Blockchain-Based User Authentication with Anonymity for Internet of Things Applications
Yong Joo Lee1, Keon Myung Lee2, Sang Ho Lee3
1Yong Joo Lee, Department of Computer Science, Chungbuk National University, Chungdae-ro, Heungdeok-ku, Cheongju, Chungbuk, Korea.
2Keon Myung Lee, Department of Computer Science, Chungbuk National University, Chungdae-ro, Heungdeok-ku, Cheongju, Chungbuk, Korea.
3Sang Ho Lee, Department of Computer Science, Chungbuk National University, Chungdae-ro, Heungdeok-ku, Cheongju, Chungbuk, Korea.
Manuscript received on 01 January 2019 | Revised Manuscript received on 06 January 2019 | Manuscript Published on 07 April 2019 | PP: 304-310 | Volume-8 Issue- 3C January 2019 | Retrieval Number: C10680183C19/2019©BEIESP
Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open-access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Security threats that target identities (IDs) have increased considerably in recent years. Various network attacks attempt to discover IDs that can be used in future attacks to obtain private information. In this paper, we propose a blockchain-based user authentication approach that can be used by various end-users for internet of things (IoT) applications. The proposed approach uses single-use authentication parameters and does not require any private information. It is based on the child-key mechanism of the hierarchical deterministic (HD) wallet. The HD wallet is accepted as a standard of Bitcoin and is in turn based on the elliptic curve digital signature algorithm. The authentication parameters of the proposed approach were created using the HD wallet mechanism. The transaction of the authentication key stored in the distributed ledgers of the blockchain could be shared by various IoT servers for subscription to different services, and the user account of the blockchain could be connected to the IoT servers for payments without a membership procedure. We used only hash values for an authentication request to protect against network attacks. The proposed approach could decrease the system load by using a lightweight feature with few parameters and simplify the approach without the need for additional procedures by IoT servers. We verified that the security requirements of the proposed approach were satisfied, by analyzing the transmitted parameters. Furthermore, we evaluated the security vulnerabilities from various threats and analyzed attack scenarios. Thus, we propose that the authentication servers verify an original EC domain parameter hash value and the hash reuse to protect against fake attacks by network sniffing and spoofing. We have also summarized the originality and the characteristics of the proposed research by comparing it with closely related studies and concluded with a future research guide.
Keywords: Blockchain, Privacy, Authentication, Peer to Peer, Identity, Elliptic curve cryptosystem.
Scope of the Article: Computer Science and Its Applications