Along with the rapid growth of the size and complexity of Internet of Things (IoT), the security of terminal devices has increasingly become a focus. In order to ensure the security of terminals, the trusted network connect (TNC) could realize not only the user authentication but also the platform attestation during the network access process. However, the existing TNC infrastructure is based on a centralized architecture, which is not suitable for distributed services. To address this problem, we present a blockchain-based TNC protocol named BTNC to ensure the reliability of terminals in IoT. Due to the decentralization, trustlessness, trackability, and immutability features of blockchain, BTNC is able to verify the security of terminal devices in IoT networks. First, we come up with some threats, including unauthorized user, illegal platform and platform replacement attack, then correspondingly define the security goals of our scheme. Second, combining key exchange protocol based on blockchain and D–H PN protocol included in TNC specification, we propose a blockchain-based trusted network connection protocol, which realizes mutual user authentication, platform attestation and trust network access by cryptography among terminals in IoT. Third, we make a security analysis in the PCL mode and conclude that our protocol can resist the attacks above. Finally, the performance overheads caused by our scheme are evaluated and the experiments show that it is efficient and feasible for different kinds of terminals in IoT.

随着物联网（IoT）的规模和复杂性的快速增长，终端设备的安全性已日益成为关注的焦点。为了确保终端的安全性，可信任网络连接（TNC）在网络访问过程中不仅可以实现用户认证，还可以实现平台认证。但是，现有的TNC基础结构基于集中式体系结构，不适用于分布式服务。为了解决这个问题，我们提出了一个名为BTNC的基于区块链的TNC协议，以确保物联网中终端的可靠性。由于区块链的去中心化，不信任，可追踪性和不变性功能，BTNC能够验证物联网网络中终端设备的安全性。首先，我们提出了一些威胁，包括未经授权的用户，非法平台和平台替换攻击，然后相应地定义我们方案的安全目标。其次，结合基于区块链的密钥交换协议和TNC规范中包含的D–H PN协议，我们提出了一种基于区块链的可信网络连接协议，该协议通过IoT中的终端之间的加密技术实现了相互用户认证，平台证明和信任网络访问。第三，我们在PCL模式下进行安全分析，并得出结论，我们的协议可以抵抗上述攻击。最后，评估了由我们的方案引起的性能开销，实验表明，该方案对于物联网中不同类型的终端都是高效可行的。结合基于区块链的密钥交换协议和TNC规范中包含的D–H PN协议，我们提出了一种基于区块链的可信网络连接协议，该协议通过IoT中的终端之间的加密技术实现了相互用户身份验证，平台证明和信任网络访问。第三，我们在PCL模式下进行安全分析，并得出结论，我们的协议可以抵抗上述攻击。最后，评估了由我们的方案引起的性能开销，实验表明，该方案对于物联网中不同类型的终端都是高效可行的。结合基于区块链的密钥交换协议和TNC规范中包含的D–H PN协议，我们提出了一种基于区块链的可信网络连接协议，该协议通过IoT中的终端之间的加密技术实现了相互用户认证，平台证明和信任网络访问。第三，我们在PCL模式下进行安全分析，并得出结论，我们的协议可以抵抗上述攻击。最后，评估了由我们的方案引起的性能开销，实验表明，该方案对于物联网中不同种类的终端都是高效可行的。我们在PCL模式下进行了安全性分析，并得出结论，我们的协议可以抵抗上述攻击。最后，评估了由我们的方案引起的性能开销，实验表明，该方案对于物联网中不同种类的终端都是高效可行的。我们在PCL模式下进行了安全性分析，并得出结论，我们的协议可以抵抗上述攻击。最后，评估了由我们的方案引起的性能开销，实验表明，该方案对于物联网中不同类型的终端都是高效可行的。