BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things

Lansky, Jan; Rahmani, Amir Masoud; Ali, Saqib; Bagheri, Nasour; Safkhani, Masoumeh; Ahmed, Omed Hassan; Hosseinzadeh, Mehdi

BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things

Jan Lansky, Amir Masoud Rahmani, Saqib Ali, Nasour Bagheri, Masoumeh Safkhani, Omed Hassan Ahmed and Mehdi Hosseinzadeh
Additional contact information
Jan Lansky: Department of Computer Science and Mathematics, Faculty of Economic Studies, University of Finance and Administration, 101 00 Prague, Czech Republic
Amir Masoud Rahmani: Future Technology Research Center, National Yunlin University of Science and Technology, Douliou 64002, Taiwan
Saqib Ali: Department of Information Systems, College of Economics and Political Science, Sultan Qaboos University, Muscat P.C.123, Oman
Nasour Bagheri: Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran
Masoumeh Safkhani: Faculty of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran
Omed Hassan Ahmed: Department of Information Technology, University of Human Development, Sulaymaniyah 0778-6, Iraq
Mehdi Hosseinzadeh: Pattern Recognition and Machine Learning Lab, Gachon University, 1342 Seongnamdaero, Sujeonggu, Seongnam 13120, Korea

Mathematics, 2021, vol. 9, issue 24, 1-17

Abstract: In this paper, targeting efficient authentication and key agreement in an IoT environment, we propose an Elliptic Curve Cryptography-(ECC) based lightweight authentication protocol called BCmECC which relies on a public blockchain to validate the users’ public key to provide desired security. We evaluate the security of the proposed protocol heuristically and validate it formally, which demonstratse the high level of the security. For the formal verification we used the widely accepted formal methods, i.e., BAN logic and the Scyther tool. In this paper we also analyse the security of recently proposed blockchain-based authentication protocols and show that this protocol does not provide the desired security against known session-specific temporary information attacks in which the adversary has access to the session’s ephemeral values and aims to retrieve the shared session key. In addition, the protocol lacks forward secrecy, in which an adversary with access to the server’s long-term secret key can retrieve the previous session keys, assuming that the adversary has already eavesdropped the transferred messages over a public channel in the target session. The proposed attacks are very efficient and their success probability is ‘1’, while the time complexity of each attack could be negligible. Besides, we show that BCmECC is secure against such attacks.

Keywords: authentication; blockchain; security; cryptanalysis (search for similar items in EconPapers)
JEL-codes: C (search for similar items in EconPapers)
Date: 2021
References: View complete reference list from CitEc
Citations: View citations in EconPapers (4)

Downloads: (external link)
https://www.mdpi.com/2227-7390/9/24/3241/pdf (application/pdf)
https://www.mdpi.com/2227-7390/9/24/3241/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jmathe:v:9:y:2021:i:24:p:3241-:d:702363

Access Statistics for this article

Mathematics is currently edited by Ms. Emma He

More articles in Mathematics from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().