IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO.

5, MARCH 1, 2022 3321

Blockchain-Based Secure and Lightweight

Authentication for Internet of Things
Xu Yang , Xuechao Yang , Xun Yi , Ibrahim Khalil , Xiaotong Zhou, Debiao He , Member, IEEE,
Xinyi Huang, and Surya Nepal

Abstract—Over the past decade, the Internet of Things (IoT)

is widely adopted in various domains, including education,
commerce, government, and healthcare. There are also many IoT-
based applications drawn significant attentions in recent years.
With the increasing numbers of the connected devices in the
IoT system, one of the challenging tasks is to ensure devices’
authenticity, which allows users to have a high confidence in
the decision. In addition, due to the heterogeneity of the IoT
system and the resource-constrained devices, how to efficiently
manage such system and guarantee the security and privacy
for devices is concerned. In this article, we proposed a new
blockchain-based authentication scheme to meet the challenges.
Our proposed framework combines the blockchain technique and
the modular square root algorithm to achieve an effective authen- Fig. 1. Typical IoT system.
tication process. Besides, we demonstrate the security and utility
of the proposed scheme by providing the security analysis and
the detailed experiment. recent decade. According to Gartner’s study in 2016, 50 bil-
Index Terms—Authentication, blockchain, efficiency, Internet lion connected devices will be globally deployed till 2021 [1].
of Things (IoT), privacy, security. These devices are adopted in various domains, including edu-
cation, commerce, government, and healthcare, which provide
a wide range of services in human’s lives, such as smart city,
I. I NTRODUCTION smart grid, intelligent transportation system, smart healthcare
system, etc., [2].
HE Internet of Things (IoT) has drawn significant atten-
T tion in the recent years and it is now growing rapidly
since the proliferation of communication technology and the
The IoT-based applications do facilitate people’s daily life
and also make our cities smarter. For example, the Cop21 con-
ference held in 2016 concluded that the connected objects have
deployment of sufficient devices. It is reported that the number the potential to considerably reduce CO2 emissions.1 IoT also
of the connected devices in IoT is exponentially growing in brings other vital applications, such as intelligent wastewater
management, intelligent garbage sorting, environmental moni-
Manuscript received March 29, 2021; revised June 10, 2021; accepted toring, smart parking, smart home, public healthcare, etc., [3].
July 12, 2021. Date of publication July 19, 2021; date of current version
February 21, 2022. This work was supported in part by the Australian Besides, many other services have evolved with the help of
Research Council Discovery Project under Grant DP160100913; in part by IoT, such as factories to industry 4.0 [4], agriculture to smart
the Data61 Research Collaborative Project (Enhancing Security and Privacy in agriculture [5], health to smart health [6], etc.
IoT); in part by the National Natural Science Foundation of China under Grant
62032005 and Grant 61872089; and in part by the Science Foundation of Fig. 1 describes a typical scenario for generic IoT environ-
Fujian Provincial Science and Technology Agency under Grant 2020J02016. ment. We can see that this system mainly consists of various
(Corresponding author: Xiaotong Zhou.) IoT devices, users, and servers. There are various scenarios in
Xu Yang is with the Center for Applied Mathematics of Fujian Province,
School of Mathematics and Statistics, Fujian Normal University, Fuzhou this environment, including personal, home, community, trans-
350117, China (e-mail: [email protected]). port, etc. Different smart devices are used in these scenarios,
Xuechao Yang, Xun Yi, and Ibrahim Khalil are with the School such as sensors, actuators, electronic, vehicles, etc., [7], [8].
of Computing Technologies, RMIT University, Melbourne, VIC 3001,
Australia (e-mail: [email protected]; [email protected]; These devices are responsible to collect different data and also
[email protected]). finally submit to servers in data center via the Internet or cloud.
Xiaotong Zhou and Debiao He are with the Key Laboratory of Aerospace Different users, such as doctors, drivers, or home residents, can
Information Security and Trusted Computing, Ministry of Education, School
of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China access and get the real-time information, which is collected
(e-mail: [email protected]; [email protected]). by specified IoT devices or servers to further enjoy their own
Xinyi Huang is with the Fujian Provincial Key Laboratory of Network services.
Security and Cryptology, College of Computer and Cyber Security, Fujian
Normal University, Fuzhou 350117, China (e-mail: [email protected]).
Surya Nepal is with the Data61, CSIRO, Marsfield, NSW 2122, Australia
(e-mail: [email protected]). 1 http://blogs.gartner.com/smarterwithgartner/cop21-can-the-internet-of-
Digital Object Identifier 10.1109/JIOT.2021.3098007 things-improve-organizations-sustainability-performance/
2327-4662 
c 2021 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: MKSSS CUMMINS COLLEGE OF ENGINEERING FOR WOMEN. Downloaded on December 08,2023 at 18:27:00 UTC from IEEE Xplore. Restrictions apply.
 3322 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 5, MARCH 1, 2022

Obviously, IoT is playing an important role in our soci- Due to the use of smart contract, the system can ensure
ety and the omnipresence of a variety of things makes IoT that only the registered devices or users can obtain their
and its different applications easily to provide an extensive subscribed services.
range of services. However, the rapid growth in the num- 2) We also present the security requirements of such an
ber of these connected devices also raises serious concerns, authentication scheme in IoT and discuss how our new
especially the security and privacy issues, which become the scheme can provide such security requirements.
major obstacles in large-scale deployment and adoption of 3) We evaluate the feasibility of our proposal by the imple-
IoT. The main reasons of these security vulnerabilities can mentation based on an Ethereum test network remix.
be summarized in two aspects [9]. First, the wireless com- We also set up an experiment to show the practical-
munication environment of the IoT system makes it more ity of our scheme by comparing the computation and
vulnerable to numerous attacks, such as leakage of confidential communication cost with related schemes.
information, data tampering, identity spoofing, and messages The remainder of this article is organized as follows.
eavesdropping. Second, multiple types of devices in IoT are Section II reviews the related work. Then, Section III intro-
typically limited in processing power, storage, and network duces the preliminaries. In Section IV, we present the proposed
capacity, which makes the system difficult on implementing blockchain-based authentication scheme for the IoT system.
advanced security solutions and therefore, prone to numerous The security analysis and performance evaluation are given in
security attacks. Such vulnerabilities may bring inconvenience Sections V and VI, respectively. Finally, Section VII concludes
even cause bad consequences to people’s lives. Furthermore, this article.
since multiple use case scenarios reflect the heterogeneity of
IoT system, IoT is qualified as a system of systems [10].
However, the different security requirements of each inde- II. R ELATED W ORK
pendent application scenario make it difficult to integrate the Many researchers have been designing practical authenti-
new services and scenarios. Thus, to combine multiple security cation systems for IoT in the past few years. Existing IoT
technologies and solutions to solve the difficulties is required. authentication schemes can be generally classified based on
While although security solutions, like public-key infrastruc- their primitives. Here, we introduce the related work based on
ture (PKI), are efficient, they are still centralized, which causes different IoT application domains, including smart grid, radio-
serious scalability issues in such a complicated IoT system. frequency identification (RFID), vehicular ad hoc networks
Therefore, in order to address such vulnerabilities, new (VANETs), and generic IoT application.
security solutions should be presented to ensure that the system For example, in the application of smart grid,
only can be used by those authenticated and authorized devices Chim et al. [11] proposed an anonymous recording and
or users and new devices are easily integrated with new gateway-based authentication protocol for the smart grid
services. An effective way to solve the aforementioned vul- network to address the performance and security challenges,
nerabilities is to design a proper mutual authentication scheme including the storage cost and the key management. The
to ensure the validity of the connected devices or users prior homomorphic encryption and HMAC are used to authenticate
to further interactions. The authentication technique has been and aggregate the messages sent by smart meters, which
widely used nowadays in the network communication envi- significantly reduced the amount of exchanged data in
ronment and most of authentication schemes are based on this scheme. Li and Gao [12] also proposed a multicast
cryptography. However, considering that most of devices in authentication scheme based on one-time signature in smart
IoT are constrained by resources, most existing cryptographic grid. The computation cost of the authentication process is
authentication schemes are not appropriate. Thus, lightweight decreased due to the deployment of a new nonlinear integer
authentication schemes have emerged to solve the issue. In programming-based one-time signature in their scheme. In
addition, such an authentication scheme in IoT should offer order to realize conditional anonymity as well as flexible key
effective key update and revocation mechanism, which allows management, Wang et al. [13] presented a blockchain-based
entities to update and revoke their private keys before the expi- anonymous mutual authentication and key management
ration date. Typical revocation tools, such as online certificate protocol for smart grid systems. In the application of RFID,
status protocol and certificate revocation list, suffer from high in order to provide anonymity in RFID authentication and to
communication costs, asynchronous problem, or aways stay resist against the DoS attack, Gope et al. [14] proposed a
online. Therefore, we aim to answer “how to effectively and lightweight and anonymous authentication scheme based on
efficiently solve the above challenges in mutual authentication physically unclonable functions (PUFs) for classic RFID tags.
for IoT?” In order to support the noisy PUF environment, they also
Seeking to answer the above question, we make the follow- introduce an enhanced scheme in their paper. Fan et al. [15]
ing contributions in this article. presented an efficient RFID authentication protocol for IoT
1) We design a blockchain-based secure and lightweight applications in 5G mobile networks. Though providing a
authentication scheme for the IoT system. Specifically, cache for the reader to store keys, the security in storage is
we apply the modular square root (MSR) technique to increased and the computation cost is dramatically reduced,
guarantee the security and efficiency of the authentica- which speeds up the authentication. In the application of
tion process, while the blockchain technique is used to VANETs, Yang et al. [16] proposed a mutual authentication
enhance security and provide scalability for this system. scheme with privacy preserving to enhance the communication

Authorized licensed use limited to: MKSSS CUMMINS COLLEGE OF ENGINEERING FOR WOMEN. Downloaded on December 08,2023 at 18:27:00 UTC from IEEE Xplore. Restrictions apply.
 YANG et al.: BLOCKCHAIN-BASED SECURE AND LIGHTWEIGHT AUTHENTICATION FOR INTERNET OF THINGS 3323

security in VANETs. The security, privacy, and efficiency the efficiency of BSeIn, Lin et al. [32] also adopted group sig-
goals in their scheme are guaranteed by applying the MSR nature and public encryption to propose a blockchain-based
technique. Lin et al. [17] proposed a blockchain-based condi- novel secure mutual authentication system. Yu et al. [33]
tional privacy-preserving authentication protocol for VANETs also proposed a blockchain-based anonymous authentication
to realize an effective certificate management, which is based with selective revocation for smart industrial applications,
on the elliptic curve digital signature algorithm. There are also which support attribute privacy, selective revocation, credential
many authentication schemes proposed in other application soundness, and multishowing-unlinkability.
scenarios, such as wireless body area networks [18], [19], Based on the above literature review, we could see that many
smart home [20], [21], etc. practical authentication mechanisms have been designed for
Apart from the above applications, many research works IoT and its applications. While by analyzing their schemes,
also focus on the generic IoT application. For example, in we found they have something in common when constructing
order to guarantee privacy and security properties, such as the authentication process. For example, most of them con-
participant anonymity, unlinkability, and content authentic- sider the privacy preserving for the participants, try to resist
ity, Alcaide et al. [22] presented a privacy-preserving mutual different security attacks caused by inside or outside attack-
authentication protocol for IoT applications. They mainly com- ers, and improve the efficiency during the authentication for
bine secret sharing, anonymous credentials, and threshold resource-constrained devices. Therefore, this article also tack-
RSA signature algorithm to establish the authentication pro- les mutual authentication in IoT by using novel techniques to
tocol. A secure authentication scheme based on elliptic curve consider the above features.
cryptography is also proposed by Kumari et al. [23]. They
first point out the weaknesses in an existing work and then
III. P RELIMINARIES
present an improved version to achieve the efficiency and
security. However, it is still unable to guarantee the mutual This section gives a brief introduction on the MSR tech-
authentication. By utilizing the acoustic hardware fingerprint nique, blockchain technique, system and adversary model, and
generated from two IoT devices, Chen et al. [24] achieved and security requirements.
presented a device authentication protocol for IoT systems.
Distance authentication is achieved between wireless IoT A. Modular Square Root Technique
devices in their scheme. Lai et al. [25] proposed an efficient
The MSR technique was introduced by Rabin [34] in 1979,
group-based authentication and key agreement scheme for the
and further improved by Williams [35] in 1980. It is built on
communication of resource-constrained devices. This scheme
the quadratic residues, Euler’s criterion, and its properties [36].
aims to address the overload authentication problem when
MSR is based on the complex problem of large number fac-
there are a large number of devices that want to access the
toring, which is similar to RSA. Compared to RSA and ECC,
network. Zhou et al. [26] provided a lightweight two-factor
one of the main advantages is that the MSR technique is much
authentication scheme for cloud-enabled IoT architectures.
simpler and more efficient.
Their scheme mainly adopts lightweight cryptography algo-
Assume that a is an integer and n is a natural number, such
rithms, such as one-way hash function and XOR operation,
that their greatest common divisor is 1, i.e., gcd(a, n) = 1. If
which decreases the computation burden for resource-limited
the congruence b2 = a(mod n) is soluble, then we call a a
devices and also makes the scheme more efficient. Similarly,
quadratic residue modulo n and the solutions of the congruence
Li et al. [27] proposed a lightweight mutual authentication
are called MSRs of quadratic residue a modulo n.
scheme for IoT and its applications. Their scheme achieves
Euler’s Criterion [37]: Let gcd(a, p) = 1, where p is an
a good balance between efficiency and communication cost
odd prime. Then, a is a quadratic residue modulo p if and
without compromising the security. Since the 5G network
only if a[(p−1)/2] = 1(mod p).
is identified as a key enabler of the future IoT services,
Besides, when a is a quadratic residue modulo p and p =
Ni et al. [28] presented a service-oriented authentication
3(mod 4), the square roots of quadratic residue a modulo p
scheme for 5G-enabled IoT services to further support network
are simply computed as
slicing and fog computing. Their framework is mainly con-
structed by using a bilinear pairing-based public-key signature p+1
r1,2 = ±a 4 (mod p). (1)
scheme.
In order to remove the trust third party to further alle- Then, based on Euler’s criterion, we have the properties as
viate the management of PKI, blockchain-based solutions follows.
were proposed, which also guarantee the security and pri- Property 1: Let n = p · q and gcd(a, n) = 1, where p and q
vacy issues [29]. For example, Shen et al. [30] proposed are odd primes and p = q = 3(mod 4). Then, a is a quadratic
a blockchain-based device authentication scheme for IoT. residue if and only if a[(p−1)/2] = 1(mod p) and a[(q−1)/2] =
They mainly apply the identity-based signature to realize 1(mod q).
the authentication process and also introduce the blockchain Then, we can compute four MSRs r1,2,3,4 of a modulo n
to construct trust among different domains. Lin et al. [31] below based on (1), Property 1, and the Chinese remainder
combined attribute-based signature and multireceiver encryp- theorem [38]
tion into blockchain to propose a secure blockchain-based
mutual authentication (named as BSeIn). To further improve r1,2,3,4 = ±α · q · q∗ ± β · p · p∗ (mod n) (2)

Authorized licensed use limited to: MKSSS CUMMINS COLLEGE OF ENGINEERING FOR WOMEN. Downloaded on December 08,2023 at 18:27:00 UTC from IEEE Xplore. Restrictions apply.
 3324 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 5, MARCH 1, 2022

where α = a[(p+1)/4] (mod p), β = a[(q+1)/4] (mod q), p∗ =

p−1 (mod q), and q∗ = q−1 (mod p). Both p∗ and q∗ can be eas-
ily determined based on the extended Euclidean algorithm [39]
because of gcd(p, q) = 1.
Property 2: Let n = p · q and p and q be odd primes. Then,
the number of quadratic residues is (p − 1)(q − 1)/4.
Therefore, it is worth noting that the probability that any
integer a is a quadratic residue modulo n is approximately
1/4 (i.e., one quarter) based on Property 2.
MSR Encryption: On the basis of the above introduction,
we simply describe the MSR encryption algorithm as follows.
1) Key Generation: User Alice selects two primes p and q
[where p = q = 3(mod 4)] and computes n = p · q.
Alice then keeps p and q secret and publishes n.
2) Encryption: When user Bob wants to transmit a message
M to Alice, where M · 2l < n and l is more than 30, he
computes C = (M · 2l )2 (mod n) and sends C to Alice.
3) Decryption: Once C is received, Alice determines four
Fig. 2. Our system model.
distinct MSRs from the congruence b2 = C(mod n) by
using the secrets p and q based on (2). The MSR with
l is then used to obtain the original message M.
Intractable Problems: As stated, the difficulty of extracting 2) Smart Contract: The smart contract in the blockchain
MSRs of a quadratic residue modulo n (where n = p · q and p consists of contract address, private storage, and
and q are unknown) determines the security of the MSR tech- predefined functions. It is a computer program that runs
nique. In addition, to factorize n is computationally infeasible automatically to transfer money or anything having value
if p and q are large. when a specific policy is met. Smart contracts are perma-
nently stored on the blockchain, which are programmed
in a Turing complete language (e.g., Solidity). In order
B. Blockchain to trigger the contract smoothly, each contract has its
The concept of blockchain was first introduced and imple- special own address. Our system applies the smart con-
mented by Nakamoto [40] in 2008, which is the nucleus tract to manage the public-key information table (PKIT).
of Bitcoin’s architecture. Blockchain is essentially based Mainly, IoT devices’ or servers’ public key is mapped to
on the peer-to-peer network, private key cryptography, and the transaction identities in the blockchain by employing
blockchain protocols, where different technologies, such as smart contract. We use the simple but practical smart
distributed data storage, consensus mechanism, and symmetric contract to offer different functions, including update,
encryption algorithm, are used. Two types of blockchain have query, and revoke. Algorithm 1 shows a briefly designed
attracted a lot of attention, including the public blockchains contract. The update function is invoked by the DM,
(e.g., Bitcoin and Ethereum) and the private blockchains (e.g., which ensure that a new transaction identity is mapped
Hyperledger). The main different of them is the former one to the corresponding public key. The query function is
allows the blockchain system to be maintained by anyone invoked by the IoT device and the server, which is called
who joins the system while the latter one only allows some to obtain the transaction identity of a required public key,
trusted nodes to maintain. In our design, we aim to make the and the revoke function is invoked by the DM to revoke
system flexible so that it can enable the deployment of both the existing mapping once any malicious behavior is
transactions and smart contract into any blockchain system. detected.
1) Transactions: The transaction is a signature on trade
information in the Bitcoin system, which mainly consists
of addresses of the sender/receiver and transferred value. C. System Model
It will be added to the blockchain after all the nodes Fig. 2 describes our system model. We can see that this
successfully verified the signature. These records in the model consists of DM, IoT devices, servers in data center,
blockchain cannot be modified unless one can control and blockchain. Details about these entities are given in what
at least 51% of the nodes. In our system, instructions, follows.
such as querying, storing, and operating data, are carried 1) Device Manufacturer: We assume that the DM produces
by transactions. In order to facilitate others to retrieve, different IoT devices and servers for this system. It is
the device manufacturer (DM) in our system needs to mainly responsible for initializing the IoT devices and
issue the corresponding certificates into the blockchain. the server, and also uploading relevant information to
Besides, in order to map the public key information to the smart contract. There can be many DMs in the
the transaction identity, the smart contract function is system. Thus, we assume that the DMs has already been
required. authenticated by the system founder of the blockchain.

Authorized licensed use limited to: MKSSS CUMMINS COLLEGE OF ENGINEERING FOR WOMEN. Downloaded on December 08,2023 at 18:27:00 UTC from IEEE Xplore. Restrictions apply.
 YANG et al.: BLOCKCHAIN-BASED SECURE AND LIGHTWEIGHT AUTHENTICATION FOR INTERNET OF THINGS 3325

Algorithm 1: Smart Contract on PKIT these devices; otherwise, the server will not trust the
Require: Function name, invoked parameters provided data.
Ensure: Setting up functions: 3) Server: There are also many servers in this system. They
address DM; %Define the address of DM receive data from different devices and conduct data pro-
structure PKI %Define the structure of components in cessing to further provide services for the public and
PKIT authorities. So these servers must be authenticated to
unit256[2] n; devices for preventing malicious parties from observing
int ET; % the expiry time sensitive information.
byte32 ID; 4) Blockchain: The blockchain is responsible for record-
function PKIT() %Constructor which is automatically ing the public key and expiry time information in the
invoked when deploying this smart contract smart contract in this article. So any existing popular
DM = msg.sender; blockchain systems with the functionality smart contract,
len = 0; such as Ethereum or Hyperledger Fabric, can be used in
return 1; our system.

function updatePKIT(n, ET, ID) %Invoked by DM to D. Adversary Model

update public key information The adversary model is defined below to evaluate the
if DM == msg.sender then security features.
if Exist(PKI[i].n == n) then 1) For all the entities, the DM is assumed to be authorized
PKI[i].n = n;
and authenticated by system founder of the blockchain.
PKI[i].ET = ET;
So the DM will not deliberately break the process of
PKI[i].ID = ID;
this system. While servers are curious about devices’ (or
return 1;
users’) secret information by obtaining auxiliary public
else information even colluding with other malicious enti-
len + +;
ties. The smart contract records on the blockchain are
PKI[i].n = n;
assumed to be reliable and it can be accessed at all
PKI[i].ET = ET;
time. Therefore, the public information, including iden-
PKI[i].ID = ID;
tities and public keys, are known to both devices and
return 1;
servers. If one device or server is confirmed to be com-
else promised, the blockchain can revoke it and no longer
return 0; provide subsequent services.
function queryPKIT(n) %Invoked by IoT device or 2) We follow the widely accepted Dolev–Yao (DY) threat
server to retrieve specific public key information model [41] to define the adversary A’s ability. Under
if Exist(PKI[i].n == n && PKI[i].ET is fresh) then this model, the communication channels during the
return 1; authentication between server and device are insecure.
else Therefore, servers and devices are generally not trust-
return 0; worthy since the communication channel is public. A is
assumed to be able to eavesdrop on all the communica-
function revokePKIT(n, ID) %Invoked by DM to revoke tion channels in the network system for the purpose of
an IoT device or server obtaining devices/servers’ private information or affect-
if msg.sender == DM then ing other users’ behavior. A can impersonate a legitimate
if Exist(PKI[i].n == n) then user to generate wrong messages and also can modify,
delete(PKI[i]);
delete, or replay existing messages to affect the system.
len - -;
Besides, A may collude with some servers to obtain the
return 1;
sensitive information of devices/users.
else
return 0;
E. Security Requirements
else
return 0; Based on the existing literatures [13], [16], [17], [19],
[27], [32], a practical authentication scheme for the IoT
system needs to meet the following fundamental security
requirements.
1) Mutual Authentication: The entities, which can access
2) IoT Device: There are various types of IoT devices the network system, should be registered and they are
in this system. Most of them are resource-constrained able to identify and authenticate the other entities in
devices that need to report the data collected from the the system. This also means that unauthorized enti-
environment to different servers. So, to authenticate with ties should be identified and banned from entering the
the server to establish a secure channel is required to system.

Authorized licensed use limited to: MKSSS CUMMINS COLLEGE OF ENGINEERING FOR WOMEN. Downloaded on December 08,2023 at 18:27:00 UTC from IEEE Xplore. Restrictions apply.
 3326 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 5, MARCH 1, 2022

TABLE I
N OTATIONS IN T HIS A RTICLE SF can directly join some existing blockchain system, such as
Hyperledger Fabric or Ethereum.

B. Registration Phase
We assume that the DMs have already authenticated in the
smart contract. In this phase, the DMs upload the public key
information of their produced IoT devices and servers to the
smart contract.
Device and Sever Registration: When produced by the DM,
each IoT device selects two distinct odd primes pd and qd
[where pd = qd = 3 (mod 4)] as private keys, and calculates
nd = pd · qd as the public key. They send their identity IDd
and the public key nd to the DM. The DM confirms the valid-
ity and uploads the tuple {nd , ETd , IDdm } to the smart contract
by invoking the update function updatePKIT(nd , ETd , IDdm ) in
Algorithm 1, where ETd is a preset expiry time for the device
and IDdm is the identity of the DM. After being assigned,
each device can check the validity of their status by calling
the query function queryPKIT(nd ) in Algorithm 1 to obtain
2) Key Agreement: For facilitating the subsequent secure relevant information in the smart contract. Similarly, each
communication, a session key is established after the server can select two primes ps and qs [where ps = qs =
successful mutual authentication between device and 3 (mod 4)] as the private keys, and calculate ns = ps · qs
server to ensure the confidentiality and integrity of the as the public key. The server then sends the identity IDs and
transferred data. the public key ns to the DM who further uploads the tuple
3) Identity Anonymity: The identity of each device/user {ns , ETs , IDdm } to the smart contract by invoking the update
should be anonymous to server or other untrusted function updatePKIT(ns , ETs , IDdm ), where ETs is a preset
third parties from the intercepted messages during the expiry time for the server.
communication.
4) Nonrepudiation: After sending the message, no matter C. Authentication Phase
the device or the server cannot deny that this message
was not originally sent by itself. This phase is interactively executed by the IoT device
5) Attack Resistance: A practical authentication scheme for and the server. After completing the mutual authentication, a
IoT should provide resilience against various types of shared session key is eventually negotiated by them for future
attacks, including eavesdropping attack, replay attack, communications. The blockchain is designed to provide trust
impersonation attack, and man-in-the-middle attack. assistance for the identity validation. The authentication pro-
cess between an IoT device Di and a server Sj is detailed as
follows.
IV. P ROPOSED S CHEME 1) Assumed that Di already gets nsj . So it first checks
We propose our authentication scheme for the IoT envi- nsj in the blockchain by invoking the query function
ronment in this section. It consists of four phases: 1) system queryPKIT(nsj ). If the result is not within the expiry time
initialization; 2) registration; 3) authentication; and 4) update (return 0), Di needs to authenticate with a new server.
and revocation. For convenience, we have listed the relevant If within (return 1), Di executes the following steps to
notations used in Table I. generate a secret certificate and sends to the server a
message for the authentication.
√
a) Di selects a random integer a such that nsj <
A. System Initialization Phase a < (nsj /2) and obtains the current timestamp ts.
The SF executes the system initialization phase to deter- b) It computes b = H(a, nsj , ts) and checks if
mine system parameters and initial smart contract. First, the pd −1
i   qd −1
i  
system parameters chosen by the SF include one general b 2 = 1 mod pdi and b 2 = 1 mod qdi .
hash function H(·), one MAC function MAC(·), and one
If not, a = a + 1 and the above calculation and
symmetric encryption/decryption algorithm Enc(·)/Dec(·).
verification should be reexecuted.2
The SF then announces the public parameters params =
c) Based on the knowledge of pdi and qdi , Di cal-
{H(·), MAC(·), Enc(·)/Dec(·)}. Second, in order to establish
culates four MSRs r1,2,3,4 of r2 = b(mod ndi )
the blockchain, a genesis file including configure parame-
according to (2). The smallest square root is then
ters is created by the SF. Besides,the SF also chooses some
chosen as secret sd , i.e., sd = min{r1 , r2 , r3 , r4 }.
trusted partners to start the blockchain where a specific consen-
sus mechanism is selected (for example, practical Byzantine 2 Note that according to Property 2, “b” can be confirmed within four loops
fault tolerance in Hyperledger Fabric). We assume that the on the average.

Authorized licensed use limited to: MKSSS CUMMINS COLLEGE OF ENGINEERING FOR WOMEN. Downloaded on December 08,2023 at 18:27:00 UTC from IEEE Xplore. Restrictions apply.
 YANG et al.: BLOCKCHAIN-BASED SECURE AND LIGHTWEIGHT AUTHENTICATION FOR INTERNET OF THINGS 3327

d) Then, Di computes αd = a2 (mod nsj ), kd = H(a), request for updating. After confirming the validity, the DM
βd = MACkd (αd ), and γd = Enckd (ts, sd , ndi ). It updates these information by invoking the update function
finally sends the message M1 = {αd , βd , γd } to the updatePKIT(nd , ETd , IDdm ). Similarly, for servers’ update,
server Sj . they also send the new public key ns to the DM who sends it
2) Di → Sj : M1 = {αd , βd , γd }. to the smart contract by calling updatePKIT(ns , ETs , IDdm ).
3) Upon receiving the messages from Di , Sj checks the Revocation: IoT device or server can send a revo-
legitimacy of M1 to further confirm the authenticity of cation request to inform the corresponding DM if they
Di . The verification process is shown below in detail. want to leave the system. Once confirmed, the DM sends
a) Sj computes four MSRs r1,2,3,4 of r2 = αd a revocation transaction by invoking the revoke function
(mod nsj ) with the knowledge of psj and qsj based revokePKIT(nd /ns , IDdm ) in Algorithm 1 to revoke the public-
on (2). key information of the device or the server from the system.
b) It then calculates k1,2,3,4 = H(r1,2,3,4 ) and further Similarly, if the IoT device or the server is found to be
determines the selected integer a from r1,2,3,4 and compromised, the DM directly calls the revoke function
the main secret key ks from k1,2,3,4 by verifying revokePKIT(nd /ns , IDdm ) to delete their records.
the equation βd = MACk1,2,3,4 (αd ).
c) After confirming kd , Sj decrypts γd to obtain
(ts, sd , ndi ). The validity of timestamp ts is then V. S ECURITY A NALYSIS
verified via determining |ts∗ − ts| < T, where ts∗ This section provides the security analysis of our proposed
is the current timestamp when Sj receives M1 and scheme by demonstrating that we have achieved all the
T is the maximum transmission delay. If ts fails security requirements as listed in Section III-E.
to meet the condition, Sj drops this message. Mutual Authentication: According to the proposed authen-
d) Sj continually checks the validity of Di ’s public tication scheme, we divide the mutual authentication between
key ndi in the blockchain by invoking the query IoT device and server into two parts, including IoT device to
function queryPKIT(ndi ). If ndi is not registered or server authentication and server to IoT device authentication.
ETd is already expired (return 0), Sj drops this mes- As described in Section IV-C, before sending the message
sage. Otherwise, it executes the verification on the M1 to the server Sj , the IoT device Di ensures the fresh-
equation s2d = H(a, nsj , ts)(mod ndi ). Di is authen- ness of Sj in the blockchain. Then, Di sends the message
ticated by Sj once the equation holds. Otherwise, M1 = {αd , βd , γd } to the server Sj for authentication, where
the authentication fails. αd = a2 (mod nsj ), kd = H(a), βd = MACkd (αd ), and
e) In order to be authenticated by Di , Sj generates a γd = ENCkd (ts, sd , ndi ). Here, Di ensures that only the real
response δs = MACks (ts, sd ) by using the shared Sj with the secret keys psj and qsj can calculate the key kd
session key ks , and sends the response message by applying the MSR decryption operation. Because of the
M2 = {δs } to Di . intractable problems (mentioned in Section III-A), it is diffi-
4) Sj → Di : M2 = {δs }. cult for an adversary to factorize nsj to get psj and qsj . By
5) On receiving the response, Di uses kd to check the equa- computing the MSRs to determine the secret key kd is also
tion δs = MACkd (ts, sd ). If it holds, Di successfully infeasible since psj and qsj are unknown. Thus, when receiv-
authenticates Sj , and kd is set to be the session key shared ing the response message M2 = {δs } from Sj , Di knows that
between them. Otherwise, the authentication fails. the request message M1 has been recognized by Sj . On the
Correctness Proof: From the above process, we can see that server side, Sj gets {ts, sd , ndi } by decrypting γd in M1 . Once
kd is calculated as kd = H(a) by Di , where a is a random inte- the verification on the secret tuple {ts, sd , ndi } is made and
ger and αd = a2 (mod nsj ). Accordingly, in order to get kd , Sj the freshness of Di is ensured, Sj can confirm the authenticity
computes a by obtaining the solutions from the congruence of Di . Only the real Di has the ability to generate the secret
r2 = αd (mod nsj ). According to (2), it is easy to solve the tuple {ts, sd , ndi } by using private keys pdi and qdi . According
congruence by using Sj ’s private keys psj and qsj . By match- to the intractable problems, an adversary cannot factorize
ing the MAC value, one of the solutions (i.e., four MSRs) is ndi to get pdi and qdi since to generate a valid secret tuple
determined as a for finally computing ks = H(a ). Therefore, {ts, sd , ndi } without private keys is impossible. Overall, the
we can prove that kd = ks , which means the session key shared proposed scheme achieves the mutual authentication between
between Di and Sj is the same. IoT device and server.
Key Agreement: As shown in the correctness proof at the
end of Section IV-C, the session key kd /ks is successfully
D. Update and Revocation Phase established between Di and Sj , where kd = H(a) and ks is
Update: In order to deal with situations such like some computed based on (2). According to the intractable problem,
device or server reaches the expiry time, the private keys of it is computationally difficult to extract MSRs of a quadratic
some device may be compromised, or some server may update residue modulo n (n = p·q) without the knowledge of p and q.
their public and private keys, an update function should be That is, it is infeasible for an adversary to compute the session
provided for devices and servers. For devices’ update, they key provided that the private keys psj and qsj or pdi and qdi
select new private key (pd and qd ) and send the DM their are unknown. Therefore, key agreement is guaranteed in the
identity and the corresponding public key (nd = pd · qd ) to proposed scheme.

Authorized licensed use limited to: MKSSS CUMMINS COLLEGE OF ENGINEERING FOR WOMEN. Downloaded on December 08,2023 at 18:27:00 UTC from IEEE Xplore. Restrictions apply.
 3328 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 5, MARCH 1, 2022

Identity Anonymity: The goal of identity anonymity is to to process the authentication to negotiate the final ses-
protect the real identity of IoT device to be disclosed during sion key. Therefore, the man-in-the-middle attack can be
the authentication. We can see that Di only sends the message resisted.
M1 = {αd , βd , γd } to Sj in the authentication phase. In this
message, there is no information relevant to the real identity
VI. P ERFORMANCE E VALUATION
of the IoT device Di . Thus, apart from the device manufacture
(who knows the real identity of all IoT devices), any adver- We provide detailed experiments to evaluate the
sary even the server cannot know the real identity of the IoT performance of the proposed authentication scheme in
device based on analyzing the public information. Therefore, this section. Our scheme is first implemented on a Ethereum
the proposed scheme can guarantee identity anonymity. test network to evaluate the gas cost of each operation in
Nonrepudiation: Nonrepudiation indicates that having sent smart contract.3 The performance in terms of computation
message cannot be denied by a user or IoT device. The overhead and communication overhead is then analyzed
message sent by the IoT device in the proposed scheme is by providing the comparison with several state-of-the-art
M1 = {αd , βd , γd }, where αd = a2 (mod nsj ), kd = H(a), authentication schemes [13], [23], [27], [28], [30].
βd = MACkd (αd ), and γd = ENCkd (ts, sd , ndi ). Here, the
secret tuple {ts, sd , ndi } can only be generated by the particular A. Implementation on Ethereum and the Gas Cost
IoT device with private keys pdi and qdi . {ts, sd , ndi } can be ver-
Our scheme is implemented on Remix4 to further discuss
ified by the server on the equation s2d = H(a, nsj , ts)(mod ndi ).
the feasibility. As an Ethereum test network, Remix is an open-
An adversary cannot successfully compute such a secret tuple
source blockchain system and it supports a javascript-like lan-
to pass the verification without the private keys pdi and qdi .
guage Solidity, which is specially designed for writing smart
That is, M1 is definitely sent by the IoT device once this mes-
contracts. The Solidity Compiler we used is 0.4.23+com-
sage has been verified by the server. Therefore, the proposed
mit.124ca40d. The source code of our prototype is available on
scheme guarantees nonrepudiation.
GitHub.5 The implementation details are presented as follows.
Attack Resistance:
1) We first generate three accounts used to repre-
1) Eavesdropping Attack: We assume that the adversary can
sent device manufacturer DM, IoT device Di , and
record all transmitted messages during authentication.
server Sj for our test. The addresses of which are
That is, the adversary is able to collect the messages
0xca35b7d915458ef540ade6068dfe2f44e8fa733c, 0x147
M1 and M2 . However, such adversary is able to calcu-
23a09acff6d2a60dcdf7aa4aff308fddc160c, and 0x4b089
late the shared session key kd /ks between the IoT device
7b0513fdc7c541b6d9d7e929c4e5364d2db, respec-
and server since kd /ks is protected by private keys of
tively. The address of the smart contract is
both IoT device and server. Based on the intractable
0x692a70d2e424a56d2c6c27aa97d1a86395877b3a. Acc-
problem, it is difficult for the adversary to get these pri-
ording to the proposed scheme in Section IV, we
vate keys from the intercepted messages. Therefore, the
deployed the smart contract using the Remix as shown
eavesdropping attack can be resisted.
in Fig. 3. As we can see, it simulates all the functions
2) Replay Attack: The timestamp in our scheme is used
we designed in Algorithm 1, which includes the update,
to limit the replay attack. We can see that the times-
query, and revoke functions. We simulate that the DM
tamp is involved in M1 = {αd , βd , γd }, where γd =
issues the certificate of both IoT device and server and
ENCkd (ts, sd , ndi ). The freshness of the timestamp will
then embeds it into a transaction. The IoT device and
be checked by the server to confirm the replay attack
the server can retrieve the information from the chain
once an adversary replays a message. Therefore, the
in Remix once the transaction is recorded.
adversary is unable to successfully pass the verification
2) On behalf of the DM, as shown in Fig. 4, the update
by the replay attack.
function is invoked via Remix to update Di ’s public-
3) Impersonation Attack: As discussed in the mutual
key information with the transaction identity into the
authentication, if an adversary wants to impersonate the
Remix. Then, we simulated Sj to check the freshness of
IoT device or the server during the authentication, it
Di ’s public-key information. We first switched to Sj and
needs to generate a valid message M1 or M2 to pass the
then invoked the query function to get the information
authentication. However, due to the intractable problems,
as shown in Fig. 5. It is note that the state of the smart
it is difficult to generate the message unless without
contract is not modified since the query function in this
the private keys of IoT device or server. Therefore, the
system is a view type algorithm. Thus, only a few trans-
impersonation attack can be prevented in the proposed
action confirmation times cost here. Similarly, Di also
scheme.
can check the freshness of Sj ’s public-key information
4) Man-in-the-Middle Attack: This attack aims to secretly
via invoking the query function. Finally, if the public-
relay and possibly alter the communications between
key information of Di or Sj needs to be revoked, the
two parties who believe they are communicating with
each other directly. However, as we analyzed above, we 3 Note that since the Remix is a testing network, the gas cost on the Remix
can infer that it is impossible for an adversary to achieve may different with the cost in the real Ethereum network.
such attack since the private keys of IoT device or server 4 https://remix.ethereum.org/
are unknown. Without these private keys, it is unable 5 https://github.com/XuYang-FJNU/BSLA4IoT

Authorized licensed use limited to: MKSSS CUMMINS COLLEGE OF ENGINEERING FOR WOMEN. Downloaded on December 08,2023 at 18:27:00 UTC from IEEE Xplore. Restrictions apply.
 YANG et al.: BLOCKCHAIN-BASED SECURE AND LIGHTWEIGHT AUTHENTICATION FOR INTERNET OF THINGS 3329

Fig. 5. Query function.

Fig. 3. Deployment of smart contract.

Fig. 6. Revoke function.

TABLE II
G AS C OST OF S MART C ONTRACT (G AS P RICE = 2 GWEI , 1 E THER =
402.14 USD∗ )

system. While other operations could be invoked repeatedly,

the cost of update, query and revoke is approximately USD
Fig. 4. Update function. $0.12, $0.02, and $0.03, respectively. That is, to authenticate
with a server, one IoT device only spends about USD 0.02,
which is an acceptable cost.
DM will invoke the revoke function to delete the rel-
evant information recorded in the smart contract (see B. Implementation on Computation and Communication Cost
Fig. 6). In addition to the above implementation on Ethereum, an
Apart from the above implementation of the smart contract, experiment environment is also set up to quantify the cost dur-
the cost of transaction fees is also tested in our experiment. ing the authentication process, including the computation time
Table II evaluates different operations’ gas cost in our system, of the related cryptographic operations and the communication
including deploy, update, query, and revoke. According to the cost of the exchanged messages.
result, we can see that the deployment of smart contract (i.e., Experimental Configuration: Two different devices are
deploy) is the maximum cost with approximately USD $0.67. implemented in this experiment to simulate the server and the
Fortunately, deploy operation is only executed once in the IoT device during the authentication. The operations of the

Authorized licensed use limited to: MKSSS CUMMINS COLLEGE OF ENGINEERING FOR WOMEN. Downloaded on December 08,2023 at 18:27:00 UTC from IEEE Xplore. Restrictions apply.
 3330 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 5, MARCH 1, 2022

TABLE III
T IME C OST OF D IFFERENT C RYPTOGRAPHIC O PERATIONS ( IN M ILLISECOND )

TABLE IV
C OMPARISON OF C OMPUTATION AND C OMMUNICATION C OST

server are executed in a single desktop with Intel Core i5 7600 the query function from the smart contract and the retriev-
processor @3.5-GHz clock frequency and 16 GB of RAM. ing transaction data operation from blockchain can be omitted
The operating system is Ubuntu 16.04 LTS. The operations of since we do not consider the transmission and communication
the IoT device are executed in a Raspberry Pi Zero W with delay.
1-GHz Single-Core CPU and 512 MB of RAM. The operating Since the computational burden brought by different crypto-
system is a designated Linux distribution Raspbian. Pairing- graphic operations immediately impacts system performance,
based cryptosystems library6 and libgmp via the gmpy2 python we summarize the most time-consuming operations per-
module7 are also used in the implementation. formed in the compared schemes and ours. The cryptographic
To facilitate the comparison of computation and commu- operations we counted include elliptic curve scalar mul-
nication cost, the following cryptographic algorithms are uni- tiplication, point addition, bilinear pairing, exponentiation,
formly selected. A bilinear pairing is a map ē : G1 ×G1 → G2 , MSR encryption/decryption, map-to-point hash, RSA encryp-
where G1 is a cyclic additive group generated by a point P̄, tion/decryption, and AES encryption/decryption. Here, we
whose order is a prime q̄, on the elliptic curve Ē : y2 = x3 + x denote the time cost of the above cryptographic operations
mod p̄ and G2 is a cyclic multiplicative group with the same as Tem , Tea , Tbp , Tep , Tme /Tmd , Thp , Tre /Trd , and Tae /Tad ,
order (p̄ is 256 bits and q̄ is 160 bits prime numbers). An respectively. Other operations, including integer addition, mul-
elliptic curve E : y2 = x3 + ax + b mod p is defined over a tiplication, and hash operation, are not considered here since
prime finite field, where G1 is generated by P with order q only little time was cost in our test. We also denote the length
and a, b ∈ Zp∗ (p is 256 bits and q is 160 bits prime numbers). of a group, an identity, a random number, a hash, and a times-
The lengths of elements in G1 and G2 mentioned above are tamp as |G|, |ID|, |RN|, |H|, and |TS|. The execution time of
both 512 bits, respectively. Regards to our scheme, we assume all above operations is depicted in Table III. In the experi-
that all the public keys (or the modulus) nnm , nen , and nap are ment, we run 1000 times for each operation in the desktop
512 bits, and the private keys p and q of NM, EN, and AP are and Raspberry Pi to obtain the final average execution time.
256 bits, respectively. The lengths of an identity, a timestamp, On the basis of the experiment results, we compare the
a random number, and a general hash function are assumed to computation and communication cost with several relevant
be 32, 32, 512, and 160 bits, respectively. authentication schemes (including Li et al.’s scheme [27],
Computation and Communication Cost: The computation Kumari et al.’s scheme [23], Ni et al.’s scheme [28],
cost represents the processing delays at different entities Shen et al.’s scheme [30], and Wang et al.’s scheme [13]) to
(including IoT device and server) caused mainly by differ- show the advantages of our proposed scheme, specifically on
ent cryptography operations in the authentication. While the computation overhead. As the comparison results illustrated
communication cost represents the length of the transmitted in Table IV, no matter on the device side or on the server
messages between IoT device and server in the authentica- side, the execution time for our scheme is lower than others.
tion. Note that for the time costs caused by the invocation of As we can see that in Li et al.’s scheme [27], Kumari et al.’s
scheme [23], Ni et al.’s scheme [28], Shen et al.’s scheme [30],
6 Version 0.5.14, https://crypto.stanford.edu/pbc/ and Wang et al.’s scheme [13], they mainly use the bilin-
7 https://gmpy2.readthedocs.io/en/latest/ ear pairing, elliptic curve, digital signature, and asymmetric

Authorized licensed use limited to: MKSSS CUMMINS COLLEGE OF ENGINEERING FOR WOMEN. Downloaded on December 08,2023 at 18:27:00 UTC from IEEE Xplore. Restrictions apply.
 YANG et al.: BLOCKCHAIN-BASED SECURE AND LIGHTWEIGHT AUTHENTICATION FOR INTERNET OF THINGS 3331

encryption algorithms, which suffer from expensive compu- [15] K. Fan, Y. Gong, C. Liang, H. Li, and Y. Yang, “Lightweight and
tation cost. While in our scheme, both the device and the ultralightweight RFID mutual authentication protocol with cache in
the reader for IoT in 5G,” Security Commun. Netw., vol. 9, no. 16,
server afford no such expensive operations, it thereby out- pp. 3095–3104, 2016.
performs the compared mechanisms. Besides, our scheme [16] X. Yang et al., “A lightweight authentication scheme for vehicular ad hoc
is more communication-efficient on the server side than the networks based on MSR,” Veh. Commun., vol. 15, pp. 16–27, Jan. 2019.
[17] C. Lin, D. He, X. Huang, N. Kumar, and K.-K. R. Choo, “BCPPA: A
other schemes although our scheme affords a little more blockchain-based conditional privacy-preserving authentication protocol
communication cost on the device side. for vehicular ad hoc networks,” IEEE Trans. Intell. Transp. Syst., early
access, Jun. 30, 2020, doi: 10.1109/TITS.2020.3002096.
[18] H. Xiong and Z. Qin, “Revocable and scalable certificateless
remote authentication protocol with anonymity for wireless body
VII. C ONCLUSION area networks,” IEEE Trans. Inf. Forensics Security, vol. 10, no. 7,
In this article, we have proposed a blockchain-based secure pp. 1442–1455, Jul. 2015.
[19] D. He, S. Zeadally, N. Kumar, and J.-H. Lee, “Anonymous authentication
and lightweight authentication for IoT. Our proposed frame- for wireless body area networks with provable security,” IEEE Syst. J.,
work combines the blockchain and MSR cryptographic algo- vol. 11, no. 4, pp. 2590–2601, Dec. 2017.
rithm to realize and establish an authentication system with [20] K. Han, T. Shon, and K. Kim, “Efficient mobile sensor authentication
in smart home and WPAN,” IEEE Trans. Consumer Electron., vol. 56,
the characteristics of decentralizing, privacy preserving, and no. 2, pp. 591–596, May 2010.
lightweight. Besides, the security of the proposed scheme is [21] M. Shuai, N. Yu, H. Wang, and L. Xiong, “Anonymous authentication
analyzed. We also evaluate the performance of our scheme by scheme for smart home environment with provable security,” Comput.
implementing on Remix and comparing the computation and Security, vol. 86, pp. 132–146, Sep. 2019.
[22] A. Alcaide, E. Palomar, J. Montero-Castillo, and A. Ribagorda,
communication cost with other schemes. “Anonymous authentication for privacy-preserving IoT target-driven
applications,” Comput. Security, vol. 37, pp. 111–123, Sep. 2013.
[23] S. Kumari, M. Karuppiah, A. K. Das, X. Li, F. Wu, and N. Kumar, “A
R EFERENCES secure authentication scheme based on elliptic curve cryptography for
IoT and cloud servers,” J. Supercomput., vol. 74, no. 12, pp. 6428–6453,
[1] “More than half of major new business processes and systems will 2018.
incorporate some element of the Internet of Things,” Gartner, Inc., [24] D. Chen et al., “S2M: A lightweight acoustic fingerprints-based wireless
Stamford, CT, USA, Rep., Jan. 2016. [Online]. Available: https://www. device authentication protocol,” IEEE Internet Things J., vol. 4, no. 1,
gartner.com/en/newsroom/press-releases/2016-01-14-gartner-says-by- pp. 88–100, Feb. 2017.
2020-more-than-ha-lf-of-major-new-business-processes-and-systems- [25] C. Lai, R. Lu, D. Zheng, H. Li, and X. Shen, “GLARM: Group-based
will-incorporate-some-element-of-the-internet-of-things lightweight authentication scheme for resource-constrained machine
[2] L. Atzori, A. Iera, and G. Morabito, “The Internet of Things: A survey,” to machine communications,” Comput. Netw., vol. 99, pp. 66–81,
Comput. Netw., vol. 54, no. 15, pp. 2787–2805, 2010. Apr. 2016.
[3] B. Hammi, R. Khatoun, S. Zeadally, A. Fayad, and L. Khoukhi, “IoT [26] L. Zhou, X. Li, K.-H. Yeh, C. Su, and W. Chiu, “Lightweight IoT-based
technologies for smart cities,” IET Netw., vol. 7, no. 1, pp. 1–13, 2018. authentication scheme in cloud computing circumstance,” Future Gener.
[4] M. Wollschlaeger, T. Sauter, and J. Jasperneite, “The future of indus- Comput. Syst., vol. 91, pp. 244–251, Feb. 2019.
trial communication: Automation networks in the era of the Internet [27] N. Li, D. Liu, and S. Nepal, “Lightweight mutual authentication for
of Things and industry 4.0,” IEEE Ind. Electron. Mag., vol. 11, no. 1, IoT and its applications,” IEEE Trans. Sustain. Comput., vol. 2, no. 4,
pp. 17–27, Mar. 2017. pp. 359–370, Oct.–Dec. 2017.
[5] N. Gondchawar and R. S. Kawitkar, “IoT based smart agriculture,” Int. [28] J. Ni, X. Lin, and X. S. Shen, “Efficient and secure service-oriented
J. Adv. Res. Comput. Commun. Eng., vol. 5, no. 6, pp. 838–842, 2016. authentication supporting network slicing for 5G-enabled IoT,” IEEE J.
[6] G. Muhammad, S. K. M. M. Rahman, A. Alelaiwi, and A. Alamri, Sel. Areas Commun., vol. 36, no. 3, pp. 644–657, Mar. 2018.
“Smart health solution integrating IoT and cloud: A case study of voice [29] Y. Yu, Y. Li, J. Tian, and J. Liu, “Blockchain-based solutions to security
pathology monitoring,” IEEE Commun. Mag., vol. 55, no. 1, pp. 69–73, and privacy issues in the Internet of Things,” IEEE Wireless Commun.,
Jan. 2017. vol. 25, no. 6, pp. 12–18, Dec. 2018.
[7] A. Sheth, “Internet of Things to smart IoT through semantic, cog- [30] M. Shen et al., “Blockchain-assisted secure device authentication for
nitive, and perceptual computing,” IEEE Intell. Syst., vol. 31, no. 2, cross-domain industrial IoT,” IEEE J. Sel. Areas Commun., vol. 38, no. 5,
pp. 108–112, Mar./Apr. 2016. pp. 942–954, May 2020.
[8] M. Wazid, A. K. Das, R. Hussain, G. Succi, and J. J. P. C. Rodrigues, [31] C. Lin, D. He, X. Huang, K.-K. R. Choo, and A. V. Vasilakos, “BSein: A
“Authentication in cloud-driven IoT-based big data environment: Survey blockchain-based secure mutual authentication with fine-grained access
and outlook,” J. Syst. Archit., vol. 97, pp. 185–196, Aug. 2019. control system for industry 4.0,” J. Netw. Comput. Appl., vol. 116,
[9] M. T. Hammi, B. Hammi, P. Bellot, and A. Serhrouchni, “Bubbles of pp. 42–52, Aug. 2018.
trust: A decentralized blockchain-based authentication system for IoT,” [32] C. Lin, D. He, N. Kumar, X. Huang, P. Vijayakumar, and K.-K. R. Choo,
Comput. Security, vol. 78, pp. 126–142, Sep. 2018. “HomeChain: A blockchain-based secure mutual authentication system
[10] R. Alur et al., “Systems computing challenges in the Internet of Things,” for smart homes,” IEEE Internet Things J., vol. 7, no. 2, pp. 818–829,
2016. [Online]. Available: arXiv:1604.02980. Feb. 2020.
[11] T. W. Chim, S.-M. Yiu, V. O. K. Li, L. C. K. Hui, and J. Zhong, [33] Y. Yu, Y. Zhao, Y. Li, X. Du, L. Wang, and M. Guizani, “Blockchain-
“PRGA: Privacy-preserving recording & gateway-assisted authentication based anonymous authentication with selective revocation for smart
of power usage information for smart grid,” IEEE Trans. Dependable industrial applications,” IEEE Trans. Ind. Informat., vol. 16, no. 5,
Security Comput., vol. 12, no. 1, pp. 85–97, Jan./Feb. 2015. pp. 3290–3300, May 2020.
[12] Q. Li and G. Cao, “Multicast authentication in the smart grid with one- [34] M. O. Rabin, “Digitalized signatures and public-key functions as
time signature,” IEEE Trans. Smart Grid, vol. 2, no. 4, pp. 686–696, intractable as factorization,” Lab. Comput. Sci., Massachusetts Inst.
Dec. 2011. Technol., Cambridge, MA, USA, Rep. MIT/LCS TR-212, 1979.
[13] J. Wang, L. Wu, K.-K. R. Choo, and D. He, “Blockchain-based [35] H. Williams, “A modification of the RSA public-key encryption proce-
anonymous authentication with key management for smart grid edge dure (corresp.),” IEEE Trans. Inf. Theory, vol. 26, no. 6, pp. 726–729,
computing infrastructure,” IEEE Trans. Ind. Informat., vol. 16, no. 3, Nov. 1980.
pp. 1984–1992, Mar. 2020. [36] X.Yi, C. K. Siew, and C. H. Tan, “A secure and efficient conference
[14] P. Gope, J. Lee, and T. Q. S. Quek, “Lightweight and practical scheme for mobile communications,” IEEE Trans. Veh. Technol., vol. 52,
anonymous authentication protocol for RFID systems using physically no. 4, pp. 784–793, Jul. 2003.
unclonable functions,” IEEE Trans. Inf. Forensics Security, vol. 13, [37] S. Y. Yan, Number Theory for Computing. Heidelberg, Germany:
no. 11, pp. 2831–2843, Nov. 2018. Springer, 2002.

Authorized licensed use limited to: MKSSS CUMMINS COLLEGE OF ENGINEERING FOR WOMEN. Downloaded on December 08,2023 at 18:27:00 UTC from IEEE Xplore. Restrictions apply.
 3332 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 5, MARCH 1, 2022

[38] P. Dingyi, S. Arto, and D. Cunsheng, Chinese Remainder Theorem: Xiaotong Zhou received the bachelor’s and mas-
Applications in Computing, Coding, Cryptography. Singapore: World ter’s degrees in information security from Wuhan
Sci., 1996. University, Wuhan, China, in 2012 and 2019, respec-
[39] D. E. Knuth, Seminumerical Algorithms. Upper Saddle River, NJ, USA: tively, where she is currently pursuing the Ph.D.
Addison-Wesley, 2007. degree with the School of Cyber Science and
[40] S. Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, Bitcoin Engineering.
Org., San Francisco, CA, USA, 2008. Her research interests include applied cryptogra-
[41] D. Dolev and A. Yao, “On the security of public key protocols,” IEEE phy and blockchain security.
Trans. Inf. Theory, vol. 29, no. 2, pp. 198–208, Mar. 1983.

Debiao He (Member, IEEE) received the Ph.D.

Xu Yang received the M.S. degree from the School degree in applied mathematics from the School
of Mathematics and Informatics, Fujian Normal of Mathematics and Statistics, Wuhan University,
University, Fuzhou, China, in 2016, and the Ph.D. Wuhan, China, in 2009.
degree from the School of Computing Technologies, He is currently a Professor with the School of
RMIT University, Melbourne, VIC, Australia, with Cyber Science and Engineering, Wuhan University.
Data61, CSIRO in 2021. He has published over 150 research papers in ref-
He is currently a Postdoctoral Researcher with ereed international journals and conferences, such
the School of Mathematics and Statistics, Fujian as IEEE T RANSACTIONS ON D EPENDABLE AND
Normal University. His research interests include S ECURE C OMPUTING, IEEE T RANSACTIONS ON
cryptography and information security. I NFORMATION S ECURITY AND F ORENSIC, and
Usenix Security Symposium. His work has been cited more than 7000 times
at Google Scholar. His main research interests include cryptography and
information security, in particular, cryptographic protocols.
Prof. He is a recipient of the 2018 IEEE S YSTEMS J OURNAL Best Paper
Award and the 2019 IET Information Security Best Paper Award. He is
in the Editorial Board of several international journals, such as Journal of
Xuechao Yang received the bachelor’s degree Information Security and Applications, Frontiers of Computer Science, and
in information technology and the Bachelor of Human-Centric Computing & Information Sciences.
Computer Science degree (Hons.) from RMIT
University, Melbourne, VIC, Australia, in 2013 and
2014, respectively, and the Ph.D. degree from the
School of Science, RMIT, with data61, CSIRO in
2018.
He is a Research Fellow with the School of
Computing Technologies, RMIT University. His Xinyi Huang received the Ph.D. degree
research interests include cryptosystems, privacy from the School of Computer Science and
preserving, and blockchain technology. Software Engineering, University of Wollongong,
Wollongong, NSW, Australia, in 2009.
He is currently a Professor with the College
of Computer and Cyber Security, Fujian Normal
University, Fuzhou, China. He has published over
160 research articles in refereed international
Xun Yi received the Ph.D. degree from Xidian conferences and journals, such as ACM CCS,
University, Xi’an, China. IEEE T RANSACTIONS ON C OMPUTERS, IEEE
He is currently a Professor with the School T RANSACTIONS ON PARALLEL AND D ISTRIBUTED
of Computing Technologies, RMIT University, S YSTEMS, and IEEE T RANSACTIONS ON I NFORMATION F ORENSICS AND
Melbourne, VIC, Australia. He has published S ECURITY. His work has been cited more than 8000 times at Google Scholar.
over 160 research papers in international journals His research interests include cryptography and information security.
and conference proceedings. His research interests Prof. Huang has served as the program/general chair or a program
include applied cryptography, computer and network committee member in over 120 international conferences.
security, and privacy-preserving data mining.
Prof. Yi has been an Associate Editor for
IEEE T RANSACTION D EPENDABLE AND S ECURE
C OMPUTING since 2014. He has ever undertaken program committee mem-
bers for over 30 international conferences.
Surya Nepal received the Ph.D. degree from RMIT
University, Melbourne, VIC, Australia.
He is a Senior Principal Research Scientist with
Data61, CSIRO’s, Marsfield, NSW, Australia, where
he currently leads the Distributed Systems Security
Ibrahim Khalil received the Ph.D. degree from the Group. He has more than 200 peer-reviewed pub-
University of Berne, Bern, Switzerland, in 2003. lications to his credit. He has co-edited three
He is currently an Associate Professor with books, including security, privacy, and trust in cloud
the School of Computing Technologies, RMIT systems and coinvented three patents. He holds a
University, Melbourne, VIC, Australia. He has sev- Conjoint Faculty position with the University of
eral years of experience in Silicon Valley-based New South Wales, Sydney, NSW, Australia, and an
companies working on Large Network Provisioning Honorary Professor position with Macquarie University, Sydney.
and Management Software. His research interests Mr. Nepal is a member of the editorial boards of IEEE T RANSACTIONS
are in scalable efficient computing in distributed ON S ERVICES C OMPUTING , IEEE T RANSACTIONS ON D EPENDABLE AND
systems, network and data security, and secure data S ECURE C OMPUTING, ACM Transaction on Internet Technology, and
analysis, including big data security and smart grids. Frontiers of Big Data Security Privacy, and Trust.

Authorized licensed use limited to: MKSSS CUMMINS COLLEGE OF ENGINEERING FOR WOMEN. Downloaded on December 08,2023 at 18:27:00 UTC from IEEE Xplore. Restrictions apply.