IDEAS home Printed from https://ideas.repec.org/a/gam/jmathe/v9y2021i24p3241-d702363.html
   My bibliography  Save this article

BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things

Author

Listed:
  • Jan Lansky

    (Department of Computer Science and Mathematics, Faculty of Economic Studies, University of Finance and Administration, 101 00 Prague, Czech Republic)

  • Amir Masoud Rahmani

    (Future Technology Research Center, National Yunlin University of Science and Technology, Douliou 64002, Taiwan)

  • Saqib Ali

    (Department of Information Systems, College of Economics and Political Science, Sultan Qaboos University, Muscat P.C.123, Oman)

  • Nasour Bagheri

    (Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran)

  • Masoumeh Safkhani

    (Faculty of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran)

  • Omed Hassan Ahmed

    (Department of Information Technology, University of Human Development, Sulaymaniyah 0778-6, Iraq)

  • Mehdi Hosseinzadeh

    (Pattern Recognition and Machine Learning Lab, Gachon University, 1342 Seongnamdaero, Sujeonggu, Seongnam 13120, Korea)

Abstract

In this paper, targeting efficient authentication and key agreement in an IoT environment, we propose an Elliptic Curve Cryptography-(ECC) based lightweight authentication protocol called BCmECC which relies on a public blockchain to validate the users’ public key to provide desired security. We evaluate the security of the proposed protocol heuristically and validate it formally, which demonstratse the high level of the security. For the formal verification we used the widely accepted formal methods, i.e., BAN logic and the Scyther tool. In this paper we also analyse the security of recently proposed blockchain-based authentication protocols and show that this protocol does not provide the desired security against known session-specific temporary information attacks in which the adversary has access to the session’s ephemeral values and aims to retrieve the shared session key. In addition, the protocol lacks forward secrecy, in which an adversary with access to the server’s long-term secret key can retrieve the previous session keys, assuming that the adversary has already eavesdropped the transferred messages over a public channel in the target session. The proposed attacks are very efficient and their success probability is ‘1’, while the time complexity of each attack could be negligible. Besides, we show that BCmECC is secure against such attacks.

Suggested Citation

  • Jan Lansky & Amir Masoud Rahmani & Saqib Ali & Nasour Bagheri & Masoumeh Safkhani & Omed Hassan Ahmed & Mehdi Hosseinzadeh, 2021. "BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things," Mathematics, MDPI, vol. 9(24), pages 1-17, December.
  • Handle: RePEc:gam:jmathe:v:9:y:2021:i:24:p:3241-:d:702363
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-7390/9/24/3241/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/2227-7390/9/24/3241/
    Download Restriction: no
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Weichu Deng & Teng Huang & Haiyang Wang, 2022. "A Review of the Key Technology in a Blockchain Building Decentralized Trust Platform," Mathematics, MDPI, vol. 11(1), pages 1-29, December.
    2. Qingyun Xie & Zixuan Ding & Qi Xie, 2023. "A Lightweight and Privacy-Preserving Authentication Protocol for Healthcare in an IoT Environment," Mathematics, MDPI, vol. 11(18), pages 1-17, September.
    3. Mehdi Hosseinzadeh & Mazhar Hussain Malik & Masoumeh Safkhani & Nasour Bagheri & Quynh Hoang Le & Lilia Tightiz & Amir H. Mosavi, 2023. "Toward Designing a Secure Authentication Protocol for IoT Environments," Sustainability, MDPI, vol. 15(7), pages 1-16, March.
    4. Mehdi Hosseinzadeh & Rizwan Ali Naqvi & Masoumeh Safkhani & Lilia Tightiz & Raja Majid Mehmood, 2022. "Secure Authentication in the Smart Grid," Mathematics, MDPI, vol. 11(1), pages 1-24, December.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:9:y:2021:i:24:p:3241-:d:702363. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.