“© 2021 IEEE. Personal use of this material is permitted.

Permission from IEEE must be obtained for

all other uses, in any current or future media, including reprinting/republishing this material for
advertising or promotional purposes, creating new collective works, for resale or redistribution to
servers or lists, or reuse of any copyrighted component of this work in other works.”
 1

Authentication and Key Management in Distributed

IoT using Blockchain Technology
Soumyashree S Panda, Debasish Jena, Senior Member, IEEE, Bhabendu Kumar Mohanta, Member, IEEE,
Somula Ramasubbareddy, Mahmoud Daneshmand Senior Life Member, IEEE, and Amir H. Gandomi Senior
Member, IEEE

Abstract—The exponential growth in the number of connected 3) smart agriculture and so on. With such expansion to a
devices as well as the data produced from these devices call for wide range of fields, the number of devices connected to the
a secure and efficient access control mechanism that can ensure internet and to each other is expected to reach around 20
the privacy of both users and data. Most of the conventional key
management mechanisms depend upon a trusted third party like billion by 2022[1].
a registration center or key generation center for the generation
and management of keys. Trusting a third party has its own By concept, an IoT application system is ubiquitous of a
ramifications and results in a centralized architecture; therefore variety of devices (things) that are capable of interacting with
this article addresses these issues by designing a Blockchain each other so that a broad range of services can be provided.
based distributed IoT architecture that uses Hash Chains for
secure key management. The proposed architecture exploits the Each device, be it physical or virtual, of an IoT system
key characteristics of Blockchain technology such as openness, must be accessible by the system users regardless of their
immutability, traceability, and fault tolerance, to ensure data location. It is critical that only authenticated and approved
privacy in IoT scenarios and, thus, provides a secure environment users can access the system; otherwise, the system will be
for communication. The paper also proposes a scheme for vulnerable to numerous security attacks like spoofing, data
secure and efficient key generation and management for mutual
authentication between communication entities. The proposed tampering, DOS attack, impersonation attack, information
scheme uses a one-way hash chain technique to provide a set theft, etc. Certainly, these security issues continue to be
of public and private key pairs to the IoT devices that allow the the prime obstacle for the adoption of IoT in large scale
key pairs to verify themselves at any time. Experimental analysis organizations. As per a survey, one of the most significant
confirms the superior performance of the proposed scheme to the concerns in the deployment of solutions for different IoT
conventional mechanisms.
use-cases is security. Securing the communication among
Index Terms—Internet of Things, Blockchain, Decentraliza- different entities and ensuring data privacy using encryption
tion, Hash Chain, Privacy, Security are the most commonly used methods to ensure IoT security
[2]. However, the conventional security methods do not fully
I. I NTRODUCTION conform to the IoT systems because of the heterogeneity
and limited resources of IoT devices. Moreover, most of
T HE rate at which the number of physical devices
connected to the Internet is increasing exponentially.
People are gradually furnishing their homes with smart
the proposed solutions are centralized in which scalability
becomes a matter of concern since thousands of devices
devices like smart remote controls, smart TVs, surveillance work in an IoT use-case [3]. Lastly, each use-case demands
cameras, smart bulbs, etc., while vehicles are being equipped a different approach for system design, deployment and
with different smart devices so that they can share traffic- ensuring security. Therefore, new approaches should be
related data [1]. In factories, robots and smart tools are designed with the aim to facilitate the hassle free addition
being implemented to increase the productivity of their of new services as well as new devices with add-on security
operations. The application areas of IoT are not limited to benefits.
these use-cases; but is largely endorsed in several other areas, As a recently promising solution, the concept of Blockchain is
including agriculture, cities, transportation system, grids, etc. suggested to provide a secure and efficient base for several IoT
Indeed, IoT has allowed the evolution of many other areas applications.With the growing popularity of digital currency,
like 1) smart health systems 2) smart transportation systems researchers have focused their attention on the different
usages of Blockchain which is the key element behind
S.S. Panda, D. Jena and B. Kumar Mohanta are with the Department of Bitcoin. Coined by Nakamoto in 2008 [4], a Blockchain is
Computer Science Engineering, IIIT Bhubaneswar, Odisha, India, 751003 e-
mails: C117011@iiit-bh.ac.in, debasish@iiit-bh.ac.in, C116004@iiit-bh.ac.in essentially a distributed ledger that is inherently immutable,
S. Ramasubbareddy is with Department of Information Technology, open, synchronized and verifiable [5]. It facilitates distributed
VNRVJIET, Hyderabad, India, 500090, e-mail: svramasub- decision making so that all entities of the system share equal
bareddy1219@gmail.com
M. Daneshmand is with the School of Business, Stevens privilege. Simply put, Blockchain networks enable a number
Institute of Technology, Hoboken, NJ 07030, USA, e-mail: of entities that do not share a trust relationship to coordinate,
Mahmoud.Daneshmand@stevens.edu amalgamate and associate in application development process
A.H. Gandomi (corresponding author) is with the Faculty of Engineering
Information Technology, University of Technology Sydney, Australia, e-mail: or business intelligence process [6].
gandomi@uts.edu.au
 2

Most of the existing works solely depend upon the security handle the different issues related to data privacy and security
attribute of Blockchain, which may not be enough for some of in an IoT framework.
the IoT use-cases. For example, the full anonymity provided
• Consensus: The entities of the network will collec-
by Blockchain doesn’t ensure identification, which is crucial
tively agree that each transaction that is recorded in the
in most of the IoT use-cases. Moreover, it remains unclear
Blockchain and the order of transactions in relation to
whether a low power and resource-constrained IoT device will
others are valid.
be able to perform transactions in Blockchain and participate
• Provenance: The entities know the history of the data and
in the Blockchain mining process. Most of the researchers
how it flows within the network.
are still in their elementary stage, whereby only an approach
• Immutability: Entities can not tamper with the transac-
is presented but no proper implementation or analysis are
tions once they are agreed upon and recorded in the chain.
given. Therefore, in this paper, a distributed framework using
• Finality: Once a transaction is committed, it cannot be
two Blockchain structures is presented which enables secure
reversed.i.e. data cannot be rolled back to the previous
communication among IoT devices. One-way hash chains are
state. If a transaction is in error, then a new transaction
employed for authentication and key management.
must be used to reverse the error with both transactions
Given the challenges in developing a distributed, reliable
visible.
and secure authentication scheme for a heterogeneous IoT
network, a Blockchain-based distributed authentication and Bitcoin is an example of a permission-less public Blockchain.
key management scheme has been proposed in this article. It is a peer to peer payment system that allows people to
The key contributions are given below: send currency to one another without requiring a centralized
1) A framework using two Blockchain structure is devel- intermediary using a class of assets called cryptocurrency
oped to provide a distributed and secure IoT network [5]. It uses a resource intensive process known as proof
for communication. of work (PoW) to achieve consensus. PoW in the Bitcoin
2) A distributed authentication and key management using system extends the hashcash based PoW system and develops
one-way hash chains to authenticate as well as to assign a mechanism to safeguard the Blockchain by applying the
keys to the entities of the system. The introduction of distributed consensus mechanism [4]. The hashcash system
Blockchain technology in the scheme facilitates dis- was proposed by Adam Back and uses the puzzle friendliness
tributed decision making without the need for a third property of the cryptographic hash function [7]. Transactions
party. in Bitcoin are public and visible, but the entities behind each
3) The scheme has been implemented on the Ethereum transaction are largely anonymous making them very difficult
platform and an in-depth evaluation of the scheme to track.
proves its proficiency in making an IoT use-case secure. To exploit the advantages of Blockchain technology, a
4) Further security analysis of the proposed authentication number of platforms have been designed to integrate it with
scheme is being compared with other existing schemes IoT to provide smart and usable foundations for future research
which prove the strength of the proposed scheme. The and development. Some of the popular platforms include
performance analysis shows that the scheme is highly Ethereum, Hyperledger, Multichain, IOTA, Rootstock, IoT
efficient and scalable. Chain, Atonomi, Lisk, Chain of Things etc. Specifically,
The rest of the article is arranged as follows: Section 2 gives Ethereum was the first acknowledged platform for the develop-
a brief introduction of Blockchain along with some popular ment of decentralized or distributed systems using Blockchain
platforms that combine it with IoT. Section 3 discusses the technology, which supports smart contracts. These smart con-
existing Blockchain based security solutions for IoT systems. tracts execute on the Ethereum Virtual Machine (EVM), a
Section 4 discusses the preliminaries required for the proposed type of operating system provided by the Ethereum platform
scheme. Then a detailed description of the proposed model [8]. Ethereum provides a type of cryptocurrency called Ether
is presented in section 5. The scheme is evaluated in terms (ETH), that can be used for both financial transactions and
of security and performance in section 6. Finally, section 7 executing smart contracts.Though most of the earlier versions
concludes the article with future research plans. of Ethereum used PoW as the consensus mechanism, the
recent version employes proof of stake (PoS) as the consensus
mechanism. The PoW based consensus used in Ethereum
II. B LOCKCHAIN FOR I OT is known as Ethash, a memory intensive and less power
Blockchain, the key element of Bitcoin, has been grow- consuming consensus mechanism as compared to traditional
ing at an unbelievable pace over the last few years with PoW. Ethereum can be used to implement both permission less
its application now extending beyond digital currency. As and permission-based frameworks over Blockchain. Lately,
stated, Blockchain, as distributed ledger that is inherently smart contracts have been extensively used for modeling and
immutable, open, synchronized and verifiable, can be thought securing a number of IoT use-cases. Ethereum was the first
of as a shared replicated ledger with smart contracts [6]. Smart platform to provide a base for development of Distributed
Contracts are nothing more than a piece of computer codes Applications(DAPP) [9]. As another popular platform, Hy-
that provide the shared implementation of the business rules perledger is a permission-based Blockchain framework that
associated with each transaction. The following features of provides an Enterprise-grade foundation for transactional ap-
Blockchain describe how and why Blockchain can be used to plications, where the nodes in the network need to know each
 3

other prior to setting up the network[10]. Practical Byzantine an approach to combine IoT and Blockchain technology
fault tolerance (PBFT) is used as the consensus mechanism where smart contracts define the functionalities of each
used in Hyperledger fabric, which safeguards the network from devices. However, their approach lacks clarity in terms of
crash faults, network faults, Sybil attacks and Byzantine nodes. the usage and the application of the approach to different
Hyperledger provides better performance in terms of higher use-cases of IoT is also restricted. The authors in [18] utilized
transaction throughput and less power consumption compared Ethereum Blockchain for secure analysis and management of
to Bitcoin and Ethereum. Nevertheless, it has limitations, for medical sensors.
instance applications built on Hyperledger cannot be fully These sensors combined with IoT smart devices help in
decentralized and will be less scalable. Multichain is another monitoring the health condition of a patient from remote
open platform to model and deploy private Blockchain within locations. Another method to ensure mutual authentication
a closed environment, just like Hyperledger. It is forked from among IoT devices is introduced in [3], which groups IoT
Bitcoin to broaden the functionality domain of Blockchain that devices into virtual zones within which they can share
provides users with more features, such as speed, permissions, data securely. However, this method doesn’t allow inter
multiple assets and atomic exchanges. Another Ethereum like zonal communication and is still in its elementary phase.
platform is Rootstock for Blockchain based IoT developments. In [19], a distributed storage system is presented for IoT
Since it is compatible with Ethereum, smart contracts writ- applications that generate huge amounts of data. Although
ten for the Ethereum environment can also be used over the work confirms that the storage system utilizes Blockchain
this platform. It also has an built-in infrastructure layer that technology to store the generated data in a distributed manner,
provides users with better computing power, fast payment other security and privacy needs of IoT applications are not
channels and larger storage space. Atonomi is another platform addressed in the research article.
that provides trust and identity that are essential for the Recently, an authentication scheme for IoT devices using
increasingly connected world by securing a device’s identity gateway nodes and Blockchain technology has been proposed
on the distributed ledger, tracking a device’s reputation and in [20], where gateway nodes are included to address the
securing the communication between devices. low computation power and resource constrained nature of
IoT devices. Similarly, in [21], IoT devices are connected to
fog nodes that share a Blockchain structure. Even though the
III. R ELATED W ORK
proposed design ensures a secure communication between
Even though Blockchain is still in its infancy, substantial fog nodes and devices, the applicability of the scheme is very
research has already been done in different areas of IoT using restricted.
Blockchain technology. In this section, the authors discuss
some of the existing works in the field. To summarize, most of the existing research works are not
In [11], the authors propose the advantages and applicable to the wide range of IoT application areas. Apart
disadvantages of Blockchain technology with respect to from this, most of the works solely depend upon the security
IoT, concluding that Blockchain promotes the secure attribute of Blockchain, which may not be enough for some of
and trustworthy sharing of resources and data in an IoT the IoT use-cases. For example, the full anonymity provided
environment among multiple entities. The authors in [12] by Blockchain doesn’t ensure identification, which is crucial
revealed shown how Blockchain technology can be used to in most of the IoT use-cases. Moreover, it remains unclear
design a trust-less, decentralized environment for industrial whether a low power and resource constrained IoT device will
IoT. However, there was no formal proof for validation of be able to perform transactions in Blockchain and participate
their proposed model given in the article. In [13], a privacy in the Blockchain mining process. Most of the researchers are
preserving mechanism was presented that helps to authorize still in their elementary stage, whereby only an approach is
IoT devices in cloud systems. The presented method allows presented but no proper implementation or analysis are given.
stakeholders to share their data gathered from sensor devices
with different service providers in a fully anonymous way. IV. P RELIMINARIES
Yet, it was not adapted to the use-cases where identification
A. System Variables
is essential. Another access control method using Blockchain
technology known as ”FairAccess” was proposed in [14], This section specifies the system variables that need to be
which works analogous to the Role based access control accepted and used by the all entities of the system. These
([15]). FairAccess was specially designed for IoT use-cases variables are specified below.
∗
where the policies are kept in a private Blockchain so that • Assume G to be a cyclic multiplicative subgroup of Zp
they cannot be tampered with. However, this method is not of prime order p, with identity elemente = 1andg ∈ G
applicable to all IoT use-cases since it was designed to work is a generator of G. We assume that computing discrete
only for policy based systems. logarithms in G with respect to g is computationally
In [16], the authors address the various challenges of infeasible.
Blockchain in the context of IoT such as scalability, For example, G might be a large multiplicative subgroup
computational complexity and storage overhead and propose of Zp∗
a light weight Blockchain having a simple consensus for some large prime p, where q is a large prime dividing
mechanism to address these issues. In [17], the authors share p − 1. Alternatively G could be the group of points on
 4

TABLE I hash function H on the value s for N times as shown in Eq.(1)

N OTATION TABLE

H One-way hash function mapping the set ¡0,1,•

• • ,p-1¿ onto itself
h Cryptographic hash function HN (s) ← H N −1 (s) ← H N −2 (s) · · · ← H k (s) · · · ←
D id Unique identity given to the Device H 2 (s) ← H 1 (s) ← s (1)
AM N id Unique identity of the Access Managing Node
pk D Permanent Public Key of Device
prk D Permanent Private Key of Device
pk AM N Permanent Public Key of AMN Then A computes a hash value ϑ that will be used by other
prk AM N Permanent Private Key of AMN entities of the system to validate A as follows:
puk k Public key from the generated key set
prk k Private key from the generated key set
N Number of key pairs generated per device QN
Ekey Encryption using key H j (s)
Dkey Decryption using key ϑ = h(g j=0 ) (2)
| {z }

an elliptic curve. The kth private key (P rKk ) and its corresponding public
key (P uKk ), where 0¡k¡N, are generated as per the Eqn. (3)
• N is a positive integer that specifies the number of and (4)
public/private key pairs available to an IoT device.
k
Table I contains the description of the notations used in the PrKk =
Y
H j (s) (3)
article. j=0
| {z }

B. One-Way Hash Chain Qk

H j (s)
PuKk = g j=0 (4)
One-way hash chains are a kind of cryptographic hash | {z }
used in many applications such as micro-payment systems
[22], mobile ad hoc networks [23] etc. for providing a set
of cryptographic keys from a single key. This technique was V. P ROPOSED W ORK
introduced by Lamport for securing passwords from intruders
This section presents the proposed system architecture and
and malicious users [24]. As per the technique, given a number
scheme for IoT use-cases implementing Blockchain technol-
known as a seed and a cryptographic hash function such as
ogy in detail. The designed solution for the system employs a
SHA-1, the successive application of the hash function to the
one-way hash chain for authentication and key management.
seed generates a set of hash values known as hash chain. The
The most important aspect is that this method significantly
characteristic of the hash chain is that it is computationally
decreases the computational overhead and communication
impossible to invert [25].
latency, which can drastically improve the efficiency, reliability
It works as follows: Initially, an entity will have to choose and scalability of the system.
a secret number known as seed s and a number N where
s ∈ (0, 1...., p − 1).
Then it will repeatedly apply the one way hash A. System Architecture
function defined above for N-1 times to produce a set The proposed system design of the Blockchain based dis-
of N − 1 values denoted as H1 , H2 , H3 ....HN where tributed architecture for IoT use-cases is shown in Fig. 1. The
H1 = H(H2 ), Hk−1 = H(Hk )andHN = HN −1 , where architecture consists of three layers namely Device, Fog, and
1 < k ≤ N.H1 is named as the tip of the hash chain. Cloud layers. The Device layer consists of the smart devices
These values can be used as keys in the reverse order of used in various IoT use-cases, for example, different wearable
creation i.e. in the order HN −1 , ..., Hk , ...H2 , H1 will be medical devices to sense, monitor and observe patient’s health
consumed by the entity. Thus, any hash value needs to be status from a remote location. These include temperature sen-
kept secret until it is used, and the validity of a particular hash sors, gas sensors and surveillance cameras for home or organi-
value can be checked easily with a simple hash operation zation automation. Since the devices are resource constrained
after receiving it. It is important to note that the disclosure of by nature, the Fog layer was added to improve the performance
any key, say Hk , doesn’t reveal any information about other and reduce the computation time and overhead of the devices.
keys. With that being said, if a one way hash chain is used to The Fog layer contains a number of access managing nodes
uniquely bind a set of public key/ private key pairs, a public (AMNs) with standard computational and storage capabilities
key belonging to the chain can be validated using the hash to manage the devices of the Device layer. Devices belonging
function for required number of times to the received public to similar use-cases are grouped together into domains, where
key [25]. For the proposed scheme, a system entity, say A, each domain is managed by an AMN. Similarly, a set of AMNs
first chooses an integer s ∈ 0, 1...., p − 1, then uses a one-way are grouped together to form a network in the Fog layer and
 5

Fig. 1. Blockchain based IoT architecture

are responsible for generating, distributing and managing the

secret keys for the devices linked to them. AMNs belonging to
a network share a Blockchain structure to store the transactions
related to authentication and key management of the same
network. AMNs also act as miners to pack the transactions of
the devices occurred within a certain time interval into a new
block.
Next, the Fog layer is connected to the Cloud layer via high
speed network connectivity.The Cloud layer manages multiple
Blockchains; each from the AMN network of the Fog layer.
For this, a number of nodes, known as manager nodes (MN)
possessing immense computing capabilities are introduced in
the Cloud layer to handle the constrained resources constrained
and highly scalable IoT use-cases. Communications within the Fig. 2. Authentication and Key Management Phases
same network is handled by the AMNs of the network while
inter network transactions are handled by the MNs of the
Cloud layer. Moreover, the MNs also store the data generated 1) System Initialization and Device Registration Phase:
by the devices of the lower layer in an encrypted manner, and The MNs at the top layer are responsible for selecting the
the data can be accessed after proper authentication. system variables as defined in section 3.1 and will announce
The proposed scheme assumes that all entities constituting the these values to the AMNs at the Fog Layer. As already stated,
architecture are furnished with a highly correct atomic clock, AMNs function as network managers to generate and manage
whereby the clocks of the AMNs and devices belonging to the the keys of the devices connected to them. Each device at the
same network are synchronized. device layer generates a public/private key pair.
An AMN registers an unregistered device, by providing a
structure known as a ”license” that will be used as a permit
B. Authentication and Key Management Scheme
to take part in the network. The license includes a) the
This section gives a detailed description of the proposed unique device identity (D id), b) the unique identity of the
scheme, which functions in three phases as shown in Fig. 2. AMN to which the device will belong (AM N id), c) the
The detailed procedure of each phase is described as follows. permanent public key of the device (pk D), d) a signature
using the private key (prk AM N ) of the AMN. Then the
 6

AMN issues transactions in the Blockchain regarding the

registration of the device. Subsequently, the smart contracts
written for the registration of devices in the Blockchain
checks for the uniqueness of the device’s identity. If the
transaction is correct, then the registration details (license)
of the device are stored in the Blockchain, which can only
be accessed by the AMNs connected to that particular network.
license=(D id||AM N id||pk D||Signprk AM N )
AM N → D
2) Key Management and Authentication Phase: Whenever
Fig. 3. Device Authentication in Blockchain
a registered device, say Dp , wants to communicate with
another device, say Dq . belonging to the same domain,
it requires encryption keys for the secure sharing of data. (0 < <q < p − 1). Then it forms
For that, Dp generates a seed s where s ∈ (0, 1...., p − 1) Qlthe reply message, which
H j (s)
. Then it encrypts the s using public key of the AMN to includes a) license, b) P uKl = g j=0 (valid public key
which it belongs, say AM Nx (pk AM N x ), and sends of Dq ), c)[Epk Dp (<q )], d) h(<q ||<∗p ).
it to an AMN. It also sends the license with the above P uKl ,license,Epk Dp (<q )
message for verifying itself to the AM Nx . Then the AM Nx Dp ← Dq
generates the N number of public key/private key pairs When Dp gets this message, it follows the same pro-
and the hash values ϑ using the one way hash chain cess as Dp to verify Dq . If verified then it com-
described in section 3.2. The AM Nx issues a transaction putes Dprk Dp [Epk Dp (<q )] = <∗p and verifies whether
to the Blockchain to store H N (s), ϑ, the current timestamp h(<q ||<∗p ) = h(<∗q ||<p ). If it holds then it verifies Dq and
value and the duration for which the key set will be valid, sends acknowledgment.
corresponding to Dp . Once the transaction is verified by all Finally both Dp and Dq compute the session key as
AMNs of the network, AM Nx encrypts the generated key set h(P uKk ||<q ||<p ||P uKl ).
using a public key of Dp , signs the message, then sends to Dp . 3) License Revocation: If a device is found to be malicious,
then the AMN issues a new transaction to revoke the license
When Dp wants to connect to Dq to access data or share of that particular device. The transaction stores the identity of
information, first it has to prove its authenticity to Dq , then the device into a new block so that any further messages from
they will establish a session key for further communication. this particular device will be rejected.
For this, Dp initiates the communication during time interval
tk , 0 ≤ k < N by sending a message directly to Dq that
Q k
H j (s)
VI. E VALUATION
includes a)P uKk = g j=0 , b) the license, c) current
time (Tp ) and d) Cipher text of a random number <p , A. Performance Analysis
(0 < <p < p − 1) using public key of Dq [Epk Dq (<p )] In this section, a detailed description is provided of how
P uKk ,license,Tp ,Epk
the proposed scheme is implemented using smart contracts.
Dq (<p )
Dp → Dq The experimental set up consists of two cloud servers to
On receiving the above message, Dq first verifies whether simulate the MNs, four laptops to function as AMNs and two
Tq − Tp < ∆Γ, where Tq is the current system time at Dq Raspberry Pi to connect the devices. The Ethereum platform
and ∆Γ is the maximum tolerable time interval. If it holds, it is used to realize the Blockchain network. Smart contracts that
then verifies the correctness of the license through its AMN. serve as the core of the proposed system are developed using
If found correct, then it computes Solidity language [8]. These smart contracts were implemented
P rKi , (k + 1) ≤ i ≤ N (since Dq is supposed to know k and verified using Remix IDE before deploying them in the
because of time synchronization) Blockchain platform [26]. In fact, Ropsten Testnet was used as
Qk an Ethereum tool for testing and development purposes. The
∗ H j (s) output of the authentication process is shown in Fig. 3.
ϑQ = (P uKQ k)
j=0
k k
H j (s) H j (s)
= g Qj=0 j=0
As the proposed approach uses one-way hash chains for
N
H j (s)
=g j=0
validation and key management, its performance was evaluated
on a system with specification Intel(R) Core(TM) i5, CPU-
To verify the authenticity of Dp , Dq checks whether 3.30 GHz, 8 GB of RAM, Win 8, 64-bit OS. Fig. 4 shows
h(ϑ∗ ) = ϑ. ( the value of ϑ can be obtained from the that the time required to generate the private/public key
corresponding AMN for Dq .) If it is not true, then Dq pairs is analogous to the generation of corresponding hash
rejects the request and reports to its AMN. If it matches, values. This is because both key pairs and hash values require
then Dq successfully verifies Dp as a valid entity of the multiplication operations for their computation but the number
system. Next it decrypts Dprk Dq [Epk Dq (<p )] = <∗p of multiplication operations required for private key generation
using its private key and selects a random number <q , is inversely proportional to those for hash value generation. In
 7

TABLE II
120 Hash Value C OMPARISON BASED ON C HARACTERISTIC PARAMETERS
Private Key
Complete key set
100 Characteristic [20] [22] [24] Current Study
Mutual Authentication Yes Yes – Yes
80 Resists Replay Attack No No – Yes
Time (s)

Resists MITM Attack Yes Yes – Yes

60 Resists DOS Attack Yes Yes – Yes
Scalablility No No No Yes
40
Implementation No No Yes Yes
20

0 B. Security Analysis
5000 10000 15000 20000 25000 30000
Length of hash chain An extensive analysis of the proposed scheme proves that
the scheme is highly accomplished to meet the privacy and
Fig. 4. Time required for Key pair generation security needs of an IoT use-case. This section shows how the
proposed scheme secured against various network attacks and
makes comparison to some existing works that have similar
1200 objectives. The comparison detail are provided in Table II.
• Mutual Authentication and Message Integrity: Authenti-
1000 cating the source as well as the destination before starting
Transaction Number

a communication is crucial in an IoT system to avoid

800 impersonation and man-in -the-middle attacks. Each de-
vice holds a license that is digitally signed by a trusted
600
authority. During communication, each device uses its
license to verify itself to the other device. whereby only
400
a valid device can correctly compute ϑ. Finally both the
5000 10000 15000 20000 25000 30000 35000 40000
communicating devices use unique random numbers to
Number of Devices verify each other.
• Resistance to Replay Attack: An adversary can use al-
Fig. 5. Transaction Number with respect to Number of devices ready sent messages to gain knowledge about the confi-
dential information of the entities. Use of timestamp val-
ues with each request message ensures that the proposed
addition, the time required to generate the entire key pairs and approach is secure against replay attacks.
hash values is 120s for about 29,780 key pairs. • Resistance to Sybil Attack: In sybil attack, the attacker
Fig. 5 displays the plot of transaction time with respect to disturbs a system by creating multiple identities. These
the rate of issuing a transaction and the number of devices. At fake identities share wrong information and hence affect
an average rate (0.03), the transaction number increased from the decision making of the system. To address this issue,
112 for 5000 devices to 1200 for 40350 devices, which proves each device of the proposed model can have only a single
the scalability of the system. The time required to prepare a pair of keys at a particular time, which is mentioned in the
block is shown in Fig. 6, revealing that preparation time slowly license. Besides, each device has been assigned a unique
increased up to 400 transactions. preparation time over 0.4s device identity in the registration phase that is stored in
when number of transactions was larger than 700. Finally, the the Blockchain. Thus,a malicious node will not be able
preparation time reached 1s when there were 990 transactions. to fake identities to disturb the system.
• Resistance to Man-in-the-middle Attack (MITM): In
the proposed work, random numbers and public/private
1.0 key pairs generated from the hash chain are used to
successfully resist the system from this attack. Sup-
0.8 pose an attacker (Da ) starts a session parallel to a
valid session by sending the same message as Dp <
Processing Time (sec)

0.6 P uKk , license, Tp , Epk Dq (<p ) >=< P uKk , license,

Tp , Epk Dq (<p ) >. When Dq receives this mes-
0.4 sage, it follows the procedure as described in sec-
tion 5.2.2 and replies with messages that includes
0.2 [Epk Dp (<q ), h(<q ||<p )] and [Epk Da (<a ), h(<a ||<p )]
to Dp and Da respectively. At this point, Da blocks
0.0
200 400 600 800 1000
the message meant for Dp and [Epk Da (<a ), h(<a ||<p )]
Transaction Number to Dp . Then Dp decrypts <a and sends it to Dp for
final verification. But it fails and thus it proves that the
Fig. 6. Block Preparation Time proposed approach resists MITM attack.
 8

• Resistance to Denial of Service (DoS) Attack: In a DOS [3] M. T. Hammi, B. Hammi, P. Bellot, and A. Serhrouchni, “Bubbles of
attack, the adversary attempts to prevent the use of a trust: A decentralized blockchain-based authentication system for iot,”
Computers & Security, vol. 78, pp. 126–142, 2018.
network resource or a valid service by temporarily or per- [4] S. Nakamoto and A. Bitcoin, “A peer-to-peer electronic cash system,”
manently blocking the server of the system. In Distributed Bitcoin.–URL: https://bitcoin. org/bitcoin. pdf, vol. 4, 2008.
DOS (DDoS) attack, multiple attackers consume the [5] S. S. Panda, B. K. Mohanta, U. Satapathy, D. Jena, D. Gountia, and T. K.
Patra, “Study of blockchain based decentralized consensus algorithms,”
resources of the system to disrupt its normal functioning. in TENCON 2019-2019 IEEE Region 10 Conference (TENCON). IEEE,
This can be done by flooding the target device with 2019, pp. 908–913.
unnecessary messages. If the target device is the central [6] B. K. Mohanta, S. S. Panda, and D. Jena, “An overview of smart contract
and use cases in blockchain technology,” in 2018 9th International Con-
node of a centralized system, then failure of the central ference on Computing, Communication and Networking Technologies
node affects the whole system.In the proposed approach, (ICCCNT). IEEE, 2018, pp. 1–4.
both the use of Blockchain technology and the large [7] A. Back et al., “Hashcash-a denial of service counter-measure,” 2002.
[8]
number of miners in the Ethereum platform increases the [9] B. K. Mohanta, A. Sahoo, S. Patel, S. S. Panda, D. Jena, and D. Gountia,
resistance to such an attack. Furthermore, the high cost of “Decauth: Decentralized authentication scheme for iot device using
making a transaction in Blockchain network, discourages ethereum blockchain,” in TENCON 2019-2019 IEEE Region 10 Con-
ference (TENCON). IEEE, 2019, pp. 558–563.
an attacker from launching an attack. [10] E. Androulaki, A. Barger, V. Bortnikov, C. Cachin, K. Christidis,
• Scalability: In context of this article, scalability is char- A. De Caro, D. Enyeart, C. Ferris, G. Laventman, Y. Manevich et al.,
acterized by the ability to guarantee that the size of the “Hyperledger fabric: a distributed operating system for permissioned
blockchains,” in Proceedings of the Thirteenth EuroSys Conference,
system doesn’t affect its performance. In other words, if 2018, pp. 1–15.
the number of devices increases, then it should not affect [11] K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for
the time required for authentication and key management. the internet of things,” Ieee Access, vol. 4, pp. 2292–2303, 2016.
[12] A. Bahga and V. K. Madisetti, “Blockchain platform for industrial
In the proposed work, the AMNs store the information internet of things,” Journal of Software Engineering and Applications,
related to authentication and key management of their vol. 9, no. 10, pp. 533–546, 2016.
own network. All Blockchains belonging to different [13] T. Hardjono and N. Smith, “Cloud-based commissioning of constrained
devices using permissioned blockchains,” in Proceedings of the 2nd
AMN networks are handled by MNs of the Cloud layer. ACM international workshop on IoT privacy, trust, and security, 2016,
Apart from this, a device has to store very minimal pp. 29–36.
information required only for validating its authenticity [14] A. Ouaddah, A. Abou Elkalam, and A. Ait Ouahman, “Fairaccess: a new
blockchain-based access control framework for the internet of things,”
and securing its communication with other devices. More- Security and Communication Networks, vol. 9, no. 18, pp. 5943–5964,
over, using peer to peer networks like Blockchain, the 2016.
scalability issue can be handled very easily [27]. Due to [15] D. Ferraiolo, J. Cugini, and D. R. Kuhn, “Role-based access control
(rbac): Features and motivations,” in Proceedings of 11th annual com-
all these features, the proposed approach can achieve a puter security application conference, 1995, pp. 241–48.
good security performance. [16] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Lsb: A
lightweight scalable blockchain for iot security and privacy,” arXiv
preprint arXiv:1712.02969, 2017.
VII. C ONCLUSION [17] S. Huh, S. Cho, and S. Kim, “Managing iot devices using blockchain
platform,” in 2017 19th international conference on advanced commu-
In this article, a novel approach for distributed authentica- nication technology (ICACT). IEEE, 2017, pp. 464–467.
tion and key management is presented. The approach exploits [18] H. L. Pham, T. H. Tran, and Y. Nakashima, “A secure remote healthcare
system for hospital using blockchain smart contract,” in 2018 IEEE
the advantages of Blockchain technology, cloud computing Globecom Workshops (GC Wkshps). IEEE, 2018, pp. 1–6.
and fog computing to achieve a secure and efficient archi- [19] Q. Xu, K. M. M. Aung, Y. Zhu, and K. L. Yong, “A blockchain-based
tecture for IoT use-cases. The entire system is divided into storage system for data analytics in the internet of things,” in New
Advances in the Internet of Things. Springer, 2018, pp. 119–138.
layers of Blockchain to speed up the validation process and [20] S. S. Panda, U. Satapathy, B. K. Mohanta, D. Jena, and D. Gountia, “A
to increase the scalability of the system, whereby the Ethreum blockchain based decentralized authentication framework for resource
platform was used to develop the Blockchain network. The constrained iot devices,” in 2019 10th International Conference on
Computing, Communication and Networking Technologies (ICCCNT).
scheme was thoroughly evaluated, confirming the high ef- IEEE, 2019, pp. 1–6.
ficiency and scalability of the scheme.The security analysis [21] B. K. Mohanta, D. Jena, S. S. Panda, and D. Gountia, “Decentralized
further demonstrates the scheme’s compliance to the security secure fog computing in cloud-fog-iot infrastructure using blockchain.”
[22] R. L. Rivest and A. Shamir, “Payword and micromint: Two simple mi-
requirements of IoT use-cases. Future works to improve the cropayment schemes,” in International workshop on security protocols.
proposed approach are suggested to: 1) design schemes for Springer, 1996, pp. 69–87.
inter network communication among the AMNs as well as [23] Q. Huan, I. C. Avramopoulos, H. Kobayashi, and B. Liu, “Secure
data forwarding in wireless ad hoc networks,” in IEEE International
devices and 2) implement and evaluate the schemes to verify Conference on Communications, 2005. ICC 2005. 2005, vol. 5. IEEE,
their ability in providing security and performance require- 2005, pp. 3525–3531.
ments. [24] L. Lamport, “Password authentication with insecure communication,”
Communications of the ACM, vol. 24, no. 11, pp. 770–772, 1981.
[25] G. Kounga, C. J. Mitchell, and T. Walter, “Generating certification
R EFERENCES authority authenticated public keys in ad hoc networks,” Security and
Communication Networks, vol. 5, no. 1, pp. 87–106, 2012.
[1] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, and B. Sikdar, “A [26] Remix, “Remix description,” Available: http://remix.ethereum.org, April
survey on iot security: application areas, security threats, and solution 1, 2018.
architectures,” IEEE Access, vol. 7, pp. 82 721–82 743, 2019. [27] M. S. Ali, M. Vecchio, M. Pincheira, K. Dolui, F. Antonelli, and
[2] M. Ma, G. Shi, and F. Li, “Privacy-oriented blockchain-based distributed M. H. Rehmani, “Applications of blockchains in the internet of things:
key management architecture for hierarchical access control in the iot A comprehensive survey,” IEEE Communications Surveys & Tutorials,
scenario,” IEEE Access, vol. 7, pp. 34 045–34 059, 2019. 2018.