TY - JOUR
T1 - Bcmecc
T2 - A lightweight blockchain-based authentication and key agreement protocol for internet of things
AU - Lansky, Jan
AU - Rahmani, Amir Masoud
AU - Ali, Saqib
AU - Bagheri, Nasour
AU - Safkhani, Masoumeh
AU - Ahmed, Omed Hassan
AU - Hosseinzadeh, Mehdi
N1 - Funding Information:
The result was created with the use of institutional support for long-term conceptual development of research of the University of Finance and Administration.
Publisher Copyright:
© 2021 by the authors. Licensee MDPI, Basel, Switzerland.
PY - 2021/12/1
Y1 - 2021/12/1
N2 - In this paper, targeting efficient authentication and key agreement in an IoT environment, we propose an Elliptic Curve Cryptography-(ECC) based lightweight authentication protocol called BCmECC which relies on a public blockchain to validate the users’ public key to provide desired security. We evaluate the security of the proposed protocol heuristically and validate it formally, which demonstratse the high level of the security. For the formal verification we used the widely accepted formal methods, i.e., BAN logic and the Scyther tool. In this paper we also analyse the security of recently proposed blockchain-based authentication protocols and show that this protocol does not provide the desired security against known session-specific temporary information attacks in which the adversary has access to the session’s ephemeral values and aims to retrieve the shared session key. In addition, the protocol lacks forward secrecy, in which an adversary with access to the server’s long-term secret key can retrieve the previous session keys, assuming that the adversary has already eavesdropped the transferred messages over a public channel in the target session. The proposed attacks are very efficient and their success probability is ‘1’, while the time complexity of each attack could be negligible. Besides, we show that BCmECC is secure against such attacks.
AB - In this paper, targeting efficient authentication and key agreement in an IoT environment, we propose an Elliptic Curve Cryptography-(ECC) based lightweight authentication protocol called BCmECC which relies on a public blockchain to validate the users’ public key to provide desired security. We evaluate the security of the proposed protocol heuristically and validate it formally, which demonstratse the high level of the security. For the formal verification we used the widely accepted formal methods, i.e., BAN logic and the Scyther tool. In this paper we also analyse the security of recently proposed blockchain-based authentication protocols and show that this protocol does not provide the desired security against known session-specific temporary information attacks in which the adversary has access to the session’s ephemeral values and aims to retrieve the shared session key. In addition, the protocol lacks forward secrecy, in which an adversary with access to the server’s long-term secret key can retrieve the previous session keys, assuming that the adversary has already eavesdropped the transferred messages over a public channel in the target session. The proposed attacks are very efficient and their success probability is ‘1’, while the time complexity of each attack could be negligible. Besides, we show that BCmECC is secure against such attacks.
KW - Authentication
KW - Blockchain
KW - Cryptanalysis
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85121295252&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85121295252&partnerID=8YFLogxK
U2 - 10.3390/math9243241
DO - 10.3390/math9243241
M3 - Article
AN - SCOPUS:85121295252
SN - 2227-7390
VL - 9
JO - Mathematics
JF - Mathematics
IS - 24
M1 - 3241
ER -