Elsevier

Computers & Security

Volume 97, October 2020, 101958
Computers & Security

Efficient privacy-preserving authentication protocol using PUFs with blockchain smart contracts

https://doi.org/10.1016/j.cose.2020.101958Get rights and content

Abstract

The Internet of Things devices generates a huge amount of sensitive data. Machine learning is the standard processing paradigm for intelligently handling the huge amount of data. Unfortunately, the IoT devices have limited resources to handle the performance of big data feature learning with machine learning techniques. IoT devices often compromise the privacy of users and make them vulnerable to numerous cyber-attacks. In this paper, we propose an efficient privacy-preserving authentication protocol based on blockchain technology and the secret computational model of physically unclonable function (denoted by PUF model). The proposed protocol guarantees the users privacy with a decentralized smart contract blockchain with the PUF model. In practice, the proposed protocol guarantees that IoT devices and the miner are authenticated in a faster authentication process compared to current blockchain techniques. In addition, Blockchain and PUF combine to ensure data provenance and data transparency in IoT networks. Blockchain-based smart contracts provide decentralized digital ledgers that are able to withstand data tampering attacks. This ensures the security and privacy of outsourced big data in IoT environments. We also investigated the privacy implications of using IoT devices with various security analysis, and avenues for research to extenuate the privacy concerns in IoT environments.

Introduction

The Internet guarantees rapid and efficient communication that promotes humanity. Since the last decades, digitalization has made significant progress and this can be done and applied via the Internet of Things (IoT) definition. Nowadays, IoT has emerged as an encapsulation of various technologies from RFID to Wireless Sensors Network (WSN) to physical sensors (Bedi et al., 2018). Indeed, IoT fitted with microcontrollers, wireless data transceivers and different protocol stacks allowing connectivity as an integral part of the internet. IoT devices can be integrated into a wide range of research areas as they can be electronic devices from wearable devices to physical hardware development platforms (Ikpehai, Adebisi, Rabie, Anoh, Ande, Hammoudeh, Gacanin, Mbanaso, 2018, Udoh, Kotonya, 2018). Nonetheless, most of these IoT devices generate an enormous amount of sensitive data (Bertino and Ferrari, 2018).Multiple data owners outsource their data with cloud computing in IoT. However, security and privacy with cloud computing in IoT have various flaws that should be addressed. Privacy has additional issues arising from the requirements of owners and the legal provisions on privacy, as well as individual privacy policies (Xia et al., 2019).

According to a recent report by Cisco, It is estimated that by 2025 more than 21 billion IoT devices will be connected. This brings several challenges and security issues. IoT allows a connected world, that facilitates sharing information and interacts with different entities in the IoT network. Accordingly, IoT establishes various smart approaches that help the advancement of Internet applications. IoT involved in many smart applications such as Smart Cities, Healthcare, Smart Farming, Smart Industries, Logistics, Smart Home, Smart Environment Prediction, and Smart Grid (Cui, Fei, Zhang, Cai, Cao, Zhang, Chen, 2020, Hamza, Yan, Muhammad, Bellavista, Titouna, 2019, Jeon, She, Soonsawad, Ng, 2018, Muhammad, Hamza, Ahmad, Lloret, Wang, Baik, 2018, Patil, Tama, Park, Rhee, 2018). Every IoT application has some specific features that generate a huge amount of data that require connectivity and power for the long term. However, the IoT system contains several constraints resources such as power cost, energy and lifetime. This enlightens the limitations in computer capacity, memory, limited power supply, network constitute challenges (Luong et al., 2016).

However, security and privacy issues become the most challenging necessitate in IoT (Frustaci et al., 2017). It is fundamental to guarantee data security and users privacy due to the fact that the IoT system is involved directly in human safety. As is well known, a large number of IoT devices are connected to the system and are not managed by a single controller. Yet, the designed security protocol is really complicated due to the environments IoT. In this regard, most of the existing security protocols are reliable for the Internet but they are not satisfactory for the IoT system (Patil et al., 2018). In addition to preserving anonymity and privacy, modern security protocols need to be resistant to physical and side-channel attacks. The modern security protocol must be efficient for IoT devices, as they have very low computational, power and memory performance (Granjal et al., 2015). New privacy and security protocols and frameworks are therefore required for a secure and reliable IoT system to protect the privacy of users.

Physical Unclonable Function (PUF) was introduced by Herder et al. (2014). This technique presents an interesting cryptographic primitives schemes. Identity of human begin can be verified ineffective by the biometric system due to their unique features. Similarly, motivated by biometric systems, physical unclonable function furnishes a unique way to identify integrated circuits (ICs). The PUFs can be formally described as a system that exploits the inherent variability in ICs manufacturing to implement challenge-response functions whose output completely depends on the specific output and their physical microstructure of the devices. Thus, adopting PUF in the IoT system it is unsustainable to modify and clone. Moreover, the variation in the physical factors during the manufacturing process of ICs make it practically impossible to replicate the microstructure, allow PUFs uniqueness at the device level. We use blockchain technology integrated with PUF. Blockchain is an immutable public record of data that is secured through a peer-to-peer network. Blockchain is rapidly gaining vogue and apply for many applications such as distributed cloud storage, smart contract, and digital assets. The key features of blockchain make an impressive technology available to address the security and privacy challenges of IoT (Casino et al., 2019).

This paper presents a blockchain-based security architecture for IoT. To guarantee reliable security and privacy of outsourced big data in IoT environments, we extend our previous work Patil et al. (2019) and enhance the usability of BlockChain smart contracts with the PUF model. We introduced an authentication protocol between IoT devices and miners on the blockchain network. Our research leads to the achievement of identity authentication, access control, replay attacks resistance, DOS attack resistance and data integrity without incurring overhead and delays.

In the next section, we will present the background for materials and related works. The Proposed Framework and Proposed authentication protocol present in Section 3. In Section 4. we will discuss our security analysis. Finally, the conclusion in Section 5.

Section snippets

Physical unclonable function (PUF):

Physical Unclonable Function is theoretically identified as a digital fingerprint that provides specific identity for semiconductor devices such as a microprocessor. This is focused on the particular physical differences that formed during the manufacturing phase. In short, PUF is a physical entity embodied in physical structure. A PUF is based on the idea that only the mask and manufacturing procedure is the same for every IC, each IC is somewhat different from the other IC due to natural

System architecture

Within this section, we present our system architecture that is compliant with different entities, such as IoT devices, the Blockchain network, and the Data Holder or Content Holder as seen in Fig. 1. The proposed system architecture ensures the authentication of IoT devices and the miner with a fast verification process as shown in Fig. 1.The fusion of Blockchain and PUF protects data flow and data integrity on IoT networks.

  • Different physical objects are fused to become smart objects, along

Security analysis

In this section, we present different analyses with discussions that support the Blockchain-PUF framework merits. Table 3 listed the main security evaluation of our proposed work. We discuss these requirement points in the following subsections.

Conclusion

In this paper, we propose an authentication protocol based on blockchain smart contracts with the PUF model. The proposed protocol combines an emerging technology Blockchain-PUF-based secure authentication protocol for the IoT environment. Our proposed protocol presents an efficient and reliable authentication to interact between IoT devices and miners in the blockchain network, allowing data security and guarantee users’ privacy. Furthermore, security requirements and safeguards are likewise

CRediT authorship contribution statement

Akash Suresh Patil: Writing - original draft, Methodology, Software, Validation, Writing - review & editing. Rafik Hamza: Methodology, Writing - original draft. Alzubair Hassan: Writing - review & editing. Nan Jiang: Writing - review & editing. Hongyang Yan: Writing - review & editing. Jin Li: Conceptualization, Supervision.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

References (43)

  • J. Granjal et al.

    Security for the internet of things: a survey of existing protocols and open research issues

    IEEE Commun. Surv. Tutor.

    (2015)
  • Z. Haddad et al.

    Blockchain-based authentication for 5g networks

    2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT)

    (2020)
  • R. Hamza et al.

    A lightweight secure IoT surveillance framework based on DCT-DFRT algorithms

  • R. Hamza et al.

    A privacy-preserving cryptosystem for iot e-healthcare

    Inf. Sci.

    (2019)
  • C. Herder et al.

    Physical unclonable functions and applications: atutorial

    Proc. IEEE

    (2014)
  • A. Ikpehai et al.

    Low-power wide area network technologies for internet-of-things: a comparative review

    IEEE Internet Things J.

    (2018)
  • K.E. Jeon et al.

    Ble beacons for internet of things applications: survey, challenges, and opportunities

    IEEE Internet Things J.

    (2018)
  • L. Jiang et al.

    Anonymous communication via anonymous identity-based encryption and its application in IoT

    Wirel. Commun. Mob. Comput.

    (2018)
  • N. Jiang et al.

    Toward optimal participant decisions with voting-based incentive model for crowd sensing

    Inf. Sci.

    (2019)
  • U. Khalid et al.

    A decentralized lightweight blockchain-based authentication mechanism for IoT systems

    Cluster Comput.

    (2020)
  • H. Krawczyk

    HMQV: A high-performance secure Diffie-Hellman protocol

    Annual International Cryptology Conference

    (2005)
  • Cited by (58)

    View all citing articles on Scopus
    View full text