A User Authentication Scheme of IoT Devices using Blockchain-Enabled Fog Nodes

These days, IoT devices are deployed at a massive scale, with Cisco predicting 20 billion devices by the year 2020. As opposed to endpoint devices, IoT devices are resource-constrained devices, incapable of securing and defending themselves, and can be easily hacked and compromised. Fog computing can augment such capacity limitations by providing localized compute, storage, and networking for a group of IoT devices. As fog nodes are deployed in close proximity to IoT devices, fog computing can be more effective than cloud computing. Furthermore, Blockchain has emerged as technology with capabilities to provide secure management, authentication and access to IoT devices and their data, in decentralized manner with high trust, integrity, and resiliency. In this paper, we propose a user authentication scheme using blockhain-enabled fog nodes in which fog nodes interface to Ethereum smart contracts to authenticate users to access IoT devices. The fog nodes are used to provide scalability to the system by relieving the IoT devices from carrying out heavy computation involving tasks related to authentication and communicating with the blockchain. We describe system components, architecture and design, and we discuss key aspects related to security analysis, functionality, testing and implementation of the smart contracts. The full code of the smart contracts for authentication registry, lists, rules and logic is also made publicly available at Github.

[1]  Christophe Rosenberger,et al.  A Review on Authentication Methods , 2013 .

[2]  Andrei V. Gurtov,et al.  Two-phase authentication protocol for wireless sensor networks in distributed IoT applications , 2014, 2014 IEEE Wireless Communications and Networking Conference (WCNC).

[3]  George C. Hadjichristofi,et al.  Internet of Things: Security vulnerabilities and challenges , 2015, 2015 IEEE Symposium on Computers and Communication (ISCC).

[4]  Sarah Underwood,et al.  Blockchain beyond bitcoin , 2016, Commun. ACM.

[5]  Burkhard Stiller,et al.  A Peer-to-peer Purchase and Rental Smart Contract-based Application (PuRSCA) , 2018 .

[6]  Zhonghua Deng,et al.  Enquiring Semantic Relations among RDF Triples , 2012, 2012 11th International Symposium on Distributed Computing and Applications to Business, Engineering & Science.

[7]  Ramjee Prasad,et al.  Threshold Cryptography-based Group Authentication (TCGA) scheme for the Internet of Things (IoT) , 2014, 2014 4th International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace & Electronic Systems (VITAE).

[8]  Luca Veltri,et al.  IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios , 2015, IEEE Sensors Journal.

[9]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[10]  Sugata Sanyal,et al.  An Introduction , 1998 .

[11]  Xiaohong Jiang,et al.  Smart Contract-Based Access Control for the Internet of Things , 2018, IEEE Internet of Things Journal.

[12]  Álvaro Alonso,et al.  IAACaaS: IoT Application-Scoped Access Control as a Service , 2017, Future Internet.

[13]  Klaus Wehrle,et al.  Delegation-based authentication and authorization for the IP-based Internet of Things , 2014, 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[14]  Khaled Salah,et al.  IoT security: Review, blockchain solutions, and open challenges , 2017, Future Gener. Comput. Syst..

[15]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..