A formally verified blockchain-based decentralised authentication scheme for the internet of things

With the proliferation of intelligent devices in the Internet of Things (IoT), the security of IoT devices is becoming a major concern as an attacker can exploit network services via network capture or deployment of malicious devices. Therefore, IoT device authentication is a key security requirement. Conventional authentication approaches have proved insufficient in dealing with a large number of IoT devices because of various shortcomings, such as centrally designed architectures and expensive cryptographic primitives. Blockchain technology has led to the creation of decentralised IoT authentication solutions with their desirable characteristics. Due to the integration of IoT and Blockchain technology, however, performance is one of the significant challenges. Existing Blockchain-based authentication schemes create extra storage, computing and communication overheads on the Blockchain which restricts its use for different IoT networks. In this paper, we design an efficient decentralised Blockchain-based authentication scheme aimed at achieving a secure authentication for IoT devices using the token mechanism. We design the Ethereum Blockchain network model to implement our scheme, in which smart contracts provide secure connectivity between miner nodes and IoT devices. We demonstrate our proposed scheme with an IoT-based smart home case study, which shows significant performance in computation and communication overheads compared with existing Blockchain-based authentication schemes. The modelling, analysis and verification of the proposed scheme, using high level Petri nets (HLPNs) and Z3 SMT solver are also provided to prove correctness and to verify the claims of our model.