簡易檢索 / 詳目顯示

研究生: ALEXANDER YOHAN
ALEXANDER YOHAN
論文名稱: On the Design of Secure Authentication for Blockchain­-Enabled IoT Environment
On the Design of Secure Authentication for Blockchain-­Enabled IoT Environment
指導教授: 羅乃維
Nai-Wei Lo
口試委員: 吳宗成
Tzong-Chen Wu
雷欽隆
Chin-Laung Lei
范俊逸
Chun-I Fan
查士朝
Shi-Cho Cha
學位類別: 博士
Doctor
系所名稱: 管理學院 - 資訊管理系
Department of Information Management
論文出版年: 2019
畢業學年度: 108
語文別: 英文
論文頁數: 159
中文關鍵詞: user authenticationdevice authenticationmobile paymentfirmware updateblockchainInternet of Things
外文關鍵詞: user authentication, device authentication, mobile payment, firmware update, blockchain, Internet of Things
相關次數: 點閱:442下載:15
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  • Explosive development of Internet of Things (IoT) technologies and mass adoption of IoT-based applications has faced numerous vulnerabilities and security challenges. Two noticable challenges in IoT ecosystem are: security challenge on IoT-based application system and maintenance problem on deployed IoT devices. In this dissertation, blockchain technology is adopted as a base infrastructure in IoT environment because blockchain offers transparancy and data integrity on transaction records, and transaction verifiability. Within Blockchain-enabled IoT (BIoT) infrastructure, the designs of a secure authenticated mobile payment system, and a secure firmware update framework are introduced to address the general security design criterias in IoT environment. The proposed mobile payment system is designed to provide a secure and authenticated payment process using wearable device. Multi-factor authentication is utilized in order to enhance the authentication of both user and merchant during the payment process. Based on the formal security analysis, the proposed mobile payment system is secure against well-known attacks. The proposed firmware update framework provides a robust, lightweight and autonomous IoT device management mechanism. As the firmware update framework is built on top of blockchain technology, it provides transparency and high traceability over the whole firmware distribution process. Based on the formal security analysis, the proposed firmware update scheme is secure against well-known attacks.


    Explosive development of Internet of Things (IoT) technologies and mass adoption of IoT-based applications has faced numerous vulnerabilities and security challenges. Two noticable challenges in IoT ecosystem are: security challenge on IoT-based application system and maintenance problem on deployed IoT devices. In this dissertation, blockchain technology is adopted as a base infrastructure in IoT environment because blockchain offers transparancy and data integrity on transaction records, and transaction verifiability. Within Blockchain-enabled IoT (BIoT) infrastructure, the designs of a secure authenticated mobile payment system, and a secure firmware update framework are introduced to address the general security design criterias in IoT environment. The proposed mobile payment system is designed to provide a secure and authenticated payment process using wearable device. Multi-factor authentication is utilized in order to enhance the authentication of both user and merchant during the payment process. Based on the formal security analysis, the proposed mobile payment system is secure against well-known attacks. The proposed firmware update framework provides a robust, lightweight and autonomous IoT device management mechanism. As the firmware update framework is built on top of blockchain technology, it provides transparency and high traceability over the whole firmware distribution process. Based on the formal security analysis, the proposed firmware update scheme is secure against well-known attacks.

    Table of Contents Recommendation Letter....................... ......... i Approval Letter ........................... ......... ii Abstract........................................ iii Acknowledgment ................................... iv Table of Contents................................... v List of Figures..................................... viii List of Tables ..................................... x Introduction.................................... 1 1.1 Background................................. 1 1.2 Motivation and Contributions........................ 6 1.3 Dissertation Organization.......................... 7 2 Preliminaries.................................... 8 2.1 Mathematical Assumptions......................... 8 2.2 Elliptic Curve Cryptosystem ........................ 9 2.2.1 Elliptic Curve Key Generation and Key Validation . . . . . . . . 10 2.2.2 Elliptic Curve Diffie­-Hellman Key Agreement . . . . . . . . . . 11 2.2.3 Ellliptic Curve Digital Signature Algorithm . . . . . . . . . . . . 12 2.2.4 Elliptic Curve Integrated Encryption Scheme . . . . . . . . . . . 13 2.3 Shamir’s Secret Sharing .......................... 14 2.4 Physical Unclonable Function ....................... 15 2.5 Blockchain Technology........................... 17 2.5.1 Distributed Ledger ......................... 18 2.5.2 Consensus Mechanism....................... 19 2.5.3 Smart Contract ........................... 20 2.6 Ciphertext Indistinguishability ....................... 20 2.6.1 Indistinguishability Under Chosen­ Plaintext Attack . . . . . . . . 21 2.6.2 Indistinguishability Under (Non­-Adaptive) Chosen Ciphertext Attack................................ 22 2.6.3 Indistinguishability Under Adaptive Chosen Ciphertext Attack . . 23 3 Related Works................................... 25 3.1 Mobile Payment System in Internet of Things Environment . . . . . . . . 25 3.2 Firmware Update Framework for Internet of Things Environment . . . . 29 4 Secure Authenticated Mobile Payment System in Blockchain­-Enabled IoT En­vironment ..................................... 33 4.1 System Environment Design ........................ 33 4.1.1 Applicable Scenario ........................ 33 4.1.2 Assumptions ............................ 35 4.1.3 Architecture Design ........................ 36 4.2 Proposed Protocols ............................. 42 4.3 Performance and Security Analyses .................... 54 4.3.1 Feature Comparison and Performance Analysis . . . . . . . . . . 54 4.3.2 Security Proofs........................... 59 4.3.3 Security Analysis.......................... 73 5 Secure Authenticated Firmware Update Framework in Blockchain­-Enabled IoT Environment.................................... 82 5.1 System Environment Design ........................ 82 5.1.1 Assumptions ............................ 82 5.1.2 Architecture Design ........................ 83 5.2 Proposed Protocols ............................. 89 5.3 Performance and Security Analyses ....................105 5.3.1 Feature Comparison and Performance Analysis . . . . . . . . . . 105 5.3.2 Security Proof and Security Analysis . . . . . . . . . . . . . . . 110 6 Conclusion.....................................123 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Author Biography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 List of Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

    [1] D. Miorandi, S. Sicari, F. De Pellegrini, and I. Chlamtac, “Internet of things: Vision, applications and research challenges,” Ad Hoc Networks, vol. 10, no. 7, pp. 1497–1516, 2012, ISSN: 15708705. DOI: 10.1016/j.adhoc.2012.02.016. [Online]. Available: http://linkinghub.elsevier.com/retrieve/pii/ S1570870512000674.
    [2] C. Perera, A. Zaslavsky, P. Christen, and D. Georgakopoulos, “Context aware computing for the internet of things: A survey,” IEEE Communications Surveys and Tutorials, vol. 16, no. 1, pp. 414–454, 2014, ISSN: 1553877X. DOI: 10. 1109/SURV.2013.042313.00197. arXiv: 1305.0982.
    [3] C. Perera, C. H. Liu, and S. Jayawardena, “The Emerging Internet of Things Marketplace From an Industrial Perspective: A Survey,” IEEE Transactions on Emerging Topics in Computing, vol. 3, no. 4, pp. 585–598, 2015. DOI: 10.1109/ TETC.2015.2390034. [Online]. Available: http://ieeexplore.ieee.org/ document/7004800/.
    [4] L. Atzori, A. Iera, and G. Morabito, “The Internet of Things: A survey,” Com­ puter Networks, vol. 54, no. 15, pp. 2787–2805, 2010, ISSN: 13891286. DOI: 10.1016/j.comnet.2010.05.010. [Online]. Available: http://linkinghub. elsevier.com/retrieve/pii/S1389128610001568.
    [5] L. Tan and N. Wang, “Future internet: The Internet of Things,” in 2010 3rd Inter­ national Conference on Advanced Computer Theory and Engineering(ICACTE), IEEE, 2010, pp. V5–376–V5–380, ISBN: 978­1­4244­6539­2. DOI: 10.1109/ ICACTE.2010.5579543. [Online]. Available: http://ieeexplore.ieee.org/ document/5579543/.
    [6] O. Vermesan, P. Friess, P. Guillemin, S. Gusmeroli, H. Sundmaeker, A. Bassi, I. S. Jubert, M. Mazura, M. Harrison, M. Eisenhauer, and P. Doody, “Internet of Things Strategic Research Roadmap,” European Research Cluster on the Internet of Things, Tech. Rep., 2011, p. 44. [Online]. Available: http://www.internet-of - things - research . eu / pdf / IoT _ Cluster _ Strategic _ Research _ Agenda_2011.pdf.
    [7] L. Xu, W. He, and S. Li, “Internet of Things in Industries: A Survey,” IEEE Trans­ actions on Industrial Informatics, vol. PP, pp. 1–11, 2014, ISSN: 1551­3203. DOI: 10.1109/TII.2014.2300753. [Online]. Available: http://ieeexplore. ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6714496.
    [8] K. Zhao and L. Ge, “A survey on the internet of things security,” in Proceedings ­ 9th International Conference on Computational Intelligence and Security, CIS 2013, 2013, pp. 663–667, ISBN: 9781479925483. DOI: 10.1109/CIS.2013. 145.
    [9] Z. Yan, P. Zhang, and A. V. Vasilakos, “A survey on trust management for Inter­ net of Things,” Journal of Network and Computer Applications, vol. 42, pp. 120– 134, 2014, ISSN: 10848045. DOI: 10.1016/j.jnca.2014.01.014. [On­ line]. Available: http://linkinghub.elsevier.com/retrieve/pii/ S1084804514000575.
    [10] O. Wyman, “The Internet of Things: Disrupting Traditional Business Model,” Marsh & McLennan Companies, Tech. Rep., 2015, p. 108.
    [11] I. Makhdoom, M. Abolhasan, J. Lipman, R. P. Liu, and W. Ni, “Anatomy of Threats to The Internet of Things,” IEEE Communications Surveys & Tutorials, pp. 1636–1675, 2018, ISSN: 1553­877X. DOI: 10.1109/COMST.2018.2874978. [Online]. Available: https://ieeexplore.ieee.org/document/8489954/.
    [12] R. van der Meulen, Gartner Says 8.4 Billion Connected ”Things” Will Be in Use in 2017, Up 31 Percent From 2016, 2017. [Online]. Available: https://www. gartner.com/newsroom/id/3598917.
    [13] M. A. Khan and K. Salah, “IoT security: Review, blockchain solutions, and open challenges,” Future Generation Computer Systems, vol. 82, pp. 395–411, 2018, ISSN: 0167739X. DOI: 10.1016/j.future.2017.11.022. [Online]. Available: http://linkinghub.elsevier.com/retrieve/pii/S0167739X17315765.
    [14] D. Miessler and C. Smith, OWASP Internet of Things Project ­ OWASP. [Online]. Available: https://www.owasp.org/index.php/OWASP_Internet_of_ Things_Project#tab=IoT_Vulnerabilities (visited on 04/10/2018).
    [15] A. Cui, M. Costello, and S. J. Stolfo, “When Firmware Modifications Attack : A Case Study of Embedded Exploitation,” 20th Annual Network Distributed System Security Symposium, 2013. [Online]. Available: http://ids.cs.columbia. edu/sites/default/files/ndss-2013.pdf.
    [16] R. Sachovà, M. M. Marcos, and H. Revetti, “Security of Mobile Payments and Digital Wallets,” European Union Agency for Network and Information Security, Tech. Rep., 2016.
    [17] M. Bosamia, “Mobile wallet payments recent potential threats and vulnerabilities with its possible security measures,” in 2017 International Conference on Soft Computing and Its Engineering Applications (IcSoftComp­2017), 2017.
    [18] M. A. Prada­Delgado, A. Vazquez­Reyes, and I. Baturone, “Trustworthy firmware update for Internet­of­Thing Devices using physical unclonable functions,” in 2017 Global Internet of Things Summit (GIoTS), IEEE, 2017, pp. 1–5, ISBN: 978­1­5090­5873­0. DOI: 10.1109/GIOTS.2017.8016282. [Online]. Available: http://ieeexplore.ieee.org/document/8016282/.
    [19] Wireless Developer Network, 100 Swedish Eurocard Customers Test Mobile Pay­ ment With Mobile Telephones Equipped With Bluetooth, 2001. [Online]. Available: http://www.wirelessdevnet.com/news/2001/136/news8.html (visited on 08/05/2015).
    [20] MyCustomer, Eurocard to test wireless payment in Swedish stores, 2001. [Online]. Available: http://www.mycustomer.com/topic/technology/eurocard- test-wireless-payment-swedish-stores (visited on 08/05/2015).
    [21] Finextra, Finextra news: Ericsson and Eurocard to test Bluetooth payments, 2001. [Online]. Available: http://www.finextra.com/news/fullstory.aspx? newsitemid=1771 (visited on 08/05/2015).
    [22] Mobile Enterprise, Mexican Bank Deploys Hypercom Bluetooth­enabled Payment Stations, 2007. [Online]. Available: http://mobileenterprise.edgl.com/ news/Mexican-Bank-Deploys-Hypercom-Bluetooth-enabled-Payment- Stations59761 (visited on 08/05/2015).
    [23] K. Zolfaghar and S. Mohammadi, “Securing Bluetooth­based payment system using honeypot,” in 2009 International Conference on Innovations in Informa­ tion Technology (IIT), IEEE, 2009, pp. 21–25, ISBN: 978­1­4244­5698­7. DOI: 10.1109/IIT.2009.5413764. [Online]. Available: http://ieeexplore. ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5413764.
    [24] N. Jiang, X.­d. Liu, J.­y. Zhao, and D.­l. Yang, “A Mobile Micropayment Protocol Based on Chaos,” in 2009 Eighth International Conference on Mobile Business, IEEE, 2009, pp. 284–289, ISBN: 978­0­7695­3691­0. DOI: 10.1109/ICMB. 2009.55. [Online]. Available: http://ieeexplore.ieee.org/document/ 5169273/.
    [25] V. Lehdonvirta, H. Soma, H. Ito, T. Yamabe, H. Kimura, and T. Nakajima, “Ubi­ Pay,” in Proceedings of the 6th International Conference on Mobile Technology, Application & Systems ­ Mobility ’09, New York, New York, USA: ACM Press, 2009, pp. 1–7, ISBN: 9781605585369. DOI: 10.1145/1710035.1710036. [On­ line]. Available: http://dl.acm.org/citation.cfm?id=1710035.1710036.
    [26] Google Inc., Android –Google Wallet. [Online]. Available: https : / / www . android.com/pay/ (visited on 10/21/2015).
    [27] Alphabet Inc., Google Pay: A better way to pay, by Google. [Online]. Available: https://pay.google.com/about/ (visited on 01/21/2017).
    [28] ——, Tips for using Google Pay –Google Pay. [Online]. Available: https:// pay.google.com/about/learn/ (visited on 01/21/2017).
    [29] H. Eun, H. Lee, J. Son, S. Kim, and H. Oh, “Conditional privacy preserving se­ curity protocol for NFC applications,” in 2012 IEEE International Conference on Consumer Electronics (ICCE), IEEE, 2012, pp. 380–381, ISBN: 978­1­4577­ 0231­0. DOI: 10.1109/ICCE.2012.6161911. [Online]. Available: http:// ieeexplore.ieee.org/document/6161911/.
    [30] J. Hedman and S. Henningsson, “Competition and collaboration shaping the digi­ tal payment infrastructure,” in Proceedings of the 14th Annual International Con­ ference on Electronic Commerce ­ ICEC ’12, New York, New York, USA: ACM Press, 2012, pp. 178–185, ISBN: 9781450311977. DOI: 10.1145/2346536. 2346571. [Online]. Available: http://dl.acm.org/citation.cfm?id= 2346536.2346571.
    [31] C. Smowton, J. R. Lorch, D. Molnar, S. Saroiu, and A. Wolman, “Zero­effort pay­ ments,” in Proceedings of the 2014 ACM International Joint Conference on Per­ vasive and Ubiquitous Computing ­ UbiComp ’14 Adjunct, New York, New York, USA: ACM Press, 2014, pp. 763–774, ISBN: 9781450329682. DOI: 10.1145/ 2632048.2632067. [Online]. Available: http://dl.acm.org/citation.cfm? doid=2632048.2632067.
    [32] Apple Inc., Apple Pay ­ Apple. [Online]. Available: https://www.apple.com/ apple-pay/ (visited on 10/21/2017).
    [33] ——, “Getting Started with Apple Pay,” no. September, pp. 1–5, 2014. [Online]. Available: https://developer.apple.com/apple-pay/Getting-Started- with-Apple-Pay.pdf.
    [34] D. He, N. Kumar, and J.­H. Lee, “Secure pseudonym­based near field communi­ cation protocol for the consumer internet of things,” IEEE Transactions on Con­ sumer Electronics, vol. 61, no. 1, pp. 56–62, 2015, ISSN: 0098­3063. DOI: 10. 1109/TCE.2015.7064111. [Online]. Available: http://ieeexplore.ieee. org/document/7064111/.
    [35] R. Patel, A. Kunche, N. Mishra, Z. Bhaiyat, and P. R. Joshi, “Paytooth ­ A Cash­ less Mobile Payment System based on Bluetooth,” International Journal of Com­ puter Applications, vol. 120, no. 24, pp. 38–43, 2015, ISSN: 09758887. DOI: 10.5120/21412-4450. [Online]. Available: http://research.ijcaonline. org/volume120/number24/pxc3904450.pdf.
    [36] N. E. Madhoun, F. Guenane, and G. Pujolle, “An Online Security Protocol for NFC Payment: Formally Analyzed by the Scyther Tool,” in 2016 Second Interna­ tional Conference on Mobile and Secure Services (MobiSecServ), IEEE, 2016, pp. 1–7, ISBN: 978­1­4673­9684­4. DOI: 10.1109/MOBISECSERV.2016.7440225. [Online]. Available: http://ieeexplore.ieee.org/document/ 7440225/.
    [37] N. E. Madhoun and G. Pujolle, “A secure cloud­based NFC payment architecture for small traders,” in 2016 3rd Smart Cloud Networks & Systems (SCNS), IEEE, 2016, pp. 1–6, ISBN: 978­1­5090­4476­4. DOI: 10.1109/SCNS.2016.7870562. [Online]. Available: http://ieeexplore.ieee.org/document/7870562/.
    [38] M. Badra and R. B. Badra, “A Lightweight Security Protocol for NFC­based Mo­ bile Payments,” in Procedia Computer Science, vol. 83, 2016, pp. 705–711, ISBN: 0000000000. DOI: 10.1016/j.procs.2016.04.156. [Online]. Available: http://linkinghub.elsevier.com/retrieve/pii/S1877050916301879.
    [39] A. Yohan, N.­W. Lo, V. Randy, S.­J. Chen, and M.­Y. Hsu, “A Novel Authen­ tication Protocol for Micropayment with Wearable Devices,” in Proceedings of the 10th International Conference on Ubiquitous Information Management and Communication ­ IMCOM ’16, New York, New York, USA: ACM Press, 2016, pp. 1–7, ISBN: 9781450341424. DOI: 10.1145/2857546.2857565. [Online]. Available: http://dl.acm.org/citation.cfm?doid=2857546.2857565.
    [40] D. Winata, “Indoor Location­Based Authentication for Mobile Payment POS with BLE Technology,” Master Thesis, National Taiwan University of Science and Technology, 2017.
    [41] J. Rubin, Google Wallet Security: PIN Exposure Vulnerability, 2012. [Online]. Available: https://zvelo.com/google-wallet-security-pin-exposure- vulnerability/ (visited on 10/11/2019).
    [42] D. Zax, Is Google Wallet Safe? 2012. [Online]. Available: https : / / www . technologyreview.com/s/426921/is-google-wallet-safe/ (visited on 10/11/2019).
    [43] N. Perlroth and M. Isaac, Chinese Hackers Breached LoopPay, Whose Tech Is Central to Samsung Pay, 2015. [Online]. Available: https://www.nytimes. com/2015/10/08/technology/chinese-hackers-breached-looppay-a- contributor-to-samsung-pay.html (visited on 10/11/2019).
    [44] R. Zafar, Samsung’s Mobile Payment Partner LoopPay Hacked With Breach Un­ detected For Months, 2015. [Online]. Available: https://wccftech.com/ samsungs-mobile-payment-specialist-loop-pay-hacked/ (visited on 10/11/2019).
    [45] A. Liptak, 7­Eleven Japan shut down its mobile payment app after hackers stole $500,000 from users, 2019. [Online]. Available: https://www.theverge.com/ 2019/7/6/20684386/7-eleven-japan-shut-mobile-payments-app- 7pay-security-flaw-cybersecurity (visited on 10/11/2019).
    [46] B.­C. Choi, S.­H. Lee, J.­C. Na, and J.­H. Lee, “Secure firmware validation and update for consumer devices in home networking,” IEEE Transactions on Con­ sumer Electronics, vol. 62, no. 1, pp. 39–44, 2016, ISSN: 0098­3063. DOI: 10. 1109/TCE.2016.7448561. [Online]. Available: http://ieeexplore.ieee. org/document/7448561/.
    [47] K. Mayama, M. Tanaka, Y. Ando, T. Yoshimi, and M. Mizukawa, “Design of Firmware Update System of RT­Middleware for Embedded System,” in Pro­ ceedings of SICE Annual Conference 2010, IEEE, 2010, pp. 2818–2822, ISBN: 9781424476428. [Online]. Available: https://ieeexplore.ieee.org/ document/5602590.
    [48] N. Jain, S. G. Mali, and S. Kulkarni, “Infield Firmware Update: Challenges and Solutions,” in 2016 International Conference on Communication and Signal Pro­ cessing (ICCSP), IEEE, 2016, pp. 1232–1236, ISBN: 978­1­5090­0396­9. DOI: 10.1109/ICCSP.2016.7754349. [Online]. Available: http://ieeexplore. ieee.org/document/7754349/.
    [49] H. Chandra, E. Anggadjaja, P. S. Wijaya, and E. Gunawan, “Internet of Things: Over­the­Air (OTA) Firmware Update in Lightweight Mesh Network Protocol for Smart Urban Development,” in 2016 22nd Asia­Pacific Conference on Commu­ nications (APCC), IEEE, 2016, pp. 115–118, ISBN: 978­1­5090­0676­2. DOI: 10.1109/APCC.2016.7581459. [Online]. Available: http://ieeexplore. ieee.org/document/7581459/.
    [50] G. Jurkovic and V. Sruk, “Remote firmware update for constrained embedded sys­ tems,” in 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), IEEE, 2014, pp. 1019– 1023, ISBN: 978­953­233­077­9. DOI: 10.1109/MIPRO.2014.6859718. [On­ line]. Available: http://ieeexplore.ieee.org/document/6859718/.
    [51] H. A. Odat and S. Ganesan, “Firmware over the air for automotive, Fotamotive,” in IEEE International Conference on Electro/Information Technology, IEEE, 2014, pp. 130–139, ISBN: 978­1­4799­4774­4. DOI: 10.1109/EIT.2014.6871751. [Online]. Available: http://ieeexplore.ieee.org/document/6871751/.
    [52] L. Katzir and I. Schwartzman, “Secure firmware updates for smart grid De­ vices,” in 2011 2nd IEEE PES International Conference and Exhibition on Inno­ vative Smart Grid Technologies, IEEE, 2011, pp. 1–5, ISBN: 978­1­4577­1421­ 4. DOI: 10.1109/ISGTEurope.2011.6162728. [Online]. Available: http: //ieeexplore.ieee.org/document/6162728/.
    [53] K. Doddapaneni, R. Lakkundi, S. Rao, S. G. Kulkarni, and B. Bhat, “Secure FoTA Object for IoT,” in 2017 IEEE 42nd Conference on Local Computer Networks Workshops (LCN Workshops), IEEE, 2017, pp. 154–159, ISBN: 978­1­5090­6584­ 4. DOI: 10.1109/LCN.Workshops.2017.78. [Online]. Available: http:// ieeexplore.ieee.org/document/8110218/.
    [54] N. Koblitz, A. Menezes, and S. Vanstone, “The State of Elliptic Curve Cryptog­ raphy,” Designs, Codes and Cryptography, vol. 19, no. 2/3, pp. 173–193, 2000, ISSN: 09251022. DOI: 10.1023/A:1008354106356. [Online]. Available: http: //link.springer.com/10.1023/A:1008354106356.
    [55] V. S. Miller, “Use of Elliptic Curves in Cryptography,” in Advances in Cryptol­ ogy —CRYPTO ’85 Proceedings, Berlin, Heidelberg: Springer Berlin Heidelberg, 1985, pp. 417–426. DOI: 10.1007/3-540-39799-X_31. [Online]. Available: http://link.springer.com/10.1007/3-540-39799-X_31.
    [56] D. Hankerson, A. Menezes, and S. Vanstone, Guide to Elliptic Curve Cryptog­ raphy, ser. Springer Professional Computing. New York: Springer­Verlag, 2004, ISBN: 0­387­95273­X. DOI: 10.1007/b97644. [Online]. Available: http:// link.springer.com/10.1007/b97644.
    [57] P. Wozny, “Elliptic Curve Cryptography: Generating and Validation of Domain Parameters in Binary Galois Fields,” Master Thesis, Rochester Institute of Tech­ nology, 2008, p. 68.
    [58] D. R. L. Brown, “SEC1: Elliptic Curve Cryptography,” Certicom Research, Tech. Rep., 2009, p. 144. [Online]. Available: http://www.secg.org/sec1-v2.pdf.
    [59] National Institute of Standards and Technology, “Digital Signature Standard (DSS),” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2013. DOI: 10.6028/NIST.FIPS.186-4. [Online]. Available: https: //nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf.
    [60] E. Barker, D. Johnson, and M. Smid, “Recommendation for Pair­Wise Key Es­ tablishment Schemes Using Discrete Logarithm Cryptography,” National Insti­ tute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2006. DOI: 10.6028/NIST.SP.800-56a. [Online]. Available: https://nvlpubs.nist. gov/nistpubs/Legacy/SP/nistspecialpublication800-56a.pdf.
    [61] ——, “Recommendation for Pair­Wise Key Establishment Schemes Using Dis­ crete Logarithm Cryptography,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2007. DOI: 10.6028/NIST.SP.800-56ar. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/ nistspecialpublication800-56ar.pdf.
    [62] E. Barker, L. Chen, A. Roginsky, and M. Smid, “Recommendation for Pair­Wise Key Establishment Schemes Using Discrete Logarithm Cryptography,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2013. DOI: 10.6028/NIST.SP.800-56Ar2. [Online]. Available: https://nvlpubs.nist. gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf.
    [63] E. Barker, L. Chen, A. Roginsky, A. Vassilev, and R. Davis, “Recommendation for Pair­Wise Key Establishment Schemes Using Discrete Logarithm Cryptography,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2018. DOI: 10.6028/NIST.SP.800-56Ar3. [Online]. Available: https:// nvlpubs . nist . gov / nistpubs / SpecialPublications / NIST . SP . 800 - 56Ar3.pdf.
    [64] E. Barker, “Recommendation for Key Management Part 1: General,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2016. DOI: 10.6028/NIST.SP.800-57pt1r4. [Online]. Available: https://nvlpubs. nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf.
    [65] E. Barker and W. Barker, “Recommendation for Key Management Part 2: Best Practices for Key Management Organizations,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2019. DOI: 10.6028/NIST.SP. 800-57pt2r1. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/ SpecialPublications/NIST.SP.800-57pt2r1.pdf.
    [66] E. Barker and A. Roginsky, “Recommendation for Cryptographic Key Genera­ tion,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2019. DOI: 10.6028/NIST.SP.800-133r1. [Online]. Available: https: //nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800- 133r1.pdf.
    [67] E. Barker, L. Chen, A. Roginsky, A. Vassilev, R. Davis, and S. Simon, “Recom­ mendation for Pair­Wise Key Establishment Using Integer Factorization Cryptog­ raphy,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2019. DOI: 10.6028/NIST.SP.800-56Br2. [Online]. Available: https: //nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800- 56Br2.pdf.
    [68] E. Barker, L. Chen, and R. Davis, “Recommendation for Key­Derivation Meth­ ods in Key­Establishment Schemes,” National Institute of Standards and Tech­ nology, Gaithersburg, MD, Tech. Rep., 2018. DOI: 10.6028/NIST.SP.800- 56Cr1. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/ SpecialPublications/NIST.SP.800-56Cr1.pdf.
    [69] D. Boneh and I. E. Shparlinski, “On the Unpredictability of Bits of the Elliptic Curve Diffie­Hellman Scheme,” in, Springer, Berlin, Heidelberg, 2001, pp. 201– 212. DOI: 10.1007/3-540-44647-8_12. [Online]. Available: http://link. springer.com/10.1007/3-540-44647-8_12.
    [70] M. Bellare and P. Rogaway, “Minimizing the use of random oracles in authen­ ticated encryption schemes,” in, 1997, pp. 1–16. DOI: 10.1007/BFb0028457. [Online]. Available: http://link.springer.com/10.1007/BFb0028457.
    [71] M. Abdalla, M. Bellare, and P. Rogaway, “The oracle diffe­hellman assumptions and an analysis of DHIES,” in Lecture Notes in Computer Science (including sub­ series Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformat­ ics), 2001, ISBN: 3540418989.
    [72] ——, “DHIES: An encryption scheme based on the Diffie­Hellman Problem,” Lecture Notes in Computer Science, 2001.
    [73] A. Shamir, “How To Share a Secret,” Communications of the ACM (CACM), vol. 22, no. 1, pp. 612–613, 1979, ISSN: 0001­0782. DOI: http://doi.acm. org/10.1145/359168.359176. [Online]. Available: http://doi.acm.org/ 10.1145/359168.359176.
    [74] L. T. A. N. Brandão, N. Mouha, and A. Vassilev, “Threshold Schemes for Crypto­ graphic Primitives: Challenges and Opportunities in Standardization and Valida­ tion of Threshold Cryptography,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2018. [Online]. Available: https://csrc.nist. gov/publications/detail/nistir/8214/draft.
    [75] L. T. Brandão, N. Mouha, and A. Vassilev, “Threshold Schemes for Crypto­ graphic Primitives: Challenges and Opportunities in Standardization and Valida­ tion of Threshold Cryptography,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2019. DOI: 10.6028/NIST.IR.8214. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR. 8214.pdf.
    [76] R. S. Pappu, “Physical One­Way Functions,” Ph.D thesis, Massachusetts Institute of Technology, 2001, p. 154.
    [77] R. S. Pappu, B. Recht, J. Taylor, and N. Gershenfeld, “Physical One­Way Func­ tions,” Science, vol. 297, no. 5589, pp. 2026–2030, 2002, ISSN: 00368075. DOI: 10.1126/science.1074376. [Online]. Available: http://www.sciencemag. org/cgi/doi/10.1126/science.1074376.
    [78] H. Handschuh, G. J. Schrijen, and P. Tuyls, “Hardware intrinsic security from physically unclonable functions,” in Information Security and Cryptography, 9783642143120, Springer, Berlin, Heidelberg, 2010, pp. 39–53, ISBN: 978­3­ 642­14451­6. DOI: 10.1007/978-3-642-14452-3_2. [Online]. Available: http://link.springer.com/10.1007/978-3-642-14452-3_2.
    [79] C. Herder, M.­D. Yu, F. Koushanfar, and S. Devadas, “Physical Unclonable Func­ tions and Applications: A Tutorial,” Proceedings of the IEEE, vol. 102, no. 8, pp. 1126–1141, 2014, ISSN: 0018­9219. DOI: 10.1109/JPROC.2014.2320516. [Online]. Available: http://ieeexplore.ieee.org/document/6823677/.
    [80] A. Maiti, I. Kim, and P. Schaumont, “A Robust Physical Unclonable Function With Enhanced Challenge­Response Set,” IEEE Transactions on Information Forensics and Security, vol. 7, no. 1, pp. 333–345, 2012, ISSN: 1556­6013. DOI: 10.1109/TIFS.2011.2165540. [Online]. Available: http://ieeexplore. ieee.org/document/5993536/.
    [81] P. K. Maurya and S. Bagchi, A Secure PUF­Based Unilateral Authentication Scheme for RFID System, 2018. DOI: 10.1007/s11277-018-5875-2.
    [82] R. Maes and I. Verbauwhede, “Physically unclonable functions: A study on the state of the art and future research directions,” in Information Security and Cryp­ tography, 2010. DOI: 10.1007/978-3-642-14452-3_1.
    [83] N. Beckmann and M. Potkonjak, “Hardware­based public­key cryptography with public physically unclonable functions,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5806 LNCS, 2009, pp. 206–220, ISBN: 3642044301. DOI: 10.1007/978-3-642-04431-1_15.
    [84] S. Choi, D. Zage, Y. R. Choe, and B. Wasilow, “Physically Unclonable Digital ID,” in Proceedings ­ 2015 IEEE 3rd International Conference on Mobile Ser­ vices, MS 2015, IEEE, 2015, pp. 105–111, ISBN: 9781467372848. DOI: 10. 1109/MobServ.2015.24. [Online]. Available: http://ieeexplore.ieee. org/document/7226678/.
    [85] R. A. Scheel and A. Tyagi, “Characterizing Composite User­Device Touchscreen Physical Unclonable Functions (PUFs) for Mobile Device Authentication,” in Proceedings of the 5th International Workshop on Trustworthy Embedded De­ vices ­ TrustED ’15, New York, New York, USA: ACM Press, 2015, pp. 3–13, ISBN: 9781450338288. DOI: 10.1145/2808414.2808418. [Online]. Available: http://dl.acm.org/citation.cfm?doid=2808414.2808418.
    [86] Y. Guo and A. Tyagi, “Voice Based User­Device Physical Unclonable Functions for Mobile Device Authentication,” in 2016 IEEE Computer Society Annual Sym­ posium on VLSI (ISVLSI), IEEE, 2016, pp. 512–517, ISBN: 978­1­4673­9039­2. DOI: 10.1109/ISVLSI.2016.47. [Online]. Available: http://ieeexplore. ieee.org/document/7560250/.
    [87] Y. Zheng, Y. Cao, and C.­H. Chang, “Facial biohashing based user­device physical unclonable function for bring your own device security,” in 2018 IEEE Interna­ tional Conference on Consumer Electronics (ICCE), IEEE, 2018, pp. 1–6, ISBN: 978­1­5386­3025­9. DOI: 10.1109/ICCE.2018.8326074. [Online]. Available: http://ieeexplore.ieee.org/document/8326074/.
    [88] S. Nakamoto, “Bitcoin: A peer­to­peer electronic cash system,” Tech. Rep., 2013, p. 9. [Online]. Available: https://bitcoin.org/bitcoin.pdf.
    [89] A. Narayanan, J. Bonneau, E. Felten, A. Miller, and S. Goldfeder, Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction, 1st Editio. Prince­ ton University Press, 2016, p. 366, ISBN: 0691171696.
    [90] F. Tschorsch and B. Scheuermann, “Bitcoin and beyond: A technical survey on decentralized digital currencies,” IEEE Communications Surveys and Tutorials, vol. 18, no. 3, pp. 2084–2123, 2016, ISSN: 1553877X. DOI: 10.1109/COMST. 2016.2535718. [Online]. Available: http://ieeexplore.ieee.org/ document/7423672/.
    [91] F. Dai, Y. Shi, N. Meng, L. Wei, and Z. Ye, “From Bitcoin to cybersecurity: A com­ parative study of blockchain application and security issues,” in 2017 4th Interna­ tional Conference on Systems and Informatics (ICSAI), IEEE, 2017, pp. 975–979, ISBN: 978­1­5386­1107­4. DOI: 10.1109/ICSAI.2017.8248427. [Online]. Available: http://ieeexplore.ieee.org/document/8248427/.
    [92] A. Kaushik, A. Choudhary, C. Ektare, D. Thomas, and S. Akram, “Blockchain — literature survey,” in 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), IEEE, 2017, pp. 2145–2148, ISBN: 978­1­5090­3704­9. DOI: 10.1109/RTEICT.2017. 8256979. [Online]. Available: http://ieeexplore.ieee.org/document/ 8256979/.
    [93] Z. Zheng, S. Xie, H. Dai, X. Chen, and H. Wang, “An overview of blockchain tech­ nology: Architecture, consensus, and future trends,” in 2017 IEEE International Congress on Big Data (BigData Congress), IEEE, 2017, pp. 557–564, ISBN: 978­ 1­5386­1996­4. DOI: 10.1109/BigDataCongress.2017.85. [Online]. Avail­ able: http://ieeexplore.ieee.org/document/8029379/.
    [94] T. T. A. Dinh, R. Liu, M. Zhang, G. Chen, B. C. Ooi, and J. Wang, “Untangling blockchain: A data processing view of blockchain systems,” 2017, [Online]. Avail­ able: http://arxiv.org/abs/1708.05665.
    [95] BitFury Group, “Proof of Stake versus Proof of Work,” 2015, [Online]. Available: https://bitfury.com/content/downloads/pos-vs-pow-1.0.2.pdf.
    [96] G. Wood, “Ethereum: A secure decentralised generalised transaction ledger,” 2014, [Online]. Available: http://gavwood.com/paper.pdf.
    [97] C. Percival, Tarsnap ­ The scrypt key derivation function and encryption utility, 2009. [Online]. Available: http://www.tarsnap.com/scrypt.html.
    [98] ——, “Stronger Key Derivation via Sequential Memory­Hard Functions,” in The Technical BSD Conference (BSDCan2009), 2009, p. 16. [Online]. Available: https://www.bsdcan.org/2009/schedule/attachments/87_scrypt.pdf.
    [99] K. Christidis, Hyperledger Fabric Consensus Mechanism. [Online]. Available: https://github.com/hyperledger-archives/fabric/wiki/Consensus (visited on 09/08/2019).
    [100] S. D. Angelis, L. Aniello, R. Baldoni, F. Lombardi, A. Margheri, and V. Sas­ sone, “PBFT vs proof­of­authority: applying the CAP theorem to permissioned blockchain,” in Italian Conference on Cybersecurity, 2017, p. 11. [Online]. Avail­ able: https://eprints.soton.ac.uk/415083/2/itasec18_main.pdf.
    [101] M. Castro and B. Liskov, “Practical byzantine fault tolerance and proactive recov­ ery,” ACM Transactions on Computer Systems, vol. 20, no. 4, pp. 398–461, 2002, ISSN: 07342071. DOI: 10.1145/571637.571640. arXiv: arXiv:1203.6049v1. [Online]. Available: http://portal.acm.org/citation.cfm?doid=571637. 571640.
    [102] J. R. Douceur, “The sybil attack,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinfor­ matics), 2002, ISBN: 3540441794.
    [103] F. Saleh, “Blockchain Without Waste: Proof­of­Stake,” SSRN Electronic Journal, 2018, ISSN: 1556­5068. DOI: 10.2139/ssrn.3183935. [Online]. Available: https://www.ssrn.com/abstract=3183935.
    [104] C. Cachin, S. Schubert, and M. Vukolić, “Non­determinism in Byzantine Fault­ Tolerant Replication,” Workshop on Distributed Cryptocurrencies and Consensus Ledgers (DCCL 2016), 2016. arXiv: 1603.07351. [Online]. Available: http: //arxiv.org/abs/1603.07351.
    [105] K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for the Inter­ net of Things,” IEEE Access, vol. 4, pp. 2292–2303, 2016, ISSN: 2169­3536. DOI: 10.1109/ACCESS.2016.2566339. [Online]. Available: http://ieeexplore. ieee.org/document/7467408/.
    [106] N. Szabo, Smart Contracts: Building Blocks for Digital Markets, 1996. [On­ line]. Available:https://pdfs.semanticscholar.org/9b6c/ d3fe0bf5455dd44ea31422d015b003b5568f.pdf (visited on 05/16/2018).
    [107] Buterin and Vitalik, “Ethereum white paper: A next generation smart contract & decentralized application platform,” 2014, [Online]. Available: https:// github.com/ethereum/wiki/wiki/White-Paper.
    [108] Ethereum, Introduction to smart contracts, 2016. [Online]. Available: http: / / solidity . readthedocs . io / en / latest / introduction - to - smart - contracts.html (visited on 04/10/2018).
    [109]M. Bellare and P. Rogaway,Introduction to Modern Cryptography. 2005, p. 283.[Online]. Available:https://web.cs.ucdavis.edu/{~}rogaway/classes/227/spring05/book/main.pdf.
    [110]J. Katz and Y. Lindell,Introduction to Modern Cryptography, 2nd edition.New York, New York, USA: Chapman and Hall/CRC, 2007, p. 603, ISBN:9781466570269.
    [111]S. Kumar Pandey, S. Sarkar, and M. Prasad Jhanwar, “Relaxing IND­CCA: In­distinguishability against Chosen Ciphertext Verification Attack,” in, Springer,Berlin, Heidelberg, 2012, pp. 63–76. DOI:10.1007/978-3-642-34416-9_5.[Online]. Available:http://link.springer.com/10.1007/978-3-642-34416-9_5.
    [112]B. Lee, S. Malik, S. Wi, and J.­H. Lee, “Firmware verification of embedded de­vices based on a blockchain,” inLecture Notes of the Institute for Computer Sci­ences, Social­Informatics and Telecommunications Engineering, LNICST, J.­H.Lee and S. Pack, Eds., vol. 199, Springer, Cham, 2017, pp. 52–61, ISBN:9783319607160. DOI:10.1007/978-3-319-60717-7_6. [Online]. Available:http://link.springer.com/10.1007/978-3-319-60717-7_6.
    [113]B. Lee and J.­H. Lee, “Blockchain­based secure firmware update for embeddeddevices in an Internet of Things environment,”The Journal of Supercomputing,vol. 73, no. 3, pp. 1152–1167, 2017, ISSN: 0920­8542. DOI:10.1007/s11227-016-1870-0. [Online]. Available:http://link.springer.com/10.1007/s11227-016-1870-0.
    [114]A. Boudguiga, N. Bouzerna, L. Granboulan, A. Olivereau, F. Quesnel, A. Roger,and R. Sirdey, “Towards better availability and accountability for IoT updates bymeans of a blockchain,” in2017 IEEE European Symposium on Security andPrivacy Workshops (EuroS&PW), IEEE, 2017, pp. 50–58, ISBN: 978­1­5386­2244­5. DOI:10 . 1109 / EuroSPW . 2017 . 50. [Online]. Available:http : / /ieeexplore.ieee.org/document/7966970/.
    [115]A. Yohan, N.­W. Lo, and S. Achawapong, “Blockchain­based Firmware Up­date Framework for Internet­of­Things Environment,” inConf. Information and KnowledgeEngineering,2018,pp.151–155,ISBN:1601324847.[Online].Avail­able:https : / / csce . ucmss . com / cr / books / 2018 / LFS / CSREA2018 /IKE9004.pdf.
    [116]P. Santoso, “Secure and Trusted Firmware Update Framework for IoT Environ­ment,” Master Thesis, National Taiwan University of Science and Technology,2019.
    [117]R. N. Akram, K. Markantonakis, and K. Mayes, “User centric security model fortamper­resistant devices,” inProceedings ­ 2011 8th IEEE International Confer­ence on e­Business Engineering, ICEBE 2011, IEEE, 2011, pp. 168–177, ISBN:9780769545189. DOI:10.1109/ICEBE.2011.69. [Online]. Available:http://ieeexplore.ieee.org/document/6104614/.
    [118]M. F. F. Khan and K. Sakamura, “Tamper­Resistant Security for Cyber­PhysicalSystems with eTRON Architecture,” inProceedings ­ 2015 IEEE InternationalConference on Data Science and Data Intensive Systems; 8th IEEE InternationalConference Cyber, Physical and Social Computing; 11th IEEE International Con­ferenceonGreenComputingandCommunicationsand8thIEEEInte,IEEE,2015,pp. 196–203, ISBN: 9781509002146. DOI:10.1109/DSDIS.2015.98. [Online].Available:http://ieeexplore.ieee.org/document/7396503/.
    [119]S. Ravi, A. Raghunathan, and S. Chakradhar, “Tamper resistance mechanismsfor secure embedded systems,” in17th International Conference on VLSI De­sign. Proceedings., IEEE Comput. Soc, 2004, pp. 605–611, ISBN: 0­7695­2072­3. DOI:10 . 1109 / ICVD . 2004 . 1260985. [Online]. Available:http : / /ieeexplore.ieee.org/document/1260985/.
    [120]M. H. Weik, “Closed system,” inComputer Science and Communications Dictio­nary, Boston, MA: Springer US, 2000, pp. 222–222. DOI:10.1007/1-4020-0613-6_2792. [Online]. Available:http://www.springerlink.com/index/10.1007/1-4020-0613-6_2792.
    [121]EMVCo, “EMV Payment Tokenisation Specification,” no. March, p. 84, 2014.[Online]. Available:https://www.emvco.com/specifications.aspx?id=263.
    [122]D. Ortiz­Yepes,A critical review of the EMV payment tokenisation specification,2014. DOI:10.1016/S1361-3723(14)70539-1. [Online]. Available:http://linkinghub.elsevier.com/retrieve/pii/S1361372314705391.
    [123]A. Yohan, N.­W. Lo, and H. R. Lie, “Dynamic multi­factor authentication forsmartphone,” in2016 IEEE 27th Annual International Symposium on Personal,Indoor,andMobileRadioCommunications(PIMRC),IEEE,2016,pp.1–6,ISBN:978­1­5090­3254­9. DOI:10.1109/PIMRC.2016.7794966. [Online]. Available:http://ieeexplore.ieee.org/document/7794966/.
    [124]G.MeandM.A.Strangio,“EC­PAY:AnefficientandsecureECC­basedwirelesslocal payment scheme,” inProceedings ­ 3rd International Conference on Infor­mation Technology and Applications, ICITA 2005, vol. II, IEEE, 2005, pp. 442–447, ISBN: 0769523161. DOI:10.1109/ICITA.2005.122. [Online]. Available:http://ieeexplore.ieee.org/document/1489002/.
    [125]C. Thammarat, R. Chokngamwong, C. Techapanupreeda, and S. Kungpisdan, “Asecure lightweight protocol for NFC communications with mutual authenticationbased on limited­use of session keys,” in2015 International Conference on In­formation Networking (ICOIN), IEEE, 2015, pp. 133–138, ISBN: 978­1­4799­8342­1. DOI:10 . 1109 / ICOIN . 2015 . 7057870. [Online]. Available:http ://ieeexplore.ieee.org/document/7057870/.
    [126]S.Nashwan,“SecureAuthenticationProtocolforNFCMobilePaymentSystems,”International Journal of Computer Science and Network Security, vol. 17, no. 8,pp. 256–263, 2017. [Online]. Available:https://www.researchgate.net/publication/322307090_Secure_Authentication_Protocol_for_NFC_Mobile_Payment_Systems.
    [127]C. Thammarat, W. Kurutach, and S. Phoomvuthisarn, “A secure lightweight andfair exchange protocol for NFC mobile payment based on limited­use of sessionkeys,” in2017 17th International Symposium on Communications and Informa­tion Technologies (ISCIT),IEEE,2017,pp.1–6,ISBN:978­1­5090­6514­1.DOI:10.1109/ISCIT.2017.8261168. [Online]. Available:http://ieeexplore.ieee.org/document/8261168/.
    [128]K. Fan, H. Li, W. Jiang, C. Xiao, and Y. Yang, “Secure Authentication Protocolfor Mobile Payment,”Tsinghua Science and Technology, vol. 23, no. 5, pp. 610–620, 2018. DOI:10.26599/TST.2018.9010031. [Online]. Available:https://ieeexplore.ieee.org/document/8450873/.
    [129]J. Windles,How to bypass 2FA (two­factor authentication). [Online]. Available:https://www.wandera.com/mobile-security/bypassing-2fa/(visited on01/24/2019).
    [130]MITRE Corp.,Two­Factor Authentication Interception. [Online]. Available:https://attack.mitre.org/techniques/T1111/(visited on 01/24/2019).
    [131]M. Kan,Hackers beat 2­factor authentication with automated phishing attacks,2018. [Online]. Available:https://mashable.com/article/hackers-beat-two-factor-authentication-2fa-phishing/(visited on 01/24/2019).
    [132]J. Overson,No, 2FA Does Not Stop Credential Stuffing Attacks, 2019. [Online].Available:https://medium.com/@jsoverson/no-2fa-does-not-stop-credential-stuffing-attacks-79de7476a80a(visited on 06/24/2019).
    [133]Z. Doffman,FBI Issues Surprise New Cyber Attack Warning: Multi­Factor Au­thentication Is Being Defeated, 2019. [Online]. Available:https : / / www .forbes.com/sites/zakdoffman/2019/10/07/fbi-issues-surprise-cyber-attack-warningurges-new-precautions/{\#}7aefc17c7efb(vis­ited on 10/24/2019).
    [134]D. He, N. Kumar, J. H. Lee, and R. Sherratt, “Enhanced three­factor security pro­tocol for consumer USB mass storage devices,”IEEE Transactions on ConsumerElectronics, vol. 60, no. 1, pp. 30–37, 2014, ISSN: 00983063. DOI:10.1109/TCE.2014.6780922. [Online]. Available:http://ieeexplore.ieee.org/document/6780922/.
    [135]V. Gupta, S. Gupta, S. Chang, and D. Stebila, “Performance analysis of ellipticcurve cryptography for SSL,” inProceedings of the ACM workshop on Wirelesssecurity ­ WiSE ’02, New York, New York, USA: ACM Press, 2002, pp. 87–94,ISBN:1581135858.DOI:10.1145/570681.570691.[Online].Available:http://portal.acm.org/citation.cfm?doid=570681.570691.
    [136]D. Boneh and R. J. Lipton, “Algorithms for Black­Box Fields and their Applica­tion to Cryptography,” in, Springer, Berlin, Heidelberg, 1996, pp. 283–297. DOI:10.1007/3-540-68697-5_22. [Online]. Available:http://link.springer.com/10.1007/3-540-68697-5_22.
    [137]V. Shoup, “Lower Bounds for Discrete Logarithms and Related Problems,” in,Springer, Berlin, Heidelberg, 1997, pp. 256–266. DOI:10.1007/3-540-69053-0_18. [Online]. Available:http://link.springer.com/10.1007/3-540-69053-0_18.
    [138]DEDIS Group,Skipchain Implementation, 2018. [Online]. Available:https://github.com/dedis/cothority/tree/master/skipchain.
    [139]B. Ford,How Do You Know It’s On the Blockchain? With a SkipChain, 2017.[Online]. Available:http://bford.info/2017/08/01/skipchain/(visited on 05/02/2019).

    QR CODE