Abstract: The proliferation of smart devices has led to a de-facto IoT architecture where devices are controlled by cloud operators. This, in turn, leads to a central point of failure where a hacked hub can lead to the failure of the entire system. In this paper, we outline OrbanHub, an alternate IoT architecture which rules out Byzantine behavior by centralized IoT controllers. OrbanHub works the same way as most IoT hubs, but instead of issuing commands to devices to perform their operations, OrbanHub issues proof-carrying statements that devices verify. To ensure that the hub cannot reissue valid commands, OrbanHub leverages hashchains to prove freshness. We demonstrate that, through the two techniques, OrbanHub cannot force devices to execute commands that are not authorized by the user’s control policies and provide a feasibility study of the architecture.