Shuang Sun,Rong Du,Shudong Chen,Weiwei Li

DOI: https://doi.org/10.1109/access.2021.3059863

IF: 3.9

2021-01-01

IEEE Access

Abstract:Most IoT devices cannot afford to be a blockchain node due to the high computation and storage loads. Thus, the blockchain is usually deployed on one delegate node, e.g., the edge device or cloud, which may encounters three drawbacks: (1) The delegate node becomes the single failure point when the number of delegate notes are limited. (2) The delegate node replicating the blockchain data can lead to privacy information leak. (3) The delegate node is vulnerable to the Distributed Denial of Service (DDoS) attack. To tackle these drawbacks, we consider to minimize the redundant of blockchain to make the IoT devices as the specialized blockchain nodes. In this paper, we integrate a permissioned blockchain (HLF), an attribute-based access control (ABAC) and an identity-based signature (IBS) to build a security, lightweight, and cross-domain blockchain-based IoT access control system. Specifically, we divided the IoT system into different function domains, named IoT domains. Then, we establish a local blockchain ledger for each IoT domain to enable more IoT devices as blockchain nodes. The local blockchain ledger records the IoT domain entities' attributes, policy files' digests, and access decisions. Meanwhile, we use the channel technology of HLF to realize cross-domain access and use the IBS to filter the legal access requests for each IoT domain to prevent DDoS attacks. We also design a policy decision point (PDP) selection algorithm that select multiple IoT devices (blockchain nodes) to achieve the real-time distributed policy decisions (off-chain). Finally, we implement and evaluate the proposed system to demonstrate its practicality.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yan Zhang,Bing Li,Jiaxin Wu,Bo Liu,Rui Chen,Jinke Chang

DOI: https://doi.org/10.1109/jiot.2022.3176192

IF: 10.6

2022-11-15

IEEE Internet of Things Journal

Abstract:Industrial Internet of Things (IIoT) has emerged as a prospective technology that improves the productivity and automation level for industrial applications. Devices from cooperative IIoT domains will communicate and collaborate on the increasingly complicated manufacturing tasks. To secure cross-domain device collaborations, we propose combining the blockchain with multifactor authentication. Because the multifactor authentication conforms to IIoT devices’ operation modes and brings higher security levels, and the blockchain technology contributes to building trust among different domains. However, this combined usage still has limitations in terms of the potential loss of factor attack, the storage overhead on the blockchain, and the contradiction between efficiency and privacy preservation. Motivated by these facts, in this article, we develop a privacy-preserving blockchain-based multifactor device authentication protocol for cross-domain IIoT. Specifically, multiple factors are additionally encoded by the hardware fingerprint into random numbers, before being transformed into key materials. The blockchain only stores each domain’s dynamic accumulator, which accumulates derived key materials for devices, thereby reducing the overhead. Moreover, the on-chain accumulator is leveraged to efficiently verify the unlinkable identities of cross-domain IIoT devices. The security of our protocol is formally proved, and the security features and functionalities are, respectively, discussed. A proof-of-concept prototype was implemented to prove the efficiency and reliability. The comparison results indicate that the on-chain storage is greatly reduced. Finally, the smart contract’s performance was evaluated to show scalability.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wei Tong,Xuewen Dong,Yulong Shen,Xiaohong Jiang,Zhiwei Zhang

DOI: https://doi.org/10.1016/j.future.2022.04.026

IF: 7.307

2022-01-01

Future Generation Computer Systems

Abstract:With the extensive application of the Internet of Things (IoT), multi-domain IoT appears as the additional coordination and control ability of IoT. However, the emerging multi-domain IoT suffers from some security challenges, such as insider threats and cross-domain data exchange issues. In this paper, we propose a data exchange model for the multi-domain IoT environment driven by blockchain, addressing expensive cross-domain access control and low data exchange throughput issues. At the core of this model is a chaincode-based cross-domain access control scheme and a domain-as-a-shard (DaaS) high parallel throughput optimization technology. In particular, the access control scheme is maintained by multiple blockchain nodes to ensure access control strategy distributed storage and data cross-domain controllability. The data in this model cannot be exchanged across domains until all nodes jointly verify that the access control strategy is valid. Moreover, the throughput optimization technology sets the IoT domain as the blockchain shard to process data exchange in parallel and scale up the throughput dramatically. In each shard, data exchange is processed in the form of the blockchain transaction independently to improve the transaction throughput of our model. Finally, security analysis proves that our model successfully ensures access control strategy non-repudiation and cross-domain data controllability. Extensive experiments on Hyperledger Fabric show that the transaction throughput of our model is nearly three times that of the original Fabric v1.4.

Haoxiang Song,Zhe Tu,Yajuan Qin

DOI: https://doi.org/10.3390/s22218339

2022-10-30

Abstract:With the development of 5G and the Internet of things (IoT), the multi-domain access of massive devices brings serious data security and privacy issues. At the same time, most access systems lack the ability to identify network attacks and cannot adopt dynamic and timely defenses against various security threats. To this end, we propose a blockchain-based access control and behavior regulation system for IoT. Relying on the attribute-based access control model, this system deploys smart contracts on the blockchain to achieve distributed and fine-grained access control and ensures that the identity and authority of access users can be trusted. At the same time, an inter-domain communication mechanism is designed based on the locator/identifier separation protocol and ensures the traffic of access users are authorized. A feedback module that combines traffic detection and credit evaluation is proposed, ensuring real-time detection and fast, proactive responses against malicious behavior. Ultimately, all modules are linked together through workflows to form an integrated security model. Experiments and analysis show that the system can effectively provide comprehensive security protection in IoT scenarios.

Peng Wang,Ning Xu,Haibin Zhang,Wen Sun,Abderrahim Benslimane

DOI: https://doi.org/10.1109/jiot.2021.3125091

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT), while providing comprehensive interconnection and ubiquitous services, poses security issues by enabling resources sharing among various devices from different untrusted authorities. Blockchain, as a distributed ledger, provides a traceable and verifiable platform to ensure the secure access control in IoT. The existing works based on blockchain may bring up intolerable computing overhead and delay to the lightweight IoT devices. In this article, we propose a dynamic and lightweight attribute-based access control framework for blockchain-empowered IoT, to achieve secure and fine-grained authorization. The proposed scheme allows access to resources by evaluating attributes, operations, and the environment relevant to a request. The access policy is executed through smart contract in blockchain for security and flexibility. To further adapt to IoT device constraints, we design a access control framework based on decentralized application (DApp), which can maintain tamper proof in a timely manner and be adapt to the delay-intolerant application. When delay-intolerant access is required, access can be allowed according to local replica of the blockchain, without a consensus of blockchain network. Considering the time-varying attributes of IoT devices, a trust management scheme is proposed based on the Markov chain to resist the security fluctuation caused by the vulnerability of IoT devices. In the experiments, we deploy our system prototype on Ethereum to evaluate the feasibility and effectiveness of the scheme. The results show the proposed scheme can achieve secure, high throughput, and flexible access control in IoT.

computer science, information systems,telecommunications,engineering, electrical & electronic

Meng Shen,Huisen Liu,Liehuang Zhu,Ke Xu,Hongbo Yu,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1109/jsac.2020.2980916

IF: 16.4

2020-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Industrial Internet of Things (IIoT) is considered as one of the most promising revolutionary technologies to prompt smart manufacturing and increase productivity. With manufacturing being more complicated and sophisticated, an entire manufacturing process usually involves several different administrative IoT domains (e.g., factories). Devices from different domains collaborate on the same task, which raises great security and privacy concerns about device-to-device communications. Existing authentication approaches may result in heavy key management overhead or rely on a trusted third party. Thus, security and privacy issues during communication remain unsolved but imperative. In this paper, we present an efficient blockchain-assisted secure device authentication mechanism BASA for cross-domain IIoT. Specifically, consortium blockchain is introduced to construct trust among different domains. Identity-based signature (IBS) is exploited during the authentication process. To preserve the privacy of devices, we design an identity management mechanism, which can realize that devices being authenticated remain anonymous. Besides, session keys between two parties are negotiated, which can secure the subsequent communications. Extensive experiments have been conducted to show the effectiveness and efficiency of the proposed mechanism.

Qinghua Gong,Jinnan Zhang,Zheng Wei,Xinmin Wang,Xia Zhang,Xin Yan,Yang Liu,Liming Dong

DOI: https://doi.org/10.3390/s24072267

IF: 3.9

2024-04-03

Sensors

Abstract:With the rapid growth of the Internet of Things (IoT), massive terminal devices are connected to the network, generating a large amount of IoT data. The reliable sharing of IoT data is crucial for fields such as smart home and healthcare, as it promotes the intelligence of the IoT and provides faster problem solutions. Traditional data sharing schemes usually rely on a trusted centralized server to achieve each attempted access from users to data, which faces serious challenges of a single point of failure, low reliability, and an opaque access process in current IoT environments. To address these disadvantages, we propose a secure and dynamic access control scheme for the IoT, named SDACS, which enables data owners to achieve decentralized and fine-grained access control in an auditable and reliable way. For access control, attribute-based control (ABAC), Hyperledger Fabric, and interplanetary file system (IPFS) were used, with four kinds of access control contracts deployed on blockchain to coordinate and implement access policies. Additionally, a lightweight, certificateless authentication protocol was proposed to minimize the disclosure of identity information and ensure the double-layer protection of data through secure off-chain identity authentication and message transmission. The experimental and theoretical analysis demonstrated that our scheme can maintain high throughput while achieving high security and stability in IoT data security sharing scenarios.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Libo Feng,Fei Qiu,Kai Hu,Bei Yu,Junyu Lin,Shaowen Yao

DOI: https://doi.org/10.1016/j.future.2024.04.042

IF: 7.307

2024-04-25

Future Generation Computer Systems

Abstract:Device management in the Industrial Internet of Things (IIoT) is complex, especially in a cross-domain context. Trust identity authentication between cross-domain devices is required when devices work together. Existing identity authentication methods can result in heavy key management overhead or be computationally demanding on the device. In this paper, we propose a cross-domain authentication scheme based on blockchain and certificateless signature that can be suitable for IIoT devices. First, smart contracts are used to complete trusted identity verification of devices, which reduces the computing overhead of IIoT devices. Second, a trust value-based access control method is proposed, which can quickly and timely identify malicious authentication and ensure the normal operation of the authentication system. Finally, the validity and safety of our proposed methods are proven by experiments. The experiment results showed that our methods can meet the needs in terms of IIoT device security and blockchain system output performance, and can achieve cross-domain authentication for IIoT devices.

computer science, theory & methods

Mingxin Ma,Guozhen Shi,Fenghua Li

DOI: https://doi.org/10.1109/access.2019.2904042

IF: 3.9

2019-01-01

IEEE Access

Abstract:The rapid development of the Internet of Things (IoT) and the explosive growth of valuable data produced by user equipment have led to strong demand for access control, especially hierarchical access control, which is performed from a group communication perspective. However, the key management strategies for such a future Internet are based mostly on a trusted third party that requires full trust of the key generation center (KGC) or central authority (CA). Recent studies indicate that centralized cloud centers will be unlikely to deliver satisfactory services to customers because we place too much trust in third parties; therefore, these centers do not apply to user privacy-oriented scenarios. This paper addresses these issues by proposing a novel blockchain-based distributed key management architecture (BDKMA) with fog computing to reduce latency and multiblockchains operated in the cloud to achieve cross-domain access. The proposed scheme utilizes blockchain technology to satisfy the decentralization, fine-grained auditability, high scalability, and extensibility requirements, as well as the privacy-preserving principles for hierarchical access control in IoT. We designed system operations methods and introduced different authorization assignment modes and group access patterns to reinforce the extensibility. We evaluated the performance of our proposed architecture and compared it with existing models using various performance measures. The simulation results show that the multiblockchain structure substantially improves system performance, and the scalability is excellent as the network size increases. Furthermore, dynamic transaction collection time adjustment enables the performance and system capacity to be optimized for various environments.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jingnan Dong,Guangxia Xu,Chuang Ma,Jun Liu,Uchani Gutierrez Omar Cliff

DOI: https://doi.org/10.1109/jiot.2023.3296506

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In Industrial Internet, mutual authentication between enterprises is a prerequisite for establishing reliable upstream and downstream relationships. Existing authentication methods suffer from complicated certificate management and key escrow problems. Moreover, many authentication mechanisms cannot resist common security attacks and have high computational overhead and communication costs. Therefore, this paper proposes a blockchain-based certificate-free cross-domain authentication mechanism for Industrial Internet. By establishing an Ethereum consortium blockchain as the trusted cornerstone among different regions, industrial enterprises in each region generate the user’s private key with the key generation center in the region, thus avoiding the key escrow problem. This consortium blockchain adopts the proof of authority consensus mechanism for scalability and throughput. Industrial enterprises in different regions invoke smart contracts and query other industrial enterprises for mutual authentication and key negotiation. SVO logic proves the proposed scheme achieves the intended authentication goal, and the automated formal verification tool Scyther proves the scheme’s security. In addition, compared with seven related schemes in the last three years, the experimental results show that the proposed scheme has low communication overhead and computational cost in the authentication key negotiation phase. The experiments on the Ethereum consortium blockchain built by Raspberry Pi prove the effectiveness of the proposed scheme. Finally, the comparative analysis of common security properties proves the reliability of the scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Avishaek Deep,Adolfo Perrusquía,Lamees Aljaburi,Saba Al-Rubaye,Weisi Guo

DOI: https://doi.org/10.1109/access.2024.3349955

IF: 3.9

2024-01-01

IEEE Access

Abstract:Internet of Things (IoT) is currently playing a major role in how intelligent devices are interconnected and deployed to automate services in transport and smart living sectors. However, IoT is facing challenges in terms of data protection and authentication due to the heterogeneous nature of IoT devices that do not exhibit a central authority. It is crucial to provide secure and trustworthy solutions for the increasing demands of decentralized IoT environments. To this end, this research proposes a novel integration of blockchain-technologies in IoT services to enhance security, data integrity, users privacy, system scalability and interoperability of devices. This is done by leveraging smart contracts to enforce authentication, access control and data exchange mechanisms for IoT devices. The proposed approach is verified by the construction and deployment of a smart contract over the Polygon blockchain network in a simulated real-world IoT scenario. The obtained results show that the proposed approach ensures fast and secure authentication in IoT networks by decreasing the risk of unauthorized access and data tampering.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kexian Liu,Jianfeng Guan,Xiaolong Hu,Jianli Liu,Hongke Zhang

2024-11-14

Abstract:The growing complexity of Internet of Things (IoT) environments, particularly in cross-domain data sharing, presents significant security challenges. Existing data-sharing schemes often rely on computationally expensive cryptographic operations and centralized key management, limiting their effectiveness for resource-constrained devices. To address these issues, we propose an efficient, secure blockchain-based data-sharing scheme. First, our scheme adopts a distributed key generation method, which avoids single point of failure. This method also allows independent pseudonym generation and key updates, enhancing authentication flexibility while reducing computational overhead. Additionally, the scheme provides a complete data-sharing process, covering data uploading, storage, and sharing, while ensuring data traceability, integrity, and privacy. Security analysis shows that the proposed scheme is theoretically secure and resistant to various attacks, while performance evaluations demonstrate lower computational and communication overhead compared to existing solutions, making it both secure and efficient for IoT applications.

Cryptography and Security

Chaosheng Feng,Bin Liu,Zhen Guo,Keping Yu,Zhiguang Qin,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/jiot.2021.3113321

IF: 10.6

2022-04-15

IEEE Internet of Things Journal

Abstract:While 5G can facilitate high-speed Internet access and make over-the-horizon control a reality for unmanned aerial vehicles (UAVs; also known as drones), there are also potential security and privacy considerations, for example, authentication among drones. Centralized authentication approaches not only suffer from a single point of failure but they are also incapable of cross-domain authentication. This complicates the cooperation of drones from different domains. To address these limitations, a blockchain-based cross-domain authentication scheme for intelligent 5G-enabled Internet of drones is proposed in this article. Our approach employs multiple signatures based on threshold sharing to build an identity federation for collaborative domains. This allows us to support domain joining and exiting. Reliable communication between cross-domain devices is achieved by utilizing smart contract for authentication. The session keys are negotiated to secure subsequent communication between two parties. Our security and performance evaluations show that the proposed scheme is resistant to common attacks targeting Internet of Things (IoT) devices (including drones), as well as demonstrating its effectiveness and efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jie Cui,Yihu Zhu,Hong Zhong,Qingyang Zhang,Chengjie Gu,Debiao He

DOI: https://doi.org/10.1109/jiot.2024.3351892

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Several studies have introduced edge computing and blockchain into the Industrial Internet of Things (IIoT) to satisfy the requirements of delay-sensitive applications and support cross-domain authentication. Although there have been many protocols to ensure the security and privacy of devices in the IIoT, existing protocols still suffer from problems. Updating keys and pseudonyms of devices by a trusted third party (e.g., certificate authority) will cause high communication and computation overhead, especially when the number of devices becomes much larger. Furthermore, an increasing number of transactions also cause high storage overhead on the blockchain. Therefore, we propose a blockchain-based cross-domain authentication protocol. Specifically, we propose a privacy-preserving method based on pseudonyms that offloads the task of generating pseudonyms from a trusted third party to edge servers to ensure the conditional anonymity of the devices. The device is allowed to request pseudonyms in bulk to reduce the number of transactions, thus reducing the storage overhead on the blockchain. Security analysis and experimental results demonstrate that our scheme achieves an efficient tradeoff between security and efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xingxing Chen,Qingfeng Cheng,Weidong Yang,Xiangyang Luo

DOI: https://doi.org/10.1007/s11704-023-2595-x

IF: 2.6688

2024-01-23

Frontiers of Computer Science

Abstract:With the widespread use of network infrastructures such as 5G and low-power wide-area networks, a large number of the Internet of Things (IoT) device nodes are connected to the network, generating massive amounts of data. Therefore, it is a great challenge to achieve anonymous authentication of IoT nodes and secure data transmission. At present, blockchain technology is widely used in authentication and s data storage due to its decentralization and immutability. Recently, Fan et al. proposed a secure and efficient blockchain-based IoT authentication and data sharing scheme. We studied it as one of the state-of-the-art protocols and found that this scheme does not consider the resistance to ephemeral secret compromise attacks and the anonymity of IoT nodes. To overcome these security flaws, this paper proposes an enhanced authentication and data transmission scheme, which is verified by formal security proofs and informal security analysis. Furthermore, Scyther is applied to prove the security of the proposed scheme. Moreover, it is demonstrated that the proposed scheme achieves better performance in terms of communication and computational cost compared to other related schemes.

computer science, information systems, theory & methods, software engineering

Li Yunliang,Du Zhiqiang,Fu Yanfang,Zheng Xianghan

DOI: https://doi.org/10.1016/j.pmcj.2024.101878

IF: 3.848

2024-01-08

Pervasive and Mobile Computing

Abstract:Numerous users from diverse domains access information and perform various operations in multi-domain environments. These users have complex permissions that increase the risk of identity falsification, unauthorized access, and privacy breaches during cross-domain interactions. Consequently, implementing an access control architecture to prevent users from engaging in illicit activities is imperative. This paper proposes a novel blockchain-based access control architecture for multi-domain environments. By integrating the multi-domain environment within a federated chain, the architecture utilizes Decentralized Identifiers (DIDs) for user identification and relies on public/secret key pairs for operational execution. Verifiable credentials are used to authorize permissions and release resources, thereby ensuring authentication and preventing tampering and forgery. In addition, the architecture automates the authorization and access control processes through smart contracts, thereby eliminating human intervention. Finally, we performed a simulation evaluation of the architecture. The most time-consuming process had a runtime of 1074 ms, primarily attributed to interactions with the blockchain. Concurrent testing revealed that with a concurrency level of 2000 demonstrated that the response times for read and write operations were maintained within 1000 ms and 4600 ms, respectively. In terms of storage efficiency, except for user registration, which incurred two gas charges, all the other processes required only one charge.

computer science, information systems,telecommunications

Chenglong Fu,Qiang Zeng,Xiaojiang Du

DOI: https://doi.org/10.48550/arXiv.1912.00264

2019-12-01

Abstract:The booming Internet of Things (IoT) market has drawn tremendous interest from cyber attackers. The centralized cloud-based IoT service architecture has serious limitations in terms of security, availability, and scalability, and is subject to single points of failure (SPOF). Recently, accommodating IoT services on blockchains has become a trend for better security, privacy, and reliability. However, blockchain's shortcomings of high cost, low throughput, and long latency make it unsuitable for IoT applications. In this paper, we take a retrospection of existing blockchain-based IoT solutions and propose a framework for efficient blockchain and IoT integration. Following the framework, we design a novel blockchain-assisted decentralized IoT remote accessing system, RS-IoT, which has the advantage of defending IoT devices against zero-day attacks without relying on any trusted third-party. By introducing incentives and penalties enforced by smart contracts, our work enables "an economic approach" to thwarting the majority of attackers who aim to achieve monetary gains. Our work presents an example of how blockchain can be used to ensure the fairness of service trading in a decentralized environment and punish misbehaviors objectively. We show the security of RS-IoT via detailed security analyses. Finally, we demonstrate its scalability, efficiency, and usability through a proof-of-concept implementation on the Ethereum testnet blockchain.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture

Wei Ren,Ruoting Xiong,Yizhi Liu,G. Min,Tianqing Zhu,Xiaohan Hao,K. Choo

DOI: https://doi.org/10.1109/TC.2022.3157996

IF: 3.183

2023-02-01

IEEE Transactions on Computers

Abstract:Internet-of-Things (IoT) are increasingly operating in the zero-trust environments where any devices and systems may be compromised and hence untrusted. In addition, data collected by and sent from IoT devices may be shared with and processed by edge computing systems, in order to reduce the reliance on centralized (cloud) servers, leading to further security and privacy issues. To cope with these challenges, this paper proposes an innovative blockchain-enabled information sharing solution in zero-trust context to guarantee anonymity yet entity authentication, data privacy yet data trustworthiness, and participant stimulation yet fairness. This new solution is able to support filtering of fabricated information through smart contracts, effective voting, and consensus mechanisms, which can prevent unauthenticated participants from sharing garbage information. We also prove that the proposed solution is secure in the universal composability framework, and further evaluate its performance over an Ethereum-based blockchain platform to demonstrate its utility.

Computer Science,Engineering

Gholam Reza Zargar,Hamid Barati,Ali Barati

DOI: https://doi.org/10.1007/s10586-024-04565-6

2024-06-26

Cluster Computing

Abstract:The Internet of Things (IoT) is a network where physical objects with unique addresses can connect and communicate with each other through the Internet and telecommunications networks. However, the current methods of user authentication in this environment have limitations due to the need for a lightweight authentication process and limited resources. Therefore, this paper proposes a mutual authentication protocol for IoT that uses blockchain technology. The proposed protocol has a lightweight and secure architecture by using of Elliptic-Curve Cryptography and incorporates the AVISPA tool and BAN logic for formal/informal security analysis. Compared to previous protocols, this proposed protocol is more efficient in terms of communication and computation costs and is more resistant to various attacks.

computer science, information systems, theory & methods