BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things
In this paper, targeting efficient authentication and key agreement in an IoT environment, we propose an Elliptic Curve Cryptography-(ECC) based lightweight authentication protocol called BCmECC which relies on a public blockchain to validate the users’ public key to provide desired security. We eva...
Main Authors: | , , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2021-12-01
|
Series: | Mathematics |
Subjects: | |
Online Access: | https://www.mdpi.com/2227-7390/9/24/3241 |
_version_ | 1797502685822320640 |
---|---|
author | Jan Lansky Amir Masoud Rahmani Saqib Ali Nasour Bagheri Masoumeh Safkhani Omed Hassan Ahmed Mehdi Hosseinzadeh |
author_facet | Jan Lansky Amir Masoud Rahmani Saqib Ali Nasour Bagheri Masoumeh Safkhani Omed Hassan Ahmed Mehdi Hosseinzadeh |
author_sort | Jan Lansky |
collection | DOAJ |
description | In this paper, targeting efficient authentication and key agreement in an IoT environment, we propose an Elliptic Curve Cryptography-(ECC) based lightweight authentication protocol called BCmECC which relies on a public blockchain to validate the users’ public key to provide desired security. We evaluate the security of the proposed protocol heuristically and validate it formally, which demonstratse the high level of the security. For the formal verification we used the widely accepted formal methods, i.e., BAN logic and the Scyther tool. In this paper we also analyse the security of recently proposed blockchain-based authentication protocols and show that this protocol does not provide the desired security against known session-specific temporary information attacks in which the adversary has access to the session’s ephemeral values and aims to retrieve the shared session key. In addition, the protocol lacks forward secrecy, in which an adversary with access to the server’s long-term secret key can retrieve the previous session keys, assuming that the adversary has already eavesdropped the transferred messages over a public channel in the target session. The proposed attacks are very efficient and their success probability is ‘1’, while the time complexity of each attack could be negligible. Besides, we show that BCmECC is secure against such attacks. |
first_indexed | 2024-03-10T03:38:38Z |
format | Article |
id | doaj.art-ef555bf823df476c954d51e788a3527c |
institution | Directory Open Access Journal |
issn | 2227-7390 |
language | English |
last_indexed | 2024-03-10T03:38:38Z |
publishDate | 2021-12-01 |
publisher | MDPI AG |
record_format | Article |
series | Mathematics |
spelling | doaj.art-ef555bf823df476c954d51e788a3527c2023-11-23T09:26:17ZengMDPI AGMathematics2227-73902021-12-01924324110.3390/math9243241BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of ThingsJan Lansky0Amir Masoud Rahmani1Saqib Ali2Nasour Bagheri3Masoumeh Safkhani4Omed Hassan Ahmed5Mehdi Hosseinzadeh6Department of Computer Science and Mathematics, Faculty of Economic Studies, University of Finance and Administration, 101 00 Prague, Czech RepublicFuture Technology Research Center, National Yunlin University of Science and Technology, Douliou 64002, TaiwanDepartment of Information Systems, College of Economics and Political Science, Sultan Qaboos University, Muscat P.C.123, OmanElectrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, IranFaculty of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran 16788-15811, IranDepartment of Information Technology, University of Human Development, Sulaymaniyah 0778-6, IraqPattern Recognition and Machine Learning Lab, Gachon University, 1342 Seongnamdaero, Sujeonggu, Seongnam 13120, KoreaIn this paper, targeting efficient authentication and key agreement in an IoT environment, we propose an Elliptic Curve Cryptography-(ECC) based lightweight authentication protocol called BCmECC which relies on a public blockchain to validate the users’ public key to provide desired security. We evaluate the security of the proposed protocol heuristically and validate it formally, which demonstratse the high level of the security. For the formal verification we used the widely accepted formal methods, i.e., BAN logic and the Scyther tool. In this paper we also analyse the security of recently proposed blockchain-based authentication protocols and show that this protocol does not provide the desired security against known session-specific temporary information attacks in which the adversary has access to the session’s ephemeral values and aims to retrieve the shared session key. In addition, the protocol lacks forward secrecy, in which an adversary with access to the server’s long-term secret key can retrieve the previous session keys, assuming that the adversary has already eavesdropped the transferred messages over a public channel in the target session. The proposed attacks are very efficient and their success probability is ‘1’, while the time complexity of each attack could be negligible. Besides, we show that BCmECC is secure against such attacks.https://www.mdpi.com/2227-7390/9/24/3241authenticationblockchainsecuritycryptanalysis |
spellingShingle | Jan Lansky Amir Masoud Rahmani Saqib Ali Nasour Bagheri Masoumeh Safkhani Omed Hassan Ahmed Mehdi Hosseinzadeh BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things Mathematics authentication blockchain security cryptanalysis |
title | BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things |
title_full | BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things |
title_fullStr | BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things |
title_full_unstemmed | BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things |
title_short | BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things |
title_sort | bcmecc a lightweight blockchain based authentication and key agreement protocol for internet of things |
topic | authentication blockchain security cryptanalysis |
url | https://www.mdpi.com/2227-7390/9/24/3241 |
work_keys_str_mv | AT janlansky bcmeccalightweightblockchainbasedauthenticationandkeyagreementprotocolforinternetofthings AT amirmasoudrahmani bcmeccalightweightblockchainbasedauthenticationandkeyagreementprotocolforinternetofthings AT saqibali bcmeccalightweightblockchainbasedauthenticationandkeyagreementprotocolforinternetofthings AT nasourbagheri bcmeccalightweightblockchainbasedauthenticationandkeyagreementprotocolforinternetofthings AT masoumehsafkhani bcmeccalightweightblockchainbasedauthenticationandkeyagreementprotocolforinternetofthings AT omedhassanahmed bcmeccalightweightblockchainbasedauthenticationandkeyagreementprotocolforinternetofthings AT mehdihosseinzadeh bcmeccalightweightblockchainbasedauthenticationandkeyagreementprotocolforinternetofthings |