skip to main content
10.1145/3386164.3389095acmotherconferencesArticle/Chapter ViewAbstractPublication PagesiscsicConference Proceedingsconference-collections
research-article

A Blockchain-Based OTP-Authentication Scheme for Constrainded IoT Devices Using MQTT

Published: 06 June 2020 Publication History

Abstract

The importance of the Internet of Things is constantly growing, together with the proliferation of IoT devices which are changing our daily life and empowering industrial processes. However, the most IoT devices and protocols were not designed with security in mind, and economic and energyconsumption constraints make the implementation of security measures a non-trivial problem. One of the most used messaging protocol in IoT, which is MQTT (Message Queuing Telemetry Transport), leaves to developers the task to implement security, as native security services provided by the protocol are very weak. This paper focuses on MQTT authentication, which is definitely insecure in the protocol, even though the implementations can combine MQTT with other mechanisms to obtain a suitable level of security. The aim of the present work is to propose an innovative OTP-authentication scheme for MQTT which uses Ethereum to implement an independent logic channel for the second-factor authentication. The implementation of the proposed scheme relies on the trusted behavior of smart contracts and adopts suitable strategies to preserve the privacy of users.

References

[1]
A. Banks and R. Gupta. Mqtt version 3.1. 1. OASIS standard, 29, 2014.
[2]
A. Dorri, S. S. Kanhere, and R. Jurdak. Blockchain in internet of things: challenges and solutions. arXiv preprint arXiv:1608.05187, 2016.
[3]
A. Moinet, B. Darties, and J.-L. Baril. Blockchain based trust & authentication for decentralized sensor networks. arXiv preprint arXiv:1706.01730, 2017.
[4]
A. Ouaddah, A. Abou Elkalam, and A. Ait Ouahman. Fairaccess: a new blockchain-based access control framework for the internet of things. Security and Communication Networks, 9(18):5943--5964, 2016.
[5]
B. Tripathy and J. Anuradha. Internet of Things (IoT):Technologies, Applications, Challenges and Solutions.CRC Press, 2017.
[6]
G. Wood. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper, 151:1--32, 2014.
[7]
K. Christidis and M. Devetsikiotis. Blockchains and smart contracts for the internet of things. Ieee Access, 4:2292--2303, 2016.
[8]
L. Cruz-Piris, D. Rivera, I. Marsa-Maestre, E. de la Hoz, and J. R.Velasco. Access control mechanism for iot environments based on modelling communication procedures as resources. Sensors, 18(3):917, 2018.
[9]
L. Lamport. Password authentication with insecure communication. Communications of the ACM, 24(11):770--772, 1981.
[10]
L. Wu, X. Du, W. Wang, and B. Lin. An out-of-band authentication scheme for internet of things using blockchain technology. In 2018 International Conference on Computing, Networking and Communications (ICNC), pages 769--773. IEEE, 2018.
[11]
M. Conoscenti, A. Vetro, and J. C. De Martin. Blockchain for the internet of things: A systematic literature review. In Computer Systems and Applications (AICCSA), 2016 IEEE/ACS 13th International Conference of, pages 1--6. IEEE, 2016.
[12]
M. T. Hammi, B. Hammi, P. Bellot, and A. Serhrouchni. Bubbles of trust: A decentralized blockchain-based authentication system for iot. Computers & Security, 78:126--142, 2018.
[13]
N. Atzei, M. Bartoletti, and T. Cimoli. A survey of attacks on ethereum smart contracts (sok). In International Conference on Principles of Security and Trust, pages 164--186. Springer, 2017.
[14]
N. Kshetri. Can blockchain strengthen the internet of things? IT Professional, 19(4):68--72, 2017.
[15]
S. Deering and R. Hinden. Internet protocol, version 6 (ipv6) specification. Technical report, 2017.
[16]
S. Huckle, R. Bhattacharya, M. White, and N. Beloff. Internet of things, blockchain and shared economy applications. Procedia computer science, 98:461--466, 2016.
[17]
S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system. 2008.
[18]
W. E. Burr. Nist special publication 800-63: Electronic authentication guideline. http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf, 2006.
[19]
Y. Zhang and J. Wen. The iot electric business model: Using blockchain technology for the internet of things. Peer-to-Peer Networking and Applications, 10(4):983--994, 2017

Cited By

View all
  • (2024)A Blockchain-Driven Smart Broker for Data Quality Assurance of the Tagged Periodic IoT Data in Publisher-Subscriber ModelApplied Sciences10.3390/app1413590714:13(5907)Online publication date: 5-Jul-2024
  • (2024)Authentication of Smart Grid by Integrating QKD and Blockchain in SCADA SystemsIEEE Transactions on Network and Service Management10.1109/TNSM.2024.342376221:5(5768-5780)Online publication date: Oct-2024
  • (2024)Securing the IoT Application Layer From an MQTT Protocol Perspective: Challenges and Research ProspectsIEEE Communications Surveys & Tutorials10.1109/COMST.2024.337263026:4(2510-2546)Online publication date: 1-Oct-2024
  • Show More Cited By

Index Terms

  1. A Blockchain-Based OTP-Authentication Scheme for Constrainded IoT Devices Using MQTT

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    ISCSIC 2019: Proceedings of the 2019 3rd International Symposium on Computer Science and Intelligent Control
    September 2019
    397 pages
    ISBN:9781450376617
    DOI:10.1145/3386164
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 06 June 2020

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Authentication
    2. Ethereum
    3. IoT
    4. MQT
    5. OTP
    6. Smart Contracts

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Conference

    ISCSIC 2019

    Acceptance Rates

    ISCSIC 2019 Paper Acceptance Rate 77 of 152 submissions, 51%;
    Overall Acceptance Rate 192 of 401 submissions, 48%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)16
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 20 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)A Blockchain-Driven Smart Broker for Data Quality Assurance of the Tagged Periodic IoT Data in Publisher-Subscriber ModelApplied Sciences10.3390/app1413590714:13(5907)Online publication date: 5-Jul-2024
    • (2024)Authentication of Smart Grid by Integrating QKD and Blockchain in SCADA SystemsIEEE Transactions on Network and Service Management10.1109/TNSM.2024.342376221:5(5768-5780)Online publication date: Oct-2024
    • (2024)Securing the IoT Application Layer From an MQTT Protocol Perspective: Challenges and Research ProspectsIEEE Communications Surveys & Tutorials10.1109/COMST.2024.337263026:4(2510-2546)Online publication date: 1-Oct-2024
    • (2024)Securing MQTT Ecosystem: Exploring Vulnerabilities, Mitigations, and Future TrajectoriesIEEE Access10.1109/ACCESS.2024.341203012(139273-139289)Online publication date: 2024
    • (2023)A Formal Verification of a Reputation Multi-Factor Authentication Mechanism for Constrained Devices and Low-Power Wide-Area Network Using Temporal LogicSensors10.3390/s2315693323:15(6933)Online publication date: 3-Aug-2023
    • (2023)IBAM: IPFS and Blockchain based Authentication for MQTT protocol in IoT2023 IEEE Symposium on Computers and Communications (ISCC)10.1109/ISCC58397.2023.10217960(537-542)Online publication date: 9-Jul-2023
    • (2023)IoT-Penn: A Security Penetration Tester for MQTT in the IoT EnvironmentCybersecurity in the Age of Smart Societies10.1007/978-3-031-20160-8_9(141-157)Online publication date: 3-Jan-2023
    • (2022)ProChain: Provenance-Aware Traceability Framework for IoT-Based Supply Chain SystemsIEEE Access10.1109/ACCESS.2021.313537110(3631-3642)Online publication date: 2022
    • (2022)An efficient intrusion detection system for MQTT-IoT using enhanced chaotic salp swarm algorithm and LightGBMInternational Journal of Information Security10.1007/s10207-022-00611-921:6(1263-1282)Online publication date: 3-Sep-2022
    • (2022)One Time Password-Based Two Channel Authentication Mechanism Using BlockchainData Science and Security10.1007/978-981-19-2211-4_20(229-237)Online publication date: 2-Jul-2022
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media