Research On Blockchain Based System Security Technology For Internet Of Things

The revolutionary Internet of Things(Io T)technology promotes the connection of everything to share Io T data as production resources,and gradually becomes the key engine and infrastructure of digital economy.As Io T devices are always resource-constrained and publicly deployed,the security of device keys suffers from the threats of physical attacks and malware.Once device secret keys are stolen,the problems of encrypted data leakage and malicious device impersonation will happen.This thesis first leverages Physically Unclonable Functions(PUFs)that build hardware secret keys for Io T devices,to solve security problems existing in key generation and storage methods.PUFs could be regarded as a promising hardware Io T security technology,which derives nanoscale manufacturing variations to build mapping correlations based on Challenge and Response Pairs(CRPs).These mapping correlations are lightweight,fast to generate,unnecessary to store,hard to predict,and impossible to clone.As a result,hardware keys will be efficiently provided for devices to solve security problems of device keys.Therefore,developing PUFs-based mechanisms of authentication and key generation is meaningful to complete the Io T security system.However,most of the PUFs-based security mechanisms are designed for the centralized Io T system model.Integrating PUFs mechanisms into distributed Io T models still faces challenges.Then,this thesis proposes three key challenges of them to carry out the research.(1)The distributed secure storage and efficient synchronization of CRPs in multi-server authentication.When establishing PUFs-based multi-server authentication,it needs to securely store a number of CRPs in multiple servers.Meanwhile,considering the one-time usage of CRPs in PUFsbased authentication,it should reliably and efficiently synchronize the latest CRPs data among different servers.It is urgent to develop an effective way of ensuring secure distributed storage and efficient synchronization of CRPs at the same time.(2)The secure and reliable CRPs management method under threat models of key leakage and single point failure.Existing studies utilize secret keys of servers to protect CRPs storage.However,once generalizing this issue to server key leakage model,especially in distributed scenarios,simply relying on server secret keys to secure CRPs storage and usage is not enough.The impersonation attacks on CRPs cannot be completely prevented.Meanwhile,the PUF circuit and CRPs backup also suffer from single point failure.The reliability of mechanisms based on PUFs key will be affected.(3)The trust building method to establish cross-domain PUFs device authentication and access control.When securing cross-domain communications and collaborations,it needs to build a security system based on device authentication and access control.However,entities in different Io T domains will not fully trust each other.It is difficult for devices to securely and efficiently share key materials and access control credentials,thus,impeding the construction of cross-domain Io T security systems.Based on the issues aforementioned,when developing distributed PUFs-based Io T mechanisms,it needs to address issues of secure,efficient CRPs sharing,and reliable,trustworthy CRPs management.Blockchain emerges as a cutting-edge security technology,which has features of decentralization,distributed consistency,tamper-proofing,traceability,etc.To support PUFs-based security mechanisms in distributed Io T,blockchain could provide secure,trustworthy,and reliable data synchronization and sharing,and address threats of single point failure and data tampering.Therefore,this thesis combines the blockchain with the inherent features of PUFs-based security mechanisms to carry out an optimal design.Moreover,modern cryptographic techniques are also integrated to address key challenges.The goal of our research is to build PUFs-based distributed Io T systems using blockchain.The main research work of this thesis is summarized as follows:(1)We proposed PUFs-based multi-server authentication protocol using multi-receiver encryption(MRE)and blockchain.To address the issue of distributed storage and efficient synchronization of CRPs,a CRPs protection method is first designed based on keyed hash functions and broadcasting ciphertext to establish mapping correlations for CRPs.Then,we design an efficient synchronization method,which combines MRE with the blockchain data synchronization process to transmit CRPs data in the form of transactions.The MRE authorizes servers to synchronize CRPs data.Last,we build PUFs-based authentication by integrating above methods,to support multi-server scenarios as well as solve the threat of single point failure existing in data synchronization.(2)We combined SSS with blockchain to propose a secure and reliable CRPs management method to build PUF as a service(PUFAa S).This method mainly addresses the bottleneck of CRPs management existing in PUFs-based security mechanisms,under the threat models of server key leakage and single point failure.First,a PUF secret sharing method(PSSM)is constructed by combining random number mechanism with SSS.The shared PUF secrets directly activate security mechanisms,on behalf of responses.This method relies on the security feature of SSS to realize CRPs protection and avoid single point failure,and addresses the reliability issue in PUFs key generation mechanisms.Then,the blockchain is integrated into PSSM to develop our CRPs management method,which shares PUF secrets accountably and trustworthily.We leverage this method to build PUFAa S.Services of distributed authentication,recoverable data encryption and sharing are supported.(3)We developed blockchain-based and PUFs-assisted multi-factor device authentication for cross-domain Io T.This work addresses the issue of building trust for key materials while establishing secure cross-domain device authentication.First,the multi-factor key derivation method based on PUFs root key is constructed,which could resist the potential threat of device factors leakage.Then,the blockchain stores each domain’s public parameters and dynamic accumulator to build trust for key materials among different domains.The on-chain dynamic accumulator accumulates the mapping information of secret keys derived from multiple device factors,thereby greatly reducing the on-chain overhead.Last,we integrate this trust building method to design an unlinkable cross-domain device authentication.As a result,the requirements of high efficiency and privacy preservation in crossdomain device authentication could be satisfied simultaneously.(4)We proposed attribute-based collaborative access control using blockchain for cross-domain Io T.The cross-domain model is developed by combining blockchain with the attribute-based tree structure to construct the access control scheme.First,to address the issue of building trust for credentials when establishing cross-domain device access control,the blockchain efficiently shares attribute sets in cross-domain scenarios.Moreover,the blockchain also ensures the integrity and trust of access policies to resist the threats of single point failure and data tampering.Then,a flexible policy building method is developed to transform policy into access control tree,and introduce collaborative nodes to construct collaborative policy.By using this method,the access policy with tree structure could be efficiently verified by a lightweight recursive algorithm.Meanwhile,malicious collaboration requests will be detected and resisted in this flexible policy building method.Based on the above-mentioned research work,this thesis utilized Random Oracle Model,BAN logic,and AVISPA security verification tool,to provide formal security proof for our proposed security solutions.Then,security discussions were performed to present security features and functionalities.Finally,proof-of-concept prototypes were implemented to evaluate the performance and conduct comparative data analysis.The results show the performance features of our security research,as well as prove the feasibility of deploying our security solutions in Io T systems.