Journal of the Association for Information Systems


An ever growing variety of smart, connected Internet of Things (IoT) devices poses completely new challenges for businesses regarding security and privacy. In fact, the adoption of smart products may depend on the ability of organizations to offer systems that ensure adequate sensor data integrity while guaranteeing sufficient user privacy. In light of these challenges, previous research indicates that blockchain technology could be a promising means to mitigate issues of data security arising in the IoT. Building upon the existing body of knowledge, we propose a design theory, including requirements, design principles, and features, for a blockchain-based sensor data protection system (SDPS) that leverages data certification. To support this, we designed and developed an instantiation of an SDPS (CertifiCar) in three iterative cycles intented to prevent the fraudulent manipulation of car mileage data. Following the explication of our SDPS, we provide an ex post evaluation of our design theory considering CertifiCar and two additional use cases in the areas of pharmaceutical supply chains and energy microgrids. Our results suggest that the proposed design ensures the tamper-resistant gathering, processing, and exchange of IoT sensor data in a privacy-preserving, scalable, and efficient manner.