{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,8]],"date-time":"2026-02-08T19:48:46Z","timestamp":1770580126973,"version":"3.49.0"},"reference-count":53,"publisher":"MDPI AG","issue":"16","license":[{"start":{"date-parts":[[2021,8,12]],"date-time":"2021-08-12T00:00:00Z","timestamp":1628726400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Elkartek program of the Basque Government","award":["KK-2020-00054"],"award-info":[{"award-number":["KK-2020-00054"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Security is the main challenge of the Modbus IIoT protocol. The systems designed to provide security involve solutions that manage identity based on a centralized approach by introducing a single point of failure and with an ad hoc model for an organization, which handicaps the solution scalability. Our manuscript proposes a solution based on self-sovereign identity over hyperledger fabric blockchain, promoting a decentralized identity from which both authentication and authorization are performed on-chain. The implementation of the system promotes not only Modbus security, but also aims to ensure the simplicity, compatibility and interoperability claimed by Modbus.<\/jats:p>","DOI":"10.3390\/s21165438","type":"journal-article","created":{"date-parts":[[2021,8,12]],"date-time":"2021-08-12T10:54:41Z","timestamp":1628765681000},"page":"5438","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["Modbus Access Control System Based on SSI over Hyperledger Fabric Blockchain"],"prefix":"10.3390","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5687-1927","authenticated-orcid":false,"given":"Santiago","family":"Figueroa-Lorenzo","sequence":"first","affiliation":[{"name":"CEIT-Basque Research and Technology Alliance (BRTA), Manuel Lardizabal 15, 20018 Donostia\/San Sebasti\u00e1n, Spain"},{"name":"School of Engineering, University of Navarra, Tecnun, Manuel Lardizabal 13, 20018 Donostia\/San Sebasti\u00e1n, Spain"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3799-1410","authenticated-orcid":false,"given":"Javier","family":"A\u00f1orga Benito","sequence":"additional","affiliation":[{"name":"CEIT-Basque Research and Technology Alliance (BRTA), Manuel Lardizabal 15, 20018 Donostia\/San Sebasti\u00e1n, Spain"},{"name":"School of Engineering, University of Navarra, Tecnun, Manuel Lardizabal 13, 20018 Donostia\/San Sebasti\u00e1n, Spain"}]},{"given":"Saioa","family":"Arrizabalaga","sequence":"additional","affiliation":[{"name":"CEIT-Basque Research and Technology Alliance (BRTA), Manuel Lardizabal 15, 20018 Donostia\/San Sebasti\u00e1n, Spain"},{"name":"School of Engineering, University of Navarra, Tecnun, Manuel Lardizabal 13, 20018 Donostia\/San Sebasti\u00e1n, Spain"}]}],"member":"1968","published-online":{"date-parts":[[2021,8,12]]},"reference":[{"key":"ref_1","first-page":"1","article-title":"A Survey of IIoT Protocols: A Measure of Vulnerability Risk Analysis Based on CVSS","volume":"53","author":"Arrizabalaga","year":"2020","journal-title":"ACM Comput. Surv."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Figueroa-Lorenzo, S., A\u00f1orga, J., and Arrizabalaga, S. (2019). A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach. Sensors, 19.","DOI":"10.3390\/s19204455"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Smith, S.W. (2012, January 16\u201320). Cryptographic scalability challenges in the smart grid (extended abstract). Proceedings of the 2012 IEEE PES Innovative Smart Grid Technologies (ISGT), Washington, DC, USA.","DOI":"10.1109\/ISGT.2012.6175564"},{"key":"ref_4","unstructured":"Slagell, A., Bonilla, R., and Yurcik, W. (2006, January 10\u201312). A survey of PKI components and scalability issues. Proceedings of the 2006 IEEE International Performance Computing and Communications Conference, Phoenix, AZ, USA."},{"key":"ref_5","unstructured":"(2021, July 22). The Weakest Link in the Chain: Vulnerabilities in the ssl Certificate Authority System and What Should Be Done about Them. Available online: https:\/\/www.accessnow.org\/cms\/assets\/uploads\/archive\/docs\/Weakest_Link_in_the_Chain.pdf."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"18207","DOI":"10.1109\/ACCESS.2020.2968492","article-title":"Fabric-iot: A Blockchain-Based Access Control System in IoT","volume":"8","author":"Liu","year":"2020","journal-title":"IEEE Access"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Figueroa Lorenzo, S., A\u00f1orga, J., and Arrizabalaga, S. (2019). An Attribute-Based Access Control Model in RFID Systems Based on Blockchain Decentralized Applications for Healthcare Environments. Computers, 8.","DOI":"10.3390\/computers8030057"},{"key":"ref_8","unstructured":"Vacca, J.R. (2017). Chapter 24-Information Security Essentials for Information Technology Managers: Protecting Mission-Critical Systems. Computer and Information Security Handbook, Morgan Kaufmann. [3rd ed.]."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Lesavre, L., Varin, P., Mell, P., Davidson, M., and Shook, J. (2019). A taxonomic approach to understanding emerging blockchain identity management systems. arXiv.","DOI":"10.6028\/NIST.CSWP.9"},{"key":"ref_10","unstructured":"Martinson, P. (2019). Estonia\u2014The Digital Republic Secured by Blockchain, PricewaterhouseCoopers."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"5428","DOI":"10.1109\/ACCESS.2020.3047902","article-title":"A Review of Distributed Access Control for Blockchain Systems Towards Securing the Internet of Things","volume":"9","author":"Butun","year":"2021","journal-title":"IEEE Access"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Naik, N., and Jenkins, P. (November, January 12). Governing Principles of Self-Sovereign Identity Applied to Blockchain Enabled Privacy Preserving Identity Management Systems. Proceedings of the 2020 IEEE International Symposium on Systems Engineering (ISSE), Vienna, Austria.","DOI":"10.1109\/ISSE49799.2020.9272212"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Bartolomeu, P.C., Vieira, E., Hosseini, S.M., and Ferreira, J. (2019, January 10\u201313). Self-Sovereign Identity: Use-cases, Technologies, and Challenges for Industrial IoT. Proceedings of the 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), Zaragoza, Spain.","DOI":"10.1109\/ETFA.2019.8869262"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Fedrecheski, G., Rabaey, J.M., Costa, L.C.P., Calcina Ccori, P.C., Pereira, W.T., and Zuffo, M.K. (2020, January 3). Self-sovereign identity for IoT environments: A perspective. Proceedings of the 2020 Global Internet of Things Summit (GIoTS), Dublin, Ireland.","DOI":"10.1109\/GIOTS49054.2020.9119664"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Kulabukhova, N., Ivashchenko, A., Tipikin, I., and Minin, I. (2019). Self-Sovereign Identity for IoT Devices. Computational Science and Its Applications\u2014ICCSA 2019, Springer.","DOI":"10.1007\/978-3-030-24296-1_37"},{"key":"ref_16","unstructured":"(2021, January 14). Self-Sovereign Identy and IoT. Available online: https:\/\/sovrin.org\/wp-content\/uploads\/SSI-and-IoT-whitepaper.pdf."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Gebresilassie, S.K., Rafferty, J., Morrow, P., Chen, L., Abu-Tair, M., and Cui, Z. (2020, January 2\u201316). Distributed, Secure, Self-Sovereign Identity for IoT Devices. Proceedings of the 2020 IEEE 6th World Forum on Internet of Things (WF-IoT), New Orleans, LA, USA.","DOI":"10.1109\/WF-IoT48130.2020.9221144"},{"key":"ref_18","unstructured":"Lin, Z., and Pearson, S. (2018). An Inside Look at Industrial Ethernet Communication Protocols Strategic Marketing Manager Texas Instruments Strategic Marketing Manager Texas Instruments, Texas Instruments. White Paper."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1016\/j.ijcip.2008.08.003","article-title":"Attack taxonomies for the Modbus protocols","volume":"1","author":"Huitsing","year":"2008","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_20","unstructured":"Allen, C. (2021, July 26). Self-Sovereign Identity: Ideology & Architecture. Available online: https:\/\/ssimeetup.org\/self-sovereign-identity-why-we-here-christopher-allen-webinar-51\/."},{"key":"ref_21","unstructured":"Allen, C. (2021, July 26). Self-Sovereign Identity Principles. Available online: https:\/\/github.com\/ChristopherA\/self-sovereign-identity\/blob\/master\/self-sovereign-identity-principles.md."},{"key":"ref_22","unstructured":"Sporny, M., Longley, D., and Chadwick, D. (2021, February 11). Verifiable Credentials Data Model 1.0. Available online: https:\/\/www.w3.org\/TR\/vc-data-model\/."},{"key":"ref_23","unstructured":"Reed, D., Sporny, M., Longley, D., Allen, C., Grant, R., and Sabadello, M. (2021, February 11). Decentralized Identifiers (DIDs) v1.0. Available online: https:\/\/www.w3.org\/TR\/did-core\/#method-schemes."},{"key":"ref_24","unstructured":"Khovratovich, D., and Law, J. (2016). Sovrin: Digital Identities in the Blockchain Era, Sovrin Foundation. Github Commit by jasonalaw."},{"key":"ref_25","unstructured":"Preukschat, A., and Reed, D. (2021). Self-Sovereign Identity Decentralized Digital Identity and Verifiable Credentials, Manning Publications Co.. [1st ed.]."},{"key":"ref_26","unstructured":"Linux Foundation (2021, January 14). Hyperledger-Fabricdocs Documentation, Release Master. Available online: https:\/\/hyperledger-fabric.readthedocs.io\/_\/downloads\/en\/release-2.2\/pdf\/."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Kinkelin, H., von Seck, R., Rudolf, C., and Carle, G. (2020, January 20\u201324). Hardening X.509 Certificate Issuance using Distributed Ledger Technology. Proceedings of the NOMS 2020-2020 IEEE\/IFIP Network Operations and Management Symposium, Budapest, Hungary.","DOI":"10.1109\/NOMS47738.2020.9110311"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Madala, D.S.V., Jhanwar, M.P., and Chattopadhyay, A. (2018, January 17\u201320). Certificate transparency using blockchain. Proceedings of the 2018 IEEE International Conference on Data Mining Workshops (ICDMW), Singapore.","DOI":"10.1109\/ICDMW.2018.00018"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"38431","DOI":"10.1109\/ACCESS.2019.2905846","article-title":"A Novel Attribute-Based Access Control Scheme Using Blockchain for IoT","volume":"7","author":"Ding","year":"2019","journal-title":"IEEE Access"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Figueroa, S., A\u00f1orga, J., Arrizabalaga, S., Irigoyen, I., and Monterde, M. (2019, January 24\u201326). An Attribute-Based Access Control using Chaincode in RFID Systems. Proceedings of the 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Canary Islands, Spain.","DOI":"10.1109\/NTMS.2019.8763824"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Terzi, S., Savvaidis, C., Votis, K., Tzovaras, D., and Stamelos, I. (2020, January 2\u20136). Securing Emission Data of Smart Vehicles with Blockchain and Self-Sovereign Identities. Proceedings of the 2020 IEEE International Conference on Blockchain (Blockchain), Rhodes, Greece.","DOI":"10.1109\/Blockchain50366.2020.00067"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Panait, A.E., Olimid, R.F., and Stefanescu, A. (2020). Analysis of uPort Open, an Identity Management Blockchain-Based Solution, Springer International Publishing.","DOI":"10.1007\/978-3-030-58986-8_1"},{"key":"ref_33","unstructured":"Shcherbakov, A. (2021, July 23). Understanding the Hyperledger Indy Distributed Ledger. Available online: https:\/\/wiki.hyperledger.org\/display\/RU\/Understanding+the+Hyperledger+Indy+Distributed+Ledger."},{"key":"ref_34","first-page":"15","article-title":"Empowering ISA95 compliant traditional and smart manufacturing systems with the blockchain technology","volume":"8","author":"Yalcinkaya","year":"2021","journal-title":"Manuf. Rev."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"102558","DOI":"10.1016\/j.ipm.2021.102558","article-title":"Methodological performance analysis applied to a novel IIoT access control system based on permissioned blockchain","volume":"58","author":"Arrizabalaga","year":"2021","journal-title":"Inf. Process. Manag."},{"key":"ref_36","unstructured":"Fabro, M., Gorski, E., and Spiers, N. (2016). Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies Industrial Control Systems Cyber Emergency Response Team."},{"key":"ref_37","unstructured":"Crocker, D., and Overell, P. (2008). Augmented BNF for Syntax Specifications: ABNF, RFC Editor. No. 5234."},{"key":"ref_38","unstructured":"Reed, D. (2021, February 11). Webinar: Decentralized Identifiers (DIDs) SSIMeetup Objectives. Available online: https:\/\/ssimeetup.org\/decentralized-identifiers-did-fundamental-block-self-sovereign-identity-drummond-reed-webinar-2\/."},{"key":"ref_39","unstructured":"(2018). Modbus\/TCP Security, Modbus Organization. Available online: https:\/\/modbus.org\/docs\/MB-TCP-Security-v21_2018-07-24.pdf."},{"key":"ref_40","unstructured":"Boeyen, S., Santesson, S., Polk, T., Housley, R., Farrell, S., and Cooper, D.I. (2021, March 02). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Available online: https:\/\/www.rfc-editor.org\/info\/rfc5280."},{"key":"ref_41","unstructured":"Modbus Organization (2012). Modbus Application Protocol Specification, Modbus Organization."},{"key":"ref_42","unstructured":"Peyrott, S. (2021, June 17). Machine to Machine Communications. Available online: https:\/\/auth0.com\/blog\/using-m2m-authorization\/."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Dierks, T., and Rescorla, E. (2018). The Transport Layer Security (TLS) Protocol Version 1.3, RFC Editor.","DOI":"10.17487\/RFC8446"},{"key":"ref_44","unstructured":"Baliga, A. (2021, March 02). The Nuts and Bolts of Decentralized Identity. Available online: https:\/\/aratibaliga.substack.com\/p\/the-nuts-and-bolts-of-decentralized."},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Naik, N., and Jenkins, P. (November, January 12). uPort Open-Source Identity Management System: An Assessment of Self-Sovereign Identity and User-Centric Data Platform Built on Blockchain. Proceedings of the 2020 IEEE International Symposium on Systems Engineering (ISSE), Vienna, Austria.","DOI":"10.1109\/ISSE49799.2020.9272223"},{"key":"ref_46","unstructured":"Enyeart, D. (2021, May 14). Hyperledger Fabric-SDK-Py. Available online: https:\/\/fabric-sdk-py.readthedocs.io\/en\/latest\/index.html."},{"key":"ref_47","unstructured":"The Python Software Foundation (2021, May 14). TLS\/SSL Wrapper for Socket Objects. Available online: https:\/\/docs.python.org\/3\/library\/ssl.html."},{"key":"ref_48","unstructured":"RiptideIO (2018). PyModbus-A Python Modbus Stack, GitHub."},{"key":"ref_49","unstructured":"Documentation Team (2018). Amazon Elastic Compute Cloud User Guide for Windows Instances, Samurai Media Limited."},{"key":"ref_50","unstructured":"Modbus, E. (2021, March 05). MGate MB3170\/MB3270 Series. Available online: https:\/\/www.moxa.com\/en\/products\/industrial-edge-connectivity\/protocol-gateways\/modbus-tcp-gateways\/mgate-mb3170-mb3270-series#overview."},{"key":"ref_51","unstructured":"Lincoln, N. (2021, March 05). Hyperledger Caliper. Available online: https:\/\/hyperledger.github.io\/caliper\/."},{"key":"ref_52","doi-asserted-by":"crossref","unstructured":"Thakkar, P., Nathan, S., and Viswanathan, B. (2018, January 25\u201328). Performance benchmarking and optimizing hyperledger fabric blockchain platform. Proceedings of the 2018 IEEE 26th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS), Milwaukee, WI, USA.","DOI":"10.1109\/MASCOTS.2018.00034"},{"key":"ref_53","unstructured":"Pfaff, O., and Kind, A. (2021, June 17). Does Industrial Asset Management Provide Good Use Cases for Verifiable Credentials and Distributed Ledgers? What Is an Industrial Automation Component?. Available online: https:\/\/hgf2021.sched.com\/event\/j3fM\/does-industrial-asset-management-provide-good-use-cases-for-verifiable-credentials-and-distributed-ledgers-oliver-pfaff-andreas-kind-siemens-ag."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/16\/5438\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T06:44:40Z","timestamp":1760165080000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/16\/5438"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,12]]},"references-count":53,"journal-issue":{"issue":"16","published-online":{"date-parts":[[2021,8]]}},"alternative-id":["s21165438"],"URL":"https:\/\/doi.org\/10.3390\/s21165438","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,8,12]]}}}