TCBD Best Journal Paper Award; Outstanding Associate Editor of 2017 for IEEE Access; EU Eureka Excellence Award (2017); Best Individual of Shaanxi Province from Abroad (2014), “100 Expert Plan” winner of Shaanxi Province, China (2011); Sisu Award of Nokia Research Center (2010); EU ITEA Bronze Achievement Award (2008). She is a senior member of IEEE.