A Privacy-Aware PUFs-Based Multiserver Authentication Protocol in Cloud-Edge IoT Systems Using Blockchain

Abstract

The combination of the Internet of Things (IoT) and cloud-edge (CE) paradigm promises to be an efficient system to aggregate and further process huge volumes of data from IoT nodes. Physical unclonable functions (PUFs) emerge as a prospective primitive to provide IoT nodes with lightweight physical identities for authentication. However, when integrating PUFs into multiserver authentication protocols to improve security, the following problems occur: 1) the challenge–response pairs (CRPs) of PUFs generated by devices need to be explicitly stored by each edge server. This will cause the privacy leakage of CRPs; 2) the reliability is reduced resulting from the single point failure; and 3) existing PUFs-based authentication protocols would need to put great efforts into synchronizing CRPs, to ensure consistency in multiserver systems. To overcome these problems, in this article, we propose a privacy-aware authentication protocol for the multiserver CE-IoT systems by combining PUFs and the blockchain technique. The real correlations of CRPs are double encoded into mapping correlations (MCs) by a one-time physical identity and the keyed-hash function. The blockchain is leveraged to store MCs, synchronize them efficiently, and incorporate the multireceiver encryption to share the physical identity securely. The security of our protocol is formally proved by a random oracle model, and security features are discussed to show that our protocol resists various attacks. Moreover, a prototype was implemented to prove the efficiency of the protocol, and the comparison results present that our protocol accommodates CE-IoT systems. Finally, the simulation of the smart contract evaluates the scalability of our protocol.