A secure and efficient authentication and data sharing scheme for Internet of Things based on blockchain

https://doi.org/10.1016/j.sysarc.2021.102112Get rights and content

Abstract

Internet of Things (IoT) is a network convergence of multiple intelligent devices and advanced technologies aiming at connecting and exchanging data over the Internet. IoT is extensively applied in consumer, commercial, industrial, infrastructure and military spaces. With the prevalence of IoT applications, security issues such as identity authenticity and data privacy are increasingly become critical concerns. Authentication and confidential data sharing are the important measures towards secure IoT communication and applications. Blockchain is a burgeoning technology supporting for efficient authentication and secure data sharing. A secure and accountable data transmission scheme based on blockchain has been proposed by Hong et al. recently. But this scheme has security weaknesses of impersonation attack, man-in-the-middle attack, replay attack, denial of service attack (DoS) and key compromise attack. Thus we put forward an improved scheme to overcome the identified security flaws. Our scheme is provably secure and performance analysis shows that our scheme reduces 15.34% computation costs and 40.68% communication costs compared with Hong et al.’s scheme. Meanwhile, we also compare our scheme with other three recent and related researches, which finally indicates that our scheme realizes a well tradeoff between security and efficiency.

Introduction

Since the term Internet of Things (IoT) was first coined by Kevin Ashton [1], definition of IoT has been evolved richer and richer. Until now, IoT describes a network in which various objects with unique identifier and the ability to transfer data are interrelated over the Internet without human intervention. Moreover, advanced technologies such as artificial intelligence (AI) and machine learning are integrated supporting for IoT operation [2], [3], [4]. Lin et al. first explored the relationship between cyber–physical systems and IoT and analyzed three-layer architecture of IoT [5].

Typically, IoT architecture is divided into three layers: perception layer, network layer and application layer [6], [7]. The perception layer is at the bottom of IoT architecture, which is also known as sensor layer. This layer aims at acquire data from the environment with the aid of sensors and actuators. Then it transmits the collected information to the network layer. Network layer is in the middle of IoT architecture, which is known as the transmission layer. This layer plays the role of mediator which aggregates and filters information provided by perception layer and transmits these data to application layer. Application layer is the top layer of IoT architecture, which is also known as business layer. This layer receives data sent from transmission layer and utilizes them for required services or society operations. The development of IoT motivates a more detailed five-layer architecture: sensing layer, network layer, middleware layer, application layer and business layer [8]. For simplicity, we only consider the three-layer IoT architecture in this paper.

IoT has a wide area of consumer application (e.g. smart home [9], [10], [11], [12]), organizational applications (e.g. medical healthcare [13], [14], [15] and transportation [16], [17], [18]), industrial applications (e.g. manufacturing [19], [20], [21] and agriculture [22], [23], [24]), infrastructure applications (e.g. energy management [25], [26], [27] and environment monitoring [28], [29], [30]) and military applications (e.g. internet of battlefield things [31], [32], [33] and ocean of things [34], [35]). With the prevalence of IoT, security and privacy issues are surfaced. For example, malicious attackers may impersonate valid sensing nodes to generate false data such that decisions, services and control in upper layer are influenced. Adversaries could also intercept communication information and replay invalid messages between the sensing layer and transport layer or between transport layer and transaction layer to disturb regular communication. Moreover, malicious attackers may launch Denial of Service (DoS) attack by impersonating servers or sending bulk messages to occupy resources, which disrupts the transmission. Besides, some sensitive information exposure such as in smart home and military applications may cause serious consequences. Above all, these specific attacks including impersonation attack, DoS attack, man-in-the-middle attack, replay attack etc. are the primary and imperative concerns.

Considering the above threats, there are some security principles that should be enforced to realize a secure communication environment for IoT. Firstly, each entity in IoT must be able to identified clearly and authenticate others. Therefore, a scheme to mutually authenticate participants in each interaction is needed. Secondly, it is of vital importance to ensure data privacy and authorized users-only availability. Thereby, data confidentiality in the transmission process must be provided. Last but not the least, users of the IoT should be able to access all the data whenever they need it. Thus availability must be ensured in the IoT environment. Blockchain is designed to provide availability and temper-resistance of data in an immutable and decentralized environment, which is customized to improve IoT data confidentiality, integrity and availability and optimized to enable IoT applications [36], [37]. Lao et al. proposed a five-layer architecture model for blockchain, which is composed of physical layer, network layer, consensus layer, propagation layer and application layer [8]. Referring to IoT blockchain architecture in [8], we give a communication model of our system as Fig. 1.

Hong et al. put forward a secure and accountable data transmission scheme in the IoT environment based on blockchain [38]. But their scheme is not resistant to impersonation attack, man-in-the-middle attack, replay attack, DoS attack, and perfect forward secrecy attack. Furthermore, Hong et al.’s scheme consumes relatively expensive computing cost and communication cost, which is incompatible with IoT narrow band and lightness characters. To design a proper mutual authentication and secure data transmission scheme for IoT is one the big challenge as compare to previous researches. An ideal system for IoT needs to realize the following properties.

  • Security: It is difficult to realize secure communication and data exchanging in the open IoT because various attacks may appear to break the regular operation. Thereby, it is important to propose a secure mutual authentication and secure data transmission scheme that can resist to the possible attacks.

  • Efficiency: It is especially hard for IoT node to perform complex and energy consuming operations due to these nodes have limited computational power and memory. Therefore, it is imperative to design a comparatively lightweight scheme to minimize energy consumption and reduce communication overheads.

  • Usability: In general, users are unskilled to fully understand the IoT devices operation, let alone more complex cryptographic operations. Thus it is important to design a secure and efficient scheme in a simple way that can be easily executed by users.

Above all, we propose an improved ID-based signature authentication and secure data sharing scheme for IoT. Our proposed scheme provides mutual authentication between sensing layer and transmission layer and guarantees data confidentiality during transmission. The improved scheme is not only provably secure and resistant to aforementioned attacks, but also reduces resource and energy consumption through low-cost operations and communication.

This paper’s contributions are summarized as follows.

  • We propose an improved ID-based signature authentication and secure data transmission scheme for IoT that ensures authenticity, integrality and confidentiality of information.

  • Our scheme is designed to achieve the mutual authentication between perception layer (i.e. IoT nodes) and network layer (i.e. base stations) and secure data transmission between network layer and application layer.

  • Detailed security properties analysis demonstrates that our scheme is resistant to various attacks and the formal security proof is presented.

  • The performance evaluation shows that the proposed scheme yields lower computation cost and communication cost, which achieves a proper tradeoff between security and efficiency.

The following organization of this paper is: Section 2 is a review of previous related works. In Section 3, we present authentication and data transmission model based on blockchain in IoT and describe preliminary knowledge and security model for our scheme. In Section 5, we review Hong et al.’s scheme and point out attacks on their scheme. Section 6 elaborates our proposed scheme. Section 7 is the security analysis of our scheme including security proof and properties comparison. In Section 8, we compare our scheme with four recent and related schemes in terms of computation and communication cost. The last section is the conclusion for this paper and future scope.

Section snippets

Related work

Internet of things (IoT) has become a relatively mature technology at present [39], [40]. To address IoT security and privacy, access control technology using software-defined networking [41] and hardware-based isolation and protection mechanism (IPM) [42] are put forward. Considering the protocol layer, authentication technique is a significant method of satisfying security and privacy requirements. It is not only useful in wireless body area networks (WBANs) [43], [44], vehicular ad hoc

IoT network model

According to the latest research [38], the IoT is a three-layer network model. The upper layer includes a trusted key generation center (KGC) and many application servers (AS). The former generates secret keys for all members in IoT. The latter provides credible services for users. Sensing layer is on the bottom of IoT system and includes massive sensing devices, which communicates with transport layer. Transport layer is in the middle of IoT system and composed of the base station (BS) as a

Security model

In this section, we describe the formal security model for the proposed scheme based on Choi et al.’s paper [66]. We suppose that IoT node U and the base station (BS) V have unique identities IDU and IDV from {0,1}λ, where λ is the security parameter. In the model, IoT nodes U can execute the protocol repeatedly with BS V. We denote instance s of U (resp. V) by ΠUs (resp. ΠVs) for sN, which models distinct executions of the protocol. The public parameters params and identities ID={IDU,IDV} are

Security analysis of Hong et al. ’s scheme

In this section, we will review Hong et al.’s scheme [38] and show that this scheme cannot stand impersonation attack, man-in-the-middle attack, replay attack and denial of service attack.

The improved scheme

In this section, we introduce our improved scheme in terms of registration phase, authentication phase, data transmission, foundation block generation phase and data acquisition phase.

Security analysis

In this section, we first give the formal security proof according to the threat model of Section 4. Then we further analyze our scheme satisfies a serious of security requirements in the authentication and data transmission process. Finally, we compare our scheme with other four schemes in terms of these security properties and it demonstrates that our scheme satisfies all the security properties while other schemes do not have.

Performance evaluation

We analyze performance of the proposed scheme in terms of computation cost and communication cost compared with Hong et al.’s scheme [38], Harbi et al.’s scheme [56], Zhao et al.’s scheme [69] and Jia et al.’s scheme [70]. All of them are the authentication schemes in the environments of IoT.

Conclusion and future scope

In this paper, we combine IoT with blockchain technology and propose a secure and efficient authentication and data sharing scheme based on blockchain for IoT. We realize reliability and unforgeability of authentication and confidentiality of information. Security properties comparisons and performances evaluation indicate that our scheme achieves a proper tradeoff between security and performance compared with other four similar schemes of IoT. Specifically, our scheme is better than the

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

References (70)

  • HussainM. et al.

    Authentication techniques and methodologies used in wireless body area networks

    J. Syst. Archit.

    (2019)
  • MwitendeG. et al.

    Certificateless authenticated key agreement for blockchain-based wbans

    J. Syst. Archit.

    (2020)
  • AliI. et al.

    An efficient identity-based signature scheme without bilinear pairing for vehicle-to-vehicle communication in vanets

    J. Syst. Archit.

    (2020)
  • AliI. et al.

    A blockchain-based certificateless public key signature scheme for vehicle-to-infrastructure communication in vanets

    J. Syst. Archit.

    (2019)
  • MehmoodA. et al.

    ICMDS: Secure inter-cluster multiple-key distribution scheme for wireless sensor networks

    Ad Hoc Netw.

    (2017)
  • WazidM. et al.

    Authentication in cloud-driven IoT-based big data environment: Survey and outlook

    J. Syst. Archit.

    (2019)
  • WangJ. et al.

    Electromagnetic radiation based continuous authentication in edge computing enabled Internet of Things

    J. Syst. Archit.

    (2019)
  • LiX. et al.

    A three-factor anonymous authentication scheme for wireless sensor networks in Internet of Things environments

    J. Netw. Comput. Appl.

    (2018)
  • RanjanA.K. et al.

    Terminal authentication in m2m communications in the context of Internet of Things

    Twelfth International Conference on Communication Networks, ICCN 2016, August 19–21, 2016, Bangalore, India Twelfth International Conference on Data Mining and Warehousing, ICDMW 2016, August (2016) 19-21, Bangalore, India Twelfth International Conference on Image and Signal Processing, ICISP 2016, August (2016) 19-21, Bangalore, India

    Procedia Comput. Sci.

    (2016)
  • HarbiY. et al.

    Enhanced authentication and key management scheme for securing data transmission in the Internet of Things

    Ad Hoc Netw.

    (2019)
  • EltayiebN. et al.

    A blockchain-based attribute-based signcryption scheme to secure data sharing in the cloud

    J. Syst. Archit.

    (2020)
  • JiangS. et al.

    BZIP: A compact data memory system for utxo-based blockchains

    J. Syst. Archit.

    (2020)
  • ChiJ. et al.

    A secure and efficient data sharing scheme based on blockchain in industrial Internet of Things

    J. Netw. Comput. Appl.

    (2020)
  • MakhdoomI. et al.

    Privysharing: A blockchain-based framework for privacy-preserving and secure data sharing in smart cities

    Comput. Secur.

    (2020)
  • AshtonK.

    That ’Internet of Things’ Thing

    (1999)
  • WhitmoreA. et al.

    The Internet of Things–a survey of topics and trends

    Inf. Syst. Front.

    (2015)
  • RouseM.

    Internet of Things (IoT)

    (2019)
  • LinJ. et al.

    A survey on Internet of Things: Architecture, enabling technologies, security and privacy, and applications

    IEEE Internet Things J.

    (2017)
  • R. Mahmoud, T. Yousuf, F. Aloul, I. Zualkernan, Internet of Things (IoT) security: Current status, challenges and...
  • Al-FuqahaA. et al.

    Internet of Things: A survey on enabling technologies, protocols, and applications

    IEEE Commun. Surv. Tutor.

    (2015)
  • LaoL. et al.

    A survey of IoT applications in blockchain systems: Architecture, consensus, and traffic modeling

    ACM Comput. Surv.

    (2020)
  • MengY. et al.

    Securing consumer IoT in the smart home: Architecture, challenges, and countermeasures

    IEEE Wirel. Commun.

    (2018)
  • A review of Internet of Things for smart home: Challenges and solutions, J. Clean. Prod., 140 (2017) 1454–1464....
  • ChoiJ. et al.

    Medical information protection frameworks for smart healthcare based on IoT

  • Vithya VijayalakshmiA. et al.

    A secured architecture for IoT healthcare system

  • Cited by (47)

    View all citing articles on Scopus

    The work was supported by the National Natural Science Foundation of China (Nos. 61932016, 61972294).

    View full text