Abstract
In this paper, targeting efficient authentication and key agreement in an IoT environment, we propose an Elliptic Curve Cryptography-(ECC) based lightweight authentication protocol called BCmECC which relies on a public blockchain to validate the users’ public key to provide desired security. We evaluate the security of the proposed protocol heuristically and validate it formally, which demonstratse the high level of the security. For the formal verification we used the widely accepted formal methods, i.e., BAN logic and the Scyther tool. In this paper we also analyse the security of recently proposed blockchain-based authentication protocols and show that this protocol does not provide the desired security against known session-specific temporary information attacks in which the adversary has access to the session’s ephemeral values and aims to retrieve the shared session key. In addition, the protocol lacks forward secrecy, in which an adversary with access to the server’s long-term secret key can retrieve the previous session keys, assuming that the adversary has already eavesdropped the transferred messages over a public channel in the target session. The proposed attacks are very efficient and their success probability is ‘1’, while the time complexity of each attack could be negligible. Besides, we show that BCmECC is secure against such attacks.
Highlights
The Internet of Things (IoT) will have an impact on every element of human life very soon
The authentication phase of the protocol between the i-th IoT device Di and the jth server S j is initiated by the IoT device, where it first verifies the validity of PK j by invoking the query function queryPKIT( PK j ) into the blockchain
Given that BCmECC is inspired by the proposed scheme by Yang et al [19], we discuss the advantages of the BCmECC over that scheme to ensure its efficiency, besides its better security
Summary
The Internet of Things (IoT) will have an impact on every element of human life very soon. IoT provides many advantages, it raises many concerns including unauthorized access and control of those devices for adversarial purposes To address this concern, authentication and access control protocols could be an off-the-shelf solution. Apart from security concerns, such a centralized architecture of traditional protocols could be a bottleneck in the mass IoT network, causing service providers to be unable to adequately respond to system requirements like authentication, authorization, and access management as the number of devices and users grows. To address this concern, decentralized solutions could be a proper solution. It motivated us to shed light on those parts of the protocol in order to dig deeper into its security
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
