A Secure and Lightweight Authentication and Key Agreement Protocol for Blockchain-Assisted IoT Collaboration Environments

Blockchain-assisted authentication frameworks have been introduced to mitigate the single point-of-failure problem in centralized IoT collaboration environments. Recently, a lightweight trust management framework based on a permissioned blockchain was proposed for distributed authentication and interaction traceability. However, our analysis shows that this protocol is vulnerable to offline password guessing, terminal device impersonation, session-key disclosure, and user traceability attacks. It also fails to provide perfect forward secrecy. Accordingly, we propose a secure and lightweight authentication and key agreement protocol for blockchain-assisted IoT collaboration environments. The proposed scheme integrates Physically Unclonable Functions to improve resistance against physical capture and device cloning attacks. It also uses a fuzzy extractor to support biometric-based authentication and a dynamic pseudo-identity update mechanism managed through a consortium blockchain to protect user anonymity and untraceability. The proposed protocol is verified using the Real-or-Random model, BAN logic, and AVISPA simulations.