Efficient Authentication Scheme Using Blockchain in IoT Devices

Access management of IoT devices is extremely important, and a secure login authentication scheme can effectively protect users’ privacy. However, traditional authentication schemes are threatened by shoulder-surfing attacks, and biometric-based schemes, such as fingerprint recognition and face recognition, that are commonly used today can also be cracked. Researchers have proposed some schemes for current attacks, but they are limited by usability. For example, the login authentication process requires additional device support. This method solves the problem of attacks, but it is unusable, which limits its application. At present, most authentication schemes for the Internet of Things and mobile platforms either focus on security, thus ignoring availability, or have excellent convenience but insufficient security. This is a symmetry problem worth exploring. Therefore, users need a new type of login authentication scheme that can balance security and usability to protect users’ private data or maintain device security. In this paper, we propose a login authentication scheme named PinWheel, which combines a textual password, a graphical password, and biometrics to prevent both shoulder-surfing attacks and smudge attacks and solves the current schemes’ lack of usability. We implemented PinWheel and evaluated it from the perspective of security and usability. The experiments required 262 days, and 573 subjects participated in our investigation. The evaluation results show that PinWheel can at least effectively resist both mainstream attacks and is superior to most existing schemes in terms of usability.

Download Full-text

A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments

Sustainability ◽

10.3390/su13169241 ◽

2021 ◽

Vol 13 (16) ◽

pp. 9241

Author(s):

Seunghwan Son ◽

Yohan Park ◽

Youngho Park

Keyword(s):

Intelligent Transportation Systems ◽

User Authentication ◽

Formal Analysis ◽

Bilinear Pairing ◽

Transportation Systems ◽

Authentication Scheme ◽

Iot Devices ◽

And Performance ◽

Exclusive Or ◽

The Internet Of Things

The Internet of Things (IoT) is being applied to various environments such as telecare systems, smart homes, and intelligent transportation systems. The information generated from IoT devices is stored at remote servers, and external users authenticate to the server for requesting access to the stored data. In IoT environments, the authentication process is required to be conducted efficiently, and should be secure against various attacks and ensure user anonymity and untraceability to ensure sustainability of the network. However, many existing protocols proposed in IoT environments do not meet these requirements. Recently, Rajaram et al. proposed a paring-based user authentication scheme. We found that the Rajaram et al. scheme is vulnerable to various attacks such as offline password guessing, impersonation, privileged insider, and known session-specific temporary information attacks. Additionally, as their scheme uses bilinear pairing, it requires high computation and communication costs. In this study, we propose a novel authentication scheme that resolves these security problems. The proposed scheme uses only hash and exclusive-or operations to be applicable in IoT environments. We analyze the proposed protocol using informal analysis and formal analysis methods such as the BAN logic, real-or-random (ROR) model, and the AVISPA simulation, and we show that the proposed protocol has better security and performance compared with existing authentication protocols. Consequently, the proposed protocol is sustainable and suitable for real IoT environments.

Download Full-text

Lightweight and Secure Mutual Authentication Scheme for IoT Devices Using CoAP Protocol

Computer Systems Science and Engineering ◽

10.32604/csse.2022.020888 ◽

2022 ◽

Vol 41 (2) ◽

pp. 767-780

Author(s):

S. Gladson Oliver ◽

T. Purusothaman

Keyword(s):

Mutual Authentication ◽

Authentication Scheme ◽

Iot Devices

Download Full-text

A2 Chain: A Blockchain-Based Decentralized Authentication Scheme for 5G-Enabled IoT

Mobile Information Systems ◽

10.1155/2020/8889192 ◽

2020 ◽

Vol 2020 ◽

pp. 1-19

Author(s):

Xudong Jia ◽

Ning Hu ◽

Shi Yin ◽

Yan Zhao ◽

Chi Zhang ◽

...

Keyword(s):

Authentication Scheme ◽

Business Network ◽

Identity Verification ◽

Core Business ◽

The Core ◽

Cross Domain ◽

Fifth Generation ◽

High Bandwidth ◽

Iot Devices ◽

Mobile Communication Technology

The fifth-generation mobile communication technology (5G) provides high-bandwidth and low-latency data channels for massive IoT terminals to access the core business network. At the same time, it also brings higher security threats and challenges. Terminal identity authentication is an important security mechanism to ensure the core business network; however, most of the existing solutions adopt a centralized authentication model. Once the number of authentication requests exceeds the processing capacity of the authentication center service, it will cause authentication request congestion or deadlock. The decentralized authentication model can effectively solve the above problems. This article proposes a decentralized IoT authentication scheme called A2 Chain. First, A2 Chain uses edge computing to decentralize the processing of authentication requests and eliminate the burden on authentication services and the network. Second, to implement cross-domain identity verification of IoT devices, A2 Chain uses blockchain, and sidechain technologies are used to securely share the identity verification information of IoT devices. Additionally, A2 Chain replaces public key infrastructure (PKI) algorithm with identity-based cryptography (IBC) algorithm to eliminate the management overhead caused by centralized authentication model.

Download Full-text