ABSTRACT
The data collected by IoT devices is of great value, which makes people urgently need a secure device key management strategy to protect their data. Existing works introduce the blockchain technology to transfer the responsibility of key management from the trusted center in the traditional key management strategy to the devices, thus eliminating the trust crisis caused by excessive dependence on third parties. However, the lightweight implementation of IoT devices limits the ability to resist side channel attacks, causing the private key to be exposed and subject to masquerading attacks. Accordingly, we strengthen the original blockchain based key management scheme to defend against key exposure attack. On the one hand, we introduce two hash functions to bind transactions in the blockchain to legitimate users. On the other hand, we design a secure key exchange protocol for identifying and exchanging access keys between legitimate users. Security analysis and performance show that the proposed scheme improves the robustness of the network with small storage and communication overhead increments.
- Ahadipour A and Keshavarz-Haddad A (2017). LPKP: Location-based Probabilistic Key Pre-distribution Scheme for Large-Scale Wireless Sensor Networks Using Graph Coloring. ISeCure, 9(1).Google Scholar
- W Du, J Deng, et al. (2004). A key management scheme for wireless sensor networks using deployment knowledge. IEEE INFOCOM, Vol. 1, IEEE, 2004.Google Scholar
- M Ma, D He, M Khan, et al. (2018). Certificateless searchable public key encryption scheme for mobile healthcare system. Computers & Electrical Engineering, 65, 413--424.Google ScholarCross Ref
- M Ma, G Shi and F Li (2019). Privacy-Oriented Blockchain-Based Distributed Key Management Architecture for Hierarchical Access Control in the IoT Scenario. In IEEE Access, vol. 7, pp. 34045--34059 Google Scholar
- S Nakamoto (2018). Bitcoin: A peer-to-peer electronic cash system. Available: https://bitcoin.org/en/bitcoin-paper.Google Scholar
- S Haber and W S Stornetta (1991). How to time-stamp a digital document. In Journal of Cryptology, vol 3, no 2, pages 99--111.Google ScholarDigital Library
- D Bayer, S Haber and W S Stornetta (1993). Improving the efficiency and reliability of digital time-stamping. In Sequences II: Methods in Communication, Security and Computer Science, pages 329--334.Google Scholar
- M Conoscenti, A Vetrò and J C D Martin (2016). Blockchain for the internet of things: a systematic literature review. In 13th Int. Conf. Comput. Syst. Appl. (AICCSA), Agadir, Morocco, pp. 1--6.Google ScholarCross Ref
- A Bahga and V K Madisetti (2016). Blockchain platform for industrial internet of things. J. Softw. Eng. Appl., vol. 9, no. 10, pp. 533--546.Google ScholarCross Ref
- A Dorri, S S Kanhere and R Jurdak (2016). Blockchain in internet of things: Challenges and solutions. arXiv:1608.05187.Google Scholar
- E Karafiloski and A Mishev (2017). Blockchain solutions for big data challenges: a literature review. In IEEE EUROCON 2017 -17th Int. Conf. Smart Technol., Ohrid, Macedonia, pp. 763--768.Google ScholarCross Ref
- H R Hasan and K Salah (2019). Combating Deepfake Videos Using Blockchain and Smart Contracts. In IEEE Access, vol. 7, pp. 41596--41606 Google ScholarCross Ref
- K Salah, M H U Rehman, N Nizamuddin and A Al-Fuqaha (2019). Blockchain for AI: Review and Open Research Challenges. In IEEE Access, vol. 7, pp. 10127--10149 Google ScholarCross Ref
- M A Khan and K Salah (2018). IoT security: Review, blockchain solutions, and open challenges. Future Generation Computer Systems, Volume 82, Pages 395--411.Google ScholarCross Ref
- A Ouaddah, A A Elkalam and A A Ouahman (2017). Towards a Novel Privacy-Preserving Access Control Model Based on Blockchain Technology in IoT. In Europe and MENA Cooperation Advances in Information and Communication Technologies, Advances in Intelligent Systems and Computing, Cham, pp. 523--533.Google Scholar
- A Lei, H Cruickshank, Y Cao, P Asuquo, C P A Ogah and Z Sun (2017). Blockchain-based dynamic key management for heterogeneous intelligent transportation systems. IEEE Internet Things J., vol. 4, no. 6, pp. 1832--1843.Google ScholarCross Ref
- J Ge, C Tu and N Gao (2019). Technology Overview of Side Channel Analysis. In Cryptography Application Security, 5(01), 75--87.Google Scholar
- E Karimi, Z H Jiang, Y Fei and D Kaeli (2018). A Timing Side-Channel Attack on a Mobile GPU. 2018 IEEE 36th International Conference on Computer Design (ICCD), Orlando, FL, USA, pp. 67--74 Google ScholarCross Ref
- C Reinbrecht, A Susin, L Bossuet, G Sigl and J Sepúlveda (2016). Side channel attack on NoC-based MPSoCs are practical: NoC Prime+Probe attack. 2016 29th Symposium on Integrated Circuits and Systems Design (SBCCI), Belo Horizonte, pp. 1--6 Google ScholarCross Ref
- P Kaushik and R Majumdar (2017). Timing attack analysis on AES on modern processors. 2017 6th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), Noida, pp. 462--465 Google ScholarCross Ref
- Y F Alias and H Hashim (2018). Timing analysis for Diffie Hellman Key Exchange In U-BOOT using Raspberry pi. 2018 IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE), Penang, pp. 212--216 Google ScholarCross Ref
- P Bayat-Makou, A Jahanian and M Reshadi (2018). Security Improvement of FPGA Design Against Timing Side Channel Attack Using Dynamic Delay Management. 2018 IEEE Canadian Conference on Electrical & Computer Engineering (CCECE), Quebec City, QC, pp. 1--4 Google ScholarCross Ref
- F Jia and D Xie (2016). A unified method based on SPA and timing attacks on the improved RSA. In China Communications, vol. 13, no. 4, pp. 89--96 Google ScholarCross Ref
- M Matthew and R Muresan (2017). An overview of hardware-level statistical power analysis attack countermeasures. Journal of Cryptographic Engineering, 7.3 (2017), 213--244.Google ScholarCross Ref
- A Kumar, C Scarborough, A Yilmaz and M Orshansky (2017). Efficient simulation of EM side-channel attack resilience. 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), Irvine, CA, pp. 123--130 Google ScholarCross Ref
- D Ishihata, et al. (2017). Enhancing reactive countermeasure against EM attacks with low overhead. 2017 IEEE International Symposium on Electromagnetic Compatibility & Signal/Power Integrity (EMCSI), Washington, DC, pp. 399--404 Google ScholarCross Ref
- S Patranabis, J Breier, D Mukhopadhyay and S Bhasin (2017). One Plus One is More than Two: A Practical Combination of Power and Fault Analysis Attacks on PRESENT and PRESENT-Like Block Ciphers. 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), Taipei, pp. 25--32 Google ScholarCross Ref
- B Ning and Q Liu (2018). Modeling and Efficiency Analysis of Clock Glitch Fault Injection Attack. 2018 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), Hong Kong, pp. 13--18 Google ScholarCross Ref
Index Terms
- Enhanced blockchain based key management scheme against key exposure attack
Recommendations
Blockchain-Based Group Key Management Scheme in IoT
Intelligent Computing Theories and ApplicationAbstractGroup key management is an important method to protect privacy information in the IoT. However, the existing group key management scheme follows the hierarchical structure and highly depends on central authentication, which cannot be adapted to ...
Prevention of DoS Attacks Based on Light Weight Dynamic Key Mechanism in Hierarchical Wireless Sensor Networks
FGCN '08: Proceedings of the 2008 Second International Conference on Future Generation Communication and Networking - Volume 01Denial of service (DoS) attack is an impelling inside attack in the form of interference or collision at the receiver side, which can causes serious damage to the functions of wireless sensor networks (WSNs). In this paper, we propose a solution using ...
Matrix-based key management scheme for IoT networks
AbstractThe key management is the central element of network security. In fact, key distribution is necessary for securing applications in the context of Internet of Things (IoT). However, existing key management protocols are not directly ...
Comments