The existing identity authentication of IoT devices mostly depends on an intermediary institution, i.e., a CA server, which suffers from the single-point-failure attack. Even worse, the critical data of authenticated devices can be tampered by inner attacks without being identified. To address these issues, we utilize blockchain technology, which serves as a secure tamper-proof distributed ledger to IoT devices. In the proposed method, we assign a unique ID for each individual device and record them into the blockchain, so that they can authenticate each other without a central authority. We also design a data protection mechanism by hashing significant data (i.e. firmware) into the blockchain where any state changes of the data can be detected immediately. Finally, we implement a prototype based on an open source blockchain platform Hyperledger Fabric to verify the proposed system.