Decauth: Decentralized Authentication Scheme For Iot Device Using Ethereum Blockchain
Decauth: Decentralized Authentication Scheme For Iot Device Using Ethereum Blockchain
Decauth: Decentralized Authentication Scheme For Iot Device Using Ethereum Blockchain
net/publication/337936071
CITATIONS READS
25 1,011
6 authors, including:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Bhabendu Kumar Mohanta on 15 December 2019.
I. I NTRODUCTION
As per CISCO estimation, the number of IoT device will
cross 50 billion by 2020. Since the emerge from 2008 to till
date, IoT has shown lots of promise in the different application
areas. The living standard of the human has also become Fig. 1. Application area of Internet of Things.
more easy, comfortable by using IoT technology. Due to
low processing power and less memory space, the existing
security algorithms are not suitable for IoT devices. Some
of the security issues in IoT are Confidentiality, Integrity, do not trust each other can take decision making process. The
Availability, Identification, and Authentication. problem in centralized system is single point of failure. In a de-
Blockchain [1] technology is a decentralized architecture centralized system there are multiple coordinate points which
having all transactions recorded as a digital ledger. All the overcome the single point failure. In a distributed environment
nodes are connected in a distributed manner like mesh topol- every node collectively executes the job.Blockchain can be
ogy. The transaction occurs between any nodes is passed of two types permissioned and permissionless [2] architecture
through verification by the Blockchain network, then after the to build the application. In this work, we have implemented
mining process, the completed transaction is recorded in a the Blockchain smart contract using the Ethereum platform,
block. The block consists of numbers of valid transactions where the Web Authentication mechanism takes place using
between the different nodes. Once recorded in a block the Ethereum Authentication (DecAuth). DecAuth is an attempt
transaction never be changed. So Blockchain provides an to make a decentralized site login and authentication protocol.
immutable digital ledger among all the nodes present in the It’s analogous to the “Log In with Facebook” button that we
network. It builds trust among all the user as all the user have have probably become accustomed to. It is a smart contract
the same set of digital record present among themselves and that will store user IDs and their associated wallet addresses.
whatever happens in the network one can see it. Blockchain It works on the concept of Digital Signature and Hashing.
technology has the security and privacy issued of the uses are The IoT has lots of application areas as shown in Fig. 1,
addressed using public and private key concept also using a each of these application consists of basic three-layer architec-
digital signature.A Blockchain is a distributed computation and ture. The architecture consists of sensors devices, connecting
information sharing platform which enable multiple nodes that devices, and some user devices to monitor the environment.
978-1-7281-1895-6/19/$31.00 2019
c IEEE 558
II. BACKGROUND STUDY
The Internet of Things is widely used by the research
communities to address the challenges associated with the
technology. Though IoT is used in all most every area to
get real-time information. From the security point of view,
there are still challenges exist or need to be addressed though
some research is already done on this. Authentication is
the process of recognizing devices. In Paper [3], breathing
is used as the input to authenticate the IoT devices using
some recurrent neural network. The authors in paper [4],
describe the two-factor authentication for the IoT devices and
also mentioned that their proposed scheme is computationally
efficient. similarly in paper [5] and [6] authors have described
the authentication of IoT devices using Accelerometer-Based
Speed-Adaptive Gait and Privacy-Preserving and Accountable
protocols. In [7], authors have explained the access control
and IoT device management using Blockchain technology.
The authors in [8] proposed a framework based on machine
learning for the authentication of the IoT devices. In paper [9],
Fig. 2. Architecture of Internet of Things based on Fog and Cloud Computing.
the authors proposed an ECC based authentication system.
Most of the authentication schemes of IoT device are
centralized means depend on a single server. There is a chance cloud computing or recent development of fog computing. The
of single point failure and uses need to trust on the server. storage purpose IoT application can store at the edge device or
Thus, our objective is to use a secure and decentralized at the cloud server depend upon the storage space availability.
authentication scheme based on Blockchain concept such as
• IoT/ Physical layer: In this layer, all the required sensors
Ethereums in order to aid such type of authentication. It is,
are deployed in the application area. The sensors are
after all, a cryptographically secure keys pair in which the
connected to the next layer using WiFi or through a wire.
public key represents the wallet address, and the private key is
• Fog Layer/Processing layer: IoT application demands
never transmitted over the network. Moreover, it is known only
faster processing and quick response for better utilization
to its owner and it is possible to use asymmetric encryption
of the system. Most of the application collects data from
to authenticate users. In the simplest case, we can use the
sensors need to process in the edge of the network for
Ethereum wallet address as a user ID of the IoT device.
faster processing and temporary storage for quick analysis
III. I MPORTANT OF I OT D EVICE AUTHENTICATION of the data. The decision can be taken by analyzing the
The last decade and IoT technology have emerged as one data either in collaborating way or distributed way in
of the most promising fields of research. Since the concept mutual agreement.
of IoT arises lots of development has been taken place in a • Cloud Layer/ Storage Layer: cloud computing provides
different application. The architecture of IoT [10] is basically different types of services like infrastructure, platform,
three layer perception, network, and application layer. To and software as a service. In an IoT application as
make the real use of the IoT technology for efficient and different sensors are collected information from environ-
reliable of the system. Security and privacy issues are the ment continuous way, it is not possible to provide large
challenges to implement a different application using the IoT memory space. Also, IoT devices are low in memory
concept. some of the challenges [11] like access control, capacity. Similarly, the storage capacity of a fog device
authentication, centralized or distributed network, the identity is also limited, so the final storage must be provided by
of the things. The visualization [12] is one the important aspect cloud computing.
of the IoT application. The end user monitors the environment
B. Necessity of Device Authentication
using either mobile phone or smart tablets. In the paper [13],
authors proposed different types of architecture to build IoT The authentication of IoT devices guarantees that the device
application. Though IoT applications use both centralized and connected with the IoT application can be trusted. When
decentralized architecture. The decentralized architecture has devices perform any operation in an application, the devices
an advantage over centralized architecture. need to be identifying using its unique ID. Using the unique
ID, devices can connect to the next layer also performs
A. Working Procedure of IoT System different computation in a collective way. The authentication
The IoT application system has different stages as shown in of the devices means the communication can be done securely,
Fig. 2 like connecting different type of sensors for collecting all the nodes are identified using their ID. In the paper [14]
the data. For processing and doing computation may depend on and [15], authors have explained that the IoT security can be
------------------------------------------
Smart Contract
------------------------------------------
Parameters:
ln: login_name Fig. 3. Homepage.
a: address
-----------------------------------------
Function: createAccount(string ln)
If (bytes(ln).length > 2 && bytes(ln).length
<= 32)
then, emit Create();
Function: authAddress(address a)
return authAddr;
Function: recoveryAddress(address a)
return recoveryAddr;
Fig. 4. Registering user.
Function:setRecoverAddress(String ln,address a)
If(recoveryAddr==msg.sender())
then, emit recoveryChange(); A. Homepage
This is the user interface where users/IoT devices need
Function: dropAccount(String ln) to register and then administer. Without Registration, users
If(recoveryAddr==msg.sender) cannot login to the decentralized Web authentication system
then, delete authAddr; and Administration is required for key management.
emit drop();
B. Registering Users
Function: signerAddress()
Keccak(); The Registration button in Homepage leads to registration
ecrecover(); where two private keys are generated i.e. Authkey address and
------------------------------------------ Recoverkey address.
C. Key Management
VII. R ESULT A NALYSIS
The administration button in Homepage leads to key man-
DecAuth algorithm is implemented using ethereum plat- agement where both the Authkey address and Recoverkey
form. The user interface is designed using ReactJs. Below address are changed such that if the user forgets the Authkey
are the screenshots of implemented results attached which address, then with the help of Recoverykey address , the
includes user interface design for dashboard and example auth user’s session is restored. So here, basically the AuthKey and
agent, smart contract implementations. RecoveryKey are changed.