Guanjie Cheng,Yan Chen,Shuiguang Deng,Honghao Gao,Jianwei Yin

DOI: https://doi.org/10.1109/tcss.2021.3056540

2021-01-01

IEEE Transactions on Computational Social Systems

Abstract:With the ever-increasing requirements of delay-sensitive and mission-critical applications, it becomes a popular research trend to incorporate edge computing in the Internet of Things (IoT) to mitigate the pressure of traditional cloud-based IoT architecture. Edge computing delivers real-time computations and communications for IoT devices by leveraging edge servers deployed close to users, which creates a collaborative edge computing (CEC) paradigm. The capacity of edge servers is beneficial but risky, as vulnerable servers can be exploited to conduct surveillance or perform other nefarious activities. Besides, fake IoT devices would bring security threats and compromise the IoT system. This highlights the necessity of designing a secure and efficient mutual authentication scheme for CEC. In this direction, related works have proposed various authentication mechanisms, but most of them are found unfit due to the absence of decentralization, anonymity, and mobility. Motivated by this fact, we propose a blockchain-based mutual authentication scheme that bridges these gaps. Specifically, blockchain, certificateless cryptography, elliptic curve cryptography, and pseudonym-based cryptography are integrated into our scheme to provide mutual authentication between edge servers and IoT devices. Except for static conditions, both intraedge and interedge authentication are considered. Besides, we elaborate on the key generation procedures and design a session key negotiation mechanism. Extensive experiments and security analyses have been conducted to show the feasibility of the proposed scheme.

Wei Ren,Ruoting Xiong,Yizhi Liu,G. Min,Tianqing Zhu,Xiaohan Hao,K. Choo

DOI: https://doi.org/10.1109/TC.2022.3157996

IF: 3.183

2023-02-01

IEEE Transactions on Computers

Abstract:Internet-of-Things (IoT) are increasingly operating in the zero-trust environments where any devices and systems may be compromised and hence untrusted. In addition, data collected by and sent from IoT devices may be shared with and processed by edge computing systems, in order to reduce the reliance on centralized (cloud) servers, leading to further security and privacy issues. To cope with these challenges, this paper proposes an innovative blockchain-enabled information sharing solution in zero-trust context to guarantee anonymity yet entity authentication, data privacy yet data trustworthiness, and participant stimulation yet fairness. This new solution is able to support filtering of fabricated information through smart contracts, effective voting, and consensus mechanisms, which can prevent unauthenticated participants from sharing garbage information. We also prove that the proposed solution is secure in the universal composability framework, and further evaluate its performance over an Ethereum-based blockchain platform to demonstrate its utility.

Computer Science,Engineering

Jie Cui,Yihu Zhu,Hong Zhong,Qingyang Zhang,Chengjie Gu,Debiao He

DOI: https://doi.org/10.1109/jiot.2024.3351892

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Several studies have introduced edge computing and blockchain into the Industrial Internet of Things (IIoT) to satisfy the requirements of delay-sensitive applications and support cross-domain authentication. Although there have been many protocols to ensure the security and privacy of devices in the IIoT, existing protocols still suffer from problems. Updating keys and pseudonyms of devices by a trusted third party (e.g., certificate authority) will cause high communication and computation overhead, especially when the number of devices becomes much larger. Furthermore, an increasing number of transactions also cause high storage overhead on the blockchain. Therefore, we propose a blockchain-based cross-domain authentication protocol. Specifically, we propose a privacy-preserving method based on pseudonyms that offloads the task of generating pseudonyms from a trusted third party to edge servers to ensure the conditional anonymity of the devices. The device is allowed to request pseudonyms in bulk to reduce the number of transactions, thus reducing the storage overhead on the blockchain. Security analysis and experimental results demonstrate that our scheme achieves an efficient tradeoff between security and efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Min Guo,Dongjuan Ma,Feng Jing,Huiping Zheng,Xiaojie Liu,Penghui Liu,Yun Ju

DOI: https://doi.org/10.3233/jcm-226750

2023-05-13

Journal of Computational Methods in Sciences and Engineering

Abstract:In order to study the standard security access authentication mechanism of intelligent sensing terminals of massive power Internet of Things, In order to study the standard secure access authentication mechanism of intelligent sensing terminal of massive power Internet of Things, a new privacy protection method widely used in block chain is proposed to prove identity. The traditional power IoT cloud-side interaction security access MQTT protocol still has a lot of room for adaptation and optimization. First, the proposed non-interactive zero-knowledge proof identity authentication method reduces the time of traditional standard secure access authentication process; Second, it reduced the computing resources consumed in a large number of intelligent sensors access authentication. The comparison results show that, the access authentication time of this method is 30%∼50% less than that of the traditional secure access authentication process. The computing resources consumed during authentication are reduced by 20% to 30% compared with traditional security and secrecy mechanisms.

Jingnan Dong,Guangxia Xu,Chuang Ma,Jun Liu,Uchani Gutierrez Omar Cliff

DOI: https://doi.org/10.1109/jiot.2023.3296506

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In Industrial Internet, mutual authentication between enterprises is a prerequisite for establishing reliable upstream and downstream relationships. Existing authentication methods suffer from complicated certificate management and key escrow problems. Moreover, many authentication mechanisms cannot resist common security attacks and have high computational overhead and communication costs. Therefore, this paper proposes a blockchain-based certificate-free cross-domain authentication mechanism for Industrial Internet. By establishing an Ethereum consortium blockchain as the trusted cornerstone among different regions, industrial enterprises in each region generate the user’s private key with the key generation center in the region, thus avoiding the key escrow problem. This consortium blockchain adopts the proof of authority consensus mechanism for scalability and throughput. Industrial enterprises in different regions invoke smart contracts and query other industrial enterprises for mutual authentication and key negotiation. SVO logic proves the proposed scheme achieves the intended authentication goal, and the automated formal verification tool Scyther proves the scheme’s security. In addition, compared with seven related schemes in the last three years, the experimental results show that the proposed scheme has low communication overhead and computational cost in the authentication key negotiation phase. The experiments on the Ethereum consortium blockchain built by Raspberry Pi prove the effectiveness of the proposed scheme. Finally, the comparative analysis of common security properties proves the reliability of the scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yan Zhang,Bing Li,Bo Liu,Yuanyuan Hu,Haipeng Zheng

DOI: https://doi.org/10.1109/jiot.2021.3068410

IF: 10.6

2021-09-15

IEEE Internet of Things Journal

Abstract:The combination of the Internet of Things (IoT) and cloud-edge (CE) paradigm promises to be an efficient system to aggregate and further process huge volumes of data from IoT nodes. Physical unclonable functions (PUFs) emerge as a prospective primitive to provide IoT nodes with lightweight physical identities for authentication. However, when integrating PUFs into multiserver authentication protocols to improve security, the following problems occur: 1) the challenge–response pairs (CRPs) of PUFs generated by devices need to be explicitly stored by each edge server. This will cause the privacy leakage of CRPs; 2) the reliability is reduced resulting from the single point failure; and 3) existing PUFs-based authentication protocols would need to put great efforts into synchronizing CRPs, to ensure consistency in multiserver systems. To overcome these problems, in this article, we propose a privacy-aware authentication protocol for the multiserver CE-IoT systems by combining PUFs and the blockchain technique. The real correlations of CRPs are double encoded into mapping correlations (MCs) by a one-time physical identity and the keyed-hash function. The blockchain is leveraged to store MCs, synchronize them efficiently, and incorporate the multireceiver encryption to share the physical identity securely. The security of our protocol is formally proved by a random oracle model, and security features are discussed to show that our protocol resists various attacks. Moreover, a prototype was implemented to prove the efficiency of the protocol, and the comparison results present that our protocol accommodates CE-IoT systems. Finally, the simulation of the smart contract evaluates the scalability of our protocol.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wenlong Zhu,Changli Zhou,Linmei Jiang

DOI: https://doi.org/10.3390/electronics13061026

IF: 2.9

2024-03-09

Electronics

Abstract:With the rapid popularization of current Internet of Things (IoT) technology and 5G networks, as well as the continuous updating of new service lifestyles and businesses, the era of big data processing for the IoT has arrived. However, centralizing all data for processing in the cloud can lead to issues such as communication latency and privacy breaches. To solve these problems, edge computing, as a new network architecture close to terminal data sources and supporting low latency services, has gradually emerged. In this context, cloud edge collaborative computing has become an important network architecture. With the changing security requirements and communication methods of cloud edge collaborative network architecture, traditional authentication key agreement protocols are no longer applicable. Therefore, a new IoT authentication and key agreement protocol needs to be designed to solve this problem. This study proposes an IoT accessible solution for cloud edge collaboration. This scheme adopts a chaotic mapping algorithm to achieve efficient authentication. It ensures the anonymity and untraceability of users. Following this, we conducted strict security verification using BAN logic and Scyther tools. Through experimental comparative analysis, the research results show that the protocol performs better than other schemes while ensuring security. This indicates that the protocol can achieve efficient authentication and key negotiation in cloud edge collaborative network architecture, providing a secure and reliable solution for the accessibility of the IoT.

engineering, electrical & electronic,computer science, information systems,physics, applied

YANG Jinxiang,PENG Yonggang,CAI Tiantian,XI Wei,DENG Qingtang

DOI: https://doi.org/10.11930/j.issn.1004-9649.202204082

2023-01-01

Abstract:Edge computing effectively relieves the computing pressure of cloud platform and reduces the consumption of network transmission bandwidth, but it brings new security problems as well, the traditional authentication mechanism no longer applies to“cloud-edge-end” network architecture. We proposed a lightweight two-way authentication protocol based on cloud-edge collaboration. In view of the limited resources of massive power terminal, the protocol is only based on a Hash and XOR operation to achieve certification, so it reduces the pressure of terminal calculation and transmission bandwidth. Its security was successfully verified by AVISPA tool together with informal analysis. The analysis and simulation results show that the protocol can resist replay attack, impersonation attack and so on. In addition, the comparison with similar protocols shows that the protocol has less computation and communication overhead.

Saeed Bamashmos,Naveen Chilamkurti,Ahmad Salehi Shahraki

DOI: https://doi.org/10.3390/s24113575

IF: 3.9

2024-06-02

Sensors

Abstract:Internet of Things (IoT) technology is evolving over the peak of smart infrastructure with the participation of IoT devices in a wide range of applications. Traditional IoT authentication methods are vulnerable to threats due to wireless data transmission. However, IoT devices are resource- and energy-constrained, so building lightweight security that provides stronger authentication is essential. This paper proposes a novel, two-layered multi-factor authentication (2L-MFA) framework using blockchain to enhance IoT devices and user security. The first level of authentication is for IoT devices, one that considers secret keys, geographical location, and physically unclonable function (PUF). Proof-of-authentication (PoAh) and elliptic curve Diffie–Hellman are followed for lightweight and low latency support. Second-level authentication for IoT users, which are sub-categorized into four levels, each defined by specific factors such as identity, password, and biometrics. The first level involves a matrix-based password; the second level utilizes the elliptic curve digital signature algorithm (ECDSA); and levels 3 and 4 are secured with iris and finger vein, providing comprehensive and robust authentication. We deployed fuzzy logic to validate the authentication and make the system more robust. The 2L-MFA model significantly improves performance, reducing registration, login, and authentication times by up to 25%, 50%, and 25%, respectively, facilitating quicker cloud access post-authentication and enhancing overall efficiency.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zhong Cao,Xudong Wen,Shan Ai,Wenli Shang,Sha Huan

DOI: https://doi.org/10.1038/s41598-024-76065-x

IF: 4.6

2024-10-22

Scientific Reports

Abstract:The Industrial Internet of Things (IIoT) is recognized as one of the revolutionary technologies driving smart manufacturing and improving productivity. As manufacturing processes grow increasingly intricate, the entire manufacturing ecosystem encompasses multiple managed IoT domains. Within this highly interconnected environment, devices from diverse domains must collaborate, leading to considerable apprehensions about the security and privacy of device-to-device communications. Current authentication methods encounter several challenges. Traditional authentication schemes overly rely on trusted third parties, rendering them susceptible to external attacks or internal spoofing. This susceptibility gives rise to a range of security and privacy concerns. In response to these challenges, this paper aims to contribute to a more secure and efficient service scheme for smart factories by devising a blockchain-based distributed IoT architecture. The proposed scheme introduces a federated blockchain to establish trust among different domains, thereby enabling secure connections between devices in distinct domains. Through security analysis, it is proved that the proposed authentication scheme has integrity, mutual authentication, scalability, and resistance to four attacks. Furthermore, efficiency analysis experiments show that our scheme is feasible for smart factories, and as the number of peer nodes increases, the performance and efficiency of the blockchain network become better.

multidisciplinary sciences

Liu,Chai,Hui,Wu

DOI: https://doi.org/10.3390/electronics12010219

IF: 2.9

2023-01-02

Electronics

Abstract:Authentication is an important requirement for the security of edge computing applications. The existing authentication schemes either frequently rely on third-party trusted authorities, leading to the security risk of user information disclosure, or have high authentication overhead, causing certain pressure on the computation and communication of lightweight terminal equipment in the edge environment. In this paper, we proposed a blockchain-based anonymous authentication scheme for edge computing environments. We first designed a blockchain-based authentication architecture to store a small number of authentication elements in the blockchain network, and provide a decentralized and trusted authentication environment to ensure device anonymity and improve the security of authentication processes. Then, an elliptic cryptographic curve-based authentication scheme is proposed. It uses the chameleon hash function to dynamically generate the authentication data according to the elements stored in the blockchain and negotiate the session key, which effectively reduces the computational overhead in the authentication process. The experimental results show that the proposed scheme achieves a secure authentication process and effectively reduces the authentication overhead by up to 43.16% compared to three state-of-the-art schemes.

engineering, electrical & electronic,computer science, information systems,physics, applied

DOI: https://doi.org/10.1186/s13677-023-00411-z

2023-04-25

Journal of Cloud Computing

Abstract:With the introduction of emerging technologies such as cloud computing, the railway communication network has the characteristics of complex structure and blurred boundaries, which leads to a series of security threats including information leakage and malicious access. Specifically, the third-party cloud services are difficult to be supervised, and network traffic is untrustworthy. To ensure system security, we propose a zero-trust security model in this paper. Then, we introduce blockchain and Merkle tree to build a distributed identity storage scheme for guaranteeing reliable, confidential and efficient data updates, and improving authentication efficiency. Furthermore, the proxy was introduced for two-way authentication with cloud servers, so that internal and external threats could be counteracted. Moreover, reputation assessment mechanism has been adopted to reduce the possibility of nodes accessing malicious cloud services. Performance analysis demonstrated that the proposed security model is able to enhance the security, efficiency and stability of the system, and consequently can guarantee the safety and reliability of railway transportation.

Shiqiang Zhang,Yang Cao,Zhenhu Ning,Fei Xue,Dongzhi Cao,Yongli Yang

DOI: https://doi.org/10.3837/tiis.2020.09.003

2020-01-01

KSII Transactions on Internet and Information Systems

Abstract:Node identity authentication is an essential means to ensure the security of the Internet of Things. Existing blockchain-based IoT node authentication schemes have many problems. A heterogeneous IoT node authentication scheme based on an improved hybrid blockchain is proposed. Firstly, the hybrid blockchain model is designed to make the blockchain and IoT environment more compatible. Then the proxy node selection mechanism is intended to establish a bridge between the ordinary IoT node and the blockchain, building by calculating the trust value between nodes. Finally, based on the improved hybrid blockchain, the node authentication scheme of the model and proxy node selection mechanism establishes a secure connection for communication between nodes. Safety and performance analysis shows proper safety and performance.

Xianji Jin,Na Lin,Zhongwei Li,Wenqi Jiang,Yuge Jia,Qingyang Li

DOI: https://doi.org/10.1109/access.2024.3413853

IF: 3.9

2024-06-21

IEEE Access

Abstract:With the wide application of IoT technologies in the power sector, power IoT faces serious security challenges, which can be severely affected by malicious attacks and unauthorised access. Meanwhile, devices in power IoT are usually resource-constrained and deployed in a decentralised manner, making them vulnerable to physical attacks. Therefore, a robust and reliable lightweight authentication scheme needs to be constructed to guarantee its information security. A lightweight authentication scheme for the power IoT based on Physical Unclonable Function (PUF) and Chebyshev chaotic map is proposed in this paper, which achieves two-way authentication and session key negotiation between gateways and terminal devices. Comparing with traditional authentication schemes, the PUF and Chebyshev chaotic map used in this scheme have high security and lower resource overhead. PUF is used to generate Challenge and Response Pairs (CRPs) for two-way authentication and key negotiation without storing any secret information about authentication in the device memory. At the same time, Chebyshev chaotic map is used to protect the transmission of secret information such as CRPs in insecure channels. The solution is therefore resistant to attacks such as physical, machine learning modelling and impersonation, ensuring the information security of the authentication process. The proposed scheme is analyzed and verified using the formal verification tool ProVerif and improved BAN logic along with informal methods. The verification results show that the scheme satisfies 12 security properties such as two-way authentication and user anonymity. Comparative analysis with existing related authentication schemes shows that the proposed scheme has low computation and communication costs while guaranteeing security, thus rendering it suitable for resource-constrained terminal devices in the power IoT.

computer science, information systems,telecommunications,engineering, electrical & electronic

Gholam Reza Zargar,Hamid Barati,Ali Barati

DOI: https://doi.org/10.1007/s10586-024-04565-6

2024-06-26

Cluster Computing

Abstract:The Internet of Things (IoT) is a network where physical objects with unique addresses can connect and communicate with each other through the Internet and telecommunications networks. However, the current methods of user authentication in this environment have limitations due to the need for a lightweight authentication process and limited resources. Therefore, this paper proposes a mutual authentication protocol for IoT that uses blockchain technology. The proposed protocol has a lightweight and secure architecture by using of Elliptic-Curve Cryptography and incorporates the AVISPA tool and BAN logic for formal/informal security analysis. Compared to previous protocols, this proposed protocol is more efficient in terms of communication and computation costs and is more resistant to various attacks.

computer science, information systems, theory & methods

Xingxing Chen,Qingfeng Cheng,Weidong Yang,Xiangyang Luo

DOI: https://doi.org/10.1007/s11704-023-2595-x

IF: 2.6688

2024-01-23

Frontiers of Computer Science

Abstract:With the widespread use of network infrastructures such as 5G and low-power wide-area networks, a large number of the Internet of Things (IoT) device nodes are connected to the network, generating massive amounts of data. Therefore, it is a great challenge to achieve anonymous authentication of IoT nodes and secure data transmission. At present, blockchain technology is widely used in authentication and s data storage due to its decentralization and immutability. Recently, Fan et al. proposed a secure and efficient blockchain-based IoT authentication and data sharing scheme. We studied it as one of the state-of-the-art protocols and found that this scheme does not consider the resistance to ephemeral secret compromise attacks and the anonymity of IoT nodes. To overcome these security flaws, this paper proposes an enhanced authentication and data transmission scheme, which is verified by formal security proofs and informal security analysis. Furthermore, Scyther is applied to prove the security of the proposed scheme. Moreover, it is demonstrated that the proposed scheme achieves better performance in terms of communication and computational cost compared to other related schemes.

computer science, information systems, theory & methods, software engineering

Sunxuan Zhang,Zhao Wang,Zhenyu Zhou,Yang Wang,Hui Zhang,Geng Zhang,Huixia Ding,Shahid Mumtaz,Mohsen Guizani

DOI: https://doi.org/10.1109/mwc.010.2100491

IF: 12.777

2022-06-22

IEEE Wireless Communications

Abstract:Cloud-edge-end collaboration enables harmonious and efficient resource allocation for the Power Internet of Things (PIoT). However, the security and complexity issues of computation offloading evolve into the main obstacles. In this article, we first propose a blockchain and AI-based secure cloud-edge-end collaboration PIoT (BASE-PIoT) architecture to ensure data security and intelligent computation offloading. Its advantages in flexible resource allocation, secure data sharing, and differentiated service guarantee are elaborated. Then the adaptability of three typical blockchains with PIoT is analyzed, and some typical application scenes of BASE-PIoT including computation offloading, energy scheduling, and access authentication are illustrated. Finally, we propose a blockchain-empowered federated deep actor-critic-based task offloading algorithm to address the secure and low-latency computation offloading problem. The coupling between the long-term security constraint and short-term queuing delay optimization is decoupled by using Lyapunov optimization. Numerical results verify its excellent performance in total queuing delay and consensus delay.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Chenglong Fu,Qiang Zeng,Xiaojiang Du

DOI: https://doi.org/10.48550/arXiv.1912.00264

2019-12-01

Abstract:The booming Internet of Things (IoT) market has drawn tremendous interest from cyber attackers. The centralized cloud-based IoT service architecture has serious limitations in terms of security, availability, and scalability, and is subject to single points of failure (SPOF). Recently, accommodating IoT services on blockchains has become a trend for better security, privacy, and reliability. However, blockchain's shortcomings of high cost, low throughput, and long latency make it unsuitable for IoT applications. In this paper, we take a retrospection of existing blockchain-based IoT solutions and propose a framework for efficient blockchain and IoT integration. Following the framework, we design a novel blockchain-assisted decentralized IoT remote accessing system, RS-IoT, which has the advantage of defending IoT devices against zero-day attacks without relying on any trusted third-party. By introducing incentives and penalties enforced by smart contracts, our work enables "an economic approach" to thwarting the majority of attackers who aim to achieve monetary gains. Our work presents an example of how blockchain can be used to ensure the fairness of service trading in a decentralized environment and punish misbehaviors objectively. We show the security of RS-IoT via detailed security analyses. Finally, we demonstrate its scalability, efficiency, and usability through a proof-of-concept implementation on the Ethereum testnet blockchain.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture

Ge Zhao,Xiangrong Li,Hao Li

DOI: https://doi.org/10.4018/ijswis.341233

2024-03-26

International Journal on Semantic Web and Information Systems

Abstract:In edge computing scenarios, due to the wide distribution of devices, complex application environments, and limited computing and storage capabilities, their authentication and access control efficiency is low. To address the above issues, a secure trusted authentication scheme based on semantic Long Short-Term Memory (LSTM) and blockchain is proposed for IoT applications. The attribute-based access control model is optimized, combining blockchain technology with access control models, effectively improving the robustness and credibility of access control systems. Semantic LSTM is used to predict environmental attributes that can further restrict user access and dynamically meet the minimum permission granting requirements. Experiments show that when the number of certificates is 60, the computational overhead of the proposed method is only 203s, which is lower than other state-of-the-art methods. Therefore, the performance of the proposed schema in information security protection in IoT environments shows promise as a scalable authentication solution for IoT applications.

computer science, information systems, artificial intelligence

Yan Zhang,Bing Li,Jiaxin Wu,Bo Liu,Rui Chen,Jinke Chang

DOI: https://doi.org/10.1109/jiot.2022.3176192

IF: 10.6

2022-11-15

IEEE Internet of Things Journal

Abstract:Industrial Internet of Things (IIoT) has emerged as a prospective technology that improves the productivity and automation level for industrial applications. Devices from cooperative IIoT domains will communicate and collaborate on the increasingly complicated manufacturing tasks. To secure cross-domain device collaborations, we propose combining the blockchain with multifactor authentication. Because the multifactor authentication conforms to IIoT devices’ operation modes and brings higher security levels, and the blockchain technology contributes to building trust among different domains. However, this combined usage still has limitations in terms of the potential loss of factor attack, the storage overhead on the blockchain, and the contradiction between efficiency and privacy preservation. Motivated by these facts, in this article, we develop a privacy-preserving blockchain-based multifactor device authentication protocol for cross-domain IIoT. Specifically, multiple factors are additionally encoded by the hardware fingerprint into random numbers, before being transformed into key materials. The blockchain only stores each domain’s dynamic accumulator, which accumulates derived key materials for devices, thereby reducing the overhead. Moreover, the on-chain accumulator is leveraged to efficiently verify the unlinkable identities of cross-domain IIoT devices. The security of our protocol is formally proved, and the security features and functionalities are, respectively, discussed. A proof-of-concept prototype was implemented to prove the efficiency and reliability. The comparison results indicate that the on-chain storage is greatly reduced. Finally, the smart contract’s performance was evaluated to show scalability.

computer science, information systems,telecommunications,engineering, electrical & electronic