Efficient privacy-preserving authentication protocol using PUFs with blockchain smart contracts
Introduction
The Internet guarantees rapid and efficient communication that promotes humanity. Since the last decades, digitalization has made significant progress and this can be done and applied via the Internet of Things (IoT) definition. Nowadays, IoT has emerged as an encapsulation of various technologies from RFID to Wireless Sensors Network (WSN) to physical sensors (Bedi et al., 2018). Indeed, IoT fitted with microcontrollers, wireless data transceivers and different protocol stacks allowing connectivity as an integral part of the internet. IoT devices can be integrated into a wide range of research areas as they can be electronic devices from wearable devices to physical hardware development platforms (Ikpehai, Adebisi, Rabie, Anoh, Ande, Hammoudeh, Gacanin, Mbanaso, 2018, Udoh, Kotonya, 2018). Nonetheless, most of these IoT devices generate an enormous amount of sensitive data (Bertino and Ferrari, 2018).Multiple data owners outsource their data with cloud computing in IoT. However, security and privacy with cloud computing in IoT have various flaws that should be addressed. Privacy has additional issues arising from the requirements of owners and the legal provisions on privacy, as well as individual privacy policies (Xia et al., 2019).
According to a recent report by Cisco, It is estimated that by 2025 more than 21 billion IoT devices will be connected. This brings several challenges and security issues. IoT allows a connected world, that facilitates sharing information and interacts with different entities in the IoT network. Accordingly, IoT establishes various smart approaches that help the advancement of Internet applications. IoT involved in many smart applications such as Smart Cities, Healthcare, Smart Farming, Smart Industries, Logistics, Smart Home, Smart Environment Prediction, and Smart Grid (Cui, Fei, Zhang, Cai, Cao, Zhang, Chen, 2020, Hamza, Yan, Muhammad, Bellavista, Titouna, 2019, Jeon, She, Soonsawad, Ng, 2018, Muhammad, Hamza, Ahmad, Lloret, Wang, Baik, 2018, Patil, Tama, Park, Rhee, 2018). Every IoT application has some specific features that generate a huge amount of data that require connectivity and power for the long term. However, the IoT system contains several constraints resources such as power cost, energy and lifetime. This enlightens the limitations in computer capacity, memory, limited power supply, network constitute challenges (Luong et al., 2016).
However, security and privacy issues become the most challenging necessitate in IoT (Frustaci et al., 2017). It is fundamental to guarantee data security and users privacy due to the fact that the IoT system is involved directly in human safety. As is well known, a large number of IoT devices are connected to the system and are not managed by a single controller. Yet, the designed security protocol is really complicated due to the environments IoT. In this regard, most of the existing security protocols are reliable for the Internet but they are not satisfactory for the IoT system (Patil et al., 2018). In addition to preserving anonymity and privacy, modern security protocols need to be resistant to physical and side-channel attacks. The modern security protocol must be efficient for IoT devices, as they have very low computational, power and memory performance (Granjal et al., 2015). New privacy and security protocols and frameworks are therefore required for a secure and reliable IoT system to protect the privacy of users.
Physical Unclonable Function (PUF) was introduced by Herder et al. (2014). This technique presents an interesting cryptographic primitives schemes. Identity of human begin can be verified ineffective by the biometric system due to their unique features. Similarly, motivated by biometric systems, physical unclonable function furnishes a unique way to identify integrated circuits (ICs). The PUFs can be formally described as a system that exploits the inherent variability in ICs manufacturing to implement challenge-response functions whose output completely depends on the specific output and their physical microstructure of the devices. Thus, adopting PUF in the IoT system it is unsustainable to modify and clone. Moreover, the variation in the physical factors during the manufacturing process of ICs make it practically impossible to replicate the microstructure, allow PUFs uniqueness at the device level. We use blockchain technology integrated with PUF. Blockchain is an immutable public record of data that is secured through a peer-to-peer network. Blockchain is rapidly gaining vogue and apply for many applications such as distributed cloud storage, smart contract, and digital assets. The key features of blockchain make an impressive technology available to address the security and privacy challenges of IoT (Casino et al., 2019).
This paper presents a blockchain-based security architecture for IoT. To guarantee reliable security and privacy of outsourced big data in IoT environments, we extend our previous work Patil et al. (2019) and enhance the usability of BlockChain smart contracts with the PUF model. We introduced an authentication protocol between IoT devices and miners on the blockchain network. Our research leads to the achievement of identity authentication, access control, replay attacks resistance, DOS attack resistance and data integrity without incurring overhead and delays.
In the next section, we will present the background for materials and related works. The Proposed Framework and Proposed authentication protocol present in Section 3. In Section 4. we will discuss our security analysis. Finally, the conclusion in Section 5.
Section snippets
Physical unclonable function (PUF):
Physical Unclonable Function is theoretically identified as a digital fingerprint that provides specific identity for semiconductor devices such as a microprocessor. This is focused on the particular physical differences that formed during the manufacturing phase. In short, PUF is a physical entity embodied in physical structure. A PUF is based on the idea that only the mask and manufacturing procedure is the same for every IC, each IC is somewhat different from the other IC due to natural
System architecture
Within this section, we present our system architecture that is compliant with different entities, such as IoT devices, the Blockchain network, and the Data Holder or Content Holder as seen in Fig. 1. The proposed system architecture ensures the authentication of IoT devices and the miner with a fast verification process as shown in Fig. 1.The fusion of Blockchain and PUF protects data flow and data integrity on IoT networks.
- •
Different physical objects are fused to become smart objects, along
Security analysis
In this section, we present different analyses with discussions that support the Blockchain-PUF framework merits. Table 3 listed the main security evaluation of our proposed work. We discuss these requirement points in the following subsections.
Conclusion
In this paper, we propose an authentication protocol based on blockchain smart contracts with the PUF model. The proposed protocol combines an emerging technology Blockchain-PUF-based secure authentication protocol for the IoT environment. Our proposed protocol presents an efficient and reliable authentication to interact between IoT devices and miners in the blockchain network, allowing data security and guarantee users’ privacy. Furthermore, security requirements and safeguards are likewise
CRediT authorship contribution statement
Akash Suresh Patil: Writing - original draft, Methodology, Software, Validation, Writing - review & editing. Rafik Hamza: Methodology, Writing - original draft. Alzubair Hassan: Writing - review & editing. Nan Jiang: Writing - review & editing. Hongyang Yan: Writing - review & editing. Jin Li: Conceptualization, Supervision.
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
References (43)
- et al.
A systematic literature review of blockchain-based applications: current status, classification and open issues
Telemat. Inform.
(2019) - et al.
An authenticated asymmetric group key agreement based on attribute encryption
J. Netw. Comput. Appl.
(2018) - et al.
A secure versatile light payment system based on blockchain
Future Gener. Comp. Syst.
(2019) - et al.
Review of internet of things (IoT) in electric power and energy systems
IEEE Internet Things J.
(2018) - et al.
Big data security and privacy
A Comprehensive Guide Through the Italian Database Research Over the Last 25 Years
(2018) Puf based authentication protocol for IoT
Symmetry
(2018)- et al.
A hybrid blockchain-based identity authentication scheme for multi-WSN
IEEE Trans. Serv. Comput.
(2020) - et al.
A review on the use of blockchain for the internet of things
IEEE Access
(2018) - et al.
Evaluating critical security issues of the IoT world: present and future challenges
IEEE Internet Things J.
(2017) - et al.
Lightweight and privacy-preserving two-factor authentication scheme for IoT devices
IEEE Internet Things J.
(2018)
Security for the internet of things: a survey of existing protocols and open research issues
IEEE Commun. Surv. Tutor.
Blockchain-based authentication for 5g networks
2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT)
A lightweight secure IoT surveillance framework based on DCT-DFRT algorithms
A privacy-preserving cryptosystem for iot e-healthcare
Inf. Sci.
Physical unclonable functions and applications: atutorial
Proc. IEEE
Low-power wide area network technologies for internet-of-things: a comparative review
IEEE Internet Things J.
Ble beacons for internet of things applications: survey, challenges, and opportunities
IEEE Internet Things J.
Anonymous communication via anonymous identity-based encryption and its application in IoT
Wirel. Commun. Mob. Comput.
Toward optimal participant decisions with voting-based incentive model for crowd sensing
Inf. Sci.
A decentralized lightweight blockchain-based authentication mechanism for IoT systems
Cluster Comput.
HMQV: A high-performance secure Diffie-Hellman protocol
Annual International Cryptology Conference
Cited by (62)
Blockchain-based cloud-fog collaborative smart home authentication scheme
2024, Computer NetworksA provably secure and practical end-to-end authentication scheme for tactile Industrial Internet of Things
2024, Pervasive and Mobile ComputingA comprehensive survey on hardware-assisted malware analysis and primitive techniques
2023, Computer NetworksBlockchain from the information systems perspective: Literature review, synthesis, and directions for future research
2023, Information and ManagementSmart contract watermarking based on code obfuscation
2023, Information Sciences