Professional Documents
Culture Documents
Bidapsca5G: Blockchain Based Internet of Things (Iot) Device To Device Authentication Protocol For Smart City Applications Using 5G Technology
Bidapsca5G: Blockchain Based Internet of Things (Iot) Device To Device Authentication Protocol For Smart City Applications Using 5G Technology
https://doi.org/10.1007/s12083-020-00963-w
Abstract
Due to the advancement of wireless technology, the Internet of Things (IoT) Device to Device communication for exchanging
messages is feasible without human involvement. Authentication and identification of device location are highly essential
tasks to verify the originality of IoT Devices (IoTDs) during communication via open channel. In recent days, IoTD
registration is processed through the Registration Center Authority (RAC) and this may face single point of failure and
insider attack. To solve these problems, we propose a Blockchain based Internet of Things (IoT) Device to Device
Authentication Protocol for Smart City Applications using 5G Technology (BIDAPSCA5G). In the proposed protocol,
the IoT Devices registration process is performed through private blockchain. The Blockchain has the Distributed Ledger
(DL) for storing IoTD credential details, which is accessed only by authenticated entities. In the proposed protocol, mutual
authentication was performed without involvement of RAC/Gate-Way-Node (GWN) to reduce the computation cost. The
proposed protocol has the additional features such as location based authentication, blockchain based revocation phase
and registration of IoTDs, IoTD anonymity property at device level. The security analysis of the proposed protocol was
performed through formal security verification using Proverif tool, formal security analysis using Random Oracle Model
(RoM) and informal security analysis. The security analysis proved that the proposed protocol is secured against well-known
attacks and also it provides better performance as well as additional features when compared to existing protocols.
1 Introduction objects (things like smart watch, smart phone) are connected
with the Internet through wireless technologies which is
Now-a-days, 5G technology which is advantageous than popularly refered as loT [14]. The physical objects are con-
other generations (1G, 2G, 3G, 4G) offers mobility sup- nected to each other to form a network for communication to
port, low latency, high network speed (10 Gb/s) etc. 5G achieve common goals according to International Telecom-
technology is widely used in various applications such as munication Union (ITU) [28]. In IoT device communica-
smart home, high definition visual communication, vehicle tion, information exchange lacks security and privacy [36]
communication, multimedia communication, medical sec- raising a need for authentication. To address the security
tor, industrial sector and environmental monitoring [9]. The challenges, we propose blockchain based authentication
protocol for IoT devices using 5G.
In recent days, Blockchain network is emerging topic for
This article belongs to the Topical Collection: Special Issue applying the smart city applications [40].
on P2P Computing for Beyond 5G Network and Internet-of- In 2008, Blockchain document was introduced. In 2009,
Everything
Guest Editors: Prakasam P, Ajayan John, Shohel Sayeed
the bitcoin was introduced by Satoshi Nakamoto. Bitcoin
is the digital currency and bitcoin transaction is processed
Srinivasulu Reddy U. by peer-to-peer mode using Bitcoin applications [27]. A
usreddy@nitt.edu
bitcoin transaction is processed by peer-to-peer, without
a central authority. The verification of a transaction is
Extended author information available on the last page of the article. performed by using Blockchain network. In recent days
Peer-to-Peer Netw. Appl.
many works are suggested based on peer-to-peer networks process. After registration, IoT Devices are communicated
[7], [25, 26]. Blockchain network consists of the growing to each other without the involvement of GWN at the time
block as a chain, where each block consists of a transaction. of authentication. The communications of IoT Devices was
The new block is added, when completion of the consensus processed by the wireless medium, therefore there is some
algorithm by miners. The miners do the verification of possibility for the attack through adversary(A). For secure
blocks based on the consensus algorithm such as Proof- communication between IoT Devices in the authentications
of-Work (PoW), Proof-of-State (PoS), Delegated-Proof-of- process and secret key establishment between IoT Devices
Stake (DPoS), Practical-Byzantine-Fault-Tolerance (PBFT) “device access control” is needed.
and Paxos/Raft etc. The Blockchain is classified into three
types, such as Public blockchain: the access rights (read, 1.1.2 Threat model
send, write and recieve) are handled by any one, Private
blockchain: the access rights are handled by organization In this section, we consider threat model for proposed pro-
and Consortium blockchain: The write permission is tocol. The “Dolve-Yao (DY)” threat model [12] is a broadly
controlled by set of nodes and read operation is taken accepted model. DY model assumes if the IoTDs are commu-
by all to open [41]. Blockchain network can be used for nicating each other through wireless medium, there is possibi-
several applications such as identity management (Data lity of A and can do the following changes: 1. Intercepts the
Storage), bitcoin transaction and multi-party computation communication 2. Modification of messages 3. Insertion of
for payments. It maintains DL available to all nodes, malicious messages 4. Deletion of original messages. In
based on network type. The transaction is performed by some applications, if the IoTDs are deployed in “unsecured
miners, who mines the transaction and adds block into the environment”, then there is a possibility to capture the phy-
Blockchain network. Each block contains the transaction sical IoT Devices by A and extracts the information from IoT
and the same is recorded in DL after successful transaction. Devices using power analysis [11], [20, 23]. Therefore, in pro-
The mining job is processed through network nodes which posed protocol we assume that IoTDs are deployed in secure
has a higher capacity for computation resources and solving “target field”. RAC/GWN and Blockchain are trusted autho-
the cryptographic puzzle problem. On solving puzzle rity and these cannot be compromised by A as it can only
problem, miner gets incentives for the job. The DL has issues the secret credentials to IoT devices using Blockchain.
set of properties, such as decentralization, immutability
and distributed. The identity management for IoT device is 1.2 Motivation
the best use case for DL [43]. For example, IoT Devices
communication happens through a wireless network and – IoT Device to IoT Device communication is important
verification of identity for IoT Devices is processed task for smart city applications.
through authentication. After authentication, of IoT Devices – Most of the IoT Device authentication protocols
information exchange happens. In recent-days, deployment, involves user in the authentication process. Therefore,
revocation and information management of IoT Devices we need an authentication protocol for smart city
are maintained by RAC. However, RAC faces single applications without human involvement.
point of failure and insider attacks. Hence, we propose a – In many of the IoT Device authentication protocols,
BIDAPSCA5G: Blockchain based Internet of Things (IoT) RAC is the central authority for devices registration,
Device to Device Authentication Protocol for Smart City revocation and dynamic device addition phase.
Applications using 5G Technology that can overcome the – In the centralized authority there is possibility of single
limitation of RAC through private Blockchain. point of failure and insider attack. Therefore, we need
decentralized authority known as Blockchain to avoid
1.1 System model attacks.
– Several IoT Device authentication protocols are pro-
In this section, we discuss the following model for proposed cessed without considering the location of IoT devices
protocol. and IoT device anonymity property at device level.
Therefore, we need location based authentication pro-
1.1.1 Network model tocol for IoT Devices and to provide IoT device
anonymity property at device level.
We consider, the network model as mentioned in Fig. 1 – To address the above mentioned problems, we propose
for proposed protocol. IoT devices are deployed in the a Blockchain based Internet of Things (IoT) Device
secure “target field”. The GWN is also deployed in the to Device Authentication Protocol for Smart City
secure “target field”. The GWN sends information about Applications using 5G Technology. The highlights of
IoT Devices credential to private Blockchain for registration the proposed protocol are mentioned in Appendix A.
Peer-to-Peer Netw. Appl.
– In this article, we propose a Blockchain based Internet – In proposed protocol, we assume that, the IoT Devices
of Things (IoT) Device to Device Authentication Pro- are deployed in the secure “target field”.
tocol for Smart City Applications using 5G Technology
(BIDAPSCA5G). 1.4 Section details
– Proposed protocol performs authentication between IoT
Device to IoT Device without the involvement of The Sections are organized as follows: Section 2 contains
RAC/GWN. related works. Section 3 describes mathematical prelim-
– Proposed protocol registration process is performed inaries. Section 4, describes proposed protocol. Security
through private blockchain with the help of RACi . analysis are presented in the Section 5. Section 6 describes
– Proposed protocol authentication performed is based on performance analysis and Section 7 summarizes conclusory
the location of the device, which was not considered in remarks of the proposed protocol.
the existing works.
– Proposed protocol performs better as well as provides
additional features such as location based authentica- 2 Related works
tion of IoT device, IoT device revocation phase and
registration using Blockchain network and provides IoT IoT Device to Device authentication is an important task
device anonymity property at device level. and also another important task is IoTD communicates
– Proposed protocol performs registration via decen- with neighbor IoTD for information exchange without
tralized authority i.e., private blockchain. The private human intervention in the smart city environment. Stergiou,
blockchain has DL that stores full history of IoT C., et al. [34] designed architecture for the sustainable
Devices (Deployment Details, information manage- cloud computing to improve security in the big data and
ment). IoT communication. They addressed security issues for
– Proposed protocol security verification is performed integration of two technologies such as IoT & cloud
through formal and informal analysis. Formal analysis computing. Security issues are heterogeneity, performance,
is performed through Proverif tool, informal analysis reliability, big-data and monitoring. They also established
through various security assumptions, and formal secu- the security wall between internet and cloud computing to
rity verification through Random Oracle Model (RoM). eliminate the security issues. Li, D., et al. [21] designed
Peer-to-Peer Netw. Appl.
image watermarking technique with security guaranteed hence, there is a chance of single point of failure. Their pro-
for smart city applications using Convolutional Neural tocol does not address formal security analysis and formal
Networks (CNN) algorithm. Their algorithm aims to detect security verification.
and extract the watermarking for image datasets. They got Malani et al. [23] suggested mutual authentication
93.75% accuracy for classification. The Psannis et al. [29] protocol for IoT environment. This authentication protocol
suggested efficient algorithm for intelligent cloud systems was developed based on the ECC and hash function. In their
in media based smart big data. Their algorithm solves the protocol, the registration of IoT Devices was performed
quality issues of the streaming video through cloud in the using RAC. Therefore, there is some possibility of insider
big data environment. Recently, Kadhim, A.J. and Seno, attack in their protocol and also their protocol does not
S.A.H., suggested [18] energy efficient multi-cast routing provides device anonymity property at device level. It
protocol for vehicular networks based on fog and software takes high computation cost and communication cost. Adeel
defined network (SDN) computing. Their architecture has et al. [1] designed IoTD to IoTD authentication protocol.
the four layers such as SDN, OpenFlow switches, fog But, this protocol was based on involvement of server in
computing, vehicles as represented as top to bottom layer. authentication phase and also registrations of IoT Devices
Their protocol presented scheduling and classification are performed through server. Therefore, there is some
algorithms. Their protocol is used to incoming multi-cast possibility of insider attack and single point of failure in
requests classification and priority based scheduling for their protocol. This protocol, does not address dynamic
multi-cast requests. Their protocol performed better for device addition phase and does not address formal security
multi-cast energy consumption. verification.
In recent days many protocols are suggested for IoT envi- Das et al. [11] suggested device to device authentication
ronments such as [24, 37] and [33], but these protocols protocol for IoT environment. This protocol was developed
are based on the involvement of user in the authentication based on ECC and Hash function. In their protocol, RAC
process. In many of the authentication protocols such as [24, issued certificates to the device at the deployment phase.
37] and [10] suggested that, with the involvement of GWN This protocol takes high computation and communication
in the authentication process, it takes more computation cost. Their protocol does not provide device anonymity
cost. The fog computing is used for transportation cyber- and untraceability property and also does not provide
physical systems (T-CPS) applications. The advantage of IoT Device anonymity property at device level. The
fog computing in T-CPS are less communication latency, advantages and disadvantages of proposed protocol and
save network bandwidth, reduce bandwidth cost, mobility existing protocols are presented in Table 1.
support etc., [2, 15, 16]. Aman, M.N., et al. [5] suggested
physical unclonable functions based mutual authentication
protocol in IoT environment. In these protocol, the mutual 3 Mathematical preliminaries
authentication is performed between two IoT Devices with
the help of server and also mutual authentication is per- In this section, we discuss the notations and mathematical
formed between IoTD and server. In their protocol authen- background of the proposed protocol. The proposed
tication was performed using cryptographic primitives such protocol notations and meanings are represented in Table 2.
as hash function and encryption/decryption function. But, The mathematical preliminaries are represented as follows,
these protocol takes high exchange rate for the authen-
tication, does not provides device anonymity property at Definition 1 - ECC [19]: y 2 = x 3 + ax + b is the elliptic
device level, does not provides user anonymity and untrace- curve equation over zp∗ and (x, y)zp∗ × zp∗ is the set of
ability property in the authentication phase. This protocol solutions to the congruence y 2 ≡ x 3 + ax + b(modp),
failed to provide secure data storage system property [17]. 4a 3 + 27b2 ≡ 0(modp) is the equation, where a, b are
Li et al. [22] designed IoT mutual authentication protocol constants and along with a point at infinity. If P is a base
based on public key encryption and decryption, but these point of elliptic curve i.e., Ep∗ (a, b) over the finite field
protocol takes high computation and communication over- Fp∗ and key exchange algorithm for Elliptic Curve Diffie-
head (Wazid et al. [38]). Tewari A. and Gupta [35] designed Hellman (ECDH) is describes as follows:
mutual authentication protocol for IoT Devices. They used Initially, Device Di selects base point (P) from elliptic curve
cryptography primitives such as hash function and Ellip- and choose private key ri and calculates public key ri .P
tic Curve Cryptography (ECC) respectively for designing and shares to Device Dj . Dj also selects private key rj and
the protocol. In their protocol the mutual authentication calculates Bj i = rj .(ri .P ). Finally, Dj shares rj to Di and
was performed between IoT device and server. Their proto- Di calculates Bij = rj .(ri .P ). Finally, Bj i and Bij are the
col security analysis was performed using informal security similar and it is used to generate of session keys between Di
analysis. Their protocol maintained IoT credential in server and Dj for our protocol.
Peer-to-Peer Netw. Appl.
Note: Ref.- Reference, Atr. - Attributes, CP - Cryptography Primitives, H - Hash, SE/SD - Symmetric Encryption/Symmetric Decryption, MAC
- Message Authentication Code, PKE/D - Public Key Encryption/Decryption, ECC - Elliptic Curve Cryptography, DS - Digital Signature, MA -
Mutual Authentication performed with out GWN/RAC, MAT - Mutual Authentication performed with involvement of GWN/RAC, FSA - Formal
Security Analysis Processed, FSV - Formal Security Verification Processed, ISA - Informal Security Analysis Processed, ComP - Computation
Cost, ComC - Communication Cost, DDAP - Dynamic Device Addition Phase provided, DDAPB - Dynamic Device Addition Phase using
Blockchain provided, IOTDRB - IoT Device Registration phase using Blockchain provided, IoTDrB - IoT Device Revocation phase using
Blockchain provided, IOTDAL - IoT Device Authentication using Location provided, R:C/D - Registration using Centralized server/Decentralized
Server, SDSS - Secure Data Storage System provided, DAU - Device Anonymity and Untraceability property provided, SSPOF - Secure from
Single Point of Failure, IOTDAPDL- IoT device anonymity property at device level
Table 2 Notations and meanings Step 1: RACi generates secret k, selects I Di each IoT
devices and RACi calculates as follows,
Notations Meanings
Step 2: A1 = k.P
IoTD IoT Device Step 3: A2 = H (I Di || I DGW N || QCA || A1 ) ⊕ QCA
RAC Registration Authority Center Step 4: A3 = A2 ⊕ A1
ECC Elliptic Curve Cryptography Step 5: The RACi stores (h(I Di ), h(I DGW N ), QCA ,
IoT Internet of Things A3 , Li , P ) into IoT devices
Blockchain Blockchain network Step 6: The RACi sends (I Di , I DGW N , QCA , A3 , Li )
blockchain blockchain ledger to Blockchain for storing the values to complete the
GWN Gate-Way-Node registration process.
R0M Random-Oracle-Model The above mentioned process is same for Dj registration
A Adversary in the proposed protocol.
xCA and k Secret keys of GW Ni
QCA public key of GW Ni 4.3 Login and Authentication phase (LA) through a
P ECC base point public channel
H (·), h(·) Hash functions
Di , Dj IoT devices In this phase, the two IoT Devices mutually authenticate
I Di Identity of device Di each other and generates session key for secure communi-
I DGW N Identity of Gate-Way-Node cation, the algorithms are represented in Fig. 4.
L i , Lj Location of IoT devices
ri , rj random numbers 4.4 Dynamic device addition phase
T1 , T2 , T3 , T4 Time stamps
T Threshold limit of time-stamp If environment need new IoT devices, RACi do the
L Threshold limit of location following computations,
I Dj Identity of device Dj Step 1: RACi generates secret k, selects I Di each IoT
SKj i , SKij Session keys devices and RACi calculates as
BC Blockchain Step 2: A1 = k.P
Step 3: A2 = H (I Di || I DGW N || QCA || A1 ) ⊕ QCA
Step 4: A3 = A2 ⊕ A1
Step 3: Finally, the RACi publish QCA , P , Ep∗ (a, b) and Step 5: The RACi stores (h(I Di ), h(I DGW N ), QCA ,
H (·) are public parameters. A3 , Li , P ) into IoT devices
Step 6: The RACi sends (I Di , I DGW N , QCA , A3 , Li ) to
4.2 Registration phase Blockchain for storing the values to complete the registration.
using RoM model A is not able to get the secret informa- Definition 3 Reveal 2: The oracle provides, the private key
tions about devices (Di ) and (Dj ) such as I Di , I DGW N , s from the public key X= s × P ∈ Ep(a, b), Given P ∈ Ep(a, b)
xCA , A3 , Li , k for Di and I Dj , I DGW N , xCA , C3 , Lj , k
for Dj and also A is not able to generate the SK. The oracle Theorem 1 If the ECDH and hash function act as RoM and
reveal definitions are represented in Definition 2 and 3 and A extracts the secret values from Di or Dj using power
proof of theorems 1 and 2 are also represented as follows, analysis. However, A is not able to extracts I Di , k and
I DGW N from Di .
Definition 2 Reveal 1: The oracle provides, the hash
message t from the hash output y, where y=h(t). Proof If A gets information from Di such as h(I Di ),
h(I DGW N ), QCA , A3 , Li using power analysis and also if
A guess the device identities such as I Di , k and I DGW N .
Now A wants to verify the guessed Di information such as
I Di , k and I DGW N are correct or not with the help of exper-
h−ECDH
imental algorithm EXPA . Therefore, the function of
h−ECDH
Success probability is Success= |P r[EXPA = 1] −
h−ECDH
1|, where P r(·) is probability of success of EXPA .
Adv1 (t1, q1) = Max (Success1) is the advantage function
h−ECDH
for EXPA , where t1 is the running time, q1 is the
query depends on Max for random oracle model. The pro-
posed protocol is safe from A because of if Adv1 (t1, q1)
h−ECDH
≤ for any small value > 0. If A runs the EXPA
algorithm and A can extracts the information from hash
function, then A gets guessed device identities such as I Di ,
k and I DGW N are correct. However, it is hard to get the
information from hash function and ECDH. Therefore, we
Fig. 3 Sequence of activities showing the mutual authentication phase proved that A can not determine device identities such as
Peer-to-Peer Netw. Appl.
considered. In proverif tool, the security protocol analysis withstands from well-known attacks and the informal
was performed in unbounded message space and unbounded security analysis is represents as follows,
number of sessions. In recent years, formal security ver-
ification of authentication protocols [13, 31, 39, 42], are 5.3.1 Device impersonation attack
verified using Proverif tool. The proposed protocol is rep-
resented in Section 5. The proposed protocol was simulated If A try to impersonate as the legitimate IoT Device (Di )
through formal verification using proverif tool and Figures or (Dj ), then A need to construct the original messages
are represented in Appendix B (Figs. 5, 6, 7, 8 and 9). The as a legitimate device Di or Dj . For construct legitimate
formal verification proverif tool consists of declaration part messages, A needs to generates a random number and time
(Fig. 5), processes (Figs. 6 and 7) and execution of proto- stamp, then A construct the messages B1 = H (h(I Di ) ||
col (Fig. 8). The proposed protocol declaration part consists h(I DGW N ) || QCA || T1 ) ⊕ A3 , B2 = H (h(I DGW N ) ||
of declarations, which are cryptographic operations, vari- QCA || T1 || A3 ) ⊕ ri .P and L1 = H (h(I DGW N ) ||
able declaration and functions declaration. Second part is ri .P || A3 ) ⊕ Li . It is a impossible task to computes
proposed protocol processes, which consists of two process, h(I Di ), B1 , B2 , T1 , L1 , because it needs permanent secret
such as Di and Dj process. Third part is protocol execu- credentials such as I Di , I DGW N , xCA , Li and k and also
tion. Finally, we simulate with the queries, the queries are similar way to construct the Dj messages. Therefore, A is
represented in Fig. 8. The result of proposed protocol is not able to impersonates the original legitimate devices such
represented in Fig. 9. From the result we know that pro- as Di or Dj . Finally, our proposed protocol resists from
posed protocol is secure against known attacks and provides device impersonation attack.
authentication and secrecy property.
5.3.2 Man-in-the-middle (MITM) attack
5.3 Informal analysis
If A intercepts the communicated messages from authen-
In this section, we discuss the informal security analysis of tication phase, and if A captures the messages such as
proposed protocol. We also prove that our proposed protocol h(I Di ), B1 , B2 , T1 , L1 and h(I Dj ), B3 , B4 , T3 , L2 . Now,
Peer-to-Peer Netw. Appl.
(*********Registration******)
let UserDi=
let A1=E(ki,P) in
let A2= CONCAT(H(IDi, IDGWNi, Q, A1),Q) in
let A3= XOR (A2,A1) in
out (SCh , (h(IDi), h(IDGWNi), Q, A3, Li));
in (SCh , (IDi: bitstring, IDGWNi: bitstring));
(***in (SCh, (xPIDi : bitstring, xDi':bitstring, xFi:bitstring , xW':bitstring));*)
(**********Authentication (D_{i}*************)
event beginUserDi(IDi);
new ri: bitstring;
new ti: bitstring;
new li: bitstring;
new lj: bitstring;
let B1= XOR(H(h(IDi), h(IDGWNi), Q, ti), A3) in
let B2= XOR(H(h(IDGWNi), Q, ti, A3), ri) in
let L1= XOR(HHH(h(IDGWNi), ri, A3), li) in
out (PCh, (h(IDi), B1, B2, ti, L1));
in (Pch, (IDj: bitstring, B3: bitstring, B4: bitstring, tj: bitstring, L2: bitstring));
let c3= XOR(HH(A3, ri, Q, h(IDj), h(IDGWNi)), B3) in
let rj= XOR(HHH(c3,Q, h(IDj)), B4) in
let lj= XOR(HHH(h(IDGWN), rj, c3), L2) in
let bij=CONCAT(rj, ri) in
let skij=HHHHH(h(IDi), h(IDj), h(IDGWNi), Q, bij, ri, ti, tj, li, lj) in
event endUserDi ( IDi )
else
Fig. 5 Declaration of proposed protocol 0.
(*********Registration******)
let UserDj=
new Pj: bitstring;
new Qj: bitstring;
let A1j=E(kj,Pj) in
let A2j= CONCAT(H(IDj, IDGWNj, Qj, Aj),Qj) in
let A3j= XOR (A2j,A1j) in
out (SCh , (h(IDj), h(IDGWNj), Qj, A3j, Lj));
in (SCh , (IDj: bitstring, IDGWNj: bitstring));
(**********Authentication (D_{j}*************)
event beginUserDj(IDj);
new rj: bitstring;
new tj: bitstring;
new li: bitstring;
new lj: bitstring;
let A3= XOR(H(h(IDi), h(IDGWNj), Qj, ti), B1) in
Fig. 8 Di and Dj queries
let ri= XOR(H(h(IDGWNj), Qj, ti, A3), B2) in
let li= XOR(HHH(h(IDGWNj), ri, A3), L1) in
let Bij= CONCAT(ri, rj) in 5.3.7 Ephemeral secret key leakage attack (ESKLA)
let B3=XOR(HH(A3j, ri, Qj, h(IDGWNj), tj),c3) in
In our protocol, at the time of authentication the session key
let B4=XOR(H(c3, Qj, h(IDj), tj),rj) in
is generated between devices Di and Dj . The session keys
let skji=HHHHH(h(IDj),h(IDj), h(IDGWNj), Qj, bij, ri, ti, tj, li, lj) in are SKij = H (h(I Di ) || h(I Dj ) || h(I DGW N ) || QCA ||
event endUserDj (IDj) Bij∗ || ri .P || T1 || T3 || Li || L∗j ) and SKj i = H (h(I Di ) ||
h(I Dj ) || h(I DGW N ) || QCA || Bj i || ri .P ∗ || T1 ||
else
T3 || L∗i || Lj ). These session keys are generated based on
0. temporary secrets and permanent secrets. We consider the
Fig. 7 Dj Registration and Authentication process following two cases for our protocol,
Case 1: If A only know the temporary secrets (ri , rj ),
then A cannot able to generate the session keys without
power analysis [11, 20, 23]. After extraction of values from permanent secrets (I Di , I DGW N , I Dj , Li , Lj , k, xCA ).
devices, A deploy malicious device into the same environ- Case 2: If A only know the permanent secrets (I Di ,
ment and sends the authentication request to neighbor device. I Dj , I DGW N , Li , Lj , k, xCA ), then A cannot generate the
This process will not happen in our protocol, as devices are session keys without temporary secrets (ri , rj ).
deployed in the “secure target field environment”. There- Therefore, if A know the temporary secrets and perma-
fore, our protocol withstands device physical capture attack. nent secrets, then ESKLA attack is possible. In our protocol,
the two devices secrets are different, each session the ses-
5.3.6 Replay attack sion keys are different from each other and also to know
the permanent secrets and temporary secrets are difficult by
In our protocol, the exchanged informations are h(I Di ), B1 , A. Finally, our protocol withstands ephemeral secret key
B2 , T1 , L1 and h(I Dj ), B3 , B4 , T3 , L2 . This information leakage attack.
contains the location of devices, time-stamp and random
numbers. If A captures this information and replay
messages to the authorize devices Di or Dj , then device
rejects the authentication request from A, because of
the time-stamp probability limit. Therefore, our proposed
protocol withstands from replay attack. Fig. 9 Proposed protocol queries result
Peer-to-Peer Netw. Appl.
5.3.8 Insider attack anonymity & untraceability property, does not provide
IoT Device anonymity property at device level and may
In proposed protocol, the IoTDs registration are performed possible for insider attack, where as our protocol provides
through private Blockchain network. The IoTDs credentials these security features and additional features. Hence,
are maintained in the private Blockchain network DL. The proposed protocol withstands from well-known attacks and
Blockchain network DL is accessed by only authenticated also proposed protocol provides additional features when
entities. Therefore, the proposed protocol is secure from compared to other protocols (Table 3).
insider attack.
6.2 Comparison of communication cost
5.3.9 Location based authentication
In this section, we discuss the comparison of communica-
In our protocol, at deployment of IoT devices phase, the tion cost for proposed protocol and other existing protocols
devices are loaded with the location informations such as in the authentication phase. For communication cost of pro-
(Li ) and (Lj ). After deployment, at the time of authenti- posed protocol and other existing protocols proposed by
cation phase devices mutually authenticate each other with Adeel et al. [1], Malani et al. [23] and Das et al. [11], it
the use of location informations and also we used location is assumed that identity (I Di and I Dj ) is 160 bits, time
threshold limit (L) for devices to restrict the access. stamp (T1 , T2 , T3 , T4 ) is 32 bits, random numbers (ri and
rj ) is 160 bits, hash value is 160 bits (SHA-1 hash func-
5.3.10 Device revocation using blockchain tion - [30]) and ECC point (Point P = (Px , Py ), where Px
and Py is x and y co-ordinates of elliptic curve (P = 160
IoT Devices tend to fail due to physical capture by Adver- bits +160 bits = 320 bits)) is 320 bits are based on Das
sary or power drains, or there is a need for deployment et al. [11] and Malani et al. [23] schemes. Furthermore, it
of new IoT Devices in the same environment. Hence we is assumed that location value (Li , Lj ) is 32 bits. In the
proposed the utilization of RACi to generate the secret proposed protocol, the devices Di and Dj exchanged mes-
credentials with the help of blockchain network to deploy sages are h(I Di ), B1 , B2 , T1 , L1 = [MSG1] and h(I Dj ),
the IoT Devices in the same environment. B3 , B4 , T3 , L2 = [MSG2]. These messages communica-
tion cost are [MSG1] = 160 + 320 + 320 + 32 + 160 = 992
5.3.11 IoTD anonymity property at device level bits and [MSG2] = 160 + 320 + 320 + 32 + 160 = 992 bits
respectively. The total communication cost is 1984 bits and
In proposed protocol, the IoT Devices are deployed in communicated message length is 2 for proposed protocol
“secure target field” with the help of RACi using private and 2560, 2144, 3296 are communication cost and 6, 2, 3
Blockchain network. After deployment, the IoT Devices are communicated message length for other existing proto-
has the secret credentials such as (h(I Di ), h(I DGW N ), cols i.e., Adeel et al. [1], Malani et al. [23] and Das et al.
QCA , A3 , Li , P ). In this secret credentials, IoT Device [11] respectively. Table 4 shows the our protocol is takes
identity and GWN identity are not present in plain-text less communication cost, when compared to other existing
format. Therefore, in the proposed protocol IoT Device protocols.
anonymity property is preserved at device level.
6.3 Comparison of storage cost
6 Performance analysis For storage cost of proposed protocol and other existing
protocols such as Adeel et al. [1], Malani et al. [23] and
6.1 Comparison of security properties Das et al. [11], it is assumed that identity (I Di and I Dj )
is 160 bits, time stamp (T1 , T2 , T3 , T4 ) is 32 bits, random
Table 3, shows the comparison of security features for numbers (ri and rj ) is 160 bits, hash value is 160 bits (SHA-
our protocol with other existing protocols [1, 23], [11]. 1 hash function - [30]) and ECC point (Point P = (Px ,
Adeel et al. [1] proposed a protocol that is based on Py ), where Px and Py is x and y co-ordinates of elliptic
mutual authentication with the involvement of server. Their curve (P = 160 bits +160 bits = 320 bits)) is 320 bits are
protocol may suffers from insider attack. It does not have based on Das et al. [11] and Malani et al. [23] schemes.
formal security analysis, dynamic device addition phase and Furthermore, it is assumed that location value (Li , Lj ) is
does not provides additional features as mentioned in Table 32 bits, secret key is 160 bits and prime number is 160
3. Malani et al. [23] scheme may suffers from insider attack bits. The proposed protocol Di has the stored values such
and does not provides additional features as mentioned in as (h(I Di ), h(I DGW N ), QCA , A3 , Li , P ) = [MSG]. The
Table 3. Das et al. [11] scheme does not provide device proposed protocol storage cost of Di is calculated as [MSG]
Peer-to-Peer Netw. Appl.
Notations R1 R2 R3 Ours
Note: - = not provides the facility, ✗= attacks possible, ✓= attacks not possible, R1= Malani, S., et al. [23], R2= Das et al. [11], R3= Adeel et al. [1]
= (h(I Di ), h(I DGW N ), QCA , A3 , Li , P ) = 160 + 160 + Adeel et al. [1] protocol is taking 2TH for registration and
320 + 320 + 32 + 320 = 1312. The proposed protocol storage 23TH for authentication. Malani et al. [23] is taking TP +TH
cost is 1312 bits and other existing protocols storage cost is for registration and 16TH + 12TP + 4TP A for authenti-
also calculated in similar manner. Other protocols such as cation whereas, Das A.K., et al. [11] is taking 2TP + TH for
i.e., Adeel et al. [1], Malani et al. [23] and Das et al. [11] registration and 12TH + 14TP + 6TP A for authentication.
protocols are 960, 1600 and 1760 respectively (Table 5). Our proposed protocol provides less computation cost
Adeel et al. [1] storage cost is less when compared to (Table 6) when compared to Malani et al. [23] and Das et al.
proposed protocol, but Adeel, A., et al. [1] protocol does not [11] protocols and higher to Adeel, A., et al. [1] protocol,
provides some security properties as mentioned in Table 3. but Adeel et al. [1] protocol does not provides some security
features (Table 3).
6.4 Comparison of computation cost
6.5 Comparison of protocols execution time
Computation cost is the total cryptographic operation and
other operation used in proposed protocol and other existing For proposed protocol and other existing protocols it is
protocols. For computation cost, it is assume that, TH is calculated that the execution time for TH , TP and TP A
hash function, TP is ECC point multiplication and TP A are ≈ 0.056, ≈ 13.405 and ≈ 0.081 ms respectively
is ECC point addition. Proposed protocol takes 3TH + as mentioned in Das, A.K., et al. [11]. This execution
TP for registration and 14TH + 3TP for authentication. time is rough estimation based on user device (mobile
Table 4 Comparison of communication cost (in bits) Table 5 Comparison of storage cost (in bits)
Schemes Communicated messages No of bits Schemes Storage cost of secret values in smart card (bits)
Table 6 Comparison of
computation cost Schemes RP LA
Di Dj RAC Di Dj RAC
– Proposed protocol authentication perform based on the 9. Cao J, Ma M, Li H, Ma R, Sun Y, Yu P, Xiong L (2019) A survey
location of the device, which is not proposed in the on security aspects for 3gpp 5g networks. IEEE Communications
Surveys & Tutorials
existing works
10. Challa S, Wazid M, Das AK, Kumar N, Reddy AG, Yoon E-
– Proposed protocol performs better performance as J, Yoo K-Y (2017) Secure signature-based authenticated key
well as provides additional features such as location establishment scheme for future iot applications. IEEE Access
based authentication of IoT Device, IoT Device 5:3028–3043
11. Das AK, Wazid M, Yannam AR, Rodrigues JJ, Park Y
revocation phase using blockchain and blockchain
(2019) Provably secure ecc-based device access control and key
based registration of IoT Devices respectively agreement protocol for iot environment. IEEE Access 7:55382–
– Proposed protocol security verification is performs 55397
through formal and informal analysis. Formal analysis 12. Dolev D, Yao A (1983) On the security of public key protocols.
IEEE Trans Inf Theory 29(2):198–208
is perform through Proverif tool, informal analysis
13. Ferrag MA, Maglaras LA, Janicke H, Jiang J, Shu L (2017)
is perform through various security assumptions, and Authentication protocols for internet of things: a comprehensive
also formal security verification is perform through the survey. Security and Communication Networks 2017
Random Oracle Model (RoM). 14. Gubbi J, Buyya R, Marusic S, Palaniswami M (2013) Internet of
things (iot) A vision, architectural elements, and future directions.
Fut Gen Comput Syst 29(7):1645–1660
15. Gupta R (2019) Resource provisioning and scheduling techniques
Appendix B of iot based applications in fog computing. Int J Fog Comput
(IJFC) 2(2):57–70
Formal verification of proposed protocol using Proverif 16. Hussain MM, Beg MS (2019) Using vehicles as fog infrastructures
for transportation cyber-physical systems (t-cps) Fog computing
tool The formal security verification of proposed protocol for vehicular networks. Int J Softw Sci Comput Intell (IJSSCI)
simulated in this section. The Fig. 5 represents declaration 11(1):47–69
of proposed protocol, Fig. 6 represents registration and 17. Javaid U, Aman MN, Sikdar B (2018) Blockpro: Blockchain
authentication process, Fig. 7 represents registration and based data provenance and integrity for secure iot environments.
In: Proceedings of the 1st Workshop on Blockchain-enabled
authentication process, Fig. 8 represents Di and Dj queries Networked Sensor Systems, pp 13–18
and Fig. 9 represents proposed protocol queries result. 18. Kadhim AJ, Seno SAH (2019) Energy-efficient multicast routing
protocol based on sdn and fog computing for vehicular networks.
Ad Hoc Netw 84:68–81
19. Koblitz N (1987) Elliptic curve cryptosystems. Math Comput
References 48(177):203–209
20. Kocher P, Jaffe J, Jun B (1999) Differential power analy-
1. Adeel A, Ali M, Khan AN, Khalid T, Rehman F, Jararweh Y, sis. In: Annual International Cryptology Conference. Springer,
Shuja J (2019) A multi-attack resilient lightweight iot authen- pp 388–397
tication scheme. Transactions on Emerging Telecommunications 21. Li D, Deng L, Gupta B, Wang H, Choi C (2019) A novel cnn based
Technologies, pp e3676 security guaranteed image watermarking generation scenario for
2. Ahuja SP, Wheeler N (2020) Architecture of fog-enabled and smart city applications. Inf Sci 479:432–447
cloud-enhanced internet of things applications. Int J Cloud Appl 22. Li N, Liu D, Nepal S (2017) Lightweight mutual authentication for
Comput (IJCAC) 10(1):1–10 iot and its applications. IEEE Trans Sustain Comput 2(4):359–370
3. Ali R, Pal AK (2018) An efficient three factor–based authentica- 23. Malani S, Srinivas J, Das AK, Srinathan K, Jo M (2019)
tion scheme in multiserver environment using ecc. Int J Commun Certificate-based anonymous device access control scheme for iot
Syst 31(4):e3484 environment. IEEE Internet Things J 6(6):9762–9773
4. Ali R, Pal AK, Kumari S, Karuppiah M, Conti M (2018) A secure 24. Maurya AK, Sastry VN (2017) Fuzzy extractor and elliptic curve
user authentication and key-agreement scheme using wireless based efficient user authentication protocol for wireless sensor
sensor networks for agriculture monitoring. Futur Gener Comput networks and internet of things. Information 8(4):136
Syst 84:200–215 25. Naghizadeh A, Berenjian S, Razeghi B, Shahanggar S, Pour NR
5. Aman MN, Chua KC, Sikdar B (2017) Mutual authentication in (2015) Preserving receiver’s anonymity for circular structured p2p
iot systems using physical unclonable functions. IEEE Internet networks. In: 2015 12th Annual IEEE Consumer Communications
Things J 4(5):1327–1340 and Networking Conference (CCNC). IEEE, pp 71–76
6. Bellare M, Rogaway P (1993) Random oracles are practical: A 26. Naghizadeh A, Berenjian S, Meamari E, Atani RE (2016)
paradigm for designing efficient protocols. In: Proceedings of the Structural-based tunneling: preserving mutual anonymity for
1st ACM conference on Computer and communications security, circular p2p networks. Int J Commun Syst 29(3):602–619
pp 62–73 27. Nakamoto S et al (2008) Bitcoin: A peer-to-peer electronic cash
7. Berenjian S, Hajizadeh S, Atani RE (2019) An incentive security system
model to provide fairness for peer-to-peer networks. In: 2019 28. Pena-lópez I et al (2005) Itu internet report 2005: the internet of
IEEE Conference on Application, Information and Network things
Security (AINS). IEEE, pp 71–76 29. Psannis KE, Stergiou C, Gupta B (2018) Advanced media-based
8. Blanchet B, Smyth B, Cheval V, Sylvestre M (2018) Proverif smart big data on intelligent cloud systems. IEEE Trans Sustain
2.00: automatic cryptographic protocol verifier, user manual and Comput 4(1):77–87
tutorial. Version from 05–16 30. PUB F (1995) Secure hash standard. Public Law 100:235
Peer-to-Peer Netw. Appl.
Manojkumar Vivekanan-
dan received the M.E degree
in Computer Science and
Engineering from Anna Uni-
versity, Chennai, India. He
is currently doing PhD at
National Institute of Technol-
ogy, Tiruchirappalli, India.
His research interest includes
Mobile Cloud Computing,
Internet of Things, Authen-
tication, Cryptography and
Blockchain.
Peer-to-Peer Netw. Appl.
Affiliations
Manojkumar Vivekanandan1,2 · Sastry V. N.1 · Srinivasulu Reddy U.2
Manojkumar Vivekanandan
vmanojk88@gmail.com
Sastry V. N.
vnsastry@idrbt.ac.in
1 Center for Mobile Banking (CMB), Institute for Development
and Research in Banking Technology (IDRBT), Hyderabad, India
2 Machine Learning and Data Analytics Lab, Department
of Computer Applications, National Institute of Technology,
Tiruchirappalli, India