Fei Tong,Xing Chen,Cheng Huang,Yujian Zhang,Xuemin Shen

DOI: https://doi.org/10.1109/JIOT.2022.3229676

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Multidomain Internet of Things (IoT) is faced with serious domain interoperability (DI) and compatibility issues since different intradomain authorization and authentication (A&A) mechanisms are deployed without the consideration of interdomain A&A. This article proposes a blockchain-assisted scheme to achieve flexible intra- and inter-domain A&A simultaneously and seamlessly. Specifically, we first design a contract-based mutual access control agreement on top of a consortium blockchain, where domain managers can manage their access permission without any trusted parties. Based on the agreement, a secure and privacy-preserving authentication protocol is further proposed by tailoring one-out-of-many proof techniques, which enables IoT devices to anonymously access authorized IoT domains. We additionally design a voting-based protocol by using a threshold-based cryptosystem. The protocol allows domain managers to transparently audit resource access with the assistance of the blockchain. Detailed security analysis demonstrates that the proposed scheme achieves the security properties, such as DI, privacy protection, and accountability. Finally, we develop two proof-of-concept prototypes in a physical testbed and virtual machine, respectively, based on an open-source blockchain platform to show our scheme's efficiency in terms of computation and communication overhead.

Meng Shen,Huisen Liu,Liehuang Zhu,Ke Xu,Hongbo Yu,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1109/jsac.2020.2980916

IF: 16.4

2020-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Industrial Internet of Things (IIoT) is considered as one of the most promising revolutionary technologies to prompt smart manufacturing and increase productivity. With manufacturing being more complicated and sophisticated, an entire manufacturing process usually involves several different administrative IoT domains (e.g., factories). Devices from different domains collaborate on the same task, which raises great security and privacy concerns about device-to-device communications. Existing authentication approaches may result in heavy key management overhead or rely on a trusted third party. Thus, security and privacy issues during communication remain unsolved but imperative. In this paper, we present an efficient blockchain-assisted secure device authentication mechanism BASA for cross-domain IIoT. Specifically, consortium blockchain is introduced to construct trust among different domains. Identity-based signature (IBS) is exploited during the authentication process. To preserve the privacy of devices, we design an identity management mechanism, which can realize that devices being authenticated remain anonymous. Besides, session keys between two parties are negotiated, which can secure the subsequent communications. Extensive experiments have been conducted to show the effectiveness and efficiency of the proposed mechanism.

Kexian Liu,Jianfeng Guan,Xiaolong Hu,Jianli Liu,Hongke Zhang

2024-11-14

Abstract:The growing complexity of Internet of Things (IoT) environments, particularly in cross-domain data sharing, presents significant security challenges. Existing data-sharing schemes often rely on computationally expensive cryptographic operations and centralized key management, limiting their effectiveness for resource-constrained devices. To address these issues, we propose an efficient, secure blockchain-based data-sharing scheme. First, our scheme adopts a distributed key generation method, which avoids single point of failure. This method also allows independent pseudonym generation and key updates, enhancing authentication flexibility while reducing computational overhead. Additionally, the scheme provides a complete data-sharing process, covering data uploading, storage, and sharing, while ensuring data traceability, integrity, and privacy. Security analysis shows that the proposed scheme is theoretically secure and resistant to various attacks, while performance evaluations demonstrate lower computational and communication overhead compared to existing solutions, making it both secure and efficient for IoT applications.

Cryptography and Security

Libo Feng,Fei Qiu,Kai Hu,Bei Yu,Junyu Lin,Shaowen Yao

DOI: https://doi.org/10.1016/j.future.2024.04.042

IF: 7.307

2024-04-25

Future Generation Computer Systems

Abstract:Device management in the Industrial Internet of Things (IIoT) is complex, especially in a cross-domain context. Trust identity authentication between cross-domain devices is required when devices work together. Existing identity authentication methods can result in heavy key management overhead or be computationally demanding on the device. In this paper, we propose a cross-domain authentication scheme based on blockchain and certificateless signature that can be suitable for IIoT devices. First, smart contracts are used to complete trusted identity verification of devices, which reduces the computing overhead of IIoT devices. Second, a trust value-based access control method is proposed, which can quickly and timely identify malicious authentication and ensure the normal operation of the authentication system. Finally, the validity and safety of our proposed methods are proven by experiments. The experiment results showed that our methods can meet the needs in terms of IIoT device security and blockchain system output performance, and can achieve cross-domain authentication for IIoT devices.

computer science, theory & methods

Shuang Sun,Rong Du,Shudong Chen,Weiwei Li

DOI: https://doi.org/10.1109/access.2021.3059863

IF: 3.9

2021-01-01

IEEE Access

Abstract:Most IoT devices cannot afford to be a blockchain node due to the high computation and storage loads. Thus, the blockchain is usually deployed on one delegate node, e.g., the edge device or cloud, which may encounters three drawbacks: (1) The delegate node becomes the single failure point when the number of delegate notes are limited. (2) The delegate node replicating the blockchain data can lead to privacy information leak. (3) The delegate node is vulnerable to the Distributed Denial of Service (DDoS) attack. To tackle these drawbacks, we consider to minimize the redundant of blockchain to make the IoT devices as the specialized blockchain nodes. In this paper, we integrate a permissioned blockchain (HLF), an attribute-based access control (ABAC) and an identity-based signature (IBS) to build a security, lightweight, and cross-domain blockchain-based IoT access control system. Specifically, we divided the IoT system into different function domains, named IoT domains. Then, we establish a local blockchain ledger for each IoT domain to enable more IoT devices as blockchain nodes. The local blockchain ledger records the IoT domain entities' attributes, policy files' digests, and access decisions. Meanwhile, we use the channel technology of HLF to realize cross-domain access and use the IBS to filter the legal access requests for each IoT domain to prevent DDoS attacks. We also design a policy decision point (PDP) selection algorithm that select multiple IoT devices (blockchain nodes) to achieve the real-time distributed policy decisions (off-chain). Finally, we implement and evaluate the proposed system to demonstrate its practicality.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jingnan Dong,Guangxia Xu,Chuang Ma,Jun Liu,Uchani Gutierrez Omar Cliff

DOI: https://doi.org/10.1109/jiot.2023.3296506

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In Industrial Internet, mutual authentication between enterprises is a prerequisite for establishing reliable upstream and downstream relationships. Existing authentication methods suffer from complicated certificate management and key escrow problems. Moreover, many authentication mechanisms cannot resist common security attacks and have high computational overhead and communication costs. Therefore, this paper proposes a blockchain-based certificate-free cross-domain authentication mechanism for Industrial Internet. By establishing an Ethereum consortium blockchain as the trusted cornerstone among different regions, industrial enterprises in each region generate the user’s private key with the key generation center in the region, thus avoiding the key escrow problem. This consortium blockchain adopts the proof of authority consensus mechanism for scalability and throughput. Industrial enterprises in different regions invoke smart contracts and query other industrial enterprises for mutual authentication and key negotiation. SVO logic proves the proposed scheme achieves the intended authentication goal, and the automated formal verification tool Scyther proves the scheme’s security. In addition, compared with seven related schemes in the last three years, the experimental results show that the proposed scheme has low communication overhead and computational cost in the authentication key negotiation phase. The experiments on the Ethereum consortium blockchain built by Raspberry Pi prove the effectiveness of the proposed scheme. Finally, the comparative analysis of common security properties proves the reliability of the scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yan Zhang,Bing Li,Jiaxin Wu,Bo Liu,Rui Chen,Jinke Chang

DOI: https://doi.org/10.1109/jiot.2022.3176192

IF: 10.6

2022-11-15

IEEE Internet of Things Journal

Abstract:Industrial Internet of Things (IIoT) has emerged as a prospective technology that improves the productivity and automation level for industrial applications. Devices from cooperative IIoT domains will communicate and collaborate on the increasingly complicated manufacturing tasks. To secure cross-domain device collaborations, we propose combining the blockchain with multifactor authentication. Because the multifactor authentication conforms to IIoT devices’ operation modes and brings higher security levels, and the blockchain technology contributes to building trust among different domains. However, this combined usage still has limitations in terms of the potential loss of factor attack, the storage overhead on the blockchain, and the contradiction between efficiency and privacy preservation. Motivated by these facts, in this article, we develop a privacy-preserving blockchain-based multifactor device authentication protocol for cross-domain IIoT. Specifically, multiple factors are additionally encoded by the hardware fingerprint into random numbers, before being transformed into key materials. The blockchain only stores each domain’s dynamic accumulator, which accumulates derived key materials for devices, thereby reducing the overhead. Moreover, the on-chain accumulator is leveraged to efficiently verify the unlinkable identities of cross-domain IIoT devices. The security of our protocol is formally proved, and the security features and functionalities are, respectively, discussed. A proof-of-concept prototype was implemented to prove the efficiency and reliability. The comparison results indicate that the on-chain storage is greatly reduced. Finally, the smart contract’s performance was evaluated to show scalability.

computer science, information systems,telecommunications,engineering, electrical & electronic

CHENG Guanjie,HUANG Zhengjie,DENG Shuiguang

DOI: https://doi.org/10.11959/j.issn.2096-3750.2020.00165

2020-01-01

Abstract:The popularity of smart devices has driven the development of the application of Internet of things (IoT) technology,and the resulting massive amount of IoT data has brought challenges to traditional centralized data management methods,such as performance,privacy,and security.Therefore,a data management framework of IoT based on blockchain and edge computing was proposed to support the distributed IoT data management.The distributed storage and access control could be provided by the framework for the IoT data.At the same time,a set of the built-in encryption scheme was designed to protect the data security and privacy and safeguard the data ownership.By introducing edge computing,the scalability bottleneck of the blockchain the system was relieved.The processes of data storage and data access based on this framework were given,and the algorithm of the system implementation based on the smart contract technology was explained in detail.Experiments show that the IoT data management system based on this framework outperforms the traditional cloud-based data management systems.

Fengting Luo,Ruwei Huang,Yuqi Xie

DOI: https://doi.org/10.1016/j.jksuci.2024.101946

IF: 9.006

2024-02-07

Journal of King Saud University - Computer and Information Sciences

Abstract:With the development of smart agricultural Internet of Things (IoT) projects, the need for extensive collaboration among agricultural devices from different domains has surged, necessitating the authentication of device identities for secure communication. Existing centralized architecture-dependent authentication mechanisms encounter issues like a sole point of failure and inefficiencies. Most authentication schemes are unable to support plentiful devices synchronously connecting to numerous data servers in other domains. To address these problems, we propose a many-to-many cross-domain authentication scheme based on the hybrid blockchain architecture for smart agriculture IoT networks. The scheme enables multiple devices simultaneously executing mutual authentication with several data service providers from other agricultural systems. This paper designs a groupable batch verification (GBV) algorithm that dynamically adjusts the batch size by performing group verification for a list of requests, enhancing the flexibility of cross-domain batch authentication. Furthermore, the proposed scheme provides a pseudonym update mechanism to protect the privacy of devices and guards services of different domains from illegal access by tracking malicious devices. The security analysis and performance evaluation demonstrate that the proposed scheme has superior security features and performance.

computer science, information systems

Jie Cui,Yihu Zhu,Hong Zhong,Qingyang Zhang,Chengjie Gu,Debiao He

DOI: https://doi.org/10.1109/jiot.2024.3351892

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Several studies have introduced edge computing and blockchain into the Industrial Internet of Things (IIoT) to satisfy the requirements of delay-sensitive applications and support cross-domain authentication. Although there have been many protocols to ensure the security and privacy of devices in the IIoT, existing protocols still suffer from problems. Updating keys and pseudonyms of devices by a trusted third party (e.g., certificate authority) will cause high communication and computation overhead, especially when the number of devices becomes much larger. Furthermore, an increasing number of transactions also cause high storage overhead on the blockchain. Therefore, we propose a blockchain-based cross-domain authentication protocol. Specifically, we propose a privacy-preserving method based on pseudonyms that offloads the task of generating pseudonyms from a trusted third party to edge servers to ensure the conditional anonymity of the devices. The device is allowed to request pseudonyms in bulk to reduce the number of transactions, thus reducing the storage overhead on the blockchain. Security analysis and experimental results demonstrate that our scheme achieves an efficient tradeoff between security and efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Lin Zhang,Hong Li,Limin Sun,Zhiqiang Shi,Yunhua He

DOI: https://doi.org/10.1109/pac.2017.28

2017-01-01

Abstract:User authentication in computer systems has been a cornerstone of computer security for decades. However, the existing user authentication schemes either require human cognitive ability to remember numerous complex id and password, or rely on a trusted third party which could fail due to technical failure or denial-of-service attacks. In this paper, we design a fully distributed user authentication framework with the blockchain technology. In our scheme, a user stores her identity in the blockchain, stores her encrypted personal information in a off-blockchain storage, and attaches a smart contract which grants different permissions to each website/application. When a user logs in a website/application, the service provider employs a challenge-response protocol to verify the identity of the user, and then retrieve the user's personal information from the off-blockchain storage.

Haoxiang Song,Zhe Tu,Yajuan Qin

DOI: https://doi.org/10.3390/s22218339

2022-10-30

Abstract:With the development of 5G and the Internet of things (IoT), the multi-domain access of massive devices brings serious data security and privacy issues. At the same time, most access systems lack the ability to identify network attacks and cannot adopt dynamic and timely defenses against various security threats. To this end, we propose a blockchain-based access control and behavior regulation system for IoT. Relying on the attribute-based access control model, this system deploys smart contracts on the blockchain to achieve distributed and fine-grained access control and ensures that the identity and authority of access users can be trusted. At the same time, an inter-domain communication mechanism is designed based on the locator/identifier separation protocol and ensures the traffic of access users are authorized. A feedback module that combines traffic detection and credit evaluation is proposed, ensuring real-time detection and fast, proactive responses against malicious behavior. Ultimately, all modules are linked together through workflows to form an integrated security model. Experiments and analysis show that the system can effectively provide comprehensive security protection in IoT scenarios.

Mingxin Ma,Guozhen Shi,Fenghua Li

DOI: https://doi.org/10.1109/access.2019.2904042

IF: 3.9

2019-01-01

IEEE Access

Abstract:The rapid development of the Internet of Things (IoT) and the explosive growth of valuable data produced by user equipment have led to strong demand for access control, especially hierarchical access control, which is performed from a group communication perspective. However, the key management strategies for such a future Internet are based mostly on a trusted third party that requires full trust of the key generation center (KGC) or central authority (CA). Recent studies indicate that centralized cloud centers will be unlikely to deliver satisfactory services to customers because we place too much trust in third parties; therefore, these centers do not apply to user privacy-oriented scenarios. This paper addresses these issues by proposing a novel blockchain-based distributed key management architecture (BDKMA) with fog computing to reduce latency and multiblockchains operated in the cloud to achieve cross-domain access. The proposed scheme utilizes blockchain technology to satisfy the decentralization, fine-grained auditability, high scalability, and extensibility requirements, as well as the privacy-preserving principles for hierarchical access control in IoT. We designed system operations methods and introduced different authorization assignment modes and group access patterns to reinforce the extensibility. We evaluated the performance of our proposed architecture and compared it with existing models using various performance measures. The simulation results show that the multiblockchain structure substantially improves system performance, and the scalability is excellent as the network size increases. Furthermore, dynamic transaction collection time adjustment enables the performance and system capacity to be optimized for various environments.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhong Cao,Xudong Wen,Shan Ai,Wenli Shang,Sha Huan

DOI: https://doi.org/10.1038/s41598-024-76065-x

IF: 4.6

2024-10-22

Scientific Reports

Abstract:The Industrial Internet of Things (IIoT) is recognized as one of the revolutionary technologies driving smart manufacturing and improving productivity. As manufacturing processes grow increasingly intricate, the entire manufacturing ecosystem encompasses multiple managed IoT domains. Within this highly interconnected environment, devices from diverse domains must collaborate, leading to considerable apprehensions about the security and privacy of device-to-device communications. Current authentication methods encounter several challenges. Traditional authentication schemes overly rely on trusted third parties, rendering them susceptible to external attacks or internal spoofing. This susceptibility gives rise to a range of security and privacy concerns. In response to these challenges, this paper aims to contribute to a more secure and efficient service scheme for smart factories by devising a blockchain-based distributed IoT architecture. The proposed scheme introduces a federated blockchain to establish trust among different domains, thereby enabling secure connections between devices in distinct domains. Through security analysis, it is proved that the proposed authentication scheme has integrity, mutual authentication, scalability, and resistance to four attacks. Furthermore, efficiency analysis experiments show that our scheme is feasible for smart factories, and as the number of peer nodes increases, the performance and efficiency of the blockchain network become better.

multidisciplinary sciences

Saeed Bamashmos,Naveen Chilamkurti,Ahmad Salehi Shahraki

DOI: https://doi.org/10.3390/s24113575

IF: 3.9

2024-06-02

Sensors

Abstract:Internet of Things (IoT) technology is evolving over the peak of smart infrastructure with the participation of IoT devices in a wide range of applications. Traditional IoT authentication methods are vulnerable to threats due to wireless data transmission. However, IoT devices are resource- and energy-constrained, so building lightweight security that provides stronger authentication is essential. This paper proposes a novel, two-layered multi-factor authentication (2L-MFA) framework using blockchain to enhance IoT devices and user security. The first level of authentication is for IoT devices, one that considers secret keys, geographical location, and physically unclonable function (PUF). Proof-of-authentication (PoAh) and elliptic curve Diffie–Hellman are followed for lightweight and low latency support. Second-level authentication for IoT users, which are sub-categorized into four levels, each defined by specific factors such as identity, password, and biometrics. The first level involves a matrix-based password; the second level utilizes the elliptic curve digital signature algorithm (ECDSA); and levels 3 and 4 are secured with iris and finger vein, providing comprehensive and robust authentication. We deployed fuzzy logic to validate the authentication and make the system more robust. The 2L-MFA model significantly improves performance, reducing registration, login, and authentication times by up to 25%, 50%, and 25%, respectively, facilitating quicker cloud access post-authentication and enhancing overall efficiency.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Huan Yang,Yajun Guo,Yimin Guo

DOI: https://doi.org/10.1016/j.comnet.2024.110240

IF: 5.493

2024-04-01

Computer Networks

Abstract:With the rapid development of IoT technology, smart homes have emerged. At the same time, data security and privacy protection are also of great concern. However, the traditional centralized authentication scheme has defects such as single point of failure, poor scalability, center dependence, vulnerability to attacks, etc., and is not suitable for the distributed and dynamically changing smart home environment. Thus, many researchers have proposed decentralized authentication schemes based on blockchain technology. Although many characteristics of blockchain technology such as decentralization, non-tampering, and solving single point of failure have good application scenarios in authentication, the mature integration of the two applications has to be further explored. For example, the introduction of blockchain also brings security issues; the balance between security and performance in most blockchain-based authentication schemes remains to be investigated; and resource-constrained IoT devices tend to perform a large number of intensive computations, which is clearly inappropriate. Consequently, this paper introduces fog computing in blockchain-based authentication schemes, proposes a network architecture in which cloud and fog computing work together, and investigates the security and performance issues of authentication schemes under this architecture. Finally, formal and informal security analysis show that our scheme has multiple security properties, and our scheme has better performance than existing solutions.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Chenglong Fu,Qiang Zeng,Xiaojiang Du

DOI: https://doi.org/10.48550/arXiv.1912.00264

2019-12-01

Abstract:The booming Internet of Things (IoT) market has drawn tremendous interest from cyber attackers. The centralized cloud-based IoT service architecture has serious limitations in terms of security, availability, and scalability, and is subject to single points of failure (SPOF). Recently, accommodating IoT services on blockchains has become a trend for better security, privacy, and reliability. However, blockchain's shortcomings of high cost, low throughput, and long latency make it unsuitable for IoT applications. In this paper, we take a retrospection of existing blockchain-based IoT solutions and propose a framework for efficient blockchain and IoT integration. Following the framework, we design a novel blockchain-assisted decentralized IoT remote accessing system, RS-IoT, which has the advantage of defending IoT devices against zero-day attacks without relying on any trusted third-party. By introducing incentives and penalties enforced by smart contracts, our work enables "an economic approach" to thwarting the majority of attackers who aim to achieve monetary gains. Our work presents an example of how blockchain can be used to ensure the fairness of service trading in a decentralized environment and punish misbehaviors objectively. We show the security of RS-IoT via detailed security analyses. Finally, we demonstrate its scalability, efficiency, and usability through a proof-of-concept implementation on the Ethereum testnet blockchain.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture

Anmulin Wu,Yajun Guo,Yimin Guo

DOI: https://doi.org/10.1007/s12083-022-01442-0

IF: 3.488

2023-05-07

Peer-to-Peer Networking and Applications

Abstract:Blockchain technology can provide excellent support for identity authentication and access control mechanisms. In particular, blockchain technology can ensure that large amounts of confidential data generated by the Internet of Vehicles devices are stored and transmitted in a safe and reliable environment, which is the key to making system services optimal. In addition, mobile edge computing is the best solution for IoV applications to deal with low latency and limited computing and storage capacity of vehicle-mounted devices. Mobile edge computing can help IoV systems achieve a variety of functions and features, the most important of which is the ability to process terminal data in real-time. Even though the amount of data generated by IoV devices is growing rapidly, the system is still characterized by low latency and high efficiency. Because the communication between IoV devices is carried out in an untrusted environment, it is particularly important to design a secure and effective identity authentication scheme. Therefore, this paper proposes an efficient, safe, and time-sensitive authentication mechanism for devices on the Internet of Vehicles, which applies to a large number of scenarios. The mechanism is based on the blockchain concept and mobile edge computing technology. Security analysis shows that the proposed scheme meets the security requirements of the Internet of Vehicles and is resistant to many known attacks. By comparing with existing advanced IoT authentication schemes, the performance evaluation of the mechanism shows that the scheme enhances security features while reducing computation and communication overhead.

computer science, information systems,telecommunications

Gholam Reza Zargar,Hamid Barati,Ali Barati

DOI: https://doi.org/10.1007/s10586-024-04565-6

2024-06-26

Cluster Computing

Abstract:The Internet of Things (IoT) is a network where physical objects with unique addresses can connect and communicate with each other through the Internet and telecommunications networks. However, the current methods of user authentication in this environment have limitations due to the need for a lightweight authentication process and limited resources. Therefore, this paper proposes a mutual authentication protocol for IoT that uses blockchain technology. The proposed protocol has a lightweight and secure architecture by using of Elliptic-Curve Cryptography and incorporates the AVISPA tool and BAN logic for formal/informal security analysis. Compared to previous protocols, this proposed protocol is more efficient in terms of communication and computation costs and is more resistant to various attacks.

computer science, information systems, theory & methods