Authentication and Key Management in Distributed IoT Using Blockchain Technology

IEEE INTERNET OF THINGS JOURNAL, VOL. 8, NO.
16, AUGUST 15, 2021 12947
Authentication and Key Management in Distributed

IoT Using Blockchain Technology
Soumyashree S. Panda , Debasish Jena, Senior Member, IEEE, Bhabendu Kumar Mohanta , Member, IEEE,
Somula Ramasubbareddy , Mahmoud Daneshmand , Senior Life Member, IEEE,
and Amir H. Gandomi , Senior Member, IEEE
Abstract—The exponential growth in the number of connected data [1]. In factories, robots and smart tools are being imple-
devices as well as the data produced from these devices call for mented to increase the productivity of their operations. The
a secure and efficient access control mechanism that can ensure application areas of IoT are not limited to these use cases; but
the privacy of both users and data. Most of the conventional key
management mechanisms depend upon a trusted third party like is largely endorsed in several other areas, including agricul-
a registration center or key generation center for the generation ture, cities, transportation system, grids, etc. Indeed, IoT has
and management of keys. Trusting a third party has its own ram- allowed the evolution of many other areas, such as smart health
ifications and results in a centralized architecture; therefore, this systems, smart transportation systems, smart agriculture, and
article addresses these issues by designing a Blockchain-based so on. With such expansion to a wide range of fields, the num-
distributed IoT architecture that uses hash chains for secure
key management. The proposed architecture exploits the key ber of devices connected to the Internet and to each other is
characteristics of the Blockchain technology, such as openness, expected to reach around 20 billion by 2022 [1].
immutability, traceability, and fault tolerance, to ensure data pri- By concept, an IoT application system is ubiquitous of a
vacy in IoT scenarios and, thus, provides a secure environment variety of devices (things) that are capable of interacting with
for communication. This article also proposes a scheme for secure each other so that a broad range of services can be provided.
and efficient key generation and management for mutual authen-
tication between communication entities. The proposed scheme Each device, be it physical or virtual, of an IoT system must
uses a one-way hash chain technique to provide a set of pub- be accessible by the system users regardless of their location.
lic and private key pairs to the IoT devices that allow the key It is critical that only authenticated and approved users can
pairs to verify themselves at any time. Experimental analysis access the system; otherwise, the system will be vulnerable
confirms the superior performance of the proposed scheme to to numerous security attacks, such as spoofing, data tam-
the conventional mechanisms.
pering, Denial-of-Service (DOS) attack, impersonation attack,
Index Terms—Blockchain, decentralization, hash chain, information theft, etc. Certainly, these security issues continue
Internet of Things, privacy, security. to be the prime obstacle for the adoption of IoT in large-scale
organizations. As per a survey, one of the most significant con-
cerns in the deployment of solutions for different IoT use cases
I. I NTRODUCTION
is security. Securing the communication among different enti-
HE RATE at which the number of physical devices con-
T nected to the Internet is increasing exponentially. People
are gradually furnishing their homes with smart devices, such
ties and ensuring data privacy using encryption are the most
commonly used methods to ensure IoT security [2]. However,
the conventional security methods do not fully conform to the
as smart remote controls, smart TVs, surveillance cameras, IoT systems because of the heterogeneity and limited resources
smart bulbs, etc., while vehicles are being equipped with of IoT devices. Moreover, most of the proposed solutions are
different smart devices so that they can share traffic-related centralized in which scalability becomes a matter of concern
since thousands of devices work in an IoT use case [3]. Finally,
Manuscript received September 10, 2020; revised December 10, 2020
and February 2, 2021; accepted February 28, 2021. Date of publication each use case demands a different approach for system design,
March 4, 2021; date of current version August 6, 2021. (Corresponding deployment, and ensuring security. Therefore, new approaches
author: Amir H. Gandomi.) should be designed with the aim to facilitate the hassle-free
Soumyashree S. Panda, Debasish Jena, and Bhabendu Kumar Mohanta are
with the Department of Computer Science Engineering, International Institute addition of new services as well as new devices with add-on
of Information Technology Bhubaneswar, Bhubaneswar 751003, India (e-mail: security benefits.
c117011@iiit-bh.ac.in; debasish@iiit-bh.ac.in; c116004@iiit-bh.ac.in). As a recently promising solution, the concept of Blockchain
Somula Ramasubbareddy is with the Department of Information
Technology, Vallurupalli Nageswara Rao Vignana Jyothi Institute is suggested to provide a secure and efficient base for sev-
of Engineering and Technology, Hyderabad 500090, India (e-mail: eral IoT applications. With the growing popularity of digital
svramasubbareddy1219@gmail.com). currency, researchers have focused their attention on the dif-
Mahmoud Daneshmand is with the School of Business, Stevens
Institute of Technology, Hoboken, NJ 07030 USA (e-mail: ferent usages of Blockchain which is the key element behind
mahmoud.daneshmand@stevens.edu). Bitcoin. Coined by Nakamoto in 2008 [4], a Blockchain is
Amir H. Gandomi is with the Faculty of Engineering Information essentially a distributed ledger that is inherently immutable,
Technology, University of Technology Sydney, Sydney, NSW 2007, Australia
(e-mail: gandomi@uts.edu.au). open, synchronized, and verifiable [5]. It facilitates distributed
Digital Object Identifier 10.1109/JIOT.2021.3063806 decision making so that all entities of the system share equal
2327-4662
c 2021 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: Central Institute of Technology - Kokrajhar. Downloaded on September 22,2021 at 11:00:15 UTC from IEEE Xplore. Restrictions apply.
12948 IEEE INTERNET OF THINGS JOURNAL, VOL. 8, NO. 16, AUGUST 15, 2021
privilege. Simply put, Blockchain networks enable a number contracts are nothing more than a piece of computer codes
of entities that do not share a trust relationship to coordinate, that provide the shared implementation of the business rules
amalgamate, and associate in application development process associated with each transaction. The following features of
or business intelligence process [6]. Blockchain describe how and why Blockchain can be used to
Most of the existing works solely depend upon the security handle the different issues related to data privacy and security
attribute of Blockchain, which may not be enough for some of in an IoT framework.
the IoT use cases. For example, the full anonymity provided 1) Consensus: The entities of the network will collec-
by Blockchain does not ensure identification, which is crucial tively agree that each transaction that is recorded in the
in most of the IoT use cases. Moreover, it remains unclear Blockchain and the order of transactions in relation to
whether a low-power and resource-constrained IoT device will others are valid.
be able to perform transactions in Blockchain and participate 2) Provenance: The entities know the history of the data
in the Blockchain mining process. Most of the researchers are and how it flows within the network.
still in their elementary stage, whereby only an approach is 3) Immutability: Entities cannot tamper with the transac-
presented but no proper implementation or analysis is given. tions once they are agreed upon and recorded in the
Therefore, in this article, a distributed framework using two chain.
Blockchain structures is presented which enables secure com- 4) Finality: Once a transaction is committed, it cannot be
munication among IoT devices. One-way hash chains are reversed, i.e., data cannot be rolled back to the previous
employed for authentication and key management. state. If a transaction is in error, then a new transaction
Given the challenges in developing a distributed, reliable, must be used to reverse the error with both transactions
and secure authentication scheme for a heterogeneous IoT visible.
network, a Blockchain-based distributed authentication, and Bitcoin is an example of a permission-less public
key management scheme has been proposed in this article. Blockchain. It is a peer-to-peer payment system that allows
The key contributions are given as follows. people to send currency to one another without requiring a
1) A framework using two Blockchain structures is centralized intermediary using a class of assets called cryp-
developed to provide a distributed and secure IoT tocurrency [5]. It uses a resource-intensive process known
network for communication. as Proof of Work (PoW) to achieve consensus. PoW in the
2) A distributed authentication and key management using Bitcoin system extends the hashcash-based PoW system and
one-way hash chains to authenticate as well as to assign develops a mechanism to safeguard the Blockchain by apply-
keys to the entities of the system. The introduction of ing the distributed consensus mechanism [4]. The hashcash
Blockchain technology in the scheme facilitates dis- system was proposed by Adam Back and uses the puzzle
tributed decision making without the need for a third friendliness property of the cryptographic hash function [7].
party. Transactions in Bitcoin are public and visible, but the entities
3) The scheme has been implemented on the Ethereum behind each transaction are largely anonymous making them
platform and an in-depth evaluation of the scheme very difficult to track.
proves its proficiency in making an IoT use case secure. To exploit the advantages of Blockchain technology, a num-
4) Further security analysis of the proposed authentication ber of platforms have been designed to integrate it with IoT
scheme is being compared with other existing schemes to provide smart and usable foundations for future research
which prove the strength of the proposed scheme. The and development. Some of the popular platforms include
performance analysis shows that the scheme is highly Ethereum, Hyperledger, Multichain, IOTA, Rootstock, IoT
efficient and scalable. Chain, Atonomi, Lisk, Chain of Things, etc. Specifically,
The remainder of this article is arranged as follows. Ethereum was the first acknowledged platform for the develop-
Section II gives a brief introduction of Blockchain along with ment of decentralized or distributed systems using Blockchain
some popular platforms that combine it with IoT. Section III technology, which supports smart contracts. These smart con-
discusses the existing Blockchain-based security solutions for tracts executed on the Ethereum virtual machine (EVM), a
IoT systems. Section IV discusses the preliminaries required type of operating system provided by the Ethereum plat-
for the proposed scheme. Then, a detailed description of the form [8]. Ethereum provides a type of cryptocurrency called
proposed model is presented in Section V. The scheme is eval- Ether (ETH), that can be used for both financial transactions
uated in terms of security and performance in Section VI. and executing smart contracts. Though most of the earlier ver-
Finally, Section VII concludes this article with future research sions of Ethereum used PoW as the consensus mechanism, the
plans. recent version employs Proof of Stake (PoS) as the consen-
sus mechanism. The PoW-based consensus used in Ethereum
II. B LOCKCHAIN FOR I OT is known as Ethash, a memory intensive and less power con-
Blockchain, the key element of Bitcoin, has been grow- suming consensus mechanism as compared to traditional PoW.
ing at an unbelievable pace over the last few years with Ethereum can be used to implement both permission less
its application now extending beyond digital currency. As and permission-based frameworks over Blockchain. Lately,
stated, Blockchain, as a distributed ledger that is inherently smart contracts have been extensively used for modeling
immutable, open, synchronized, and verifiable, can be thought and securing a number of IoT use cases. Ethereum was
of as a shared replicated ledger with smart contracts [6]. Smart the first platform to provide a base for the development
PANDA et al.: AUTHENTICATION AND KEY MANAGEMENT IN DISTRIBUTED IoT USING BLOCKCHAIN TECHNOLOGY 12949
of distributed applications (DAPPs) [9]. As another popu- Dorri et al. [16] addressed the various challenges of
lar platform, Hyperledger is a permission-based Blockchain Blockchain in the context of IoT, such as scalability, com-
framework that provides an Enterprise-grade foundation for putational complexity, and storage overhead and propose a
transactional applications, where the nodes in the network lightweight Blockchain having a simple consensus mechanism
need to know each other prior to setting up the network [10]. to address these issues. Huh et al. [17] shared an approach to
Practical Byzantine fault tolerance (PBFT) is used as the combine IoT and Blockchain technology where smart con-
consensus mechanism used in Hyperledger fabric, which safe- tracts define the functionalities of each device. However, their
guards the network from crash faults, network faults, Sybil approach lacks clarity in terms of the usage and the appli-
attacks, and Byzantine nodes. Hyperledger provides better cation of the approach to different use cases of IoT is also
performance in terms of higher transaction throughput and restricted. Pham et al. [18] utilized Ethereum Blockchain for
less power consumption compared to Bitcoin and Ethereum. secure analysis and management of medical sensors.
Nevertheless, it has limitations, for instance, applications built These sensors combined with IoT smart devices help in
on Hyperledger cannot be fully decentralized and will be less monitoring the health condition of a patient from remote loca-
scalable. Multichain is another open platform to model and tions. Another method to ensure mutual authentication among
deploy private Blockchain within a closed environment, just IoT devices is introduced in [3], which groups IoT devices
like Hyperledger. It is forked from Bitcoin to broaden the into virtual zones within which they can share data securely.
functionality domain of Blockchain that provides users with However, this method does not allow interzonal communica-
more features, such as speed, permissions, multiple assets, tion and is still in its elementary phase. In [19], a distributed
and atomic exchanges. Another Ethereum like platform is storage system is presented for IoT applications that generate
Rootstock for Blockchain-based IoT developments. Since it huge amounts of data. Although the work confirms that the
is compatible with Ethereum, smart contracts written for the storage system utilizes Blockchain technology to store the gen-
Ethereum environment can also be used over this platform. It erated data in a distributed manner, other security and privacy
also has a built-in infrastructure layer that provides users with needs of IoT applications are not addressed in the research
better computing power, fast payment channels, and larger article.
storage space. Atonomi is another platform that provides trust Recently, an authentication scheme for IoT devices using
and identity that are essential for the increasingly connected gateway nodes and Blockchain technology has been proposed
world by securing a device’s identity on the distributed ledger, in [20], where gateway nodes are included to address the
tracking a device’s reputation, and securing the communication low computation power and resource-constrained nature of
between devices. IoT devices. Similarly, in [21], IoT devices are connected to
fog nodes that share a Blockchain structure. Even though the
proposed design ensures a secure communication between fog
III. R ELATED W ORK nodes and devices, the applicability of the scheme is very
Even though Blockchain is still in its infancy, substantial restricted.
research has already been done in different areas of IoT using To summarize, most of the existing research works are not
Blockchain technology. In this section, the authors discuss applicable to the wide range of IoT application areas. Apart
some of the existing works in the field. from this, most of the works solely depend upon the security
Christidis and Devetsikiotis [11] proposed the advantages attribute of Blockchain, which may not be enough for some of
and disadvantages of Blockchain technology with respect to the IoT use cases. For example, the full anonymity provided
IoT, concluding that Blockchain promotes the secure and by Blockchain does not ensure identification, which is crucial
trustworthy sharing of resources and data in an IoT envi- in most of the IoT use cases. Moreover, it remains unclear
ronment among multiple entities. Bahga and Madisetti [12] whether a low-power and resource-constrained IoT device will
revealed shown how Blockchain technology can be used to be able to perform transactions in Blockchain and participate
design a trust-less, decentralized environment for industrial in the Blockchain mining process. Most of the researchers are
IoT. However, there was no formal proof for validation of still in their elementary stage, whereby only an approach is
their proposed model given in this article. In [13], a privacy- presented but no proper implementation or analysis is given.
preserving mechanism was presented that helps to authorize
IoT devices in cloud systems. The presented method allows
stakeholders to share their data gathered from sensor devices
IV. P RELIMINARIES
with different service providers in a fully anonymous way.
Yet, it was not adapted to the use cases where identification A. System Variables
is essential. Another access control method using Blockchain This section specifies the system variables that need to be
technology known as “FairAccess” was proposed in [14], accepted and used by all entities of the system. These variables
which works analogous to the role-based access control [15]. are specified as follows.
FairAccess was specially designed for IoT use cases where 1) Assume G to be a cyclic multiplicative subgroup of Zp∗
the policies are kept in a private Blockchain so that they can- of prime order p, with identity element e = 1 and g ∈ G
not be tampered with. However, this method is not applicable is a generator of G. We assume that computing discrete
to all IoT use cases since it was designed to work only for logarithms in G with respect to g is computationally
policy-based systems. infeasible.
TABLE I
N OTATION TABLE a one-way hash function H on the value s for N times as
shown in
H N (s) ← H N−1 (s) ← H N−2 (s) · · · ← H k (s) · · ·
← H 2 (s) ← H 1 (s) ← s. (1)
Then, A computes a hash value ϑ that will be used by other
entities of the system to validate A as follows:
N j
ϑ = h g j=0 H (s) . (2)

The kth private key (PrKk ) and its corresponding public
key (PuKk ), where 0 < k < N, are generated by the following
equations:

k
For example, G might be a large multiplicative subgroup PrKk = H j (s) (3)

of Zp∗ for some large prime p, where q is a large prime j=0

dividing p − 1. Alternatively, G could be the group of k j (s)
PuKk = g j=0 H . (4)
points on an elliptic curve.
2) N is a positive integer that specifies the number of
public/private key pairs available to an IoT device. V. P ROPOSED W ORK
Table I contains the description of the notations used in this This section presents the proposed system architecture and
article. scheme for IoT use cases implementing Blockchain technol-
ogy in detail. The designed solution for the system employs a
B. One-Way Hash Chain one-way hash chain for authentication and key management.
One-way hash chains are a kind of cryptographic hash used The most important aspect is that this method significantly
in many applications, such as micropayment systems [22], decreases the computational overhead and communication
mobile ad hoc networks [23], etc., for providing a set of latency, which can drastically improve the efficiency, relia-
cryptographic keys from a single key. This technique was bility, and scalability of the system.
introduced by Lamport for securing passwords from intrud-
ers and malicious users [24]. As per the technique, given a A. System Architecture
number known as a seed and a cryptographic hash function The proposed system design of the Blockchain-based dis-
such as SHA-1, the successive application of the hash func- tributed architecture for IoT use cases is shown in Fig. 1. The
tion to the seed generates a set of hash values known as a architecture consists of three layers, namely, device, fog, and
hash chain. The characteristic of the hash chain is that it is cloud layers. The device layer consists of the smart devices
computationally impossible to invert [25]. used in various IoT use cases, for example, different wear-
It works as follows. Initially, an entity will have to choose able medical devices to sense, monitor, and observe patient’s
a secret number known as seed s and a number N, where health status from a remote location. These include tempera-
s ∈ (0, 1, . . . , p − 1). ture sensors, gas sensors, and surveillance cameras for home
Then, it will repeatedly apply the one-way hash function or organization automation. Since the devices are resource
defined above for N − 1 times to produce a set of N − 1 values constrained by nature, the fog layer was added to improve
denoted as H1 , H2 , H3 · · · HN , where H1 = H(H2 ), Hk−1 = the performance and reduce the computation time and over-
H(Hk ), and HN = HN−1 , where 1 < k ≤ N.H1 is named as head of the devices. The fog layer contains a number of
the tip of the hash chain. access managing nodes (AMNs) with standard computational
These values can be used as keys in the reverse order of and storage capabilities to manage the devices of the device
creation, i.e., in the order HN−1 , . . . , Hk , . . . , H2 , H1 will be layer. Devices belonging to similar use cases are grouped
consumed by the entity. Thus, any hash value needs to be together into domains, where each domain is managed by
kept secret until it is used, and the validity of a particular an AMN. Similarly, a set of AMNs are grouped together
hash value can be checked easily with a simple hash operation to form a network in the fog layer and are responsible for
after receiving it. It is important to note that the disclosure generating, distributing, and managing the secret keys for the
of any key, say Hk , does not reveal any information about devices linked to them. AMNs belonging to a network share a
other keys. With that being said, if a one-way hash chain is Blockchain structure to store the transactions related to authen-
used to uniquely bind a set of public key/private key pairs, a tication and key management of the same network. AMNs
public key belonging to the chain can be validated using the also act as miners to pack the transactions of the devices that
hash function for the required number of times to the received occurred within a certain time interval into a new block.
public key [25]. For the proposed scheme, a system entity, Next, the fog layer is connected to the cloud layer via
say A, first chooses an integer s ∈ 0, 1, . . . , p − 1, then uses high-speed network connectivity. The cloud layer manages
Fig. 1. Blockchain-based IoT architecture.
multiple Blockchains; each from the AMN network of the fog

layer. For this, a number of nodes, known as manager nodes
(MNs) possessing immense computing capabilities are intro-
duced in the cloud layer to handle the constrained resources
and highly scalable IoT use cases. Communications within the
same network are handled by the AMNs of the network while
internetwork transactions are handled by the MNs of the cloud
layer. Moreover, the MNs also store the data generated by the
devices of the lower layer in an encrypted manner, and the
data can be accessed after proper authentication.
The proposed scheme assumes that all entities constituting
the architecture are furnished with a highly correct atomic Fig. 2. Authentication and key management phases.
clock, whereby the clocks of the AMNs and devices belonging
to the same network are synchronized.
to which the device will belong (AMN_id); 3) the permanent
public key of the device (pk_D); and 4) a signature using the
B. Authentication and Key Management Scheme
private key (prk_AMN) of the AMN. Then, the AMN issues
This section gives a detailed description of the proposed transactions in the Blockchain regarding the registration of
scheme, which functions in three phases as shown in Fig. 2. the device. Subsequently, the smart contracts written for the
The detailed procedure of each phase is described as follows. registration of devices in the Blockchain check for the unique-
1) System Initialization and Device Registration Phase: ness of the device’s identity. If the transaction is correct, then
The MNs at the top layer are responsible for selecting the the registration details (license) of the device are stored in
system variables as defined in Section III-A and will announce the Blockchain, which can only be accessed by the AMNs
these values to the AMNs at the fog layer. As already stated, connected to that particular network
AMNs function as network managers to generate and manage
license= D_id||AMN_idpk_DSignprk_AMN
the keys of the devices connected to them. Each device at the
AMN → D.
device layer generates a public/private key pair.
An AMN registers an unregistered device, by providing a 2) Key Management and Authentication Phase: Whenever
structure known as a “license” that will be used as a permit to a registered device, say Dp , wants to communicate with
take part in the network. The license includes: 1) the unique another device, say Dq . belonging to the same domain, it
device identity (D_id); 2) the unique identity of the AMN requires encryption keys for the secure sharing of data. For
that, Dp generates a seed s where s ∈ (0, 1, . . . , p − 1).

Then, it encrypts the s using the public key of the AMN to
which it belongs, say AMNx (pk_AMN x ), and sends it to an
AMN. It also sends the license with the above message for
verifying itself to the AMNx . Then, the AMNx generates the N
number of public key/private key pairs and the hash values ϑ
using the one-way hash chain described in Section III-B. The
AMNx issues a transaction to the Blockchain to store H N (s),
ϑ, the current timestamp value, and the duration for which the
key set will be valid, corresponding to Dp . Once the transaction
is verified by all AMNs of the network, AMNx encrypts the Fig. 3. Device authentication in Blockchain.
generated key set using a public key of Dp , signs the message,
then sends to Dp .
When Dp wants to connect to Dq to access data or share
information, first it has to prove its authenticity to Dq , then
they will establish a session key for further communica-
tion. For this, Dp initiates the communication during time
interval tk , 0 ≤ k < N by sending

a message directly to Dq
k
that includes: 1) PuKk = g j=0 H (s) ; 2) the license; 3) cur-
j
rent time (Tp ); and 4) cipher text of a random number p ,

(0 < p < p − 1) using public key of Dq [Epk_Dq ( p )]
PuKk ,license,Tp ,Epk_Dq ( p )
Dp → Dq .
Fig. 4. Time required for key pair generation.
On receiving the above message, Dq first verifies whether
Tq − Tp < , where Tq is the current system time at Dq
and is the maximum tolerable time interval. If it holds, it the device into a new block so that any further messages from
then verifies the correctness of the license through its AMN. this particular device will be rejected.
If found correct, then it computes PrKi , (k +1) ≤ i ≤ N (since
Dq is supposed to know k because of time synchronization) VI. E VALUATION
k
H j (s) A. Performance Analysis
ϑ ∗ = (PuKk ) j=0
k k In this section, a detailed description is provided of how
j=0 H (s) j=0 H (s)
j j
=g the proposed scheme is implemented using smart contracts.
N j (s)
=g j=0 H . The experimental setup consists of two cloud servers to sim-
ulate the MNs, four laptops to function as AMNs, and two
To verify the authenticity of Dp , Dq checks whether h(ϑ ∗ ) = Raspberry Pi to connect the devices. The Ethereum platform
ϑ. (The value of ϑ can be obtained from the corresponding is used to realize the Blockchain network. Smart contracts that
AMN for Dq .) If it is not true, then Dq rejects the request serve as the core of the proposed system are developed using
and reports to its AMN. If it matches, then Dq successfully Solidity language [8]. These smart contracts were implemented
verifies Dp as a valid entity of the system. Next, it decrypts and verified using Remix IDE before deploying them in the
Dprk_Dq [Epk_Dq ( p )] = ∗p using its private key and selects a Blockchain platform [26]. In fact, Ropsten Testnet was used as
random number q , (0 < q < p−1). Then, it forms the reply an Ethereum tool for testing and development purposes. The
l
message, which includes: 1) license; 2) PuKl = g j=0 H (s)
j
output of the authentication process is shown in Fig. 3.
(valid public key of Dq ); 3) [Epk_Dp ( q )]; and 4) h( q || ∗p ) As the proposed approach uses one-way hash chains for val-
idation and key management, its performance was evaluated
PuKl ,license,Epk_Dp ( q )
Dp ← Dq . on a system with specification Intel Core i5, CPU-3.30 GHz,
8 GB of RAM, Win 8, 64-bit OS. Fig. 4 shows that the time
When Dp gets this message, it follows the same pro- required to generate the private/public key pairs is analogous
cess as Dp to verify Dq . If verified then it computes to the generation of corresponding hash values. This is because
Dprk_Dp [Epk_Dp ( q )] = ∗p and verifies whether h( q || ∗p ) = both key pairs and hash values require multiplication opera-
h( ∗q || p ). If it holds then it verifies Dq and sends tions for their computation but the number of multiplication
acknowledgment. operations required for private key generation is inversely pro-
Finally, both Dp and Dq compute the session key as portional to those for hash value generation. In addition, the
h(PuKk || q || p ||PuKl ). time required to generate the entire key pairs and hash values
3) License Revocation: If a device is found to be malicious, is 120 s for about 29 780 key pairs.
then the AMN issues a new transaction to revoke the license Fig. 5 displays the plot of transaction time with respect to
of that particular device. The transaction stores the identity of the rate of issuing a transaction and the number of devices. At
that is digitally signed by a trusted authority. During

communication, each device uses its license to verify
itself to the other device, whereby only a valid device
can correctly compute ϑ. Finally, both the communi-
cating devices use unique random numbers to verify
each other.
2) Resistance to Replay Attack: An adversary can use
already sent messages to gain knowledge about the
confidential information of the entities. The use of times-
tamp values with each request message ensures that the
proposed approach is secure against replay attacks.
3) Resistance to Sybil Attack: In a Sybil attack, the attacker
Fig. 5. Transaction number with respect to the number of devices.
disturbs a system by creating multiple identities. These
fake identities share wrong information and hence affect
the decision making of the system. To address this issue,
each device of the proposed model can have only a sin-
gle pair of keys at a particular time, which is mentioned
in the license. Besides, each device has been assigned
a unique device identity in the registration phase that is
stored in the Blockchain. Thus, a malicious node will
not be able to fake identities to disturb the system.
4) Resistance to Man-in-the-Middle Attack: In the proposed
work, random numbers and public/private key pairs gen-
erated from the hash chain are used to successfully
resist the system from this attack. Suppose an attacker
Fig. 6. Block preparation time. (Da ) starts a session parallel to a valid session by
sending the same message as Dp < PuKk , license, Tp ,
TABLE II
C OMPARISON BASED ON C HARACTERISTIC PARAMETERS
Epk_Dq ( p ) >= < PuKk , license, Tp , Epk_Dq ( p ) >.
When Dq receives this message, it follows the pro-
cedure as described in Section V-B2 and replies with
messages that includes [Epk_Dp ( q ), h( q || p )] and
[Epk_Da ( a ), h( a || p )] to Dp and Da , respectively. At
this point, Da blocks the message meant for Dp and
[Epk_Da ( a ), h( a || p )] to Dp . Then, Dp decrypts a
and sends it to Dp for final verification. But it fails
and thus it proves that the proposed approach resists
the MITM attack.
an average rate (0.03), the transaction number increased from 5) Resistance to Denial-of-Service (DoS) Attack: In a DOS
112 for 5000 devices to 1200 for 40 350 devices, which proves attack, the adversary attempts to prevent the use of a
the scalability of the system. The time required to prepare network resource or a valid service by temporarily or
a block is shown in Fig. 6, revealing that preparation time permanently blocking the server of the system. In a
slowly increased up to 400 transactions. Preparation time over Distributed DOS (DDoS) attack, multiple attackers con-
0.4 s when the number of transactions was larger than 700. sume the resources of the system to disrupt its normal
Finally, the preparation time reached 1 s when there were 990 functioning. This can be done by flooding the target
transactions. device with unnecessary messages. If the target device
is the central node of a centralized system, then the fail-
B. Security Analysis ure of the central node affects the whole system. In the
An extensive analysis of the proposed scheme proves that proposed approach, both the use of Blockchain technol-
the scheme is highly accomplished to meet the privacy and ogy and the large number of miners in the Ethereum
security needs of an IoT use case. This section shows how the platform increases the resistance to such an attack.
proposed scheme secured against various network attacks and Furthermore, the high cost of making a transaction in
makes the comparison to some existing works that have similar a Blockchain network, discourages an attacker from
objectives. The comparison detail is provided in Table II. launching an attack.
1) Mutual Authentication and Message Integrity: 6) Scalability: In the context of this article, scalability is
Authenticating the source as well as the destina- characterized by the ability to guarantee that the size
tion before starting a communication is crucial in an of the system does not affect its performance. In other
IoT system to avoid impersonation and Man-in-the- words, if the number of devices increases, then it should
Middle (MITM) attacks. Each device holds a license not affect the time required for authentication and key
management. In the proposed work, the AMNs store the [8] C. Dannen, Introducing Ethereum and Solidity: Foundations of
information related to authentication and key manage- Cryptocurrency and Blockchain Programming for Beginners. New York,
NY, USA: Apress, 2017.
ment of their own network. All Blockchains belonging [9] B. K. Mohanta, A. Sahoo, S. Patel, S. S. Panda, D. Jena, and
to different AMN networks are handled by MNs of D. Gountia, “Decauth: Decentralized authentication scheme for iot
the cloud layer. Apart from this, a device has to store device using ethereum blockchain,” in Proc. TENCON IEEE Region
10 Conf. (TENCON), 2019, pp. 558–563.
very minimal information required only for validating [10] E. Androulaki et al., “Hyperledger fabric: a distributed operating system
its authenticity and securing its communication with for permissioned blockchains,” in Proc. 13th EuroSys Conf., 2018,
other devices. Moreover, using peer-to-peer networks pp. 1–15.
[11] K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for
like Blockchain, the scalability issue can be handled the Internet of Things,” IEEE Access, vol. 4, pp. 2292–2303, 2016.
very easily [27]. Due to all these features, the proposed [12] A. Bahga and V. K. Madisetti, “Blockchain platform for industrial
approach can achieve a good security performance. Internet of Things,” J. Softw. Eng. Appl., vol. 9, no. 10, pp. 533–546,
2016.
[13] T. Hardjono and N. Smith, “Cloud-based commissioning of
VII. C ONCLUSION constrained devices using permissioned blockchains,” in Proc.
2nd ACM Int. Workshop IoT Privacy Trust Secur., 2016,
In this article, a novel approach for distributed authentica- pp. 29–36.
tion and key management is presented. The approach exploits [14] A. Ouaddah, A. Abou Elkalam, and A. Ait Ouahman, “FairAccess: a new
blockchain-based access control framework for the Internet of Things,”
the advantages of Blockchain technology, cloud computing, Secur. Commun. Netw., vol. 9, no. 18, pp. 5943–5964, 2016.
and fog computing to achieve a secure and efficient archi- [15] D. Ferraiolo, J. Cugini, and D. R. Kuhn, “Role-based access control
tecture for IoT use cases. The entire system is divided into (RBAC): Features and motivations,” in Proc. 11th Annu. Comput. Secur.
Appl. Conf., 1995, pp. 241–248.
layers of Blockchain to speed up the validation process and [16] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “LSB: A
to increase the scalability of the system, whereby the Ethreum lightweight scalable blockchain for IoT security and privacy,” 2017.
platform was used to develop the Blockchain network. The [Online]. Available: arXiv:1712.02969.
[17] S. Huh, S. Cho, and S. Kim, “Managing IoT devices using blockchain
scheme was thoroughly evaluated, confirming the high effi- platform,” in Proc. 19th Int. Conf. Adv. Commun. Technol. (ICACT),
ciency and scalability of the scheme. The security analysis 2017, pp. 464–467.
further demonstrates the scheme’s compliance to the secu- [18] H. L. Pham, T. H. Tran, and Y. Nakashima, “A secure remote healthcare
system for hospital using blockchain smart contract,” in Proc. IEEE
rity requirements of IoT use cases. Future works to improve Globecom Workshops (GC Wkshps), 2018, pp. 1–6.
the proposed approach are suggested to: 1) design schemes [19] Q. Xu, K. M. M. Aung, Y. Zhu, and K. L. Yong, “A blockchain-based
for internetwork communication among the AMNs as well storage system for data analytics in the Internet of Things,” in New
Advances in the Internet of Things. Cham, Switzerland: Springer, 2018,
as devices and 2) implement and evaluate the schemes to pp. 119–138.
verify their ability in providing security and performance [20] S. S. Panda, U. Satapathy, B. K. Mohanta, D. Jena, and D. Gountia, “A
requirements. blockchain based decentralized authentication framework for resource
constrained iot devices,” in Proc. 10th Int. Conf. Comput. Commun.
Netw. Technol. (ICCCNT), 2019, pp. 1–6.
R EFERENCES [21] B. K. Mohanta, D. Jena, S. S. Panda, and D. Gountia, “Decentralized
secure fog computing in cloud-fog-iot infrastructure using blockchain,”
[1] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, and B. Sikdar, “A in Int. Conf. Emerging Technologies Inf. Commun. (ETIC), Bhutan, 2019,
survey on IoT security: Application areas, security threats, and solution pp. 24–29.
architectures,” IEEE Access, vol. 7, pp. 82721–82743, 2019. [22] R. L. Rivest and A. Shamir, “PayWord and MicroMint: Two simple
[2] M. Ma, G. Shi, and F. Li, “Privacy-oriented blockchain-based distributed micropayment schemes,” in Security Protocols, Lomas M. (eds), Lecture
key management architecture for hierarchical access control in the IoT Notes in Computer Science, vol. 1189, Heidelberg, Germany: Springer,
scenario,” IEEE Access, vol. 7, pp. 34045–34059, 2019. 1996, pp. 69–87, doi: 10.1007/3-540-62494-5_6.
[3] M. T. Hammi, B. Hammi, P. Bellot, and A. Serhrouchni, “Bubbles of [23] Q. Huan, I. C. Avramopoulos, H. Kobayashi, and B. Liu, “Secure data
trust: A decentralized blockchain-based authentication system for IoT,” forwarding in wireless ad hoc networks,” in Proc. IEEE Int. Conf.
Comput. Secur., vol. 78, pp. 126–142, Sep. 2018. Commun. (ICC), vol. 5, 2005, pp. 3525–3531.
[4] S. Nakamoto, Bitcoin: A peer-to-peer electronic cash system, 2008. [24] L. Lamport, “Password authentication with insecure communication,”
[Online]. Available: https://bitcoin.org/bitcoin.pdf Commun. ACM, vol. 24, no. 11, pp. 770–772, 1981.
[5] S. S. Panda, B. K. Mohanta, U. Satapathy, D. Jena, D. Gountia, and [25] G. Kounga, C. J. Mitchell, and T. Walter, “Generating certification
T. K. Patra, “Study of blockchain based decentralized consensus algo- authority authenticated public keys in ad hoc networks,” Secur. Commun.
rithms,” in Proc. TENCON IEEE Region 10 Conf. (TENCON), 2019, Netw., vol. 5, no. 1, pp. 87–106, 2012.
pp. 908–913. [26] Remix. Remix Description, Apr. 1, 2018. [Online]. Available:
[6] B. K. Mohanta, S. S. Panda, and D. Jena, “An overview of smart contract http://remix.ethereum.org
and use cases in blockchain technology,” in Proc. 9th Int. Conf. Comput. [27] M. S. Ali, M. Vecchio, M. Pincheira, K. Dolui, F. Antonelli, and
Commun. Netw. Technol. (ICCCNT), 2018, pp. 1–4. M. H. Rehmani, “Applications of blockchains in the Internet of Things:
[7] A. Back, Hashcash-a denial of service counter-measure, 2002. [Online]. A comprehensive survey,” IEEE Commun. Surveys Tuts., vol. 21, no. 2,
Available: http://www.hashcash.org/ papers/hashcash.pdf pp. 1676–1717, 2nd Quart., 2019.

Authentication and Key Management in Distributed IoT Using Blockchain Technology

Uploaded by

Authentication and Key Management in Distributed IoT Using Blockchain Technology

Uploaded by

IEEE INTERNET OF THINGS JOURNAL, VOL. 8, NO.

16, AUGUST 15, 2021 12947

Authentication and Key Management in Distributed

For example, G might be a large multiplicative subgroup PrKk = H j (s) (3)

Fig. 1. Blockchain-based IoT architecture.

multiple Blockchains; each from the AMN network of the fog

that, Dp generates a seed s where s ∈ (0, 1, . . . , p − 1).

rent time (Tp ); and 4) cipher text of a random number p ,

that is digitally signed by a trusted authority. During

You might also like