animprovedblockchain-basedauthenticationprotocolforiot … · 2020. 10. 28. · management hubs. is...

Research ArticleAn Improved Blockchain-Based Authentication Protocol for IoTNetwork Management

Mostafa Yavari 1 Masoumeh Safkhani 1 Saru Kumari 2 Sachin Kumar 3

and Chien-Ming Chen 4

1Computer Engineering Department Shahid Rajaee Teacher Training University Tehran Iran2Department of Mathematics Chaudhary Charan Singh University Meerut 250004 India3Department of Computer Science and Engineering Ajay Kumar Garg Engineering College Ghaziabad 201009 India4Shandong University of Science and Technology Qingdao Shandong China

Correspondence should be addressed to Chien-Ming Chen chienmingtaiwangmailcom

Received 19 July 2020 Revised 19 September 2020 Accepted 5 October 2020 Published 28 October 2020

Academic Editor Debiao He

Copyright copy 2020Mostafa Yavari et alis is an open access article distributed under the Creative CommonsAttribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

Communication security between IoT devices is a major concern in this area and the blockchain has raised hopes that thisconcern will be addressed In the blockchain concept the majority or even all network nodes check the validity and accuracy ofexchanged data before accepting and recording them whether this data is related to financial transactions or measurements of asensor or an authentication message In evaluating the validity of an exchanged data nodes must reach a consensus in order toperform a special action in which case the opportunity to enter and record transactions and unreliable interactions with thesystem is significantly reduced Recently in order to share and access management of IoT devices information with distributedattitude a new authentication protocol based on blockchain is proposed and it is claimed that this protocol satisfies user privacypreserving and security However in this paper we show that this protocol has security vulnerabilities against secret disclosurereplay traceability and Token reuse attacks with the success probability of 1 and constant complexity of also 1 We also proposedan improved blockchain-based authentication protocol (IBCbAP) that has security properties such as secure access managementand anonymity We implemented IBCbAP using JavaScript programming language and Ethereum local blockchain We alsoproved IBCbAPrsquos security both informally and formally through the Scyther tool Our comparisons showed that IBCbAP couldprovide suitable security along with reasonable cost

1 Introduction

With the advent of Internet of ings (IoT) technologies alarge number of intelligent devices have been developed andintegrated into daily life [1ndash5] By increasing number ofdevices and users current architecture and the communi-cation protocols (centralized system) cannot give enoughresponse to system requirements such as authenticationauthorization and access management Although securityand privacy are important issues in communication varioussolutions have been proposed for security and privacy inInternet of ings (IoT) networks [6ndash12] One of the im-portant solutions is use of distributed networks instead ofcentralized or decentralized networks [13ndash20] A new and

powerful distributed system is blockchain [21] which for thefirst time proposed by Satoshi Nakamoto Blockchain is atechnology comprising few old concepts such as the ledgerand the consensus (the agreement of members of a group onan issue) is technology combines these concepts with thehelp of a peer-to-peer network to access a distributed da-tabase with privacy preserving and security propertiesBlockchain has many security features such as integritydistribution and tamper-proofing In a blockchain networkall network members take part in the verification process ofinformation which takes part in the alternative role of thetrusted third party (TTP) on the system It is very difficult tomanipulate information because of public surveillance ofinformation Public surveillance is done by a method called

HindawiSecurity and Communication NetworksVolume 2020 Article ID 8836214 16 pageshttpsdoiorg10115520208836214

consensus that means 51 of network members need tocollaborate to unauthorized changes in the informationDistributing the role of the TTP among network membershas also reduced the likelihood of distributed denial ofservice (DDoS) attacks As a result system security is en-sured In contrast the processing amount and systemmessages sent to the members of each node in the networkare very high Also because of the transparency of all in-formation privacy preserving becomes difficult and newsolutions are needed and these solutions should not impedethe consensus process Another problem is its low scalabilitybecause of the fixed and unchangeable data and settingerefore the cost of changing some parts of the blockchainnetwork is much more than building a new network As aresult the cost of upgrading the system is very high

In this regard Cha et al in [22] have presented anauthentication scheme for the IoT using blockchainclaiming that their protocol has made it possible for users toaccess and manage IoT device information with privacy Infact they claimed that their protocol was able to establishuser privacy and trust in IoT applications In this paper weshow that the protocol designed by Cha et al has drawbacksthat make their design vulnerable to various attacks such assecret disclosure traceability replay and reuse of Tokenattacks which leads to loss of privacy and trust Securityanalysis of the Cha et alrsquos protocol before use prevents a lotof possible damage It also makes designers aware of sucherrors in protocol design and avoid repeating them in theirdesigns In this paper we also offer suggestions for trou-bleshooting this protocol Using these suggestions weprovide an improved version of the protocol in terms ofsecurity and cost which is called IBCbAP

11 Main Contribution e contributions of the paper areas follows

(1) Presenting security weaknesses of Cha et al block-chain-based authentication and secure managementof privacy preferences scheme

(2) Addressing security pitfalls of Cha et alrsquos schemeand proposing a new improved one called IBCbAP

(3) Formal and informal security analysis of IBCbAPFormal proofing is done using the Scyther tool

(4) Implementation of IBCbAP through JavaScriptlanguage and Ethereum local blockchain and con-sidering its functionality and correctness

12PaperOrganization We organize the rest of the paper asfollows In Section 2 we will look at related works on theblending of two technologies of blockchain and IoTand alsoprovide some explanations on their security requirementsand existing issues We review the Cha et alrsquos blockchain-based authentication protocol and describe its securitypitfalls in Sections 3 and 4 respectively In Section 5 wepropose a new improved protocol called IBCbAP and de-scribe its security and functionality features We analyze thesecurity and functionality of IBCbAP in Sections 6 and 7

respectively In Section 8 we compare the proposed protocolin terms of the type of blockchain used the implementationplatform and security features with other related authen-tication schemes in this area and at last Section 9 concludesthe paper with concluding remarks and suggestions forfuture works

2 Related Works and Preliminaries

is section addresses the important security requirementsfor access control systems in the IoT networks and brieflypresents a few related works Since we used the blockchain tostore critical information securely in our proposed protocolthe definition of blockchain technology and how it works arealso explained in this section Also we briefly explain thesmart contract and its usage in our proposed protocol Fi-nally we will talk about how the blockchain was used in therelated works

21 Blockchain Blockchain was proposed in 2008 by SatoshiNakamoto [21] Blockchain includes blocks where blocks areinterconnected like a chain Each block contains informationsuch as block number the hash of the previous block anonce and transaction information By storing the hash ofthe previous block in each block the chain will be formedis chain is called the ledger Figure 1 shows a simpleexample of the blockchain ledger Each node in the networkhas its ledger Blockchain uses consensus mechanisms[23 24] to verify the transaction and update the entireledger At the time of adding a new transaction in the ledgerall nodes in the network will check the correctness of theinformation and after approving will add the new trans-action to their ledger Each user subscribes to the network byregistering a pair of public and private keys on the networkis is done by recording a transaction Each userrsquos keys arestored in their wallet Miners created the blocks Miners arenodes in the network tasked with generating and approvingblocks to the blockchain To generate a block the corre-sponding node solves a difficult problem and the one whosolves the problem sooner registers its block in the block-chain Changing an approved block in the ledger is costlyand difficult ere are two types of blockchain public andprivate In a public blockchain anyone can participate in theblock generation and consensus process but in a privateblockchain only preapproved nodes can do this operationBitcoin [21] and Ethereum [25] are examples of the publictype and Hyperledger [26] is an example of the private typeblockchain

22 Smart Contract Smart contracts are executable codesand memories which are stored as transactions in theblockchain Smart contracts are executed by miners with afixed cost By knowing the transaction address it is possibleto call the smart contract for the network members Becauseblockchain is irremovable smart contracts can provide agreat deal of confidence One of the famous blockchainswhich is a smart contract provider is Ethereum [25] In theEthereum network any member can create a smart contract

2 Security and Communication Networks

and share it with anyone In this paper we use the testRPC[27] to implement the blockchain network is librarycreates a local Ethereum blockchain network

23 Related Work In the following we introduce severalrelated kinds of research which have tried to use blockchainrsquossecurity features such as distribution integrity and tamper-proof properties to create security and privacy in commu-nications protocols e first blockchain is provided byBitcoin [21] which stores financial transactions about coinsIn Bitcoin if the transactions change it can store identityinformation and access policies Ouaddah et al designed asystem to maintain privacy and security in a distributedmanner which is their main idea [28] A problem withOuaddah et alrsquos design is the high computational cost fornetwork members Novo [29] by decreasing of distributionhas attempted the computations to fit the resources of thedevices Novo separated the blockchain network from thegeneral network and communicates with the devices usingmanagement hubs is solution boosts performance andreduces distribution Compared to Ouaddah et alrsquos design itboosts computational power to devices and increases theprobability of distributed denial of service (DDoS) attacksIn Novorsquos protocol miners cannot be a member of thenetwork just cooperating to the blockchain network ehigh computational load results from the block generationprocess Using the lighter block generation process we canefficiently use the blockchain network in the Internet ofings (IoT) Dorri et al proposed a method for the blockgeneration process and consensus which is based on thelimitation of the number of blocks generated per unit timeper node [30] Dorri et al have claimed that the proposedmethod is scalable and provides a proportional computa-tional burden to network members In their scheme minersare members of the network and their number and mem-bership are changed based on few parameters Dorri et alused smart homes network scenario e interior man-agement of each home is done by a central point inside thehouse and it is described in [31] Lin et al by usingblockchain ABS (Attribute-Based Signature) and MRE(Multi-Receiver Encryption) have proposed a system formanaging industrial devices and data collection [32] In factLin et alrsquos protocol is presented for the development ofindustry V4 by blockchain e structure of Lin et alrsquosprotocol has five entities including terminals blockchaincloud industrial network and physical resources In thisscheme commands are stored by the terminals at block-chain e cloud and industrial network monitor theblockchain and find the commands and then perform the

operations Lin et al have used distributed reductions toadapt their protocol to IoT conditions

Hammi et al have proposed a system to authenticate andauthorize IoT devices that also meet security requirementssuch as confidentiality and integrityey based themain ideabehind their scheme on the use of blockchain security benefitsand the segmentation of system components into uniqueareas In these areas known as bubbles all members areallowed to communicate with their bubble members andidentify other bubble members as attackers ECDLP (EllipticCurve Discrete Logarithm Problem) based cryptography isused by Hammi et al is system has appeared in highlypractical results and the authors emphasized that they haveachieved very satisfactory results Xie et al in [33] used theblockchain to improve security and privacy on the Internet ofVehicles (IoV) and transportation systems using 5G-VANET[34] In Xie et alrsquos scheme all RSU (Road Side Unit-5G-StationndashVehicle) members are connected and controlled by acentral SDN (Software Defined Network) controller enumber of messages sent by any vehicle and the messageauthorization status are stored in the blockchain In thisscheme transactions are unchangeable and the vehiclescannot deny sending As a result as the error coefficient of avehicle increases the miners define more restrictions on thetransmission of the vehicle transaction which will increasesystemrsquos security In fact in their scheme vehicles with dataencryption protect privacy Huang et al have introduced asystem for controlling access to device resources according todevice policies in [35] e overall structure of Huang et alrsquosscheme is very similar to the overall structure of Cha et alrsquosscheme Huang et al used DAG (Directed Acyclic Graph)-based blockchains [36] DAG-based blockchains are suitablefor IoTapplications because of their lightness and high speedAlso Huang et al have proposed a consensusmethod In theirproposed consensus method the nodes have a credit valuewhich comprises two variables node activity and nodehonesty e difficulty of the problem solved in block gen-eration is inversely related to the credit value e speed ofstoring a devicersquos transactions depends on its credit value Byreducing the credit value of a malicious device the cost andtime of attack increase Yao et al introduced a lightweightblockchain-based authentication system in [37] Yao et alspecifically recommends this system for using in distributedvehicular fog servers Yao et al have enabled one-time au-thentication to access the services ey used the blockchainto store authentication history and reauthentication is se-lected by the devices Sidorov et al have proposed a block-chain-based supply chain system in [38] ey have usedRFID tags to track products and also have used blockchain asa trusted third party Sidorov et al have claimed that theycreated a high level of privacy and security e usedblockchain type in the Sidorov et alrsquos system is private andmessages are encrypted only using rotation operation XOR(Exclusive OR) operation and HW (Hamming Weight)function Dwivedi et al have provided a blockchain-basedhealthcare system in [39]e need for privacy preserving anddistribution in healthcare systems is justifiable reasons forusing blockchain in this plan Dwivedi et alrsquos scheme has usedcloud and smart contracts which are used to store patient

Block NHash of N-1th block

Transactions

Hash of the block Hash of the block

Block N-1Hash of N-2th block

Transactions

Hash of the block

Block N + 1Hash of Nth block

Transactions

Figure 1 Chain of blocks in the blockchain technology [21]

Security and Communication Networks 3

data and analyze data according to the instructions of thehealthcare provider ey used blockchain to secure the in-formation in the cloud and keep track of changes In Dwivediet alrsquos scheme the patient sends information to the smartcontract by wearing and using IoT devices and the smartcontract decides according to the healthcare provider ordersand notifies the relevant doctor

As seen in this section many attempts have been made tointegrate blockchain technologywith the IoT All of these effortslead to the growth and maturity of blockchain use in the In-ternet ofings [40ndash43] An example is Cha et alrsquos scheme [22]in which the authentication of IoT devices is done throughblockchain In this paper we show that Cha et alrsquos designedstructure has its drawbacks and we offer solutions to addressthem

3 Cha et alrsquos Blockchain-Based Protocol

In this section we explain Cha et alrsquos blockchain-basedprotocol [22] and its security analysis including secretdisclosure replay traceability and reuse Token attacks

31 Cha et alrsquos Protocol Recently in [22] Cha et al proposeda new authentication protocol based on blockchain for shareand access management of IoT device information as a dis-tributed attitude In this protocol there are three main entitiescalled device user and blockchain connected gateway (BCG)Devices are the nodes in the network that share information orresources with conditions called Device policy and other usersdevice or people who want to use the information and re-sources of the devices BCG is an intermediary between thedevice and the user ese gateways assess usersrsquo eligibility(permissions and authentication) to use the information andresources of the devices according to policies

We use the scenario described in [22] to explain com-munication and process sequencing In this scenario eachuser joins the blockchain network and registers its publicand private key pair e BCGs and administrator of devicesdeploy their smart contract in the blockchain networkAuthentication processes and access policies managementare done by smart contracts In this scenario each device isconnected to a BCG is connection is a logical connectionand saved in the device and in the BCG smart contractsWhen a device connects to a BCG it can be said that accessto device information is done by this BCG

As shown in Figure 2 the user first finds the BCG smartcontract address and then accesses the list of subset devicesTo use any device the user must declare their agreementwith the devicersquos privacy policiesis agreement is stored inthe blockchain network so that the BCG can be used at thetime of request for access to device information by the user

311 Smart Contracts Here we explain the implicit smartcontract and their obligations in Cha et alrsquos authenticationprotocol Interactions between the device and the BCG (logicalcommunication) control of device information and privacypolicies and BCG management are all done through smartcontracts As shown in Figure 3 the communication between

the devices and the BCG is recorded in the blockchain and isdone through it We can say the blockchain plays the role of atrusted third party (TTP) erefore there is no possibility ofmanipulating or violating information for the protocolrsquos parties

312 Cha et alrsquos Proposed Signature e signature used in[22] is based on ECDLP (Elliptic Curve Discrete LogarithmProblem) and has six steps including SETUP SET-PARTIAL-PRIVATE-KEY SET-SECRET-VALUE SET-PUBLIC-KEYSIGN and VERIFYese steps by using notations representedin Table 1 will be briefly discussed in the following subsectionsand also are shown in Figure 4

(1) Setup In the first step according to the secret value of k theBCG selects two groups of G1 and G2 with the same q primeorder e relationship between G1 and G2 ise Glowast1 G1⟶ G2 where P is the generator of G1 G1 hasbilinear pairing attribute so the following relationship exists

forallm n isin Zlowastq forallS P isin G1 e(mS nP) e(S P)

mn (1)

e BCG selects its private and public key pair ass isin Zlowastq and PKBCG sP respectively Also BCG choosesthree hash functions with definitionsH1 0 1 lowast times G1⟶ Zlowastq H2 0 1 lowast times G1 times G1⟶ Zlowastqand H3 0 1 lowast times G1times G1 times G1 ⟶ Zlowastq and ultimately thevalues of G1 G2 q e P PKBCG H1 H2 H3 e(P P) arepublished by the BCG

(2) Set-Partial-Private-Key In this step the BCG calculatesRi hi si and σi1

values as below

Ri ri middot P

hi H1 IDi Ri PKBCG( 1113857

si ri + hi middot smod q

σi1 s

minus1i middot P

(2)

In the above calculations a random number ri isin Zlowastq isused which is generated using public parameters masterprivate key and the user Uirsquos identity IDi After that BCGsends (Ri σi1

) to the user the user once receives the mes-sages immediately checks e(σi1

Ri + hiPKBCG)

e(P P)where hi H1(IDi Ri PKBCG)

(3) Set-Secret-Value In this step the user selects a randomnumber as his private key is key is notated with xi isin Zlowastq

(4) Set-Public-Key In this step the user using his secret keyie xi generates his public key as PKi xiP

(5) Sign At the beginning of this step the user calculates theamount of ki H2(IDi PKi Ri PKBCG m) where m is themessage to be signed and calculates σi2

(kisi + xi)minus 1P At

the end the user sends (m Ri σi2) to the verifier

(6) Verify In this step the verifier computes the value of hi asH1(IDi RiPKBCG) using the values of PKi and received(m Ri σi2

) After that the verifier calculates ki as


H2(IDiPKi Ri PKBCG m) and verifies the correctness ofsignature by checking whether e(σi2

ki(Ri + hiPKBCG)+

PKi)

e(P P) If the condition is fulfilled the signer isauthentic

313 Device Binding e user sends a consent of the devicepolicies (PPj) to the BCG Each BCG has a root key euserrsquos public key (PKi) is also specified e BCG initially

generates a random number (nonce Ni) and then using thisvalue the public key of the user BCG root key and a hashfunction (H) generates a key (K

Ni

UiPj

) e combination of

user consent policy (Pj) and timestamp (Tij) are encryptedwith the generated key and then stored in the blockchaine BCG sends the transaction ID (TIDij) and the generatedkey to the user because the user is sure of its accuracy Infuture communications stored information is the basis for

Blockchain network

BCGsmart

contract

Devicesmart

contract

Deviceadministrator

BCG administrator

1 e administrator or owner of the devicerecords the identification informationdevice policy and device smart contract asa transaction on the blockchain network andreceives the transaction address is address is usedto communicate and interact with the BCG

2e administrator sends the smart contract address to the BCG administrator toestablish a logical connection Tracking this request is done through a BCG and device

smart contract

3 e function ofestablishing a logicalconnection betweenthe device and the

port (bindDevice) iscalled is call is

made according to thedevicersquos address

4 Logical authentication function (bindRequest) is

called

5 Request confirmation of logicalinformation is sent to the device

administrator6Aer verifying the device

manager the process result isannounced to the BCG smart

contract and BCGadministrator

Figure 3 Device binding communications in Cha et alrsquos blockchain-based authentication protocol

Blockchain network

User

Blockchain connectedgateway (BCG)

IoT device

3 e user agrees tothe privacy policies

of the device

2 Fetches device list and privacypolicies by invoking gateway

smart contract

4 e gateway stores the usersapproval in blockchain and

uses it for furthercommunications

5 e user sends anaccess request to device

information to thegateway e gateway

starts the authenticationand authorization

process

6 e user sends a request to thedevice and transfers information

1 Smart contracts areimplemented and encapsulatedwithin the blockchain network

1 e user asksthe gateway

smart contractaddress

Figure 2 Overview of Cha et alrsquos blockchain-based authentication protocol


licensing access to the device Figure 5 illustrates the devicebinding of Cha et alrsquos protocol

314 Access to the Device Figure 6 illustrates how the user isaccessing the device e implications of Figure 6 will bediscussed in the following

(i) e user generates a signature for the access requestmessage (PPj) using si ri + his Ri riP hi

H1(IDi Ri PKBCG) xi PKi PPj Kij H2(IDiPKi

RiPKBCG PPj) as σij (kijsi+ xi)minus 1 and sends

(PPj Ri σij) to the BCGOnce the BCG receives the message it checks theauthenticity of the signature by checking whethere(σ ij kij(Ri + hiPKBCG) + PKi)

e(P P) or not If

so the BCG generates a random value (rij isin Zlowastq ) andthen calculates Rij rijP lij H1(IDi Rij σij

PKBCG) sij rij + lij σBCG sminus1ij P and at last the

BCG sends (Rij σBCG) to the user in responseAfter receiving (Rij σBCG) from the BCG the userverifies the validity of the received values by com-puting lij H1(IDi Rij σij PKBCG) and checking

whether e(σBCG Rij + lijPKBCG)

e(P P) or not Ifthe accuracy of the received information is verifiedthe access Token is calculated as below

Token PPj Ri σij Rij σBCG1113872 1113873 (3)

(1) BCG publishes

(2) Ri = riP

(6) if e (σi1 Ki (Ri + hiPKBCG) + PKi) ne e (P P)

(3) Generate xi as secret key(4) PKi = xiP as public key

(5) σi2 = (kisi + xi)ndash1P

break

hi = ri + his mod q

hi = H2 (IDi Ri PKBCG)

if e (σi1 Ri + hiPKBCG) ne e (P P)

hi = H1 (IDi Ri PKBCG) and ki = H2 (IDi PKi Ri PKBCG m) andki = H2 (IDi PKi Ri PKBCG m)

σi = ri + his mod qσi1 = si

ndash1P

Blockchain connceted gateway (BCG)s PKBCG

G1 G2 q e P PKBCG H1 H2 H3 e (P P)

IDi PKBCG

User (Ui)

(Ri σi1)

(m Ri σi2 PKi)

Figure 4 Cha et alrsquos proposed signature

Table 1 Summary of notations used in this paper

Notation Descriptionq Prime orderG1 G2 Cyclic groups with the same prime order q

e Bilinear pairing map G1 lowastG1⟶ G2P Generator of G1s Master private keyPKBCG BCG public key ie (sP)

H H1 Hash functionsH2 H3IDi User Uirsquos identitySKdbcg Shared key between the device and the BCGm MessageEK() Symmetric encryption functionPj Device policyPPj Consent of the Pj policyTij TimestampsK

Ni

UiPj

Generated key between BCG and user Ui

PKi Userrsquos public keyru rd rb Random numbers generated by user device and BCG respectivelyTIDij Transaction address added to blockchain because of acceptance policy Pj by Ui userNi Random numbersSKubcg Shared key between the user and the BCGri Random numbers Concatenation


Finally the user may use the device by sending Token tothe device Access permission depends on the result ofverifying the validity of the received Token by the device

4 Security Analysis of Cha et alrsquos Blockchain-Based Authentication Protocol

In this section we will investigate Cha et alrsquos protocolrsquossecurity is analysis includes the presentation of se-curity attacks We have applied four attacks on Cha et alrsquosprotocol comprising secret disclosure replay traceabilityand reuse Token attacks is section describes how theattacks are performed their success probability andcomplexity and a solution to prevent the occurrence ofthe attacks We base the proposed protocol on thesesolutions

41 9e Adversary Model Here we used the common ad-versary model [44ndash48] in which the adversary can fullycontrol and eavesdrop the public communication channel

So heshe can eavesdrop replay modify and delete anymessage or fabricate a new message

42 Secret Disclosure Attack According to (3) the Token isgenerated by the values of the sent messages Since Cha et aldo not consider the channel secure the attacker caneavesdrop the transferred messages through the channel Asa result generating Token by the attacker is only possiblethrough the eavesdropping of the channel resulting inthreats to the devicersquos resources and security For this attackthe attacker proceeds as below

(1) e attacker eavesdrops transferred messages for onerun of the access to device phase of Cha et alrsquosprotocol

(2) Using PPj Ri σij Rij and σBCG which eavesdroppedin access to device phase of Cha et alrsquos protocol theattacker can calculate Token as (PPj Rj σij σBCG)

(3) Using calculated Token in the previous step theattacker can access and use the intended IoT device

(2) Generate a nonce Ni

Add transaction inblockchainand returntransaction ID (TIDij)(5) Invoke Log (TIDij)

function in smart contract

PPj on privacy (1)policy PPj

(6)Invoke

IDi PKBCG Ri

User (Ui)s PKBCG K

BCG Blockchain network Smart contractfor the gateway

KUiPJ

= H (K || Ni || PKi)Ni

KUiPJ

TIDijNi

(3) Store EM

(4) TIDij

NiEM = EUiPJ

H (PPj || Pj || Tij)

Figure 5 Cha et alrsquos protocol device binding phase

σij = (kijsi + xi)ndash1P

kij = (kijsi + xi)ndash1P

Rij = rijP

(3)

Generate rij

sij = rij + rijs

kij = H2 (IDi PKi Ri PKBCG PPj)

hi = H1 (IDi Ri PKBCG)(2) (PPj Ri σij)

(4) (Rij σBCG)


lij = H1 (IDi Rij σij PKBCG)

σBCG = sijndash1P


IDi PKBCG Ri

User (Ui)Device Dk

(7) Verify σij and σBCG

s PKBCG KBCG

if e (σBCG Rij + lijPKBCG) ne e (P P)

if e (σi1 Ri + hiPKBCG) ne e (P P)break

breakToken

(8) Successfailure

(6)

(5)

(1)

Token = (PPj Ri σij RijσBCG)

Figure 6 Cha et alrsquos protocol access to device phase


e success probability of the attack is 1 and its com-plexity is one run of the protocolWe will fix this weakness inour proposed protocol ie IBCbAP To solve this problemwe do signature using HMAC (Hash-Based Message Au-thentication Code) function and ECDLP (Elliptic CurveDiscrete Logarithm Problem) encryption eir details willbe explained in Section 52

43 Replay Attack Because of the absence of new randomvalues in each session messages from each session are notdifferent from other sessions so amessage is acceptable in allsessions e attacker can gain BCG approval by sendingmessages sniffed in previous sessions and impersonating theuser e steps of this attack are as follows

(1) e attacker eavesdrops one session and stores(PPj Ri σij) message as Nprime

(2) e attacker starts a new session with BCG bysending Nprime to the BCG

(3) BCG checks correctness of Nprime and because of thementioned weakness in Cha et alrsquos protocol BCGconfirms the authenticity of the information

(4) BCG sends (Rij σBCG) to the attacker(5) e attacker accesses the device

is attack is possible with the success probability of oneand complexity of only one run of protocolrsquos eavesdropping

44 Traceability Attack Because of the absence of nonces ortimestamp in Cha et alrsquos protocolrsquos transferred messages allof them are static so it is possible for the attacker to trace theprotocol parties using the content of the transferred mes-sages For this attack it is enough for the attacker to proceedas below

(1) e attacker eavesdrops one run of protocol andstores the transferred messages

(2) e attacker gets Ri related to Ui user notated Riprime

(3) After that if the attacker sniffs the protocol messagesand compares the Ri with Ri

prime heshe can determinewhether the message is for the Ui user or not sorecognizing the user

e attacker can detect a user with the probability of 1and the complexity of eavesdropping one run of the pro-tocol is attack is possible because in Cha et alrsquos protocolthe Ri riP is calculated only once and does not change ineach session By adding random nonces or timestamp tomessages which are generated by all protocol partiesmessages sent in each session are different and the possi-bility of tracing users is vanishing

45 Reuse Token Attack Cha et al in [22] did not explaintheir method for verifying the Token (in (3)) by the deviceAlso despite the existing parameters in the protocol mes-sages the device cannot ensure that the Token has notduplicated and is correct In other words the user or attackerby receiving a Token can use the devicersquos resources

unlimitedly and the BCG or device cannot detect this sit-uation is is because no fresh variable (such as randomnumbers or timestamps) is used in the Token and the devicehas no role in creating the Token So by getting a Token theattacker and a malicious user can use the Token repeatedlyand anymembers of the network do not figure outis issuecauses the abuse of device resources and violates the claimmade by Cha et al to manage privacy policies We will solvethis problem by using random numbers in each Tokenseparately which are generated by all members who take partin the network In the next section we will address all ofabovementioned vulnerabilities which lead to proposing animproved version of Cha et alrsquos blockchain-based authen-tication protocol called IBCbAP We also will conductformal security analysis and informal security analysis ofIBCbAP Formal proof will be done using the Scyther toolTo show the functionality of IBCbAP we will implement itby JavaScript language and the Ethereum local blockchainnetwork

5 IBCbAP The Improved Protocol

Here we improve Cha et alrsquos protocolrsquos weaknesses by usingthe HMAC function instead of Cha et alrsquos proposed sig-nature We named the proposed protocol IBCbAP (Im-proved Blockchain-based Authentication Protocol)According to [49] the speed and memory consumption inan ECDLP (Elliptic Curve Discrete Logarithm Problem)encryption are less than RSA erefore we use the ECDLPencryption method We do the initial setting and selection ofconstant values just like Cha et alrsquos protocol As shown inFigures 7 and 8 respectively the steps of IBCbAP are asbelow

(i) Confirm access policy phase In this phase the userafter finding device policy by associated BCG sendsits consent to device policies to the BCG Also theBCG generates a SKubcga secret key and shares withthe user In this phase the used channel is secure

(ii) Create access Token phase In this phase the BCGcreates a Token for the user for using the deviceToken is generated by the user the device and theBCG participants securelye key used in this phaseis generated in the Confirm access policy phase inwhich the used channel is secure

51 ConfirmAccess Policy In the first step the user needs tofind the device access policies (Pj) and agree to them Toaccept the device policy heshe sends a message (PPj) to theBCG according to the policy e BCG generates a nonce(Ni) upon which it receives PPj e shared key between thedevice and the BCG (SKubcg) is created using the equationbelow

SKubcg H IDi Ni

SKBCG1113872 1113873 (4)

is key is used in subsequent messages where H is a hashfunction and SKBCG is a secret value associated with the BCGe Pj PPj and a timestamp (T) are encrypted using the


generated key and stored as a transaction in the blockchaine transaction address (TIDij) along with the (SKubcg) issent to the user through the secure channel It is worth notingthat the channel between the BCG and the user is secure

52 Create Access Token e user accesses the devicethrough the following steps

(i) e user produces PPj ESKubcg(TIDij

tru) whereTIDij ru and SKubcg are the transaction numberassociated with accepting device policies a randomnumber and a shared secret key between himselfand the BCG respectively e user sends (PPj ru)

to the device(ii) e device once receives the message generates a

random number (rd) and computesMsig HMAC(rurdPPj SKdbcg) and sends(Msig rd ru PPj) to the BCG

(iii) Upon receipt of the message the BCG generates asignature (Msigprime HMAC(rurdPPj SKdbcg)) andcompares it with the received signature (Msig) econtinuation of the protocol is related to the

satisfying Msigprime Msig condition BCG decrypts thePPj and ensures the userrsquos claim using the block-chain network In the next step the BCG generatesanother random number (rb) and the value ofMprimeprimesig HMAC(rbruTIDij SKubcg) And finally it

sends (Mprimeprimesig rb) to the user

(iv) Once the user received the (Mprimeprimesig rb) message it

verifies the authority of the BCG is is ac-complished by checking whetherMprimeprimesig

HMAC(rbruTIDij SKubcg) or not edevice already knows the value of ru TIDij andSKubcg e continuation of the protocol isconditional upon the generated signature of theuser and the signature from the BCG In thefollowing the user generates a signed message asNsig HMAC(rb SKubcg) and sends it to theBCG

(v) e BCG checks whether Nsig

Nsigprime whereNsigprime HMAC(rb SKubcg) If so it creates accessToken and computes ESKubcg

(Tokentru) and sends

it to the user Also it computes ESKdbcg(Token

trd)

and sends it to the device

IDi SKubcg

User (Ui)

(1) Request for acceptanceof Pj policy (PPj)

SKubcg SKBCG SKdbcg

BCG Blcokchain network

Add transaction inblockchain and returntransaction ID (TIDij)

Smart contractfor the gateway

(2) Generate a nonce NiSKubcg = H (IDi || Ni || SKBCG)

T = TimestampEM = ESKubcg

(PPj || Pj || T)

(5) Invoke Log (TIDij)

Invoke(6) Send TIDij to User withgenerated secret key (SKubcg)between BCG and User(7) SKubcg TIDij

(7) Store EM

(4) TIDij

function in gatwaysmart contract

Figure 7 IBCbAP Confirm access policy phase

IDi SKubcg

User (Ui)Device DkSKubcg

(3) Generate random number rdMsig = HMAC (ru||rd||PPj SKdbcg)

(1) Generate random number ruPPj = SKubcg (TIDij||ru)

(12) Verify ESKdbcg (Token||ru)

(10) ESKubcg (Token||ru)

(6) rb Msig

(8) Nsig

(11) ESKdbcg (Token||rd)

(4) (Msig rd ru PPj)

(2) PPj ru

SKubcg SKBCG SKdbcg

BCG

Find PPj and verify it according toblockchain transaction (theconnection with blockchain isdone through RPC protocol)

Msig = HMAC (rb||ru||TIDij SKubcg)(9) Nprimesig = HMAC (rb SKubcg)Nsig = HMAC (rb SKubcg)

(7)Msig ne HMAC (rb||ru||TIDij SKubcg)break

(5) Mprimesig = HMAC (ru||rd||PPj SKdbcg)

Prime

Prime

if (Msig ne Mprimesig ) break

if (Nsig ne Mprimesig) breakGenerate access Token

Figure 8 IBCbAP Create access Token phase


When the user receives the message ESKubcg(Token

tru)

and decrypts it with the key SKubcg if obtained ru is equal toits one the user trusts the received Token e same is truefor the device

6 IBCbAP Security Analysis

In this section we consider the security of IBCbAP infor-mally and also formally We perform the formal securitychecking using the Scyther tool [50]

61 Informal Security Analysis Here we informally provethat the improved protocol can resist against different at-tacks Informal analysis is based on the knowledge andcreativity of the analyst

611 Resistance to DDoS Attack Because of using block-chain the architecture of the system moves toward distri-bution architecture e distribution of a system reduces theprobability of the DDoS attack However because of the lackof participation of IoT devices in the blockchain networkand IoT devices connected to the blockchain network byBCG the distribution of the system decreases IoT devicescannot directly participate in blockchain network becausemany resources are needed for this purpose Due to the useof blockchain as the trusted third party (TTP) and thedistribution of IoT devices between different BCGs thepossibility of a DDoS attack on the system is reduced Alsosince keys are not changed at each session and the existenceof different keys per user for each device the possibility ofchanging values and system desynchronization iseliminated

612 Resistance to Replay Attack Since in the proposedprotocol all members of the network participate in theCreate access Token phase the possibility of the replayattack is eliminated Existence of shared secret values(SKubcg SKdbcg) between protocol parties and use of freshlyrandom values (ru rd rb) by protocol parties lead eachsessionrsquos messages to be different from previous sessionsmessages as a result the possibility of the replay attackvanishes

613 Resistance to Secret Disclosure Attack Importantmessages sent between the user and the BCG are encryptedby a shared key such as Token which is encrypted asESKubcg

(Tokentru) We also encrypt important messages

sent between the device and the BCG such as Token using ashared secret value ie ESKdbcg

(Tokentrd) Due to the

encryption of messages in the session important informa-tion remains confidential Also the existence of shared secretvalues allows the protocol members to generate the messageauthentication code such as Msig and Nsig so they canauthenticate each other and avoid sending the data to anunauthorized party

614 Resistance to Traceability Attack As mentioned be-fore because of the involvement of random numbers in alltransferred messages and changing these random numbersin each session the attacker cannot find any fixed value As aresult the attacker is not capable of tracing protocolrsquos partiesusing protocolrsquos transferred messages Also it is not possiblefor the attacker to reveal any data in the current session byeavesdropping the previous transferred messages because ofthe lack of correlation between messages sent in eachsession

615 Unlinkability of Device In the proposed protocol weissue a separate key for each device Each user is required toprocess accept policies phase and create an access Tokenphase to use each device independently We can say that theuser uses a separate Token for each device so with thedisclosure of a Token other devices are not threatened

62 Formal Security Analysis We have used the Scyther toolto check out the formal security of our proposed bockchain-based authentication protocol e Scyther is created withPython [51] language and works according to securityclaims Claim events are used in role specifications to modelintended security properties [52] ere are several pre-defined claim types in the Scyther tool which are representedin Table 2

We have used Nisynch Niagree and Secret claims eNisynch claim checks desynchronization possibility Niagreeclaim considers that an agreement will not commit to thechanged values between the parties and the Secret claimstates that the amount referred to it is secret IBCbAPwrittenin the Scyther language ie security protocol descriptionlanguage (spdl) with three roles ie user device andblockchain connected gateway and security claims alongwith the output of the Scyther tool for its security verificationare shown in Figures 9 and 10 respectively

As you can see in Figure 10 the Scyther tool could notfind an attack for IBCbAP erefore IBCbAP provides agood level of security

7 IBCbAP Implementation

We have implemented IBCbAP to test the functionality andthe feasibility of implementation with existing technologiesWe have used JavaScript in the form of Nodejs [53] tech-nology to simulate the proposed protocole reason for thischoice is WEB3js [54] library to contact blockchain islibrary uses the RPC (Remote Procedure Call) protocol tointeract with blockchain nodes e system used in thissimulation includes features such as 4GB RAM 1TB HDDand Core i7 247GHz CPU

71 Confirm Access Policy e implemented architecturehas four participants (user BCG device and blockchainnetwork) User to use Pj device sends the PPj to the BCGand then receives the shared key between itself and BCG(SKubcg) through a secure channel How to generate SKubcg is


explained in Section 52 e user uses this key in the createaccess Token phase At the Confirm access policy phase thechannel is secure We run this phase 10 times and took 1363milliseconds Most of the time spent in this phase is due to

storing the user information in the blockchain A view ofconnecting to the device and confirming the device steps areshown in Figures 11 and 12 respectively

72 Create Access Token Figure 8 shows the Create accessToken phase At this phase the user starts the process ofissuing the access Token by sending ru and PPj to the deviceAccording to what was mentioned in Section 52 the devicestarts the Token creation process when the user receives themessage Finally BCG creates a Token and sends it asESKubcg

(Tokentru) to the user and as ESKdbcg

(Tokentrd) to

the device We performed this phase 10 times and have atotal time of 1200 milliseconds e major time consumed atthis phase is related to encryption operations Figure 13shows the graphical user interface indicating successfulreceipt of the Token from BCG

73 Ethereum Network To implement the blockchain net-work we have used the testRPC [27] library is librarycreates a local blockchain network Figure 14 illustrates thelaunch of this library e testRPC default creates 10

Table 2 Claim events which defined in the Scyther tool

Claim Description

Secret ere is no unauthorized access to the parameters transmitted in the protocol For example claim(Initiator Secret n) meansthat the value of n remains confidential in the sense of initiator and the third party has not been able to access it

Alive claim(R alive Rprime) means that Rprime is always on the line and is linked to R In fact the presence and survival of Rprime are requestedby R

Weakagree It ensures that the receiver has received message at the time that was sent by the sender ere is no agreement on the datatransmitted

Niagree claim(RNiagree Rprime) claims that the agreed values between the receiver and the transmitter will remain unchanged

Nisynch claim(RNisynch Rprime) claims that each message sent by the sender (R) corresponds to receiving the message by the receiverand all the steps are executed correctly and without interruption

usertype sessionkeyusertype integer

protocol bcggateway(deviceuserbcg)

hashfunction hrole user

fresh ru Noncemacro tid= h(ru)var token sessionkeyvar msigPrimevar rbrbprime Noncemacro pp=rutidk(userbcg)macro nsig=rbk(userbcg)

send_1(userdevice ppru)recv_3(bcguserrbmsigPrime)match(msigPrimerbrutidk(userbcg))send_4(user bcg nsig)recv_6(bcgusertokenrbprimek(userbcg))

claim_u1(userSecrettoken)

claim_u2(userNisynch)claim_u3(userNiagree)

role device

var rurbprime Noncevar token sessionkeyvar pp fresh rd Noncemacro msig = rurdppk(devicebcg)

recv_1(userdevice ppru )send_2(devicebcg msigrdrupp)recv_5(bcg devicetokenrbprimek(devicebcg))

claim_d1(deviceSecrettoken)claim_d2(deviceNisynch)claim_d3(deviceNiagree)

role bcg

fresh token sessionkeyvar rdru Nonce

var tidfresh rbrbprime Noncevar ppnsigmsigmacro msigPrime=rbrutidk(devicebcg)

recv_2(devicebcg msigrdrupp )match(rdruppk(devicebcg)msig)

send_3(bcguserrbmsigPrime)recv_4(user bcgnsig )match(nsigrbk(userbcg))send_5(bcg devicetokenrdk(devicebcg))send_6(bcgusertokenruk(userbcg))

claim_b1(bcgSecrettoken)claim_b2(bcgNisynch)claim_b3(bcgNiagree)

Figure 9 Scyther implementation of IBCbAP in the spdl

Figure 10 IBCbAPrsquos security analysis result by the Scyther tool


Figure 11 e graphical user interface of implemented IBCbAP Connect to device

Figure 12 e graphical user interface of implemented IBCbAP Accept device by the user

Figure 13 e graphical user interface of implemented IBCbAP successful receipt of the Token from BCG


accounts when building a local blockchain We use one ofthese accounts We used Remix tool to deploy the initialsmart contract of the BCG and Solidity language wrote the

smart contract (see Figure 15) It is worth noting that thesmart contract used is simplified and is suitable forimplementing Confirm access policy and Create access

Figure 14 Creation of Ethereum local network by launching testRPC library

Figure 15 Creating smart contract in IBCbAP

Table 3 Comparison between IBCbAP and related protocols

Replay attackresistance

Secret disclosure attackresistance

Blockchaintype

Consensusmechanism Implementation

IBCbAP radic radic Public Proof of stack JavaScript RPC protocol[22] times times Public Proof of stack Java RPC protocol

[28] radic radic Public Proof of work Berkeley DB version 48 bitcoindregtest

[29] radic radic Not specified Not specified Docker [58] and truffle [59][32] radic radic Private Bayesian fault JUICE [60][61] radic radic Public Proof of work C++


Token phase We used the Crypto [55] library and thesha256 algorithm to generate HMACWe used the ecccrypto[56] library to perform ECC encryption Also we used theExpress [57] framework to build the server for each protocolparty It should be noted that we set up the servers for eachprotocol party and blockchain network on a single system onseparate ports As a result each phase is short So here wehave shown it is possible to implement the proposed pro-tocol with existing technologies and facilities It is worthnoting that we achieve measured times with only one deviceone user and one port

8 Comparison

In this section we compare our proposed protocol with itspredecessor ie Cha et alrsquos protocol as well as other relatedschemes As can be seen in Table 3 our proposed protocolhas complete security compared to other protocols Since thetype of blockchain used and the specifications of the systemare very different in different designs we only got the time inour system and it was not possible to compare time withother designs e time of our proposed protocol for Createaccess Token and Confirm access policy phases is 1200 and1363 milliseconds respectively

9 Conclusion

Nowadays blockchain and Internet of ings (IoT) tech-nologies are bonding e blockchain first attracted atten-tion as part of a wave of crypto currencies especially Bitcoinwhich challenged the normal course of financial transac-tions But it was not the blockchain financial transactionsthat caught the attention of IoT activists but rather the dataexchanges Blockchain is essentially an antihacking dis-tributed and event logging mechanism that appears to bevery useful for solving key issues related to networks whereconnected devices automatically interact with each otherie IoT Because of the importance of security in IoT manyschemes have been proposed in this subject In this paper weexamined Cha et alrsquos blockchain-based authenticationprotocol We illustrated the weaknesses of Cha et alrsquolsquosprotocol by applying secret disclosure replay traceabilityand reuse Token attacks with a success probability of oneand complexity of one run of protocol To address Chaet alrsquos protocolrsquos security vulnerabilities we also proposedan improved protocol called IBCbAP and proved its securityin an informal way and also in formal way by the Scythertool Finally we implemented IBCbAP using the JavaScriptprogramming language and the Ethereum local blockchainnetwork We investigated the feasibility of implementingIBCbAP and measured the timing of some processes ecomparisons show that IBCbAP compared to its prede-cessor ie Cha et alrsquos protocol is completely secure and thecost and time of its implementation are reasonable One ofthe most important issues in the IoT network is the transferof ownership In future works we plan to work on the designof blockchain-based ownership transfer protocols whichenables the transfer of ownership in a distributed and securemanner

Data Availability

No data were used to support this study

Conflicts of Interest

e authors declare that there are no conflicts of interestregarding the publication of this paper

References

[1] E K Wang J Yu C-M Chen S Kumari and J J RodriguesldquoData augmentation for internet of things dialog systemrdquoMobile Networks and Applications pp 1ndash14 2020

[2] C-M Chen B Xiang Y Liu and K-H Wang ldquoA secureauthentication protocol for internet of vehiclesrdquo IEEE Accessvol 7 pp 12 047ndash12 057 2019

[3] K-H Wang C-M Chen W Fang and T-Y Wu ldquoOn thesecurity of a new ultra-lightweight authentication protocol iniot environment for rfid tagsrdquo9e Journal of Supercomputingvol 74 no 1 pp 65ndash70 2018

[4] S Qu L Zhao and Z Xiong ldquoCross-layer congestion controlof wireless sensor networks based on fuzzy sliding modecontrolrdquo Neural Computing and Applications vol 32 no 17pp 13505ndash13520 2020

[5] C-M Chen Y Huang K-H Wang S Kumari andM-E Wu ldquoA secure authenticated and key exchange schemefor fog computingrdquo Enterprise Information Systems pp 1ndash162020

[6] C-T Li C-C Lee and C-Y Weng ldquoAn extended chaoticmaps based user authentication and privacy preservingscheme against dos attacks in pervasive and ubiquitouscomputing environmentsrdquo Nonlinear Dynamics vol 74no 4 pp 1133ndash1143 2013

[7] C-C Lee M-S Hwang and I-E Liao ldquoSecurity enhance-ment on a new authentication scheme with anonymity forwireless environmentsrdquo IEEE Transactions on IndustrialElectronics vol 53 no 5 pp 1683ndash1687 2006

[8] C-T Li C-Y Weng and C-C Lee ldquoA secure rfid tag au-thentication protocol with privacy preserving in telecaremedicine information systemrdquo Journal of Medical Systemsvol 39 no 8 p 77 2015

[9] S K Dwivedi R Amin and S Vollala ldquoBlockchain basedsecured information sharing protocol in supply chain man-agement system with key distribution mechanismrdquo Journal ofInformation Security and Applications vol 54 p 1025542020

[10] S K Dwivedi R Amin S Vollala and R ChaudhryldquoBlockchain-based secured event-information sharing pro-tocol in internet of vehicles for smart citiesrdquo Computers ampElectrical Engineering vol 86 p 106719 2020

[11] A Irshad M Usman S A Chaudhry H Naqvi andM Shafiq ldquoA provably secure and efficient authenticated keyagreement scheme for energy internet based vehicle-to-gridtechnology frameworkrdquo IEEE Transactions on Industry Ap-plications vol 56 no 4 pp 4425ndash4435 2020

[12] K Mahmood J Arshad S A Chaudhry and S Kumari ldquoAnenhanced anonymous identity-based key agreement protocolfor smart grid advanced metering infrastructurerdquo Interna-tional Journal of Communication Systems vol 32 no 16p e4137 2019

[13] P K Sharma N Kumar and J H Park ldquoBlockchain tech-nology toward Green IoT opportunities and challengesrdquoIEEE Network vol 34 no 4 pp 263ndash269 2020


[14] V Dedeoglu R Jurdak A Dorri et al ldquoBlockchain tech-nologies for IoTrdquo in Advanced Applications of BlockchainTechnology pp 55ndash89 Springer Berlin Germany 2020

[15] S Shamshad K Minahil K Mahmood and C-M Chen ldquoAsecure blockchain-based e-health records storage and sharingschemerdquo Journal of Information Security and Applicationsvol 55 p 102590 2020

[16] B C Florea and D D Taralunga ldquoBlockchain IoT for smartelectric vehicles battery managementrdquo Sustainability vol 12no 10 p 3984 2020

[17] G Yu X Zha X Wang et al ldquoEnabling attribute revocationfor fine-grained access control in blockchain-IoT systemsrdquoIEEE Transactions on Engineering Management vol 67 no 4pp 1213ndash1230 2020

[18] P P Ray D Dash K Salah and N Kumar ldquoBlockchain forIoT-based healthcare background consensus platforms anduse casesrdquo IEEE Systems Journal 2020

[19] G Rathee M Balasaraswathi K P Chandran S D Guptaand C Boopathi ldquoA secure IoT sensors communication inindustry 40 using blockchain technologyrdquo Journal of AmbientIntelligence and Humanized Computing 2020

[20] S Gupta V Malhotra and S N Singh ldquoSecuring IoT-drivenremote healthcare data through blockchainrdquo in Advances inData and Information Sciences pp 47ndash56 Springer BerlinGermany 2020

[21] S Nakamoto Bitcoin A Peer-To-Peer Electronic Cash System2008 httpsbitcoinorgenbitcoin-paper

[22] S-C Cha J-F Chen C Su and K-H Yeh ldquoA blockchainconnected gateway for BLE-based devices in the internet ofthingsrdquo IEEE Access vol 6 pp 24 639ndash724 649 2018

[23] E K Wang R Sun C-M Chen Z Liang S Kumari andM K Khan ldquoProof of X-repute blockchain consensus pro-tocol for IoT systemsrdquo Computers amp Security vol 95p 101871 2020

[24] E KWang Z Liang C-M Chen S Kumari andM K KhanldquoPoRX a reputation incentive scheme for blockchain con-sensus of IIoTrdquo Future Generation Computer Systemsvol 102 pp 140ndash151 2020

[25] V Buterin ldquoEthereumWhite Paperrdquo GitHub Repository pp22ndash23 2013

[26] Hyperledger ldquoOpen Source Blockchain Technologiesrdquohttpswwwhyperledgerorg 2020

[27] TestRPC ldquoLibraryrdquo httpswwwnpmjscompackageethereumjs-testrpc 2020

[28] A Ouaddah A Abou Elkalam and A Ait OuahmanldquoFairaccess a new blockchain-based access control frameworkfor the internet of thingsrdquo Security and CommunicationNetworks vol 9 no 18 pp 5943ndash5964 2016

[29] O Novo ldquoBlockchain meets IoT an architecture for scalableaccess management in IoTrdquo IEEE Internet of 9ings Journalvol 5 no 2 pp 1184ndash1195 2018

[30] A Dorri S S Kanhere R Jurdak and P Gauravaram ldquoLSB alightweight scalable blockchain for IoT security and privacyrdquo2017 httpsarxivorgabs171202969v1

[31] A Dorri S S Kanhere R Jurdak and P GauravaramldquoBlockchain for IoT security and privacy the case study of asmart homerdquo in Proceedings of the 2017 IEEE InternationalConference on Pervasive Computing and CommunicationsWorkshops (PerCom workshops) pp 618ndash623 IEEE KonaHI USA March 2017

[32] C Lin D He X Huang K-K R Choo and A V VasilakosldquoBSeIn a blockchain-based secure mutual authentication withfine-grained access control system for industry 40rdquo Journal ofNetwork and Computer Applications vol 116 pp 42ndash52 2018

[33] L Xie Y Ding H Yang and X Wang ldquoBlockchain-basedsecure and trustworthy internet of things in SDN-enabled 5g-VANETsrdquo IEEE Access vol 7 pp 56 656ndash56 666 2019

[34] S A A Shah E Ahmed M Imran and S Zeadally ldquo5G forvehicular communicationsrdquo IEEE Communications Maga-zine vol 56 no 1 pp 111ndash117 2018

[35] J Huang L Kong G Chen M-Y Wu X Liu and P ZengldquoTowards secure industrial IoT blockchain system withcredit-based consensus mechanismrdquo IEEE Transactions onIndustrial Informatics vol 15 no 6 pp 3680ndash3689 2019

[36] S Popov ldquoe Tanglerdquo Cit on p 131 2016[37] Y Yao X Chang J Misic V B Misic and L Li ldquoBLA

blockchain-assisted lightweight Anonymous authenticationfor distributed vehicular fog servicesrdquo IEEE Internet of 9ingsJournal vol 6 no 2 pp 3775ndash3784 2019

[38] M Sidorov M T Ong R V Sridharan J NakamuraR Ohmura and J H Khor ldquoUltralightweight mutual au-thentication RFID protocol for blockchain enabled supplychainsrdquo IEEE Access vol 7 pp 7273ndash7285 2019

[39] A Dwivedi G Srivastava S Dhar and R Singh ldquoAdecentralized privacy-preserving healthcare blockchain forIoTrdquo Sensors vol 19 no 2 p 326 2019

[40] E K Wang C-M Chen D Zhao W H Ip and K L YungldquoA dynamic trust model in internet of thingsrdquo Soft Com-puting vol 24 no 8 pp 5773ndash5782 2020

[41] H Xiong YWu C Jin and S Kumari ldquoEfficient and privacy-preserving authentication protocol for heterogeneous systemsin IIOTrdquo IEEE Internet of 9ings Journal 2020

[42] H Zhu X Wang C-M Chen and S Kumari ldquoTwo novelsemi-quantum-reflection protocols applied in connectedvehicle systems with blockchainrdquo Computers amp ElectricalEngineering vol 86 p 106714 2020

[43] J-H Hsiao R Tso C-M Chen and M-E Wu ldquoDecen-tralized e-voting systems based on the blockchain technol-ogyrdquo in Advances in Computer Science and UbiquitousComputing pp 305ndash309 Springer Berlin Germany 2017

[44] S Hussain and S A Chaudhry ldquoComments on ldquobiometrics-based privacy-preserving user authentication scheme forcloud-based industrial internet of things deploymentrdquo IEEEInternet of 9ings Journal vol 6 no 6 pp 10 936ndash10 9402019

[45] K Mansoor A Ghani S Chaudhry S ShamshirbandS Ghayyur and A Mosavi ldquoSecuring IoT-based RFID sys-tems a robust authentication protocol using symmetriccryptographyrdquo Sensors vol 19 no 21 p 4752 2019

[46] A Ghani K Mansoor S Mehmood S A ChaudhryA U Rahman and M Najmus Saqib ldquoSecurity and keymanagement in IoT-based wireless sensor networks an au-thentication protocol using symmetric keyrdquo InternationalJournal of Communication Systems vol 32 no 16 p e41392019

[47] C-M Chen K-H Wang K-H Yeh B Xiang and T-Y WuldquoAttacks and solutions on a three-party password-basedauthenticated key exchange protocol for wireless communi-cationsrdquo Journal of Ambient Intelligence and HumanizedComputing vol 10 no 8 pp 3133ndash3142 2019

[48] K-H Wang C-M Chen W Fang and T-Y Wu ldquoA secureauthentication scheme for internet of thingsrdquo Pervasive andMobile Computing vol 42 pp 15ndash26 2017

[49] D Mahto D A Khan and D K Yadav ldquoSecurity analysis ofelliptic curve cryptography and RSArdquo in Proceedings of theWorld Congress on Engineering pp 419ndash422 London UKJuly 2016


[50] Scyther ldquoToolrdquo httpspeoplecispaiocascremersscyther2020

[51] Python ldquoProgramming Languagerdquo httpswwwpythonorg2020

[52] C J F Cremers ldquoe Scyther tool verification falsificationand analysis of security protocolsrdquo in Computer Aided Ver-ification pp 414ndash418 Springer Berlin Heidelberg BerlinGermany 2008

[53] Njs ldquoNodejsrdquo httpsnodejsorg 2020[54] WEB3js httpsweb3jsreadthedocsioen10 2020[55] Crypto ldquoLrdquo httpsnodejsorgapicryptohtml 2020[56] Ecccrypto ldquoLibraryrdquo httpswwwnpmjscompackage

eccrypto 2020[57] Express ldquoFrameworkrdquo httpsexpressjscom 2020[58] Docker ldquoGet Started with Dockerrdquo httpswwwdockercom

2020[59] G N Drsquoandrea ldquoTrufflemdashsimple development framework for

ethereumrdquo httpslibrariesionpmtruffle211 2020[60] 2020 JUICE httpswwwjuzhenio[61] M T Hammi B Hammi P Bellot and A Serhrouchni

ldquoBubbles of trust a decentralized blockchain-based authen-tication system for IoTrdquo Computers amp Security vol 78pp 126ndash142 2018


consensus that means 51 of network members need tocollaborate to unauthorized changes in the informationDistributing the role of the TTP among network membershas also reduced the likelihood of distributed denial ofservice (DDoS) attacks As a result system security is en-sured In contrast the processing amount and systemmessages sent to the members of each node in the networkare very high Also because of the transparency of all in-formation privacy preserving becomes difficult and newsolutions are needed and these solutions should not impedethe consensus process Another problem is its low scalabilitybecause of the fixed and unchangeable data and settingerefore the cost of changing some parts of the blockchainnetwork is much more than building a new network As aresult the cost of upgrading the system is very high

In this regard Cha et al in [22] have presented anauthentication scheme for the IoT using blockchainclaiming that their protocol has made it possible for users toaccess and manage IoT device information with privacy Infact they claimed that their protocol was able to establishuser privacy and trust in IoT applications In this paper weshow that the protocol designed by Cha et al has drawbacksthat make their design vulnerable to various attacks such assecret disclosure traceability replay and reuse of Tokenattacks which leads to loss of privacy and trust Securityanalysis of the Cha et alrsquos protocol before use prevents a lotof possible damage It also makes designers aware of sucherrors in protocol design and avoid repeating them in theirdesigns In this paper we also offer suggestions for trou-bleshooting this protocol Using these suggestions weprovide an improved version of the protocol in terms ofsecurity and cost which is called IBCbAP

11 Main Contribution e contributions of the paper areas follows

(1) Presenting security weaknesses of Cha et al block-chain-based authentication and secure managementof privacy preferences scheme

(2) Addressing security pitfalls of Cha et alrsquos schemeand proposing a new improved one called IBCbAP

(3) Formal and informal security analysis of IBCbAPFormal proofing is done using the Scyther tool

(4) Implementation of IBCbAP through JavaScriptlanguage and Ethereum local blockchain and con-sidering its functionality and correctness

12PaperOrganization We organize the rest of the paper asfollows In Section 2 we will look at related works on theblending of two technologies of blockchain and IoTand alsoprovide some explanations on their security requirementsand existing issues We review the Cha et alrsquos blockchain-based authentication protocol and describe its securitypitfalls in Sections 3 and 4 respectively In Section 5 wepropose a new improved protocol called IBCbAP and de-scribe its security and functionality features We analyze thesecurity and functionality of IBCbAP in Sections 6 and 7

respectively In Section 8 we compare the proposed protocolin terms of the type of blockchain used the implementationplatform and security features with other related authen-tication schemes in this area and at last Section 9 concludesthe paper with concluding remarks and suggestions forfuture works

2 Related Works and Preliminaries

is section addresses the important security requirementsfor access control systems in the IoT networks and brieflypresents a few related works Since we used the blockchain tostore critical information securely in our proposed protocolthe definition of blockchain technology and how it works arealso explained in this section Also we briefly explain thesmart contract and its usage in our proposed protocol Fi-nally we will talk about how the blockchain was used in therelated works

21 Blockchain Blockchain was proposed in 2008 by SatoshiNakamoto [21] Blockchain includes blocks where blocks areinterconnected like a chain Each block contains informationsuch as block number the hash of the previous block anonce and transaction information By storing the hash ofthe previous block in each block the chain will be formedis chain is called the ledger Figure 1 shows a simpleexample of the blockchain ledger Each node in the networkhas its ledger Blockchain uses consensus mechanisms[23 24] to verify the transaction and update the entireledger At the time of adding a new transaction in the ledgerall nodes in the network will check the correctness of theinformation and after approving will add the new trans-action to their ledger Each user subscribes to the network byregistering a pair of public and private keys on the networkis is done by recording a transaction Each userrsquos keys arestored in their wallet Miners created the blocks Miners arenodes in the network tasked with generating and approvingblocks to the blockchain To generate a block the corre-sponding node solves a difficult problem and the one whosolves the problem sooner registers its block in the block-chain Changing an approved block in the ledger is costlyand difficult ere are two types of blockchain public andprivate In a public blockchain anyone can participate in theblock generation and consensus process but in a privateblockchain only preapproved nodes can do this operationBitcoin [21] and Ethereum [25] are examples of the publictype and Hyperledger [26] is an example of the private typeblockchain

22 Smart Contract Smart contracts are executable codesand memories which are stored as transactions in theblockchain Smart contracts are executed by miners with afixed cost By knowing the transaction address it is possibleto call the smart contract for the network members Becauseblockchain is irremovable smart contracts can provide agreat deal of confidence One of the famous blockchainswhich is a smart contract provider is Ethereum [25] In theEthereum network any member can create a smart contract







Transactions



Transactions

Hash of the block


Transactions















mn (1)



values as below

Ri ri middot P



σi1 s

minus1i middot P

(2)



Ri + hiPKBCG)











ki(Ri + hiPKBCG)+

PKi)




Ni

UiPj

) e combination of


Blockchain network

BCGsmart

contract

Devicesmart

contract

Deviceadministrator

BCG administrator



smart contract





called






Blockchain network

User


IoT device


of the device


smart contract






process













e(P P) or not If







(1) BCG publishes

(2) Ri = riP




break

hi = ri + his mod q





ndash1P



IDi PKBCG

User (Ui)

(Ri σi1)

(m Ri σi2 PKi)






Ni

UiPj

















(6)Invoke

IDi PKBCG Ri

User (Ui)s PKBCG K


KUiPJ


KUiPJ

TIDijNi

(3) Store EM

(4) TIDij

NiEM = EUiPJ





Rij = rijP

(3)

Generate rij

sij = rij + rijs



(4) (Rij σBCG)



σBCG = sijndash1P


IDi PKBCG Ri

User (Ui)Device Dk


s PKBCG KBCG



breakToken

(8) Successfailure

(6)

(5)

(1)
























SKubcg H IDi Ni

SKBCG1113872 1113873 (4)



















trd)


IDi SKubcg

User (Ui)


SKubcg SKBCG SKdbcg






(PPj || Pj || T)



(7) Store EM

(4) TIDij



IDi SKubcg






(6) rb Msig

(8) Nsig



(2) PPj ru

SKubcg SKBCG SKdbcg

BCG





Prime

Prime






tru)

























(Tokentrd) to




Claim Description













role device




role bcg




















Blockchaintype







8 Comparison


9 Conclusion


Data Availability




References


































































Transactions



Transactions

Hash of the block


Transactions















mn (1)



values as below

Ri ri middot P



σi1 s

minus1i middot P

(2)



Ri + hiPKBCG)











ki(Ri + hiPKBCG)+

PKi)




Ni

UiPj

) e combination of


Blockchain network

BCGsmart

contract

Devicesmart

contract

Deviceadministrator

BCG administrator



smart contract





called






Blockchain network

User


IoT device


of the device


smart contract






process













e(P P) or not If







(1) BCG publishes

(2) Ri = riP




break

hi = ri + his mod q





ndash1P



IDi PKBCG

User (Ui)

(Ri σi1)

(m Ri σi2 PKi)






Ni

UiPj

















(6)Invoke

IDi PKBCG Ri

User (Ui)s PKBCG K


KUiPJ


KUiPJ

TIDijNi

(3) Store EM

(4) TIDij

NiEM = EUiPJ





Rij = rijP

(3)

Generate rij

sij = rij + rijs



(4) (Rij σBCG)



σBCG = sijndash1P


IDi PKBCG Ri

User (Ui)Device Dk


s PKBCG KBCG



breakToken

(8) Successfailure

(6)

(5)

(1)
























SKubcg H IDi Ni

SKBCG1113872 1113873 (4)



















trd)


IDi SKubcg

User (Ui)


SKubcg SKBCG SKdbcg






(PPj || Pj || T)



(7) Store EM

(4) TIDij



IDi SKubcg






(6) rb Msig

(8) Nsig



(2) PPj ru

SKubcg SKBCG SKdbcg

BCG





Prime

Prime






tru)

























(Tokentrd) to




Claim Description













role device




role bcg




















Blockchaintype







8 Comparison


9 Conclusion


Data Availability




References









































































mn (1)



values as below

Ri ri middot P



σi1 s

minus1i middot P

(2)



Ri + hiPKBCG)











ki(Ri + hiPKBCG)+

PKi)




Ni

UiPj

) e combination of


Blockchain network

BCGsmart

contract

Devicesmart

contract

Deviceadministrator

BCG administrator



smart contract





called






Blockchain network

User


IoT device


of the device


smart contract






process













e(P P) or not If







(1) BCG publishes

(2) Ri = riP




break

hi = ri + his mod q





ndash1P



IDi PKBCG

User (Ui)

(Ri σi1)

(m Ri σi2 PKi)






Ni

UiPj

















(6)Invoke

IDi PKBCG Ri

User (Ui)s PKBCG K


KUiPJ


KUiPJ

TIDijNi

(3) Store EM

(4) TIDij

NiEM = EUiPJ





Rij = rijP

(3)

Generate rij

sij = rij + rijs



(4) (Rij σBCG)



σBCG = sijndash1P


IDi PKBCG Ri

User (Ui)Device Dk


s PKBCG KBCG



breakToken

(8) Successfailure

(6)

(5)

(1)
























SKubcg H IDi Ni

SKBCG1113872 1113873 (4)



















trd)


IDi SKubcg

User (Ui)


SKubcg SKBCG SKdbcg






(PPj || Pj || T)



(7) Store EM

(4) TIDij



IDi SKubcg






(6) rb Msig

(8) Nsig



(2) PPj ru

SKubcg SKBCG SKdbcg

BCG





Prime

Prime






tru)

























(Tokentrd) to




Claim Description













role device




role bcg




















Blockchaintype







8 Comparison


9 Conclusion


Data Availability




References






























































ki(Ri + hiPKBCG)+

PKi)




Ni

UiPj

) e combination of


Blockchain network

BCGsmart

contract

Devicesmart

contract

Deviceadministrator

BCG administrator



smart contract





called






Blockchain network

User


IoT device


of the device


smart contract






process













e(P P) or not If







(1) BCG publishes

(2) Ri = riP




break

hi = ri + his mod q





ndash1P



IDi PKBCG

User (Ui)

(Ri σi1)

(m Ri σi2 PKi)






Ni

UiPj

















(6)Invoke

IDi PKBCG Ri

User (Ui)s PKBCG K


KUiPJ


KUiPJ

TIDijNi

(3) Store EM

(4) TIDij

NiEM = EUiPJ





Rij = rijP

(3)

Generate rij

sij = rij + rijs



(4) (Rij σBCG)



σBCG = sijndash1P


IDi PKBCG Ri

User (Ui)Device Dk


s PKBCG KBCG



breakToken

(8) Successfailure

(6)

(5)

(1)
























SKubcg H IDi Ni

SKBCG1113872 1113873 (4)



















trd)


IDi SKubcg

User (Ui)


SKubcg SKBCG SKdbcg






(PPj || Pj || T)



(7) Store EM

(4) TIDij



IDi SKubcg






(6) rb Msig

(8) Nsig



(2) PPj ru

SKubcg SKBCG SKdbcg

BCG





Prime

Prime






tru)

























(Tokentrd) to




Claim Description













role device




role bcg




















Blockchaintype







8 Comparison


9 Conclusion


Data Availability




References



































































e(P P) or not If







(1) BCG publishes

(2) Ri = riP




break

hi = ri + his mod q





ndash1P



IDi PKBCG

User (Ui)

(Ri σi1)

(m Ri σi2 PKi)






Ni

UiPj

















(6)Invoke

IDi PKBCG Ri

User (Ui)s PKBCG K


KUiPJ


KUiPJ

TIDijNi

(3) Store EM

(4) TIDij

NiEM = EUiPJ





Rij = rijP

(3)

Generate rij

sij = rij + rijs



(4) (Rij σBCG)



σBCG = sijndash1P


IDi PKBCG Ri

User (Ui)Device Dk


s PKBCG KBCG



breakToken

(8) Successfailure

(6)

(5)

(1)
























SKubcg H IDi Ni

SKBCG1113872 1113873 (4)



















trd)


IDi SKubcg

User (Ui)


SKubcg SKBCG SKdbcg






(PPj || Pj || T)



(7) Store EM

(4) TIDij



IDi SKubcg






(6) rb Msig

(8) Nsig



(2) PPj ru

SKubcg SKBCG SKdbcg

BCG





Prime

Prime






tru)

























(Tokentrd) to




Claim Description













role device




role bcg




















Blockchaintype







8 Comparison


9 Conclusion


Data Availability




References










































































(6)Invoke

IDi PKBCG Ri

User (Ui)s PKBCG K


KUiPJ


KUiPJ

TIDijNi

(3) Store EM

(4) TIDij

NiEM = EUiPJ





Rij = rijP

(3)

Generate rij

sij = rij + rijs



(4) (Rij σBCG)



σBCG = sijndash1P


IDi PKBCG Ri

User (Ui)Device Dk


s PKBCG KBCG



breakToken

(8) Successfailure

(6)

(5)

(1)
























SKubcg H IDi Ni

SKBCG1113872 1113873 (4)



















trd)


IDi SKubcg

User (Ui)


SKubcg SKBCG SKdbcg






(PPj || Pj || T)



(7) Store EM

(4) TIDij



IDi SKubcg






(6) rb Msig

(8) Nsig



(2) PPj ru

SKubcg SKBCG SKdbcg

BCG





Prime

Prime






tru)

























(Tokentrd) to




Claim Description













role device




role bcg




















Blockchaintype







8 Comparison


9 Conclusion


Data Availability




References

















































































SKubcg H IDi Ni

SKBCG1113872 1113873 (4)



















trd)


IDi SKubcg

User (Ui)


SKubcg SKBCG SKdbcg






(PPj || Pj || T)



(7) Store EM

(4) TIDij



IDi SKubcg






(6) rb Msig

(8) Nsig



(2) PPj ru

SKubcg SKBCG SKdbcg

BCG





Prime

Prime






tru)

























(Tokentrd) to




Claim Description













role device




role bcg




















Blockchaintype







8 Comparison


9 Conclusion


Data Availability




References













































































trd)


IDi SKubcg

User (Ui)


SKubcg SKBCG SKdbcg






(PPj || Pj || T)



(7) Store EM

(4) TIDij



IDi SKubcg






(6) rb Msig

(8) Nsig



(2) PPj ru

SKubcg SKBCG SKdbcg

BCG





Prime

Prime






tru)

























(Tokentrd) to




Claim Description













role device




role bcg




















Blockchaintype







8 Comparison


9 Conclusion


Data Availability




References






























































tru)

























(Tokentrd) to




Claim Description













role device




role bcg




















Blockchaintype







8 Comparison


9 Conclusion


Data Availability




References

































































(Tokentrd) to




Claim Description













role device




role bcg




















Blockchaintype







8 Comparison


9 Conclusion


Data Availability




References








































































Blockchaintype







8 Comparison


9 Conclusion


Data Availability




References






























































8 Comparison


9 Conclusion


Data Availability




References





























































animprovedblockchain-basedauthenticationprotocolforiot … · 2020. 10. 28. · management hubs. is...

Documents