Private and consortium blockchain-based authentication protocol for IoT devices using PUF

In this work, a static random access memory-physical unclonable function (SRAM-PUF) based device security framework is proposed which uses the trending blockchain technology for securing the device credentials. The proposed framework produces a unique fingerprint called PUF key for each device based on its hardware characteristics which will act as an authenticating parameter for the devices during the authentication and re-authentication phase. The proposed work uses both consortium and private blockchains for storing device credentials and authentication, unlike the current trend of using either a secured database or only a public blockchain. The consortium blockchain is used for first-time authentication, while the private blockchain is used for repeated authentication which saves the time incurred in accessing the consortium blockchain during repeated authentication. The proposed protocol also includes mutual authentication between the entities involved and thus provides dual security (device authentication and mutual authentication) to the proposed protocol making the system more secure and robust against attacks. Security analysis of the proposed protocol is done using the Scyther tool and the protocol is also theoretically proven to be stable under various attacks using threat analysis and the real-or-random model (ROR). The performance analysis of the protocol is done by analyzing the computation and communication cost of the proposed protocol against other state-of-the-art protocols. Further, the proposed protocol is also evaluated in the blockchain testbed which includes Raspberry PI and Arduino components. The results conveyed that the introduction of a private blockchain reduces the time incurred in the device re-authentication.