Author: |
ALEXANDER YOHAN ALEXANDER YOHAN |
---|---|
Thesis Title: |
On the Design of Secure Authentication for Blockchain-Enabled IoT Environment On the Design of Secure Authentication for Blockchain-Enabled IoT Environment |
Advisor: |
羅乃維
Nai-Wei Lo |
Committee: |
吳宗成
Tzong-Chen Wu 雷欽隆 Chin-Laung Lei 范俊逸 Chun-I Fan 查士朝 Shi-Cho Cha |
Degree: |
博士 Doctor |
Department: |
管理學院 - 資訊管理系 Department of Information Management |
Thesis Publication Year: | 2019 |
Graduation Academic Year: | 108 |
Language: | 英文 |
Pages: | 159 |
Keywords (in Chinese): | user authentication 、device authentication 、mobile payment 、firmware update 、blockchain 、Internet of Things |
Keywords (in other languages): | user authentication, device authentication, mobile payment, firmware update, blockchain, Internet of Things |
Reference times: | Clicks: 947 Downloads: 18 |
Share: |
School Collection Retrieve National Library Collection Retrieve Error Report |
Explosive development of Internet of Things (IoT) technologies and mass adoption of IoT-based applications has faced numerous vulnerabilities and security challenges. Two noticable challenges in IoT ecosystem are: security challenge on IoT-based application system and maintenance problem on deployed IoT devices. In this dissertation, blockchain technology is adopted as a base infrastructure in IoT environment because blockchain offers transparancy and data integrity on transaction records, and transaction verifiability. Within Blockchain-enabled IoT (BIoT) infrastructure, the designs of a secure authenticated mobile payment system, and a secure firmware update framework are introduced to address the general security design criterias in IoT environment. The proposed mobile payment system is designed to provide a secure and authenticated payment process using wearable device. Multi-factor authentication is utilized in order to enhance the authentication of both user and merchant during the payment process. Based on the formal security analysis, the proposed mobile payment system is secure against well-known attacks. The proposed firmware update framework provides a robust, lightweight and autonomous IoT device management mechanism. As the firmware update framework is built on top of blockchain technology, it provides transparency and high traceability over the whole firmware distribution process. Based on the formal security analysis, the proposed firmware update scheme is secure against well-known attacks.
Explosive development of Internet of Things (IoT) technologies and mass adoption of IoT-based applications has faced numerous vulnerabilities and security challenges. Two noticable challenges in IoT ecosystem are: security challenge on IoT-based application system and maintenance problem on deployed IoT devices. In this dissertation, blockchain technology is adopted as a base infrastructure in IoT environment because blockchain offers transparancy and data integrity on transaction records, and transaction verifiability. Within Blockchain-enabled IoT (BIoT) infrastructure, the designs of a secure authenticated mobile payment system, and a secure firmware update framework are introduced to address the general security design criterias in IoT environment. The proposed mobile payment system is designed to provide a secure and authenticated payment process using wearable device. Multi-factor authentication is utilized in order to enhance the authentication of both user and merchant during the payment process. Based on the formal security analysis, the proposed mobile payment system is secure against well-known attacks. The proposed firmware update framework provides a robust, lightweight and autonomous IoT device management mechanism. As the firmware update framework is built on top of blockchain technology, it provides transparency and high traceability over the whole firmware distribution process. Based on the formal security analysis, the proposed firmware update scheme is secure against well-known attacks.
[1] D. Miorandi, S. Sicari, F. De Pellegrini, and I. Chlamtac, “Internet of things: Vision, applications and research challenges,” Ad Hoc Networks, vol. 10, no. 7, pp. 1497–1516, 2012, ISSN: 15708705. DOI: 10.1016/j.adhoc.2012.02.016. [Online]. Available: http://linkinghub.elsevier.com/retrieve/pii/ S1570870512000674.
[2] C. Perera, A. Zaslavsky, P. Christen, and D. Georgakopoulos, “Context aware computing for the internet of things: A survey,” IEEE Communications Surveys and Tutorials, vol. 16, no. 1, pp. 414–454, 2014, ISSN: 1553877X. DOI: 10. 1109/SURV.2013.042313.00197. arXiv: 1305.0982.
[3] C. Perera, C. H. Liu, and S. Jayawardena, “The Emerging Internet of Things Marketplace From an Industrial Perspective: A Survey,” IEEE Transactions on Emerging Topics in Computing, vol. 3, no. 4, pp. 585–598, 2015. DOI: 10.1109/ TETC.2015.2390034. [Online]. Available: http://ieeexplore.ieee.org/ document/7004800/.
[4] L. Atzori, A. Iera, and G. Morabito, “The Internet of Things: A survey,” Com puter Networks, vol. 54, no. 15, pp. 2787–2805, 2010, ISSN: 13891286. DOI: 10.1016/j.comnet.2010.05.010. [Online]. Available: http://linkinghub. elsevier.com/retrieve/pii/S1389128610001568.
[5] L. Tan and N. Wang, “Future internet: The Internet of Things,” in 2010 3rd Inter national Conference on Advanced Computer Theory and Engineering(ICACTE), IEEE, 2010, pp. V5–376–V5–380, ISBN: 9781424465392. DOI: 10.1109/ ICACTE.2010.5579543. [Online]. Available: http://ieeexplore.ieee.org/ document/5579543/.
[6] O. Vermesan, P. Friess, P. Guillemin, S. Gusmeroli, H. Sundmaeker, A. Bassi, I. S. Jubert, M. Mazura, M. Harrison, M. Eisenhauer, and P. Doody, “Internet of Things Strategic Research Roadmap,” European Research Cluster on the Internet of Things, Tech. Rep., 2011, p. 44. [Online]. Available: http://www.internet-of - things - research . eu / pdf / IoT _ Cluster _ Strategic _ Research _ Agenda_2011.pdf.
[7] L. Xu, W. He, and S. Li, “Internet of Things in Industries: A Survey,” IEEE Trans actions on Industrial Informatics, vol. PP, pp. 1–11, 2014, ISSN: 15513203. DOI: 10.1109/TII.2014.2300753. [Online]. Available: http://ieeexplore. ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6714496.
[8] K. Zhao and L. Ge, “A survey on the internet of things security,” in Proceedings 9th International Conference on Computational Intelligence and Security, CIS 2013, 2013, pp. 663–667, ISBN: 9781479925483. DOI: 10.1109/CIS.2013. 145.
[9] Z. Yan, P. Zhang, and A. V. Vasilakos, “A survey on trust management for Inter net of Things,” Journal of Network and Computer Applications, vol. 42, pp. 120– 134, 2014, ISSN: 10848045. DOI: 10.1016/j.jnca.2014.01.014. [On line]. Available: http://linkinghub.elsevier.com/retrieve/pii/ S1084804514000575.
[10] O. Wyman, “The Internet of Things: Disrupting Traditional Business Model,” Marsh & McLennan Companies, Tech. Rep., 2015, p. 108.
[11] I. Makhdoom, M. Abolhasan, J. Lipman, R. P. Liu, and W. Ni, “Anatomy of Threats to The Internet of Things,” IEEE Communications Surveys & Tutorials, pp. 1636–1675, 2018, ISSN: 1553877X. DOI: 10.1109/COMST.2018.2874978. [Online]. Available: https://ieeexplore.ieee.org/document/8489954/.
[12] R. van der Meulen, Gartner Says 8.4 Billion Connected ”Things” Will Be in Use in 2017, Up 31 Percent From 2016, 2017. [Online]. Available: https://www. gartner.com/newsroom/id/3598917.
[13] M. A. Khan and K. Salah, “IoT security: Review, blockchain solutions, and open challenges,” Future Generation Computer Systems, vol. 82, pp. 395–411, 2018, ISSN: 0167739X. DOI: 10.1016/j.future.2017.11.022. [Online]. Available: http://linkinghub.elsevier.com/retrieve/pii/S0167739X17315765.
[14] D. Miessler and C. Smith, OWASP Internet of Things Project OWASP. [Online]. Available: https://www.owasp.org/index.php/OWASP_Internet_of_ Things_Project#tab=IoT_Vulnerabilities (visited on 04/10/2018).
[15] A. Cui, M. Costello, and S. J. Stolfo, “When Firmware Modifications Attack : A Case Study of Embedded Exploitation,” 20th Annual Network Distributed System Security Symposium, 2013. [Online]. Available: http://ids.cs.columbia. edu/sites/default/files/ndss-2013.pdf.
[16] R. Sachovà, M. M. Marcos, and H. Revetti, “Security of Mobile Payments and Digital Wallets,” European Union Agency for Network and Information Security, Tech. Rep., 2016.
[17] M. Bosamia, “Mobile wallet payments recent potential threats and vulnerabilities with its possible security measures,” in 2017 International Conference on Soft Computing and Its Engineering Applications (IcSoftComp2017), 2017.
[18] M. A. PradaDelgado, A. VazquezReyes, and I. Baturone, “Trustworthy firmware update for InternetofThing Devices using physical unclonable functions,” in 2017 Global Internet of Things Summit (GIoTS), IEEE, 2017, pp. 1–5, ISBN: 9781509058730. DOI: 10.1109/GIOTS.2017.8016282. [Online]. Available: http://ieeexplore.ieee.org/document/8016282/.
[19] Wireless Developer Network, 100 Swedish Eurocard Customers Test Mobile Pay ment With Mobile Telephones Equipped With Bluetooth, 2001. [Online]. Available: http://www.wirelessdevnet.com/news/2001/136/news8.html (visited on 08/05/2015).
[20] MyCustomer, Eurocard to test wireless payment in Swedish stores, 2001. [Online]. Available: http://www.mycustomer.com/topic/technology/eurocard- test-wireless-payment-swedish-stores (visited on 08/05/2015).
[21] Finextra, Finextra news: Ericsson and Eurocard to test Bluetooth payments, 2001. [Online]. Available: http://www.finextra.com/news/fullstory.aspx? newsitemid=1771 (visited on 08/05/2015).
[22] Mobile Enterprise, Mexican Bank Deploys Hypercom Bluetoothenabled Payment Stations, 2007. [Online]. Available: http://mobileenterprise.edgl.com/ news/Mexican-Bank-Deploys-Hypercom-Bluetooth-enabled-Payment- Stations59761 (visited on 08/05/2015).
[23] K. Zolfaghar and S. Mohammadi, “Securing Bluetoothbased payment system using honeypot,” in 2009 International Conference on Innovations in Informa tion Technology (IIT), IEEE, 2009, pp. 21–25, ISBN: 9781424456987. DOI: 10.1109/IIT.2009.5413764. [Online]. Available: http://ieeexplore. ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5413764.
[24] N. Jiang, X.d. Liu, J.y. Zhao, and D.l. Yang, “A Mobile Micropayment Protocol Based on Chaos,” in 2009 Eighth International Conference on Mobile Business, IEEE, 2009, pp. 284–289, ISBN: 9780769536910. DOI: 10.1109/ICMB. 2009.55. [Online]. Available: http://ieeexplore.ieee.org/document/ 5169273/.
[25] V. Lehdonvirta, H. Soma, H. Ito, T. Yamabe, H. Kimura, and T. Nakajima, “Ubi Pay,” in Proceedings of the 6th International Conference on Mobile Technology, Application & Systems Mobility ’09, New York, New York, USA: ACM Press, 2009, pp. 1–7, ISBN: 9781605585369. DOI: 10.1145/1710035.1710036. [On line]. Available: http://dl.acm.org/citation.cfm?id=1710035.1710036.
[26] Google Inc., Android –Google Wallet. [Online]. Available: https : / / www . android.com/pay/ (visited on 10/21/2015).
[27] Alphabet Inc., Google Pay: A better way to pay, by Google. [Online]. Available: https://pay.google.com/about/ (visited on 01/21/2017).
[28] ——, Tips for using Google Pay –Google Pay. [Online]. Available: https:// pay.google.com/about/learn/ (visited on 01/21/2017).
[29] H. Eun, H. Lee, J. Son, S. Kim, and H. Oh, “Conditional privacy preserving se curity protocol for NFC applications,” in 2012 IEEE International Conference on Consumer Electronics (ICCE), IEEE, 2012, pp. 380–381, ISBN: 97814577 02310. DOI: 10.1109/ICCE.2012.6161911. [Online]. Available: http:// ieeexplore.ieee.org/document/6161911/.
[30] J. Hedman and S. Henningsson, “Competition and collaboration shaping the digi tal payment infrastructure,” in Proceedings of the 14th Annual International Con ference on Electronic Commerce ICEC ’12, New York, New York, USA: ACM Press, 2012, pp. 178–185, ISBN: 9781450311977. DOI: 10.1145/2346536. 2346571. [Online]. Available: http://dl.acm.org/citation.cfm?id= 2346536.2346571.
[31] C. Smowton, J. R. Lorch, D. Molnar, S. Saroiu, and A. Wolman, “Zeroeffort pay ments,” in Proceedings of the 2014 ACM International Joint Conference on Per vasive and Ubiquitous Computing UbiComp ’14 Adjunct, New York, New York, USA: ACM Press, 2014, pp. 763–774, ISBN: 9781450329682. DOI: 10.1145/ 2632048.2632067. [Online]. Available: http://dl.acm.org/citation.cfm? doid=2632048.2632067.
[32] Apple Inc., Apple Pay Apple. [Online]. Available: https://www.apple.com/ apple-pay/ (visited on 10/21/2017).
[33] ——, “Getting Started with Apple Pay,” no. September, pp. 1–5, 2014. [Online]. Available: https://developer.apple.com/apple-pay/Getting-Started- with-Apple-Pay.pdf.
[34] D. He, N. Kumar, and J.H. Lee, “Secure pseudonymbased near field communi cation protocol for the consumer internet of things,” IEEE Transactions on Con sumer Electronics, vol. 61, no. 1, pp. 56–62, 2015, ISSN: 00983063. DOI: 10. 1109/TCE.2015.7064111. [Online]. Available: http://ieeexplore.ieee. org/document/7064111/.
[35] R. Patel, A. Kunche, N. Mishra, Z. Bhaiyat, and P. R. Joshi, “Paytooth A Cash less Mobile Payment System based on Bluetooth,” International Journal of Com puter Applications, vol. 120, no. 24, pp. 38–43, 2015, ISSN: 09758887. DOI: 10.5120/21412-4450. [Online]. Available: http://research.ijcaonline. org/volume120/number24/pxc3904450.pdf.
[36] N. E. Madhoun, F. Guenane, and G. Pujolle, “An Online Security Protocol for NFC Payment: Formally Analyzed by the Scyther Tool,” in 2016 Second Interna tional Conference on Mobile and Secure Services (MobiSecServ), IEEE, 2016, pp. 1–7, ISBN: 9781467396844. DOI: 10.1109/MOBISECSERV.2016.7440225. [Online]. Available: http://ieeexplore.ieee.org/document/ 7440225/.
[37] N. E. Madhoun and G. Pujolle, “A secure cloudbased NFC payment architecture for small traders,” in 2016 3rd Smart Cloud Networks & Systems (SCNS), IEEE, 2016, pp. 1–6, ISBN: 9781509044764. DOI: 10.1109/SCNS.2016.7870562. [Online]. Available: http://ieeexplore.ieee.org/document/7870562/.
[38] M. Badra and R. B. Badra, “A Lightweight Security Protocol for NFCbased Mo bile Payments,” in Procedia Computer Science, vol. 83, 2016, pp. 705–711, ISBN: 0000000000. DOI: 10.1016/j.procs.2016.04.156. [Online]. Available: http://linkinghub.elsevier.com/retrieve/pii/S1877050916301879.
[39] A. Yohan, N.W. Lo, V. Randy, S.J. Chen, and M.Y. Hsu, “A Novel Authen tication Protocol for Micropayment with Wearable Devices,” in Proceedings of the 10th International Conference on Ubiquitous Information Management and Communication IMCOM ’16, New York, New York, USA: ACM Press, 2016, pp. 1–7, ISBN: 9781450341424. DOI: 10.1145/2857546.2857565. [Online]. Available: http://dl.acm.org/citation.cfm?doid=2857546.2857565.
[40] D. Winata, “Indoor LocationBased Authentication for Mobile Payment POS with BLE Technology,” Master Thesis, National Taiwan University of Science and Technology, 2017.
[41] J. Rubin, Google Wallet Security: PIN Exposure Vulnerability, 2012. [Online]. Available: https://zvelo.com/google-wallet-security-pin-exposure- vulnerability/ (visited on 10/11/2019).
[42] D. Zax, Is Google Wallet Safe? 2012. [Online]. Available: https : / / www . technologyreview.com/s/426921/is-google-wallet-safe/ (visited on 10/11/2019).
[43] N. Perlroth and M. Isaac, Chinese Hackers Breached LoopPay, Whose Tech Is Central to Samsung Pay, 2015. [Online]. Available: https://www.nytimes. com/2015/10/08/technology/chinese-hackers-breached-looppay-a- contributor-to-samsung-pay.html (visited on 10/11/2019).
[44] R. Zafar, Samsung’s Mobile Payment Partner LoopPay Hacked With Breach Un detected For Months, 2015. [Online]. Available: https://wccftech.com/ samsungs-mobile-payment-specialist-loop-pay-hacked/ (visited on 10/11/2019).
[45] A. Liptak, 7Eleven Japan shut down its mobile payment app after hackers stole $500,000 from users, 2019. [Online]. Available: https://www.theverge.com/ 2019/7/6/20684386/7-eleven-japan-shut-mobile-payments-app- 7pay-security-flaw-cybersecurity (visited on 10/11/2019).
[46] B.C. Choi, S.H. Lee, J.C. Na, and J.H. Lee, “Secure firmware validation and update for consumer devices in home networking,” IEEE Transactions on Con sumer Electronics, vol. 62, no. 1, pp. 39–44, 2016, ISSN: 00983063. DOI: 10. 1109/TCE.2016.7448561. [Online]. Available: http://ieeexplore.ieee. org/document/7448561/.
[47] K. Mayama, M. Tanaka, Y. Ando, T. Yoshimi, and M. Mizukawa, “Design of Firmware Update System of RTMiddleware for Embedded System,” in Pro ceedings of SICE Annual Conference 2010, IEEE, 2010, pp. 2818–2822, ISBN: 9781424476428. [Online]. Available: https://ieeexplore.ieee.org/ document/5602590.
[48] N. Jain, S. G. Mali, and S. Kulkarni, “Infield Firmware Update: Challenges and Solutions,” in 2016 International Conference on Communication and Signal Pro cessing (ICCSP), IEEE, 2016, pp. 1232–1236, ISBN: 9781509003969. DOI: 10.1109/ICCSP.2016.7754349. [Online]. Available: http://ieeexplore. ieee.org/document/7754349/.
[49] H. Chandra, E. Anggadjaja, P. S. Wijaya, and E. Gunawan, “Internet of Things: OvertheAir (OTA) Firmware Update in Lightweight Mesh Network Protocol for Smart Urban Development,” in 2016 22nd AsiaPacific Conference on Commu nications (APCC), IEEE, 2016, pp. 115–118, ISBN: 9781509006762. DOI: 10.1109/APCC.2016.7581459. [Online]. Available: http://ieeexplore. ieee.org/document/7581459/.
[50] G. Jurkovic and V. Sruk, “Remote firmware update for constrained embedded sys tems,” in 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), IEEE, 2014, pp. 1019– 1023, ISBN: 9789532330779. DOI: 10.1109/MIPRO.2014.6859718. [On line]. Available: http://ieeexplore.ieee.org/document/6859718/.
[51] H. A. Odat and S. Ganesan, “Firmware over the air for automotive, Fotamotive,” in IEEE International Conference on Electro/Information Technology, IEEE, 2014, pp. 130–139, ISBN: 9781479947744. DOI: 10.1109/EIT.2014.6871751. [Online]. Available: http://ieeexplore.ieee.org/document/6871751/.
[52] L. Katzir and I. Schwartzman, “Secure firmware updates for smart grid De vices,” in 2011 2nd IEEE PES International Conference and Exhibition on Inno vative Smart Grid Technologies, IEEE, 2011, pp. 1–5, ISBN: 978145771421 4. DOI: 10.1109/ISGTEurope.2011.6162728. [Online]. Available: http: //ieeexplore.ieee.org/document/6162728/.
[53] K. Doddapaneni, R. Lakkundi, S. Rao, S. G. Kulkarni, and B. Bhat, “Secure FoTA Object for IoT,” in 2017 IEEE 42nd Conference on Local Computer Networks Workshops (LCN Workshops), IEEE, 2017, pp. 154–159, ISBN: 978150906584 4. DOI: 10.1109/LCN.Workshops.2017.78. [Online]. Available: http:// ieeexplore.ieee.org/document/8110218/.
[54] N. Koblitz, A. Menezes, and S. Vanstone, “The State of Elliptic Curve Cryptog raphy,” Designs, Codes and Cryptography, vol. 19, no. 2/3, pp. 173–193, 2000, ISSN: 09251022. DOI: 10.1023/A:1008354106356. [Online]. Available: http: //link.springer.com/10.1023/A:1008354106356.
[55] V. S. Miller, “Use of Elliptic Curves in Cryptography,” in Advances in Cryptol ogy —CRYPTO ’85 Proceedings, Berlin, Heidelberg: Springer Berlin Heidelberg, 1985, pp. 417–426. DOI: 10.1007/3-540-39799-X_31. [Online]. Available: http://link.springer.com/10.1007/3-540-39799-X_31.
[56] D. Hankerson, A. Menezes, and S. Vanstone, Guide to Elliptic Curve Cryptog raphy, ser. Springer Professional Computing. New York: SpringerVerlag, 2004, ISBN: 038795273X. DOI: 10.1007/b97644. [Online]. Available: http:// link.springer.com/10.1007/b97644.
[57] P. Wozny, “Elliptic Curve Cryptography: Generating and Validation of Domain Parameters in Binary Galois Fields,” Master Thesis, Rochester Institute of Tech nology, 2008, p. 68.
[58] D. R. L. Brown, “SEC1: Elliptic Curve Cryptography,” Certicom Research, Tech. Rep., 2009, p. 144. [Online]. Available: http://www.secg.org/sec1-v2.pdf.
[59] National Institute of Standards and Technology, “Digital Signature Standard (DSS),” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2013. DOI: 10.6028/NIST.FIPS.186-4. [Online]. Available: https: //nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf.
[60] E. Barker, D. Johnson, and M. Smid, “Recommendation for PairWise Key Es tablishment Schemes Using Discrete Logarithm Cryptography,” National Insti tute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2006. DOI: 10.6028/NIST.SP.800-56a. [Online]. Available: https://nvlpubs.nist. gov/nistpubs/Legacy/SP/nistspecialpublication800-56a.pdf.
[61] ——, “Recommendation for PairWise Key Establishment Schemes Using Dis crete Logarithm Cryptography,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2007. DOI: 10.6028/NIST.SP.800-56ar. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/ nistspecialpublication800-56ar.pdf.
[62] E. Barker, L. Chen, A. Roginsky, and M. Smid, “Recommendation for PairWise Key Establishment Schemes Using Discrete Logarithm Cryptography,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2013. DOI: 10.6028/NIST.SP.800-56Ar2. [Online]. Available: https://nvlpubs.nist. gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf.
[63] E. Barker, L. Chen, A. Roginsky, A. Vassilev, and R. Davis, “Recommendation for PairWise Key Establishment Schemes Using Discrete Logarithm Cryptography,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2018. DOI: 10.6028/NIST.SP.800-56Ar3. [Online]. Available: https:// nvlpubs . nist . gov / nistpubs / SpecialPublications / NIST . SP . 800 - 56Ar3.pdf.
[64] E. Barker, “Recommendation for Key Management Part 1: General,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2016. DOI: 10.6028/NIST.SP.800-57pt1r4. [Online]. Available: https://nvlpubs. nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf.
[65] E. Barker and W. Barker, “Recommendation for Key Management Part 2: Best Practices for Key Management Organizations,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2019. DOI: 10.6028/NIST.SP. 800-57pt2r1. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/ SpecialPublications/NIST.SP.800-57pt2r1.pdf.
[66] E. Barker and A. Roginsky, “Recommendation for Cryptographic Key Genera tion,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2019. DOI: 10.6028/NIST.SP.800-133r1. [Online]. Available: https: //nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800- 133r1.pdf.
[67] E. Barker, L. Chen, A. Roginsky, A. Vassilev, R. Davis, and S. Simon, “Recom mendation for PairWise Key Establishment Using Integer Factorization Cryptog raphy,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2019. DOI: 10.6028/NIST.SP.800-56Br2. [Online]. Available: https: //nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800- 56Br2.pdf.
[68] E. Barker, L. Chen, and R. Davis, “Recommendation for KeyDerivation Meth ods in KeyEstablishment Schemes,” National Institute of Standards and Tech nology, Gaithersburg, MD, Tech. Rep., 2018. DOI: 10.6028/NIST.SP.800- 56Cr1. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/ SpecialPublications/NIST.SP.800-56Cr1.pdf.
[69] D. Boneh and I. E. Shparlinski, “On the Unpredictability of Bits of the Elliptic Curve DiffieHellman Scheme,” in, Springer, Berlin, Heidelberg, 2001, pp. 201– 212. DOI: 10.1007/3-540-44647-8_12. [Online]. Available: http://link. springer.com/10.1007/3-540-44647-8_12.
[70] M. Bellare and P. Rogaway, “Minimizing the use of random oracles in authen ticated encryption schemes,” in, 1997, pp. 1–16. DOI: 10.1007/BFb0028457. [Online]. Available: http://link.springer.com/10.1007/BFb0028457.
[71] M. Abdalla, M. Bellare, and P. Rogaway, “The oracle diffehellman assumptions and an analysis of DHIES,” in Lecture Notes in Computer Science (including sub series Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformat ics), 2001, ISBN: 3540418989.
[72] ——, “DHIES: An encryption scheme based on the DiffieHellman Problem,” Lecture Notes in Computer Science, 2001.
[73] A. Shamir, “How To Share a Secret,” Communications of the ACM (CACM), vol. 22, no. 1, pp. 612–613, 1979, ISSN: 00010782. DOI: http://doi.acm. org/10.1145/359168.359176. [Online]. Available: http://doi.acm.org/ 10.1145/359168.359176.
[74] L. T. A. N. Brandão, N. Mouha, and A. Vassilev, “Threshold Schemes for Crypto graphic Primitives: Challenges and Opportunities in Standardization and Valida tion of Threshold Cryptography,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2018. [Online]. Available: https://csrc.nist. gov/publications/detail/nistir/8214/draft.
[75] L. T. Brandão, N. Mouha, and A. Vassilev, “Threshold Schemes for Crypto graphic Primitives: Challenges and Opportunities in Standardization and Valida tion of Threshold Cryptography,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep., 2019. DOI: 10.6028/NIST.IR.8214. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR. 8214.pdf.
[76] R. S. Pappu, “Physical OneWay Functions,” Ph.D thesis, Massachusetts Institute of Technology, 2001, p. 154.
[77] R. S. Pappu, B. Recht, J. Taylor, and N. Gershenfeld, “Physical OneWay Func tions,” Science, vol. 297, no. 5589, pp. 2026–2030, 2002, ISSN: 00368075. DOI: 10.1126/science.1074376. [Online]. Available: http://www.sciencemag. org/cgi/doi/10.1126/science.1074376.
[78] H. Handschuh, G. J. Schrijen, and P. Tuyls, “Hardware intrinsic security from physically unclonable functions,” in Information Security and Cryptography, 9783642143120, Springer, Berlin, Heidelberg, 2010, pp. 39–53, ISBN: 9783 642144516. DOI: 10.1007/978-3-642-14452-3_2. [Online]. Available: http://link.springer.com/10.1007/978-3-642-14452-3_2.
[79] C. Herder, M.D. Yu, F. Koushanfar, and S. Devadas, “Physical Unclonable Func tions and Applications: A Tutorial,” Proceedings of the IEEE, vol. 102, no. 8, pp. 1126–1141, 2014, ISSN: 00189219. DOI: 10.1109/JPROC.2014.2320516. [Online]. Available: http://ieeexplore.ieee.org/document/6823677/.
[80] A. Maiti, I. Kim, and P. Schaumont, “A Robust Physical Unclonable Function With Enhanced ChallengeResponse Set,” IEEE Transactions on Information Forensics and Security, vol. 7, no. 1, pp. 333–345, 2012, ISSN: 15566013. DOI: 10.1109/TIFS.2011.2165540. [Online]. Available: http://ieeexplore. ieee.org/document/5993536/.
[81] P. K. Maurya and S. Bagchi, A Secure PUFBased Unilateral Authentication Scheme for RFID System, 2018. DOI: 10.1007/s11277-018-5875-2.
[82] R. Maes and I. Verbauwhede, “Physically unclonable functions: A study on the state of the art and future research directions,” in Information Security and Cryp tography, 2010. DOI: 10.1007/978-3-642-14452-3_1.
[83] N. Beckmann and M. Potkonjak, “Hardwarebased publickey cryptography with public physically unclonable functions,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5806 LNCS, 2009, pp. 206–220, ISBN: 3642044301. DOI: 10.1007/978-3-642-04431-1_15.
[84] S. Choi, D. Zage, Y. R. Choe, and B. Wasilow, “Physically Unclonable Digital ID,” in Proceedings 2015 IEEE 3rd International Conference on Mobile Ser vices, MS 2015, IEEE, 2015, pp. 105–111, ISBN: 9781467372848. DOI: 10. 1109/MobServ.2015.24. [Online]. Available: http://ieeexplore.ieee. org/document/7226678/.
[85] R. A. Scheel and A. Tyagi, “Characterizing Composite UserDevice Touchscreen Physical Unclonable Functions (PUFs) for Mobile Device Authentication,” in Proceedings of the 5th International Workshop on Trustworthy Embedded De vices TrustED ’15, New York, New York, USA: ACM Press, 2015, pp. 3–13, ISBN: 9781450338288. DOI: 10.1145/2808414.2808418. [Online]. Available: http://dl.acm.org/citation.cfm?doid=2808414.2808418.
[86] Y. Guo and A. Tyagi, “Voice Based UserDevice Physical Unclonable Functions for Mobile Device Authentication,” in 2016 IEEE Computer Society Annual Sym posium on VLSI (ISVLSI), IEEE, 2016, pp. 512–517, ISBN: 9781467390392. DOI: 10.1109/ISVLSI.2016.47. [Online]. Available: http://ieeexplore. ieee.org/document/7560250/.
[87] Y. Zheng, Y. Cao, and C.H. Chang, “Facial biohashing based userdevice physical unclonable function for bring your own device security,” in 2018 IEEE Interna tional Conference on Consumer Electronics (ICCE), IEEE, 2018, pp. 1–6, ISBN: 9781538630259. DOI: 10.1109/ICCE.2018.8326074. [Online]. Available: http://ieeexplore.ieee.org/document/8326074/.
[88] S. Nakamoto, “Bitcoin: A peertopeer electronic cash system,” Tech. Rep., 2013, p. 9. [Online]. Available: https://bitcoin.org/bitcoin.pdf.
[89] A. Narayanan, J. Bonneau, E. Felten, A. Miller, and S. Goldfeder, Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction, 1st Editio. Prince ton University Press, 2016, p. 366, ISBN: 0691171696.
[90] F. Tschorsch and B. Scheuermann, “Bitcoin and beyond: A technical survey on decentralized digital currencies,” IEEE Communications Surveys and Tutorials, vol. 18, no. 3, pp. 2084–2123, 2016, ISSN: 1553877X. DOI: 10.1109/COMST. 2016.2535718. [Online]. Available: http://ieeexplore.ieee.org/ document/7423672/.
[91] F. Dai, Y. Shi, N. Meng, L. Wei, and Z. Ye, “From Bitcoin to cybersecurity: A com parative study of blockchain application and security issues,” in 2017 4th Interna tional Conference on Systems and Informatics (ICSAI), IEEE, 2017, pp. 975–979, ISBN: 9781538611074. DOI: 10.1109/ICSAI.2017.8248427. [Online]. Available: http://ieeexplore.ieee.org/document/8248427/.
[92] A. Kaushik, A. Choudhary, C. Ektare, D. Thomas, and S. Akram, “Blockchain — literature survey,” in 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), IEEE, 2017, pp. 2145–2148, ISBN: 9781509037049. DOI: 10.1109/RTEICT.2017. 8256979. [Online]. Available: http://ieeexplore.ieee.org/document/ 8256979/.
[93] Z. Zheng, S. Xie, H. Dai, X. Chen, and H. Wang, “An overview of blockchain tech nology: Architecture, consensus, and future trends,” in 2017 IEEE International Congress on Big Data (BigData Congress), IEEE, 2017, pp. 557–564, ISBN: 978 1538619964. DOI: 10.1109/BigDataCongress.2017.85. [Online]. Avail able: http://ieeexplore.ieee.org/document/8029379/.
[94] T. T. A. Dinh, R. Liu, M. Zhang, G. Chen, B. C. Ooi, and J. Wang, “Untangling blockchain: A data processing view of blockchain systems,” 2017, [Online]. Avail able: http://arxiv.org/abs/1708.05665.
[95] BitFury Group, “Proof of Stake versus Proof of Work,” 2015, [Online]. Available: https://bitfury.com/content/downloads/pos-vs-pow-1.0.2.pdf.
[96] G. Wood, “Ethereum: A secure decentralised generalised transaction ledger,” 2014, [Online]. Available: http://gavwood.com/paper.pdf.
[97] C. Percival, Tarsnap The scrypt key derivation function and encryption utility, 2009. [Online]. Available: http://www.tarsnap.com/scrypt.html.
[98] ——, “Stronger Key Derivation via Sequential MemoryHard Functions,” in The Technical BSD Conference (BSDCan2009), 2009, p. 16. [Online]. Available: https://www.bsdcan.org/2009/schedule/attachments/87_scrypt.pdf.
[99] K. Christidis, Hyperledger Fabric Consensus Mechanism. [Online]. Available: https://github.com/hyperledger-archives/fabric/wiki/Consensus (visited on 09/08/2019).
[100] S. D. Angelis, L. Aniello, R. Baldoni, F. Lombardi, A. Margheri, and V. Sas sone, “PBFT vs proofofauthority: applying the CAP theorem to permissioned blockchain,” in Italian Conference on Cybersecurity, 2017, p. 11. [Online]. Avail able: https://eprints.soton.ac.uk/415083/2/itasec18_main.pdf.
[101] M. Castro and B. Liskov, “Practical byzantine fault tolerance and proactive recov ery,” ACM Transactions on Computer Systems, vol. 20, no. 4, pp. 398–461, 2002, ISSN: 07342071. DOI: 10.1145/571637.571640. arXiv: arXiv:1203.6049v1. [Online]. Available: http://portal.acm.org/citation.cfm?doid=571637. 571640.
[102] J. R. Douceur, “The sybil attack,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinfor matics), 2002, ISBN: 3540441794.
[103] F. Saleh, “Blockchain Without Waste: ProofofStake,” SSRN Electronic Journal, 2018, ISSN: 15565068. DOI: 10.2139/ssrn.3183935. [Online]. Available: https://www.ssrn.com/abstract=3183935.
[104] C. Cachin, S. Schubert, and M. Vukolić, “Nondeterminism in Byzantine Fault Tolerant Replication,” Workshop on Distributed Cryptocurrencies and Consensus Ledgers (DCCL 2016), 2016. arXiv: 1603.07351. [Online]. Available: http: //arxiv.org/abs/1603.07351.
[105] K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for the Inter net of Things,” IEEE Access, vol. 4, pp. 2292–2303, 2016, ISSN: 21693536. DOI: 10.1109/ACCESS.2016.2566339. [Online]. Available: http://ieeexplore. ieee.org/document/7467408/.
[106] N. Szabo, Smart Contracts: Building Blocks for Digital Markets, 1996. [On line]. Available:https://pdfs.semanticscholar.org/9b6c/ d3fe0bf5455dd44ea31422d015b003b5568f.pdf (visited on 05/16/2018).
[107] Buterin and Vitalik, “Ethereum white paper: A next generation smart contract & decentralized application platform,” 2014, [Online]. Available: https:// github.com/ethereum/wiki/wiki/White-Paper.
[108] Ethereum, Introduction to smart contracts, 2016. [Online]. Available: http: / / solidity . readthedocs . io / en / latest / introduction - to - smart - contracts.html (visited on 04/10/2018).
[109]M. Bellare and P. Rogaway,Introduction to Modern Cryptography. 2005, p. 283.[Online]. Available:https://web.cs.ucdavis.edu/{~}rogaway/classes/227/spring05/book/main.pdf.
[110]J. Katz and Y. Lindell,Introduction to Modern Cryptography, 2nd edition.New York, New York, USA: Chapman and Hall/CRC, 2007, p. 603, ISBN:9781466570269.
[111]S. Kumar Pandey, S. Sarkar, and M. Prasad Jhanwar, “Relaxing INDCCA: Indistinguishability against Chosen Ciphertext Verification Attack,” in, Springer,Berlin, Heidelberg, 2012, pp. 63–76. DOI:10.1007/978-3-642-34416-9_5.[Online]. Available:http://link.springer.com/10.1007/978-3-642-34416-9_5.
[112]B. Lee, S. Malik, S. Wi, and J.H. Lee, “Firmware verification of embedded devices based on a blockchain,” inLecture Notes of the Institute for Computer Sciences, SocialInformatics and Telecommunications Engineering, LNICST, J.H.Lee and S. Pack, Eds., vol. 199, Springer, Cham, 2017, pp. 52–61, ISBN:9783319607160. DOI:10.1007/978-3-319-60717-7_6. [Online]. Available:http://link.springer.com/10.1007/978-3-319-60717-7_6.
[113]B. Lee and J.H. Lee, “Blockchainbased secure firmware update for embeddeddevices in an Internet of Things environment,”The Journal of Supercomputing,vol. 73, no. 3, pp. 1152–1167, 2017, ISSN: 09208542. DOI:10.1007/s11227-016-1870-0. [Online]. Available:http://link.springer.com/10.1007/s11227-016-1870-0.
[114]A. Boudguiga, N. Bouzerna, L. Granboulan, A. Olivereau, F. Quesnel, A. Roger,and R. Sirdey, “Towards better availability and accountability for IoT updates bymeans of a blockchain,” in2017 IEEE European Symposium on Security andPrivacy Workshops (EuroS&PW), IEEE, 2017, pp. 50–58, ISBN: 9781538622445. DOI:10 . 1109 / EuroSPW . 2017 . 50. [Online]. Available:http : / /ieeexplore.ieee.org/document/7966970/.
[115]A. Yohan, N.W. Lo, and S. Achawapong, “Blockchainbased Firmware Update Framework for InternetofThings Environment,” inConf. Information and KnowledgeEngineering,2018,pp.151–155,ISBN:1601324847.[Online].Available:https : / / csce . ucmss . com / cr / books / 2018 / LFS / CSREA2018 /IKE9004.pdf.
[116]P. Santoso, “Secure and Trusted Firmware Update Framework for IoT Environment,” Master Thesis, National Taiwan University of Science and Technology,2019.
[117]R. N. Akram, K. Markantonakis, and K. Mayes, “User centric security model fortamperresistant devices,” inProceedings 2011 8th IEEE International Conference on eBusiness Engineering, ICEBE 2011, IEEE, 2011, pp. 168–177, ISBN:9780769545189. DOI:10.1109/ICEBE.2011.69. [Online]. Available:http://ieeexplore.ieee.org/document/6104614/.
[118]M. F. F. Khan and K. Sakamura, “TamperResistant Security for CyberPhysicalSystems with eTRON Architecture,” inProceedings 2015 IEEE InternationalConference on Data Science and Data Intensive Systems; 8th IEEE InternationalConference Cyber, Physical and Social Computing; 11th IEEE International ConferenceonGreenComputingandCommunicationsand8thIEEEInte,IEEE,2015,pp. 196–203, ISBN: 9781509002146. DOI:10.1109/DSDIS.2015.98. [Online].Available:http://ieeexplore.ieee.org/document/7396503/.
[119]S. Ravi, A. Raghunathan, and S. Chakradhar, “Tamper resistance mechanismsfor secure embedded systems,” in17th International Conference on VLSI Design. Proceedings., IEEE Comput. Soc, 2004, pp. 605–611, ISBN: 0769520723. DOI:10 . 1109 / ICVD . 2004 . 1260985. [Online]. Available:http : / /ieeexplore.ieee.org/document/1260985/.
[120]M. H. Weik, “Closed system,” inComputer Science and Communications Dictionary, Boston, MA: Springer US, 2000, pp. 222–222. DOI:10.1007/1-4020-0613-6_2792. [Online]. Available:http://www.springerlink.com/index/10.1007/1-4020-0613-6_2792.
[121]EMVCo, “EMV Payment Tokenisation Specification,” no. March, p. 84, 2014.[Online]. Available:https://www.emvco.com/specifications.aspx?id=263.
[122]D. OrtizYepes,A critical review of the EMV payment tokenisation specification,2014. DOI:10.1016/S1361-3723(14)70539-1. [Online]. Available:http://linkinghub.elsevier.com/retrieve/pii/S1361372314705391.
[123]A. Yohan, N.W. Lo, and H. R. Lie, “Dynamic multifactor authentication forsmartphone,” in2016 IEEE 27th Annual International Symposium on Personal,Indoor,andMobileRadioCommunications(PIMRC),IEEE,2016,pp.1–6,ISBN:9781509032549. DOI:10.1109/PIMRC.2016.7794966. [Online]. Available:http://ieeexplore.ieee.org/document/7794966/.
[124]G.MeandM.A.Strangio,“ECPAY:AnefficientandsecureECCbasedwirelesslocal payment scheme,” inProceedings 3rd International Conference on Information Technology and Applications, ICITA 2005, vol. II, IEEE, 2005, pp. 442–447, ISBN: 0769523161. DOI:10.1109/ICITA.2005.122. [Online]. Available:http://ieeexplore.ieee.org/document/1489002/.
[125]C. Thammarat, R. Chokngamwong, C. Techapanupreeda, and S. Kungpisdan, “Asecure lightweight protocol for NFC communications with mutual authenticationbased on limiteduse of session keys,” in2015 International Conference on Information Networking (ICOIN), IEEE, 2015, pp. 133–138, ISBN: 9781479983421. DOI:10 . 1109 / ICOIN . 2015 . 7057870. [Online]. Available:http ://ieeexplore.ieee.org/document/7057870/.
[126]S.Nashwan,“SecureAuthenticationProtocolforNFCMobilePaymentSystems,”International Journal of Computer Science and Network Security, vol. 17, no. 8,pp. 256–263, 2017. [Online]. Available:https://www.researchgate.net/publication/322307090_Secure_Authentication_Protocol_for_NFC_Mobile_Payment_Systems.
[127]C. Thammarat, W. Kurutach, and S. Phoomvuthisarn, “A secure lightweight andfair exchange protocol for NFC mobile payment based on limiteduse of sessionkeys,” in2017 17th International Symposium on Communications and Information Technologies (ISCIT),IEEE,2017,pp.1–6,ISBN:9781509065141.DOI:10.1109/ISCIT.2017.8261168. [Online]. Available:http://ieeexplore.ieee.org/document/8261168/.
[128]K. Fan, H. Li, W. Jiang, C. Xiao, and Y. Yang, “Secure Authentication Protocolfor Mobile Payment,”Tsinghua Science and Technology, vol. 23, no. 5, pp. 610–620, 2018. DOI:10.26599/TST.2018.9010031. [Online]. Available:https://ieeexplore.ieee.org/document/8450873/.
[129]J. Windles,How to bypass 2FA (twofactor authentication). [Online]. Available:https://www.wandera.com/mobile-security/bypassing-2fa/(visited on01/24/2019).
[130]MITRE Corp.,TwoFactor Authentication Interception. [Online]. Available:https://attack.mitre.org/techniques/T1111/(visited on 01/24/2019).
[131]M. Kan,Hackers beat 2factor authentication with automated phishing attacks,2018. [Online]. Available:https://mashable.com/article/hackers-beat-two-factor-authentication-2fa-phishing/(visited on 01/24/2019).
[132]J. Overson,No, 2FA Does Not Stop Credential Stuffing Attacks, 2019. [Online].Available:https://medium.com/@jsoverson/no-2fa-does-not-stop-credential-stuffing-attacks-79de7476a80a(visited on 06/24/2019).
[133]Z. Doffman,FBI Issues Surprise New Cyber Attack Warning: MultiFactor Authentication Is Being Defeated, 2019. [Online]. Available:https : / / www .forbes.com/sites/zakdoffman/2019/10/07/fbi-issues-surprise-cyber-attack-warningurges-new-precautions/{\#}7aefc17c7efb(visited on 10/24/2019).
[134]D. He, N. Kumar, J. H. Lee, and R. Sherratt, “Enhanced threefactor security protocol for consumer USB mass storage devices,”IEEE Transactions on ConsumerElectronics, vol. 60, no. 1, pp. 30–37, 2014, ISSN: 00983063. DOI:10.1109/TCE.2014.6780922. [Online]. Available:http://ieeexplore.ieee.org/document/6780922/.
[135]V. Gupta, S. Gupta, S. Chang, and D. Stebila, “Performance analysis of ellipticcurve cryptography for SSL,” inProceedings of the ACM workshop on Wirelesssecurity WiSE ’02, New York, New York, USA: ACM Press, 2002, pp. 87–94,ISBN:1581135858.DOI:10.1145/570681.570691.[Online].Available:http://portal.acm.org/citation.cfm?doid=570681.570691.
[136]D. Boneh and R. J. Lipton, “Algorithms for BlackBox Fields and their Application to Cryptography,” in, Springer, Berlin, Heidelberg, 1996, pp. 283–297. DOI:10.1007/3-540-68697-5_22. [Online]. Available:http://link.springer.com/10.1007/3-540-68697-5_22.
[137]V. Shoup, “Lower Bounds for Discrete Logarithms and Related Problems,” in,Springer, Berlin, Heidelberg, 1997, pp. 256–266. DOI:10.1007/3-540-69053-0_18. [Online]. Available:http://link.springer.com/10.1007/3-540-69053-0_18.
[138]DEDIS Group,Skipchain Implementation, 2018. [Online]. Available:https://github.com/dedis/cothority/tree/master/skipchain.
[139]B. Ford,How Do You Know It’s On the Blockchain? With a SkipChain, 2017.[Online]. Available:http://bford.info/2017/08/01/skipchain/(visited on 05/02/2019).