Existing SSI frameworks centralize IoT credential issuance and revocation authority in a few trusted entities (e.g., manufacturers), hindering adaptability to dynamic, decentralized IoT ecosystems. To address this, we propose a blockchain-based self-sovereign identity framework that introduces endorsement-driven trust computation and a hierarchical trust chain mechanism, enabling any entity with a verifiable trust path to dynamically issue and revoke credentials. The framework leverages blockchain as a verifiable data registry and employs lightweight smart contracts for fully automated credential lifecycle management. Its hierarchical architecture supports efficient, dynamic trust establishment and maintenance on resource-constrained IoT devices. Prototype evaluation demonstrates that our approach achieves strong security guarantees while significantly reducing communication and computational overhead compared to baseline methods—achieving superior scalability and practicality for real-world IoT deployments.

Self-Sovereign Identity (SSI) offers significant potential for managing identities in the Internet of Things (IoT), enabling decentralized authentication and credential management without reliance on centralized entities. However, existing SSI frameworks often limit credential issuance and revocation to trusted entities, such as IoT manufacturers, which restricts flexibility in dynamic IoT ecosystems. In this paper, we propose a blockchain-based SSI framework that allows any individual with a verifiable trust linkage to act as a credential issuer, ensuring decentralized and scalable identity management. Our framework incorporates a layered architecture, where trust is dynamically established through endorsement-based calculations and maintained via a hierarchical chain-of-trust mechanism. Blockchain serves as the Verifiable Data Registry, ensuring transparency and immutability of identity operations, while smart contracts automate critical processes such as credential issuance, verification, and revocation. A proof-of-concept implementation demonstrates that the proposed framework is feasible and incurs minimal overheads compared to the baseline, making it well-suited for dynamic and resource-constrained IoT environments.