A secure and efficient authentication and data sharing scheme for Internet of Things based on blockchain☆
Introduction
Since the term Internet of Things (IoT) was first coined by Kevin Ashton [1], definition of IoT has been evolved richer and richer. Until now, IoT describes a network in which various objects with unique identifier and the ability to transfer data are interrelated over the Internet without human intervention. Moreover, advanced technologies such as artificial intelligence (AI) and machine learning are integrated supporting for IoT operation [2], [3], [4]. Lin et al. first explored the relationship between cyber–physical systems and IoT and analyzed three-layer architecture of IoT [5].
Typically, IoT architecture is divided into three layers: perception layer, network layer and application layer [6], [7]. The perception layer is at the bottom of IoT architecture, which is also known as sensor layer. This layer aims at acquire data from the environment with the aid of sensors and actuators. Then it transmits the collected information to the network layer. Network layer is in the middle of IoT architecture, which is known as the transmission layer. This layer plays the role of mediator which aggregates and filters information provided by perception layer and transmits these data to application layer. Application layer is the top layer of IoT architecture, which is also known as business layer. This layer receives data sent from transmission layer and utilizes them for required services or society operations. The development of IoT motivates a more detailed five-layer architecture: sensing layer, network layer, middleware layer, application layer and business layer [8]. For simplicity, we only consider the three-layer IoT architecture in this paper.
IoT has a wide area of consumer application (e.g. smart home [9], [10], [11], [12]), organizational applications (e.g. medical healthcare [13], [14], [15] and transportation [16], [17], [18]), industrial applications (e.g. manufacturing [19], [20], [21] and agriculture [22], [23], [24]), infrastructure applications (e.g. energy management [25], [26], [27] and environment monitoring [28], [29], [30]) and military applications (e.g. internet of battlefield things [31], [32], [33] and ocean of things [34], [35]). With the prevalence of IoT, security and privacy issues are surfaced. For example, malicious attackers may impersonate valid sensing nodes to generate false data such that decisions, services and control in upper layer are influenced. Adversaries could also intercept communication information and replay invalid messages between the sensing layer and transport layer or between transport layer and transaction layer to disturb regular communication. Moreover, malicious attackers may launch Denial of Service (DoS) attack by impersonating servers or sending bulk messages to occupy resources, which disrupts the transmission. Besides, some sensitive information exposure such as in smart home and military applications may cause serious consequences. Above all, these specific attacks including impersonation attack, DoS attack, man-in-the-middle attack, replay attack etc. are the primary and imperative concerns.
Considering the above threats, there are some security principles that should be enforced to realize a secure communication environment for IoT. Firstly, each entity in IoT must be able to identified clearly and authenticate others. Therefore, a scheme to mutually authenticate participants in each interaction is needed. Secondly, it is of vital importance to ensure data privacy and authorized users-only availability. Thereby, data confidentiality in the transmission process must be provided. Last but not the least, users of the IoT should be able to access all the data whenever they need it. Thus availability must be ensured in the IoT environment. Blockchain is designed to provide availability and temper-resistance of data in an immutable and decentralized environment, which is customized to improve IoT data confidentiality, integrity and availability and optimized to enable IoT applications [36], [37]. Lao et al. proposed a five-layer architecture model for blockchain, which is composed of physical layer, network layer, consensus layer, propagation layer and application layer [8]. Referring to IoT blockchain architecture in [8], we give a communication model of our system as Fig. 1.
Hong et al. put forward a secure and accountable data transmission scheme in the IoT environment based on blockchain [38]. But their scheme is not resistant to impersonation attack, man-in-the-middle attack, replay attack, DoS attack, and perfect forward secrecy attack. Furthermore, Hong et al.’s scheme consumes relatively expensive computing cost and communication cost, which is incompatible with IoT narrow band and lightness characters. To design a proper mutual authentication and secure data transmission scheme for IoT is one the big challenge as compare to previous researches. An ideal system for IoT needs to realize the following properties.
- •
Security: It is difficult to realize secure communication and data exchanging in the open IoT because various attacks may appear to break the regular operation. Thereby, it is important to propose a secure mutual authentication and secure data transmission scheme that can resist to the possible attacks.
- •
Efficiency: It is especially hard for IoT node to perform complex and energy consuming operations due to these nodes have limited computational power and memory. Therefore, it is imperative to design a comparatively lightweight scheme to minimize energy consumption and reduce communication overheads.
- •
Usability: In general, users are unskilled to fully understand the IoT devices operation, let alone more complex cryptographic operations. Thus it is important to design a secure and efficient scheme in a simple way that can be easily executed by users.
Above all, we propose an improved ID-based signature authentication and secure data sharing scheme for IoT. Our proposed scheme provides mutual authentication between sensing layer and transmission layer and guarantees data confidentiality during transmission. The improved scheme is not only provably secure and resistant to aforementioned attacks, but also reduces resource and energy consumption through low-cost operations and communication.
This paper’s contributions are summarized as follows.
- •
We propose an improved ID-based signature authentication and secure data transmission scheme for IoT that ensures authenticity, integrality and confidentiality of information.
- •
Our scheme is designed to achieve the mutual authentication between perception layer (i.e. IoT nodes) and network layer (i.e. base stations) and secure data transmission between network layer and application layer.
- •
Detailed security properties analysis demonstrates that our scheme is resistant to various attacks and the formal security proof is presented.
- •
The performance evaluation shows that the proposed scheme yields lower computation cost and communication cost, which achieves a proper tradeoff between security and efficiency.
The following organization of this paper is: Section 2 is a review of previous related works. In Section 3, we present authentication and data transmission model based on blockchain in IoT and describe preliminary knowledge and security model for our scheme. In Section 5, we review Hong et al.’s scheme and point out attacks on their scheme. Section 6 elaborates our proposed scheme. Section 7 is the security analysis of our scheme including security proof and properties comparison. In Section 8, we compare our scheme with four recent and related schemes in terms of computation and communication cost. The last section is the conclusion for this paper and future scope.
Section snippets
Related work
Internet of things (IoT) has become a relatively mature technology at present [39], [40]. To address IoT security and privacy, access control technology using software-defined networking [41] and hardware-based isolation and protection mechanism (IPM) [42] are put forward. Considering the protocol layer, authentication technique is a significant method of satisfying security and privacy requirements. It is not only useful in wireless body area networks (WBANs) [43], [44], vehicular ad hoc
IoT network model
According to the latest research [38], the IoT is a three-layer network model. The upper layer includes a trusted key generation center (KGC) and many application servers (AS). The former generates secret keys for all members in IoT. The latter provides credible services for users. Sensing layer is on the bottom of IoT system and includes massive sensing devices, which communicates with transport layer. Transport layer is in the middle of IoT system and composed of the base station (BS) as a
Security model
In this section, we describe the formal security model for the proposed scheme based on Choi et al.’s paper [66]. We suppose that IoT node and the base station (BS) have unique identities and from , where is the security parameter. In the model, IoT nodes can execute the protocol repeatedly with BS . We denote instance of (resp. ) by (resp. ) for , which models distinct executions of the protocol. The public parameters and identities are
Security analysis of Hong et al. ’s scheme
In this section, we will review Hong et al.’s scheme [38] and show that this scheme cannot stand impersonation attack, man-in-the-middle attack, replay attack and denial of service attack.
The improved scheme
In this section, we introduce our improved scheme in terms of registration phase, authentication phase, data transmission, foundation block generation phase and data acquisition phase.
Security analysis
In this section, we first give the formal security proof according to the threat model of Section 4. Then we further analyze our scheme satisfies a serious of security requirements in the authentication and data transmission process. Finally, we compare our scheme with other four schemes in terms of these security properties and it demonstrates that our scheme satisfies all the security properties while other schemes do not have.
Performance evaluation
We analyze performance of the proposed scheme in terms of computation cost and communication cost compared with Hong et al.’s scheme [38], Harbi et al.’s scheme [56], Zhao et al.’s scheme [69] and Jia et al.’s scheme [70]. All of them are the authentication schemes in the environments of IoT.
Conclusion and future scope
In this paper, we combine IoT with blockchain technology and propose a secure and efficient authentication and data sharing scheme based on blockchain for IoT. We realize reliability and unforgeability of authentication and confidentiality of information. Security properties comparisons and performances evaluation indicate that our scheme achieves a proper tradeoff between security and performance compared with other four similar schemes of IoT. Specifically, our scheme is better than the
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
References (70)
- et al.
Internet of Things (IoT): A vision, architectural elements, and future directions
Future Gener. Comput. Syst.
(2013) - et al.
A review of smart home applications based on Internet of Things
J. Netw. Comput. Appl.
(2017) - et al.
Interoperable Internet-of-Things platform for smart home system using web-of-objects and cloud
Sustainable Cities Soc.
(2018) - et al.
Industrial IoT in 5G environment towards smart manufacturing
J. Ind. Inf. Integr.
(2018) - et al.
IoT powered servitization of manufacturing - an exploratory case study
Int. J. Prod. Econ.
(2017) - et al.
An IoT based intelligent smart energy management system with accurate forecasting and load strategy for renewable generation
Measurement
(2020) - et al.
Iot-enabled low power environment monitoring system for prediction of pm2.5
Pervasive Mob. Comput.
(2020) - et al.
Iot manager: An open-source IoT framework for smart cities
J. Syst. Archit.
(2019) - et al.
Enhancing Internet of Things security using software-defined networking
J. Syst. Archit.
(2020) - et al.
IoT device security through dynamic hardware isolation with cloud-based update
J. Syst. Archit.
(2020)
Authentication techniques and methodologies used in wireless body area networks
J. Syst. Archit.
Certificateless authenticated key agreement for blockchain-based wbans
J. Syst. Archit.
An efficient identity-based signature scheme without bilinear pairing for vehicle-to-vehicle communication in vanets
J. Syst. Archit.
A blockchain-based certificateless public key signature scheme for vehicle-to-infrastructure communication in vanets
J. Syst. Archit.
ICMDS: Secure inter-cluster multiple-key distribution scheme for wireless sensor networks
Ad Hoc Netw.
Authentication in cloud-driven IoT-based big data environment: Survey and outlook
J. Syst. Archit.
Electromagnetic radiation based continuous authentication in edge computing enabled Internet of Things
J. Syst. Archit.
A three-factor anonymous authentication scheme for wireless sensor networks in Internet of Things environments
J. Netw. Comput. Appl.
Terminal authentication in m2m communications in the context of Internet of Things
Twelfth International Conference on Communication Networks, ICCN 2016, August 19–21, 2016, Bangalore, India Twelfth International Conference on Data Mining and Warehousing, ICDMW 2016, August (2016) 19-21, Bangalore, India Twelfth International Conference on Image and Signal Processing, ICISP 2016, August (2016) 19-21, Bangalore, India
Procedia Comput. Sci.
Enhanced authentication and key management scheme for securing data transmission in the Internet of Things
Ad Hoc Netw.
A blockchain-based attribute-based signcryption scheme to secure data sharing in the cloud
J. Syst. Archit.
BZIP: A compact data memory system for utxo-based blockchains
J. Syst. Archit.
A secure and efficient data sharing scheme based on blockchain in industrial Internet of Things
J. Netw. Comput. Appl.
Privysharing: A blockchain-based framework for privacy-preserving and secure data sharing in smart cities
Comput. Secur.
That ’Internet of Things’ Thing
The Internet of Things–a survey of topics and trends
Inf. Syst. Front.
Internet of Things (IoT)
A survey on Internet of Things: Architecture, enabling technologies, security and privacy, and applications
IEEE Internet Things J.
Internet of Things: A survey on enabling technologies, protocols, and applications
IEEE Commun. Surv. Tutor.
A survey of IoT applications in blockchain systems: Architecture, consensus, and traffic modeling
ACM Comput. Surv.
Securing consumer IoT in the smart home: Architecture, challenges, and countermeasures
IEEE Wirel. Commun.
Medical information protection frameworks for smart healthcare based on IoT
A secured architecture for IoT healthcare system
Cited by (47)
Blockchain-based cloud-fog collaborative smart home authentication scheme
2024, Computer NetworksA review of IoT security and privacy using decentralized blockchain techniques
2023, Computer Science ReviewPriRPT: Practical blockchain-based privacy-preserving reporting system with rewards
2023, Journal of Systems ArchitectureA secure and efficient three-factor authentication protocol for IoT environments
2023, Journal of Parallel and Distributed ComputingAn anonymous authentication and secure data transmission scheme for the Internet of Things based on blockchain
2024, Frontiers of Computer Science