Guanjie Cheng,Yan Chen,Shuiguang Deng,Honghao Gao,Jianwei Yin

DOI: https://doi.org/10.1109/tcss.2021.3056540

2021-01-01

IEEE Transactions on Computational Social Systems

Abstract:With the ever-increasing requirements of delay-sensitive and mission-critical applications, it becomes a popular research trend to incorporate edge computing in the Internet of Things (IoT) to mitigate the pressure of traditional cloud-based IoT architecture. Edge computing delivers real-time computations and communications for IoT devices by leveraging edge servers deployed close to users, which creates a collaborative edge computing (CEC) paradigm. The capacity of edge servers is beneficial but risky, as vulnerable servers can be exploited to conduct surveillance or perform other nefarious activities. Besides, fake IoT devices would bring security threats and compromise the IoT system. This highlights the necessity of designing a secure and efficient mutual authentication scheme for CEC. In this direction, related works have proposed various authentication mechanisms, but most of them are found unfit due to the absence of decentralization, anonymity, and mobility. Motivated by this fact, we propose a blockchain-based mutual authentication scheme that bridges these gaps. Specifically, blockchain, certificateless cryptography, elliptic curve cryptography, and pseudonym-based cryptography are integrated into our scheme to provide mutual authentication between edge servers and IoT devices. Except for static conditions, both intraedge and interedge authentication are considered. Besides, we elaborate on the key generation procedures and design a session key negotiation mechanism. Extensive experiments and security analyses have been conducted to show the feasibility of the proposed scheme.

Deyu Luo,Qingqing Cai,Gang Sun,Hongfang Yu,Dusit Niyato

DOI: https://doi.org/10.1109/tnsm.2024.3379587

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:The rapid advancement of networking and manufacturing technologies has facilitated the proliferation of Internet of Things (IoT) devices connecting to networks. Just like humans, these devices, spanning various domains worldwide, necessitate interconnection. Therefore, cross domain identity authentication becomes crucial to ensure secure communication and mitigate cyber threats. Blockchain, as an emerging decentralized ledger technology, has garnered widespread attention due to its ability to effectively address the issue of single point of failure in traditional cross-domain identity authentication solutions. However, most cross-domain identity authentication solutions based on blockchain are limited by their reliance on existing single-chain blockchain architectures, which significantly restricts the performance of cross-domain authentication. In this paper, we present a split-chain based efficient authentication mechanism for cross-domain IoT. Specifically, we design an innovative split-chain blockchain structure that enhances the efficiency of authentication through parallelization. Additionally, we have developed a consensus algorithm that guarantees the security and fairness of the authentication system. Extensive experiments have been conducted to demonstrate that our scheme increases throughput by approximately 40% compared to MCCA, one of the most recent existing cross-domain solutions.

Sheng Hu

DOI: https://doi.org/10.1155/2023/5963039

IF: 1.938

2023-08-24

International Journal of Distributed Sensor Networks

Abstract:Data security and privacy protection are critical challenges that constrain the advancement of edge computing. Similarly, blockchain technology faces constraints in addressing security issues linked with edge computing due to its scalability limitations. To tackle these challenges and promote the development of blockchain technology, this paper presents a scheme that enhances privacy data protection in blockchain smart contracts using edge computing and a master-slave multichain architecture. Firstly, we propose a master-slave multichain architecture based on the traditional single chain and integrate it with a three-layer edge computing structure to address security issues on the edge side. We also design a signature authentication scheme utilizing ECC integrated with blockchain encryption technology. Secondly, we incorporate the role-based access control (RBAC) model with smart contracts to finely divide user privileges, construct an interdomain role-based access control (ID-RBAC) model, and provide detailed access authentication process designs for both within and between domains. Finally, experimental results demonstrate that our proposed scheme can effectively resist various attacks, significantly improve algorithm efficiency, and maintain a system overhead of less than 160 p, with a maximum transaction throughput of nearly 310 tx/s.

computer science, information systems,telecommunications

Yizhong Liu,Andi Liu,Yu Xia,Bin Hu,Jianwei Liu,Qianhong Wu,Prayag Tiwari

DOI: https://doi.org/10.1109/tnse.2023.3292624

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:With the emergence of the resource and equipment sharing concept, many enterprises and organizations begin to implement cross-domain sharing of devices, especially in the field of the Internet of Things (IoT). However, there are many problems in the cross-domain usage process of devices, such as access control, authentication, and privacy protection. In this paper, we make the following contributions. First, we propose a blockchain-based cross-domain authentication management system for IoT devices. The sensitive device information is stored in a Merkle tree structure where only the Merkle root is uploaded to the smart contract. Second, a detailed security and performance analysis is given. We prove that our system is secure against several potential security threats and satisfies validity and liveness. Compared to existing schemes, our schemes realize decentralization, privacy, scalability, fast off-chain authentication, and low on-chain storage. Third, we implement the system on Ethereum with varying parameters known as domain number, concurrent authentication request number, and Merkle tree leaf number. Experimental results show that our solution supports the management of millions of devices in a domain and can process more than 10,000 concurrent cross-domain authentication requests, consuming only 5531 ms. Meanwhile, the gas costs are shown to be acceptable.

Siwei Li,Hui Zhang,Hui Shi,Maode Ma,Cong Wang

DOI: https://doi.org/10.1007/s11227-024-06262-y

IF: 3.3

2024-06-04

The Journal of Supercomputing

Abstract:The distributed authentication of a large number of resource-constrained power terminal devices (PTDs) is crucial for ensuring the security of the power IoT communication. However, existing solutions are inadequate in terms of security (such as vulnerability to single point failures or insider attacks) and communication costs, which do not meet the requirements of the power IoT environment. Therefore, we propose a zero-trust-based mutual authentication scheme in cloud-edge-end collaboration power IoT environment based on blockchain technology. The proposed solution involves deploying a distributed multi-point zero-trust engine around dense PTDs to collect real-time identity information. Through the maintenance of an alliance blockchain, the edge server securely shares and traces identity information, preventing tampering and effectively blocking threats related to lost terminals during authentication. Additionally, a lightweight ECC key management scheme ensures the security of authentication information. The proposed scheme effectively defends against common attacks such as replay attacks and identity forgery attacks through informal security analysis, while its security is evaluated using the Canetti and Krawczyk (CK) adversary models. Performance evaluation results demonstrate that the proposed scheme achieves effectiveness without the compromising required security attributes, which obtains up to 58% improvement 58% improvement in computation delay and a 56.9% improvement in communication costs over previous state-of-the-art methods.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Jianli Pan,Jianyu Wang,Austin Hester,Ismail Alqerm,Yuanni Liu,Ying Zhao

DOI: https://doi.org/10.48550/arXiv.1806.06185

2018-06-16

Abstract:The emerging Internet of Things (IoT) is facing significant scalability and security challenges. On the one hand, IoT devices are "weak" and need external assistance. Edge computing provides a promising direction addressing the deficiency of centralized cloud computing in scaling massive number of devices. On the other hand, IoT devices are also relatively "vulnerable" facing malicious hackers due to resource constraints. The emerging blockchain and smart contracts technologies bring a series of new security features for IoT and edge computing. In this paper, to address the challenges, we design and prototype an edge-IoT framework named "EdgeChain" based on blockchain and smart contracts. The core idea is to integrate a permissioned blockchain and the internal currency or "coin" system to link the edge cloud resource pool with each IoT device' account and resource usage, and hence behavior of the IoT devices. EdgeChain uses a credit-based resource management system to control how much resource IoT devices can obtain from edge servers, based on pre-defined rules on priority, application types and past behaviors. Smart contracts are used to enforce the rules and policies to regulate the IoT device behavior in a non-deniable and automated manner. All the IoT activities and transactions are recorded into blockchain for secure data logging and auditing. We implement an EdgeChain prototype and conduct extensive experiments to evaluate the ideas. The results show that while gaining the security benefits of blockchain and smart contracts, the cost of integrating them into EdgeChain is within a reasonable and acceptable range.

Distributed, Parallel, and Cluster Computing,Cryptography and Security,Networking and Internet Architecture

Deyu Luo,Gang Sun,Hongfang Yu,Mohsen Guizani

DOI: https://doi.org/10.1109/jiot.2024.3486331

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:In the Internet of Things (IoT), blockchain-based cross-domain authentication schemes can effectively establish trust and share data across different administrative domainss. However, current blockchain-based cross-domain authentication solutions often overlook dynamic node participation challenges, which is crucial for the flexible IoT environment. In this study, we propose a blockchain-based cross-domain authentication scheme that supports dynamic node participation, allowing administrative domainss to freely join or leave under legal conditions. Firstly, we introduce an efficient blockchain-based cross-domain authentication framework. Secondly, we propose a blockchain consensus algorithm that supports dynamic node participation to serve the aforementioned framework. Specifically, inspired by the Transmission Control Protocol (TCP) protocol’s piggybacking strategy, this algorithm integrates the process of node joining and leaving into the regular consensus flow to enhance efficiency. To further improve the algorithm’s efficiency, we designed compressed block and parallel chain structures to increase bandwidth utilization and throughput. Detailed correctness proofs demonstrate the algorithm’s security. Extensive experiments have been conducted to show that our scheme increases throughput by approximately 8x compared to existing approaches.

Liu,Chai,Hui,Wu

DOI: https://doi.org/10.3390/electronics12010219

IF: 2.9

2023-01-02

Electronics

Abstract:Authentication is an important requirement for the security of edge computing applications. The existing authentication schemes either frequently rely on third-party trusted authorities, leading to the security risk of user information disclosure, or have high authentication overhead, causing certain pressure on the computation and communication of lightweight terminal equipment in the edge environment. In this paper, we proposed a blockchain-based anonymous authentication scheme for edge computing environments. We first designed a blockchain-based authentication architecture to store a small number of authentication elements in the blockchain network, and provide a decentralized and trusted authentication environment to ensure device anonymity and improve the security of authentication processes. Then, an elliptic cryptographic curve-based authentication scheme is proposed. It uses the chameleon hash function to dynamically generate the authentication data according to the elements stored in the blockchain and negotiate the session key, which effectively reduces the computational overhead in the authentication process. The experimental results show that the proposed scheme achieves a secure authentication process and effectively reduces the authentication overhead by up to 43.16% compared to three state-of-the-art schemes.

engineering, electrical & electronic,computer science, information systems,physics, applied

Xutong Jiang,Ruihan Dou,Qiang He,Xuyun Zhang,Wanchun Dou

DOI: https://doi.org/10.1002/spe.3206

2024-01-01

Abstract:Edge computing is regarded as an extension of cloud computing that brings computing and storage resources to the network edge. For some Industrial Internet of Things (IIoT) applications such as supply-chain supervision and collaboration, Internet of Vehicles, real-time video analysis and so forth, users should be authenticated before visiting the geographically distributed edge servers. Limited by the considerable latency between the cloud and edge servers, and the limited capacity of edge servers, it is infeasible to copy the authentication method from cloud servers when users are authenticated in edge servers. In view of this challenge, this paper proposes a novel token-based authentication scheme, named EdgeAuth, that enables fast edge user authentication through collaboration among cloud servers and edge servers. Under the EdgeAuth scheme, edge servers can rapidly verify the credentials of users who have been authenticated by the cloud server. EdgeAuth can also protect users from a series of authentication attacks, for example, the replay attack, DoS attack and man-in-the-middle attack. The results of experiments conducted on a simulated edge computing environment validate the usefulness of EdgeAuth through a comparison in latency and throughput against two baseline schemes.

Xutong Jiang,Guoming Zhang,Hao Tian,Haolong Xiang,Xuyun Zhang,Wanchun Dou

DOI: https://doi.org/10.1109/icpads60453.2023.00345

2023-01-01

Abstract:Edge computing has emerged as a transformative paradigm with applications ranging from IoT to smart homes and transportation systems. However, its decentralized nature presents significant challenges in securing sensitive data, particularly in scenarios involving data sharing. To address these issues, this paper introduces a secure data access control system for edge computing by leveraging blockchain to foster mutual trust among edge servers and employing attribute-based encryption for secure data sharing. Our proposed solution seeks to enhance data security in distributed environments. We validate our method through practical experiments conducted on multiple edge servers, confirming its effectiveness in safeguarding data integrity and privacy.

Yujian Zhang,Yuhao Luo,Xing Chen,Fei Tong,Yuwei Xu,Jun Tao,Guang Cheng

DOI: https://doi.org/10.1155/2022/9686049

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:Internet of Things (IoT) has been ubiquitous in both industrial and living areas, but also known for its weak security. Being as the first defense line against various cyberattacks, authentication is even more critical to IoT applications. Moreover, there has been a growing demand for cross-domain collaboration, leading to an increasing need for cross-domain authentication. Recently, certificate-based authentication schemes have been extensively studied. However, many of these schemes are not efficient in computation, storage, and communication, which are highly required in IoT. In this paper, we propose a lightweight authentication scheme based on consortium blockchain and design a cryptocurrency-like digital token to build trust. Furthermore, trust lifecycle management is performed by manipulating the amount of tokens. The comprehensive analysis and evaluation demonstrate that the proposed scheme is resistant to various common attacks and more efficient than competitor schemes in terms of storage, communication, and authentication cost.

Jie Cui,Yihu Zhu,Hong Zhong,Qingyang Zhang,Chengjie Gu,Debiao He

DOI: https://doi.org/10.1109/jiot.2024.3351892

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Several studies have introduced edge computing and blockchain into the Industrial Internet of Things (IIoT) to satisfy the requirements of delay-sensitive applications and support cross-domain authentication. Although there have been many protocols to ensure the security and privacy of devices in the IIoT, existing protocols still suffer from problems. Updating keys and pseudonyms of devices by a trusted third party (e.g., certificate authority) will cause high communication and computation overhead, especially when the number of devices becomes much larger. Furthermore, an increasing number of transactions also cause high storage overhead on the blockchain. Therefore, we propose a blockchain-based cross-domain authentication protocol. Specifically, we propose a privacy-preserving method based on pseudonyms that offloads the task of generating pseudonyms from a trusted third party to edge servers to ensure the conditional anonymity of the devices. The device is allowed to request pseudonyms in bulk to reduce the number of transactions, thus reducing the storage overhead on the blockchain. Security analysis and experimental results demonstrate that our scheme achieves an efficient tradeoff between security and efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jingnan Dong,Guangxia Xu,Chuang Ma,Jun Liu,Uchani Gutierrez Omar Cliff

DOI: https://doi.org/10.1109/jiot.2023.3296506

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In Industrial Internet, mutual authentication between enterprises is a prerequisite for establishing reliable upstream and downstream relationships. Existing authentication methods suffer from complicated certificate management and key escrow problems. Moreover, many authentication mechanisms cannot resist common security attacks and have high computational overhead and communication costs. Therefore, this paper proposes a blockchain-based certificate-free cross-domain authentication mechanism for Industrial Internet. By establishing an Ethereum consortium blockchain as the trusted cornerstone among different regions, industrial enterprises in each region generate the user’s private key with the key generation center in the region, thus avoiding the key escrow problem. This consortium blockchain adopts the proof of authority consensus mechanism for scalability and throughput. Industrial enterprises in different regions invoke smart contracts and query other industrial enterprises for mutual authentication and key negotiation. SVO logic proves the proposed scheme achieves the intended authentication goal, and the automated formal verification tool Scyther proves the scheme’s security. In addition, compared with seven related schemes in the last three years, the experimental results show that the proposed scheme has low communication overhead and computational cost in the authentication key negotiation phase. The experiments on the Ethereum consortium blockchain built by Raspberry Pi prove the effectiveness of the proposed scheme. Finally, the comparative analysis of common security properties proves the reliability of the scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Libo Feng,Fei Qiu,Kai Hu,Bei Yu,Junyu Lin,Shaowen Yao

DOI: https://doi.org/10.1016/j.future.2024.04.042

IF: 7.307

2024-04-25

Future Generation Computer Systems

Abstract:Device management in the Industrial Internet of Things (IIoT) is complex, especially in a cross-domain context. Trust identity authentication between cross-domain devices is required when devices work together. Existing identity authentication methods can result in heavy key management overhead or be computationally demanding on the device. In this paper, we propose a cross-domain authentication scheme based on blockchain and certificateless signature that can be suitable for IIoT devices. First, smart contracts are used to complete trusted identity verification of devices, which reduces the computing overhead of IIoT devices. Second, a trust value-based access control method is proposed, which can quickly and timely identify malicious authentication and ensure the normal operation of the authentication system. Finally, the validity and safety of our proposed methods are proven by experiments. The experiment results showed that our methods can meet the needs in terms of IIoT device security and blockchain system output performance, and can achieve cross-domain authentication for IIoT devices.

computer science, theory & methods

Haipeng Sun,Yu'an Tan,Congwu Li,Lei,Qikun Zhang,Jingjing Hu

DOI: https://doi.org/10.1049/cje.2021.00.269

IF: 1.019

2022-01-01

Chinese Journal of Electronics

Abstract:Edge-cloud collaborative application scenario is more complex, it involves collaborative operations among different security domains, frequently accessing and exiting application system of mobile terminals. A cross-domain identity authentication protocol based on privacy protection is proposed. The main advantages of the protocol are as follows. 1) Self-certified key generation algorithm: the public/private key pair of the mobile terminal is generated by the terminal members themselves. It avoids security risks caused by third-party key distribution and key escrow; 2) Cross-domain identity authentication: the alliance keys are calculated among edge servers through blockchain technology. Cross-domain identity authentication is realized through the signature authentication of the alliance domain. The cross-domain authentication process is simple and efficient; 3) Revocability of identity authentication: When the mobile terminal has logged off or exited the system, the legal identity of the terminal in the system will also become invalid immediately, so as to ensure the forward and backward security of accessing system resources. Under the hardness assumption of discrete logarithm problem and computational Diffie-Hellman problem, the security of the protocol is proven, and the efficiency of the protocol is verified.

Deyu Luo,Youchi Zhang,Gang Sun,Hongfang Yu,Dusit Niyato

DOI: https://doi.org/10.1109/jiot.2024.3420719

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With the rapid emergence of Internet of Things (IoT) technology, cross-domain collaboration and information sharing among IoT devices have become increasingly critical. However, the security and privacy risks associated with cross-domain communication have also escalated. Establishing efficient and secure authentication mechanisms for cross-domain collaboration among IoT devices remains a complex challenge, particularly in the context of bandwidth-constrained wide-area networks. Most recent cross-domain authentication solutions rely heavily on emerging blockchain technology. However, in bandwidth-constrained scenarios, they may suffer from efficiency losses. Consequently, an effective resolution of cross-domain authentication issues in bandwidth-limited conditions has become a pressing concern. In this article, we introduce an efficient blockchain-assisted cross-domain authentication mechanism, named EBCA, designed for bandwidth-constrained wide area IoT networks. To enhance authentication efficiency, we design a highly efficient multiblockchain architecture, which optimally leverages the underlying network bandwidth, significantly improving throughput and reducing latency for cross-domain authentication. Additionally, threshold signatures are incorporated to minimize communication overhead, further enhancing authentication efficiency. Extensive experiments have been conducted to demonstrate the efficiency of our approach. Our scheme has been shown to increase throughput by approximately 34% when compared to existing methods.

Yizhong Liu,Xinxin Xing,Ziheng Tong,Xun Lin,Jing Chen,Zhenyu Guan,Qianhong Wu,Willy Susilo

DOI: https://doi.org/10.1109/tdsc.2023.3313799

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The cloud-edge-end architecture is suitable for many essential scenarios, such as 5 G, the Internet of Things (IoT), and mobile edge computing. Under this architecture, cross-domain and cross-layer data sharing is commonly in need. Considering cross-domain data sharing under the zero-trust model, where each entity does not trust the others, existing solutions have certain problems regarding security, fairness, scalability, and efficiency. Aiming at solving these issues, we conduct the following research. First, a new plaintext checkable encryption scheme is constructed, which can be used on lightweight IoT devices to verify the ciphertext validity sent by a data owner. Second, we propose a new multi-domain cloud-edge-end architecture based on sharding blockchains and design a cross-domain data sharing scheme under the partial trust model to achieve security, scalability, and high performance. Third, a cross-domain data sharing scheme under the zero trust model is further designed, which can ensure the fairness of both parties in data sharing. Fourth, we give a formal security definition and analysis of cross-domain data sharing. Fifth, we conduct a detailed theoretical analysis of the protocol and give an in-depth functional test and performance test, including the throughput and latency of data sharing policy registration and execution.

Baobao Chai,Jiguo Yu,Biwei Yan,Yong Yu,Shengling Wang

DOI: https://doi.org/10.1109/tnsm.2024.3385777

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:In the current hypergrowth phase of the Internet of Things, cross-domain data access becomes more and more frequently. Whereas, the lack of trust between domains makes cross-domain data access extremely hard. Traditional schemes typically depend on a third party to establish trust between data accessing entities, which can easily result in single point of failure. To conquer the aforementioned challenge, this paper proposes BSCDA, a blockchain-based cross-domain data access scheme designed to enable secure data transmission across domains. The decentralization, transparency, and anti-tampering features of blockchain perfectly solve the issue of single point of failure and foster trust among various domains. Specifically, a certificate management method is developed to address the certificate storage issue by leveraging a mapping table to store the revocation certificate index on the blockchain. This method not only ensures the verifiability of the certificate but also reduces the storage overhead. Additionally, a four-party key agreement mechanism is designed to guarantee the secure data transmission during the process of cross-domain data access. Security analysis prove the feasibility of our proposed scheme. Extensive experiments demonstrate the superiority of our scheme in cross-domain data access.

Ge Zhao,Xiangrong Li,Hao Li

DOI: https://doi.org/10.4018/ijswis.341233

2024-03-26

International Journal on Semantic Web and Information Systems

Abstract:In edge computing scenarios, due to the wide distribution of devices, complex application environments, and limited computing and storage capabilities, their authentication and access control efficiency is low. To address the above issues, a secure trusted authentication scheme based on semantic Long Short-Term Memory (LSTM) and blockchain is proposed for IoT applications. The attribute-based access control model is optimized, combining blockchain technology with access control models, effectively improving the robustness and credibility of access control systems. Semantic LSTM is used to predict environmental attributes that can further restrict user access and dynamically meet the minimum permission granting requirements. Experiments show that when the number of certificates is 60, the computational overhead of the proposed method is only 203s, which is lower than other state-of-the-art methods. Therefore, the performance of the proposed schema in information security protection in IoT environments shows promise as a scalable authentication solution for IoT applications.

computer science, information systems, artificial intelligence

Wenlong Zhu,Changli Zhou,Linmei Jiang

DOI: https://doi.org/10.3390/electronics13061026

IF: 2.9

2024-03-09

Electronics

Abstract:With the rapid popularization of current Internet of Things (IoT) technology and 5G networks, as well as the continuous updating of new service lifestyles and businesses, the era of big data processing for the IoT has arrived. However, centralizing all data for processing in the cloud can lead to issues such as communication latency and privacy breaches. To solve these problems, edge computing, as a new network architecture close to terminal data sources and supporting low latency services, has gradually emerged. In this context, cloud edge collaborative computing has become an important network architecture. With the changing security requirements and communication methods of cloud edge collaborative network architecture, traditional authentication key agreement protocols are no longer applicable. Therefore, a new IoT authentication and key agreement protocol needs to be designed to solve this problem. This study proposes an IoT accessible solution for cloud edge collaboration. This scheme adopts a chaotic mapping algorithm to achieve efficient authentication. It ensures the anonymity and untraceability of users. Following this, we conducted strict security verification using BAN logic and Scyther tools. Through experimental comparative analysis, the research results show that the protocol performs better than other schemes while ensuring security. This indicates that the protocol can achieve efficient authentication and key negotiation in cloud edge collaborative network architecture, providing a secure and reliable solution for the accessibility of the IoT.

engineering, electrical & electronic,computer science, information systems,physics, applied