IEEE TRANSACTIONS ON SERVICES COMPUTING, VOL. 13, NO.

2, MARCH/APRIL 2020 241

A Hybrid BlockChain-Based Identity

Authentication Scheme for Multi-WSN
Zhihua Cui , Fei Xue , Shiqiang Zhang, Xingjuan Cai , Yang Cao,
Wensheng Zhang, and Jinjun Chen , Senior Member, IEEE

Abstract—Internet of Things (IoT) equipment is usually in a harsh environment, and its security has always been a widely concerned
issue. Node identity authentication is an important means to ensure its security. Traditional IoT identity authentication protocols usually
rely on trusted third parties. However, many IoT environments do not allow such conditions, and are prone to single point failure.
Blockchain technology with decentralization features provides a new solution for distributed IoT system. In this paper, a blockchain based
multi-WSN authentication scheme for IoT is proposed. The nodes of IoT are divided into base stations, cluster head nodes and ordinary
nodes according to their capability differences, which are formed to a hierarchical network. A blockchain network is constructed among
different types of nodes to form a hybrid blockchain model, including local chain and public chain. In this hybrid model, nodes identity
mutual authentication in various communication scenarios is realized, ordinary node identity authentication operation is accomplished
by local blockchain, and cluster head node identity authentication are realized in public blockchain. The analysis of security and
performance shows that the scheme has comprehensive security and better performance.

Index Terms—Hybrid blockchain, muti-WSN, IoT, hierarchical network, identity authentication

1 INTRODUCTION
IRELESS Sensor Network (WSN) is an important part of In the IoT environment, different sensor networks, networks
W the Internet of Things (IoT), which is used to collect
information from specific areas. WSN is a self-organizing
and end users, and intra-network nodes need to cooperate to
provide services. Therefore, it is necessary to manage the
network formed by a large number of cheap, weak comput- identity of sensor nodes safely and to realize the security
ing and storage capacity and limited energy sensor nodes. authentication between sensor nodes [7]. Because the envi-
WSN of the IoT is widely used in various fields, including ronment of sensor nodes in WSN is more complex and harsh,
medical monitoring, environmental monitoring, agricultural it is important to study the security authentication between
management, military applications, disaster management, sensor nodes in WSN.
and surveillance systems and other areas [1], [2], [3], [4], [5]. Traditional IoT security authentication protocols mostly
WSN architecture of the IoT mainly includes centralized and adopt centralized authentication methods. Such authentica-
distributed [6]. In centralized WSN, sensor nodes aggregate tion protocols [8], [9], [10] need to rely on a trusted third
data to base stations through network routing for processing party, such as Certificate Authorization center, authentica-
and analysis. In distributed WSN, user terminals and other tion server, and so on, so there is a threat of single-point fail-
network entities (such as other sensor nodes or network ure. Blockchain, as a new decentralized distributed system
devices) can obtain original data directly from sensor nodes. technology, coincides with the distributed characteristics of
the IoT, which provides a new way to solve the security
problems of the IoT [11], [12]. However, as the implementa-

Z. Cui and X. Cai are with the College of Computer Science and Technology, tion of blockchain for IoT security is still in the exploratory
Taiyuan University of Science and Technology, Taiyuan, Shanxi 030024, stage, there are still many problems in the existing block-
China. E-mail: [email protected], [email protected].

F. Xue and Y. Cao are with the School of Information, Beijing Wuzi chain-based methods.
University, Beijing 101149, China. In current research on the security of the IoT, the related
E-mail: {xuefei2004, caoyangcwz}@126.com. work on the blockchain is mainly carried out from two

S. Zhang is with the Faculty of Information Technology, Beijing University
of Technology, Beijing 100124, China. E-mail: [email protected].
aspects: the security architecture of the IoT and the security

W. Zhang is with the State Key Laboratory of Intelligent Control and authentication [13], [14], [15]. The research of security archi-
Management of Complex Systems, Institute of Automation Chinese Academy tecture of IoT based on blockchain mainly focus on the dis-
of Sciences, Beijing 100190, China. E-mail: [email protected]. tributed characteristics of devices in the IoT and how they fit

J. Chen is with Complex System and Computational Intelligence Labo-
ratory, Taiyuan University of Science and Technology, Taiyuan, Shanxi better with the topological structure of blockchain, so as to
030024, China, and also with Swinburne Data Science Research Institute, achieve the unification of the logical structure of the two, so
Swinburne University of Technology, Hawthorn, VIC 3122, Australia. that the blockchain can better serve the security of the IoT. In
E-mail: [email protected].
the aspect of authentication, the existing research mainly
Manuscript received 30 Mar. 2019; revised 11 Nov. 2019; accepted 20 Dec. constructs a peer-to-peer network through gateway nodes,
2019. Date of publication 7 Jan. 2020; date of current version 15 Apr. 2020.
(Corresponding author: Xingjuan Cai.) edge nodes, fog nodes and other devices that can support the
Digital Object Identifier no. 10.1109/TSC.2020.2964537 deployment of blockchain to form a blockchain network, and
1939-1374 ß 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See ht_tps://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on August 13,2024 at 09:00:01 UTC from IEEE Xplore. Restrictions apply.
 242 IEEE TRANSACTIONS ON SERVICES COMPUTING, VOL. 13, NO. 2, MARCH/APRIL 2020

achieves the identity authentication of devices in the IoT transaction records in the block twice, the result is regarded
through the blockchain. as the leaf node of Merkle tree, and then the hash value of
However, these security solutions for the IoT still have two adjacent nodes is recursively obtained until the last hash
many problems, such as not completely solving the single result, which is Merkle root. Transactions are bundled
point failure problem, weak scene adaptability and so on. together and submitted to blockchains in block form, and
To deal with these problems a blockchain-based mutual password technology is used to connect all blocks in a deter-
authentication scheme for multi-WSN IoT nodes is pro- mined order. In this way, all blocks together form an orderly
posed in this paper. Specifically, this paper makes the fol- chain structure.
lowing contributions: Encryption algorithm ensures that blocks are immutable,
which means that once a block is added to the chain, it can

A multi-WSN network model is designed. There are not be tampered with. In the blockchain system [29], [30], the
many nodes in the IoT. According to the different whole network relies on a consensus mechanism and is
functions of the nodes, the nodes of the IoT are maintained by all the nodes, which can be any device. Under
divided into base stations, cluster heads and ordinary the consensus mechanism, even if the node fails, the remain-
nodes according to their capabilities, which facilitates ing nodes can still maintain normal operation, which solves
the management and cooperation of the nodes. the shortcomings of the traditional centralized mode that is

A hybrid blockchain model is proposed. In order to fit vulnerable to malicious attacks and tampering. Blockchain is
the multi-WSN network model better, according to a kind of credit system, which is different from the trust
the different capabilities and energies of different model of trusted third party endorsement in the traditional
nodes, local blockchain and public blockchain are distributed network. It is a kind of ‘no trust’ system. This sys-
deployed between cluster head nodes and base sta- tem is not based on any laws and regulations and uses
tions respectively, and a hybrid blockchain model is machine language to implement [31].
formed. Blockchains are divided into three categories: public

A mutual authentication scheme for IoT nodes is pro- blockchain, private blockchain, and consortium blockchain
posed. In order to enhance the scalability of the IoT [32], [33]. Private blockchain and consortium blockchain are
authentication, we adopt the hierarchical blockchain private chains in a broad sense. Public blockchain refers to
mode. For cluster head nodes, we use the global block- any individual or group sharing a blockchain. As long as the
chain for authentication, and for ordinary nodes, we recipient of the chain can send transactions on it, and the
use the local blockchain for authentication. transaction can be effectively confirmed by the blockchain,
The rest of this article is organized as follows. Section 2 any group or individual can participate in the consensus pro-
introduces the knowledge related to blockchain and block- cess. Public blockchain is the first and most widely used
chain-based authentication. Section 3 describes the system blockchain, which is considered to be ‘completely decentral-
model in detail. Section 4 elaborates on our proposed mutual ized’. Consortium blockchain refers to a blockchain whose
authentication scheme for the IoT nodes. Section 5 analyses consensus process is controlled by some preselected nodes.
the security performance and efficiency of this scheme. Such blockchain is considered to be ‘partially decentralized’.
Finally, Section 6 concludes this paper. Private blockchain refers to the use of blockchain only for
bookkeeping operations, but they are not publicly available.
Its object can be either a company or an individual, which
2 BLOCKCHAIN AND BLOCKCHAIN BASED
has to write access to the blockchain alone and may have
AUTHENTICATION highly restricted access to the outside world. Blockchain is
2.1 Blockchain also expected to be combined with AI and intelligent algo-
Blockchain technology is regarded as a subversive technol- rithms [34], [35], [36], [37], [38], [39], [40], [41], [42], [43], [44]
ogy by industry and research circles. It was first introduced to solve more problems.
as the underlying technology of encrypted digital currency
Bitcoin [16], which was proposed by Nakamoto in 2008. It is 2.2 Blockchain-Based Node Management and
actually a distributed, shared and no-tampered database Authentication
distributed account book, which stores transaction records of Because of the distributed characteristics of blockchain, it
assets and transactions through P2P network. Blockchain has a natural fit with the IoT [7], [45]. It is expected to play
technology is widely used in various fields [17], [18], [19], an important role in the management, control, and security
[20], for example, many researchers apply it to cloud resource of the most important equipment in the IoT. It will provide
scheduling problem [21], and employ intelligent optimal new solutions for the security of various areas of the IoT,
algorithms [22], [23], [24], [25], [26] to improve performance. such as vehicle network security, equipment management,
In Blockchain, each block consists of two parts: block head privacy protection and so on. Node authentication based on
and block. Blocks represent transaction records or transac- blockchain is a research hotspot in current research.
tions (which the database must store), which can be any type Owing to the limitation of IoT equipment itself, it is
of currency transactions, health data, system logs, traffic impossible to meet the deployment conditions of blockchain.
information, etc. [27]. Block headers consist of two sets of Many researchers establish the connection between IoT
metadata, one related to mining, including timestamps, diffi- equipment and blockchain through gateway nodes, edge
culty targets and Nonce values; the other related to the block nodes and other similar devices to achieve the management
itself, including fields linking parent blocks, version num- and authentication of devices. In [15], Hammi et al. proposed
bers and roots of Merkle tree [28]. After hashing all a method of ‘decentralized’ device node authentication
Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on August 13,2024 at 09:00:01 UTC from IEEE Xplore. Restrictions apply.
 CUI ET AL.: HYBRID BLOCKCHAIN-BASED IDENTITY AUTHENTICATION SCHEME FOR MULTI-WSN 243

based on blockchain, which put the authentication process

on the cloud blockchain to ensure the security of the authen-
tication process. Although this method can basically meet
various security requirements, it does not support cross-
domain communication, and needs to connect the cloud
blockchain, authentication completion time (that is, consen-
sus time) is longer, which is not applicable to many WSNs
environments. Almadhoun et al. [14] proposed a blockchain-
based authentication scheme between IoT devices and users,
using a set of fog nodes that can provide localized comput-
ing, storage and networking for IOT devices to enhance
capacity constraints. In this scheme, fog nodes deployed Fig. 1. Hierarchical model of Multi-WSN.
near the devices of the IoT support blockchain. Fog nodes
are used as bridges to provide blockchain services for the
Each IoT node has a unique Ethernet address;
IoT, and mutual authentication between users and devices of
Cluster head nodes and base stations have certain stor-
the IoT is realized. Although the scheme has good scalability age and computing capabilities, and can be deployed
and security, it does not meet most of the communication smart contract;
scenarios in the IoT. Pan et al. [46] connect the nodes in the
As a node manager in a single network, base station
IoT that can’t deploy the blockchain software to the block- is trusted by the nodes in the network;
chain network by using edge nodes, realize the management
The process of initialization of intranet nodes by base
and authentication of node identity, and realize the alloca- stations is safe.
tion of cloud resources through the concept of ’trust’. But
they don’t specify how to allocate resources through ‘trust’. 3.2 Network Model
In [11], Biswas et al. separated weaker devices from the Inter- The IoT contains tens of millions of nodes to perceive data.
net by deploying peer-to-peer networks locally. They stored Nodes cooperate with each other to accomplish various tasks.
transaction information on local blocks and interacted with According to the different functions of the nodes, the IoT
public blockchain through local peer nodes to achieve infor- nodes can be divided into base station nodes, cluster head
mation management and access control of devices in the nodes and sensing nodes. In order to facilitate the manage-
Internet of Things. To a large extent, their model improves ment of these nodes and the realization of security authentica-
the scalability of the Internet of Things. But in this architec- tion between them, this paper designs a model of IoT
ture, centralized authentication centers are still needed. In network, as shown in the Fig. 1. We can see that the whole net-
[13], IoTchain, a security architecture of the IoT, which con- work is divided into several WSN sub-networks, each of
sists of authentication, blockchain layer and application which includes base station nodes, cluster head nodes, ordi-
layer, is proposed. In this architecture, a blockchain layer is nary nodes and end users. The following will introduce them
added to provide blockchain services in the Internet of things separately:
and receive transaction information from the application Base Station. The main function of the base station is to
layer. Security analysis shows that the architecture realizes manage the nodes in the subnet, and receive the sensing
identity authentication, access control, privacy protection, data from the sensing nodes and process, store and data
lightweight features, regional node fault tolerance, denial of analysis. As a node manager, the base station is trusted by
service elasticity and storage integrity. However, this archi- the nodes in the network, other nodes in the subnet need to
tecture does not fully consider the limitations of most devices be initialized by the base station before joining the network.
in the Internet of things and provides a distributed security Especially, base stations have abundant computing and
structure for the Internet of things by using the decentralized storage resources, and are directly connected with public
characteristics of blockchain, and still uses the centralized networks or clouds, so they can access public networks and
authentication center. other resources in the clouds.
Cluster Head Node. Cluster head node is mainly used for
simple processing and forwarding sensing data from ordi-
3 SYSTEM MODEL nary nodes in the network, with strong computing and stor-
In this section, we design a multi-WSN IoT network model age capabilities. There are several ordinary nodes in each
to meet the requirements of security authentication in the cluster. The cluster head node directly connects with the
IoT. First, the work of this paper is introduced based on ordinary node and the base station, receives various data
some reasonable assumptions. Then, a multi-WSN network from the ordinary node and forwards it to the base station,
authentication model is proposed. Finally, a hybrid block- and can access some data in the base station.
chain model is designed for the network model. Ordinary Node. Ordinary node is a variety of IoT devices
(such as smart home, camera, sensor, etc.), usually at the
edge of the network, used to sense a variety of data. Each
3.1 Assumption ordinary node belongs to only one cluster network and WSN
The IoT node authentication scheme proposed in this paper network. Usually, ordinary nodes can only sense and trans-
is based on some reasonable assumptions, which can be mit simple data, and their computing and storage capacity is
satisfied under certain conditions. The assumptions are as weak and energy is limited, so they can not perform complex
follows: operations and data processing.
Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on August 13,2024 at 09:00:01 UTC from IEEE Xplore. Restrictions apply.
 244 IEEE TRANSACTIONS ON SERVICES COMPUTING, VOL. 13, NO. 2, MARCH/APRIL 2020

End User. As a customer, before the end user accesses the

data of a node or interacts with a node, it needs to be
authenticated to obtain permission. End users usually have
sufficient computing and storage capacity, are not limited
by energy, and can be connected to the public network.
Nodes in the network cooperate with each other to accom-
plish specific tasks, and the interaction between nodes needs
to ensure the legitimacy of node identity. Identity authentica-
tion is one of the important means to ensure the security
of the IoT. In the network model of this section, two-way
authentication is required to establish secure communication
channels before two nodes establish communication and end
users access node resources in the network. The authentica-
tion scheme proposed in this paper mainly includes four
communication scenarios:

Two ordinary nodes in the same cluster communi-

Fig. 2. Hybrid blockchain model.
cate within the cluster, as shown in the link 1 in
Fig. 1. In this scenario, two nodes in the same cluster nodes. For the identity authentication of the end user, the
network need to establish secure communication to end user directly connects to the public chain and authenti-
accomplish tasks cooperatively; cates on the public chain through the smart contract.

Two ordinary nodes in different clusters in the same Local Blockchain. The local blockchain is a private block-
WSN communicate among clusters, as shown in link chain composed of all cluster head nodes in a single WSN.
2 in Fig. 1, two nodes of the same WSN establish When the cluster head node is registered with the identity
secure communication across cluster networks; information on the public blockchain, the cluster head node

Establish communication between two common is allowed to join the corresponding local blockchain. Local
nodes in different WSNs, as shown in link 3 in Fig. 1. blockchain is used to register ordinary nodes for authentica-
When a node in a WSN needs to access the data of tion. Smart contracts are deployed on cluster head nodes to
another WSN node, it is necessary to establish a secure verify registration and authentication requests submitted by
communication link between them. For example, the ordinary nodes. The registered node information is uploaded
monitoring system in the hospital needs to access the to the public chain for storage. Because the cluster head node
data in the wearable monitoring nodes of patients, is directly connected to the base station, when authenticating
and needs to authenticate each other first; the common node, the whole list of node information is

End users directly access a node resource in the net- obtained directly from the local blockchain node to complete
work, as shown in link 4 in Fig. 1. the authentication of the ordinary node.

3.3 Hybrid Blockchain Model

In public blockchain, nodes submit transactions by connecting 4 PROPOSED AUTHENTICATION SCHEME
to an unauthenticated blockchain and build a decentralized According to the network model and authentication require-
trust network through network consensus. If all the nodes of ments designed above, the corresponding authentication
the IoT are added to the public blockchain, frequent authenti- scheme is proposed in this section, the main process is shown
cation operations will consume a lot of resources and time, in Fig. 3, which mainly includes four steps:
which can not meet the real-time requirements of the IoT. Pri-
vate blockchain nodes need to be authenticated to join the net-
Initialization. It is mainly based on the base station to
work, while nodes in different WSNs belong to different initialize the security parameters of all nodes belong-
managers (base stations), so they can not join the private chain ing to the subnet;
through unified authentication. In order to adapt to the net-
Registration. In this stage the identity information of each
work model in this paper, a hybrid blockchain model is pro- node is registered and stored on the public blockchain;
posed, as shown in the Fig. 2. The hybrid blockchain model
Authentication. In this stage different types of authen-
consists of two parts: local blockchain and public blockchain. tication requests are validated and authorized by the
Public Blockchain. All base stations and end users are con- hybrid blockchain model proposed above;
nected to the public chain as miners’ nodes. They register
Node logout. Node needs to be logged out in case of
and authenticate cluster head nodes in the public block- damage, attack, energy exhaustion and so on.
chain, and authenticate the communication between nodes
across WSNs and the identity of user terminals. Smart con- 4.1 Initialization
tracts are deployed on the base station to register cluster Before deploying nodes, the base station needs to initialize
head nodes, and the identity information of the nodes is all nodes in the subnet. First, the base station calculates the
stored in the public blockchain network after authentica- identification of each node including itself. Because the nodei
tion. When authenticating cluster head nodes, the identity has a unique Ethernet address EAi in the whole network, the
information of the nodes in the public blockchain network base station hashes the Ethernet address by hashing function
is matched to authenticate the identity information of the to get the unique identity IDi ¼ hashðEAi Þ of the node and
Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on August 13,2024 at 09:00:01 UTC from IEEE Xplore. Restrictions apply.
 CUI ET AL.: HYBRID BLOCKCHAIN-BASED IDENTITY AUTHENTICATION SCHEME FOR MULTI-WSN 245

Fig. 3. Overall flow of the authentication scheme in this article.

sends it to each node for storage. Among them, the identity

of the ordinary node is marked as OrdinaryIDðOIDÞ, the
identity of the cluster head node is marked as ClusterID
ðCIDÞ, and the identity of the base station is marked as
StationIDðSIDÞ. Then the base station generates a bunch of
public-private key pairs publickeyu =privatekeyu ðpuku =prku Þ The registration phase mainly includes two aspects: clus-
for each node, where u represents node identification. The ter head node registration through public blockchain and
public and private keys generated here are mainly used to ordinary node registration through local blockchain.
verify the integrity of messages sent in the process of regis-
tration and authentication. Because the process is similar, Algorithm 1. The Smart Contract Node Register Process
they are not repeated in subsequent descriptions. Finally, the
1 begin
base station needs to generate an IDcard for each node to
2 /*PB is the abbreviation of Public Blockchain*/
prove its unique identification. Its structure includes: the
VerifyTmieðTimestampÞ ¼ error then
3 if VerifyTmie
base station identification SID of the WSN where the node is 4 Return errorðÞ;
located; the identification CID=OID of the node itself; and 5 end
the signature result sigprkxxx ðkeccak256ðXXjjYY ÞÞ using the NodeExitsðNode; PBÞ ¼ true then
6 if NodeExits
elliptic curve digital signature algorithm (ECDSA) and the 7 Return errorðÞ;
private key of the base station, where XX and YY represents 8 end
the identification of base station and cluster head node sepa- VerifyIDðSIDÞ ¼ error then
9 if VerifyID
rately, keccak is a hash function. 10 Return errorðÞ;
11 end
4.2 Registration VerifyIDcardðNodeÞ ¼ error then
12 if VerifyIDcard
Node deployment is to allocate nodes reasonably to the net- 13 Return errorðÞ;
work to form a complete network topology. In the process, 14 end
the identity information of the legitimate node is bound to 15 Return trueðNode registeredÞ;
its corresponding base station and cluster head nodes and 16 end
stored in the public blockchain network. Before that, this
paper designs a node identity information storage structure,
which mainly includes the base station identification and its 4.2.1 Cluster Head Node Registration
public key of the WSN subnetwork where the node is Cluster head nodes submit registration transaction request
located, the identification and public key of the cluster head messages Request_of_Registration( CID, SID, IDcardCID ,
node of the cluster network where the node is located, its Timestamp). Then trigger the smart contract on the public
own identification and the status of the node. The specific blockchain to execute the registration verification process,
structure is in Table 1, ZZ is the default item, if the node is and proceed in turn according to the following steps:
the cluster head node, it does not need to assign value; Tag
represents the surviving state of the node, when the node is
TABLE 1
damaged, attacked or energy exhausted and other issues Node Information Format Stored in BlockChain
need to revoke the node, Tag values update.
Then, we defined the content of transaction information Attribute Value Attribute Value
entering the block in the registration stage as follow.
Base Station ID XX Public keyXX P1
The ‘Time’ indicates when the transaction was created, Cluster ID YY Public keyYY P2
the ‘Tran Type’ indicates the type of the transaction, the Ordinary ID ZZ Tag 0/1
‘Node inf’ indicates the node information we defined above.
Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on August 13,2024 at 09:00:01 UTC from IEEE Xplore. Restrictions apply.
 246 IEEE TRANSACTIONS ON SERVICES COMPUTING, VOL. 13, NO. 2, MARCH/APRIL 2020

1) Verify the validity of the Timestamp. information entering the block in the authentication stage as
2) Verify whether cluster head nodes already exist in follow.
the public blockchain by querying the node identifi- The ‘Time’ indicates when the transaction was created,
cation information stored in the public blockchain, the ‘Tran Type’ indicates the type of the transaction, the ‘Au
and the verification fails if they already exist. Type’ indicates the type of the authentication which includes
3) Verify the validity of the base station identification intradomain and interdomain, the ‘Req node’ indicates the
SID. node that initiated the request, and the ‘Tar node’ indicates
4) Verify the correctness of the cluster head node iden- the target node, the ‘Au result’ indicates the authentication
tity nameplate IDcardCID by using CID and SID in result which includes yes or no.
the registration transaction request message Reques-
t_of_Registration and the public key of the base station.
When any of the above steps fail to validate, the cluster
head node fails to register and then returns the registration
error message. When all the processes are validated success-
fully, the public blockchain stores the identity information of Algorithm 2. The Smart Contract Nodes Mutual Authen-
the cluster head node in the format designed above and pub- tication Process
lishes the validated message. The local blockchain agrees
that the cluster head node can access the network. 1 begin
VerifyIDcardðIDcardA Þ ¼ error then
2 if VerifyIDcard
3 Return errorðÞ;
4.2.2 Ordinary Node Registration
4 end
The registration verification process of ordinary nodes is car- 5 /*PB is the abbreviation of Public Blockchain*/
ried out on the local blockchain. Since there are many cluster NodeExitsðAOID ; PBÞ ¼ error then
6 if NodeExits
head nodes, each ordinary node can only join one cluster net- 7 Return errorðÞ;
work. After choosing the cluster network according to some 8 end
rules, the common node needs to broadcast its registration NodeExitsðBOID ; PBÞ ¼ error then
9 if NodeExits
request message Request_of_Registration(SID, CID, OID, 10 Return errorðÞ;
IDcardOID , Timestamp). The cluster head node receiving 11 end
Request_of_Registration first verifies the timeliness of time- VerifyaliveðAOID Þ ¼ error then
12 if Verifyalive
stamp. If the timeliness is satisfied, the registration transac- 13 Return errorðÞ;
tion event will be set up in the local blockchain network to 14 end
trigger the smart contract for the ordinary node identity VerifyaliveðBOID Þ ¼ error then
15 if Verifyalive
information registration procedure. The registration process 16 Return errorðÞ;
is performed in sequence as follows: 17 end
18 if ASID ¼ BSID then
1) The local blockchain node executing the smart contract 19 if ACID ¼ BCID then
downloads the identity information of all nodes from 20 Nodes A and B establish secure connections Return;
the public blockchain, and queries whether the OID of 21 end
the ordinary node requesting registration already 23 else
exists, and if it already exists, the registration fails. 23 /*LB is the abbreviation of Local Blockchain*/
2) Verify that the cluster head node CID exists in the pub- 24 LB sends Message_of_Confirm;
lic blockchain, and if it not exist, the registration fails. 25 Clusters exchange Credential_of_Authentication;
3) Verify the validity of the base station identification 26 if Credential of Authentication ¼ true then
SID. 27 Nodes A and B establish secure connections
4) Verify the correctness of the cluster head node iden- 28 Return;
29 end
tity nameplate IDcardOID by using OID and SID in
30 end
the registration transaction request message Reques-
31 end
t_of_Registration and the public key of the base station.
32 else
If any of the above steps fails to validate, the registration
33 PB sends Message_of_Confirm;
error message will be returned. When all the processes are Clusters exchange Credential_of_Authentication;
validated successfully, the local blockchain node will upload 34 if Credential of Authentication ¼ true then
the identity information of the ordinary node to the public 35 Nodes A and B establish secure connections Return;
blockchain for storage in the format designed above, and 36 end
publish the message of successful validation. The local block- 37 end
chain agrees that the ordinary node can access the corre- 38 Return errorðÞ;
sponding cluster network. 39 end

4.3 Authentication
The overall process of authentication is shown in Algorithm
2, which includes authentication between ordinary nodes 4.3.1 Authentication Between Ordinary Nodes
and communication authentication between end-users and When ordinary node A needs to interact with ordinary node
ordinary nodes. And, we defined the content of transaction B, it is necessary to establish a secure channel between the
Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on August 13,2024 at 09:00:01 UTC from IEEE Xplore. Restrictions apply.
 CUI ET AL.: HYBRID BLOCKCHAIN-BASED IDENTITY AUTHENTICATION SCHEME FOR MULTI-WSN 247

two nodes by bidirectional authentication between A and B. credentials Credential_of_AuthenticationB = (Voucher_

When node A initiates authentication, it first sends the con- of_Transaction, Timestamp-1, BOID ) and the signed
nection request message Request_of_Connection(AOID , ACID , result SignedB (Credential_of_AuthenticationB ) to clus-
ASID , BOID ; IdcardA ) to the cluster head node of the cluster ter head node ACID . When both of them are mutually
network. When the cluster head node receives the Reques- validated, a secure connection is established between
t_of_Connection, it triggers the intelligent contract and veri- nodes A and B.
fies the authentication request on the public blockchain and
the local blockchain. Verification is carried out according to 4.3.2 Authentication Between End User and
the following steps: Ordinary Nodes
The end user establishes a connection with the ordinary node
1) Find the base station information of the WSN subnet
and authenticates with the cluster head node of the cluster
where the node is located according to the node infor-
network where the ordinary node is located. First, the users
mation stored in the blockchain to verify the correct-
need to obtain their identity certificates, which can be issued
ness of the IdcardA held by the node. If it is verified,
by manufacturers, management departments and other
continue the following steps, otherwise return the
units. Then, end user needs to obtain permission from the
error.
base station, then send an authentication request to the pub-
2) Query the identity information of nodes A and B
lic blockchain, trigger the smart contract to authenticate the
according to the node identity information stored in
identity of the end user, and send a confirmation message to
the blockchain, and return an error if node A or B does
the end user and the cluster head node of the common node
not exist.
cluster network through the public blockchain. Finally, the
3) Verify the status of the node AOID and BOID , if not
authentication credentials are constructed between the end
both are alive, return the error.
user and the cluster head node. After verification, the end
4) if node A and B are located in the same WSN subnet,
user establishes a secure connection with the ordinary node.
perform step (5), otherwise, step (6) will be executed.
5) Local blockchain query the identity information of
nodes A and B according to the node identity informa- 4.4 Node Logout
tion stored in the blockchain. If they belong to the The cluster head node submits the information of the node
same cluster network, they return true directly to the that needs to be cancelled in its cluster network. Cluster head
corresponding cluster head nodes, and nodes A and B node sends the request message Request_Unregistration(OID,
establish secure connections. If they belong to different CID, SID), to the public blockchain. Smart contract executes
cluster networks, an acknowledgement message Mes- the node cancellation procedure, verifies the SID of the base
sage_of_Confirm(Voucher_of_Transaction, Timestamp, station, CID of the cluster head node and the existence of the
AOID , BOID ) is returned to the cluster head nodes cor- OID of the node in turn. After verification, the submission
responding to them. And the Voucher_of_Transaction= transaction sets the OID status Tag of the node to 0.
keccakðAOID , BOID , local block:timestamp) is the local
blockchain transaction voucher. Cluster head node
5 SECURE PERFORMANCE AND EFFICIENCY
ACID sends authentication credentials Credential_of_
AuthenticationA = (Voucher_of_Transaction, Timestamp,
ANALYSIS
AOID ) and the signed result SignedA (Credential_of_ 5.1 Secure Performance Analysis
AuthenticationA ) to cluster head node BSID . And Clus- In order to ensure the safe and effective operation of the IoT
ter head node BCID sends authentication credentials and the security and credibility of services, it is necessary to
Credential_of_AuthenticationB = (Voucher_of_Transac- meet some necessary security requirements in the design of
tion, Timestamp-1, BOID ) and the signed result the IoT scheme. In this section, we first introduce the security
SignedA (Credential_of_AuthenticationB ) to cluster head requirements in the IoT and give the corresponding analysis.
node ACID . When both of them are mutually vali- Then we analyze the security of the authentication scheme
dated, a secure connection is established between proposed in this paper and compare it with the existing
nodes A and B. authentication schemes for several common network attacks
6) The public blockchain inquires the identity informa- in the IoT.
tion of nodes A and B according to the node identity The security requirements in the IoT mainly include integ-
information stored in the blockchain, and sends con- rity, availability, scalability, non-repudiation and mutual
firmation messages Message_of_Confirm(Voucher_of_- authentication. The following analysis is made for these
Transaction, Timestamp, AOID , BOID ) to cluster head security requirements:
nodes in the WSN network where they are located Integrity. Usually, integrity includes data integrity and
after verification. And Voucher_of_Transaction=keccak message integrity. Data integrity refers to that unauthorized
ðAOID , BOID , local block:timestamp) is the public users and devices can not access and modify the data stored
blockchain transaction voucher. Cluster head node in the IoT. The authentication scheme in this paper is
ASID sends authentication credentials Credential_of_ designed to achieve this purpose. Message integrity refers to
AuthenticationA = (Voucher_of_Transaction, Timestamp, that the messages transmitted by users and devices of the IoT
AOID ) and the signed result SignedA (Credential_of_ can not be tampered with illegally in the interaction process.
AuthenticationA ) to cluster head node BCID . And The authentication process in this paper is carried out on the
Cluster head node BCID sends authentication public blockchain and the local blockchain. The integrity of
Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on August 13,2024 at 09:00:01 UTC from IEEE Xplore. Restrictions apply.
 248 IEEE TRANSACTIONS ON SERVICES COMPUTING, VOL. 13, NO. 2, MARCH/APRIL 2020

each transaction is checked and can not be tampered with TABLE 2

once submitted. The integrity of message is guaranteed in the Security Comparison of Different Schemes
authentication scheme. [13] [14] [15] our scheme
Availability. Availability means that legitimate users and
Sybil @ @ @ @
devices can effectively access the services provided by the
Message substitution @ @ @ @
IoT. What needs to be guarded against is denial of service Message replay @ @ @ @
attacks. The analysis of denial of service attacks in the pro- Man in the middle @ @ @ @
cess of identity authentication will be given later. DOS @ @ @ @
Scalability. Scalability is an important security require- Scalability @ @ @
ment for IoT. Due to the characteristics of the IoT equipment, Special equipment @ @ @
equipment replacement is frequent. Scalability becomes the Mutual authentication @ @ @
Cross domain authentication    @
main means to solve this problem. The authentication Decentralization @ @ @
scheme in this paper effectively realizes the authentication of
legitimate nodes, accesses the network and revokes the
invalid nodes, and meets the scalability requirements. cluster head nodes, and the messages sent by them can not
Non-Repudiation. Non-repudiation refers to the fact that be tampered with.
users and devices can not deny the operations they have Message Replay Attack. Most of the operations of the
implemented and the messages they send. Because this authentication scheme proposed in this paper are carried
scheme is carried out through blockchain, all operations are out in the blockchain, and there is no message replay attack
stored in the blockchain in the form of transaction records, in this part. There are two possible scenarios for message
and tampering is not allowed. replay attacks: (1) when a normal node requests registration
Mutual Authentication. Mutual authentication is that the from the cluster head node of its cluster network, it will not
identities of the two transmitters need to be recognized be re-registered at this time because the node has completed
before they interact. The authentication scheme proposed in the registration replay; (2) when it receives authentication
this paper is to identify the authenticated party through the between the ordinary nodes, it will need credential of
direct management node of the ordinary node, that is the Authentication confirmation from both cluster head nodes.
cluster head node of the cluster network where it is located, Therefore, message replay does not enable an attacker to
and to achieve mutual authentication between the two. authenticate.
In order to meet the above security requirements, authen- Man in the Middle Attack. Assuming that the attacker inter-
tication schemes are required to resist some common net- cepts the authentication message transmitted in the authenti-
work attacks in IoT. Aiming at the common network attacks cation process and uses the third party node to carry out the
in IoT, the security of the authentication scheme in this paper man-in-the-middle attack: (1) if the attacker intercepts the
is analyzed and compared with the existing scheme. request message of the registration stage, the submitted reg-
Sybil Attack. In the scheme designed in this paper, each istration content or the node information of the original legit-
ordinary node has a unique identity OID in the network, and imate node, it is impossible for the third party illegal node to
according to its WSN subnet and cluster network correspond- access the network; (2) if the attacker intercepts the authenti-
ing to the unique cluster head node CID and base station cation message of the authentication stage, just as in the anal-
SID, it can use (SID, CID, OID) to identify any ordinary ysis of message replay attack, the signature authentication of
node in the whole network, and the node identity authentica- both cluster heads is needed, and the third party node can
tion will be carried out before each communication. Authenti- not pass the legal authentication. Thus, this scheme can resist
cation is carried out on public blockchain or local blockchain. man-in-the-middle attack.
It is impossible for attackers to fake legitimate nodes in the Denial of Service. In this authentication scheme, the local
network to communicate with other nodes. blockchain composed of cluster head nodes in WSN is a pri-
Spoofing Attack. Because each communication must be vate chain, which does not allow any node to access, so
authenticated by two-way identity authentication, and each attackers can not directly attack the local blockchain by
time it must verify the IDcard that it holds to prove its denial of service. For the public blockchain, submitting each
unique identity, the attacker can not disguise the identity of transaction requires a certain amount of resources, and
another node to attack. attackers can not make the blockchain overload by sending
Message Substitution Attack. The authentication process of a large number of authentication requests. The normal node
the authentication scheme designed in this paper includes can not complete legal authentication.
node registration, mutual authentication between nodes and By comparing with some existing security solutions based
node revocation. The registration of cluster head nodes is on blockchain, as shown in the Table 2, we can see that the
directly submitted to the public blockchain, and there is no proposed scheme has a more comprehensive security, which
possibility of substitution attack on messages in the interac- meets the security requirements of the IoT mentioned above.
tion process. The registration process of a common node is From this, we can see that the proposed scheme has better
verified by the intelligent contract triggered by the local security performance.
blockchain node by its broadcast registration request mes-
sage. Even if the message is tampered with, the registration 5.2 Efficiency Analysis
is still the identity information of the legitimate node. For the The idea of the multi-WSN network model of the IoT
authentication process, only ordinary nodes accessing the designed in this paper is to distinguish the cluster head node
cluster network can initiate authentication requests to their and base station which have not complex computing power,
Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on August 13,2024 at 09:00:01 UTC from IEEE Xplore. Restrictions apply.
 CUI ET AL.: HYBRID BLOCKCHAIN-BASED IDENTITY AUTHENTICATION SCHEME FOR MULTI-WSN 249

stages, the messages transmitted by ordinary nodes are much

smaller than those transmitted by cluster head nodes; because
cluster head nodes interact with base stations and ordinary
nodes, the energy consumption is relatively large; and the
energy consumption of base stations is mainly used for the
submission and consensus of blockchain transactions, which
is not fully considered in the figure.
Through three aspects of analysis, the scheme in this
paper is in line with the design expectations in terms of cal-
culation, storage and energy consumption, and has a certain
high performance.
Fig. 4. Comparison of message sizes transmitted by different nodes.
6 CONCLUSION
sufficient storage space and energy reserve from the cluster Aiming at the single point failure of traditional authentica-
head node and base station which have outstanding capa- tion methods in IoT, this paper proposes a multi-WSN iden-
bilities in all aspects. The complex computation and large- tity authentication scheme based on blockchain. Combining
capacity storage needed in the authentication process are the decentralization of blockchain with the distributed struc-
placed on the cluster head node and base station. In order to ture of IoT nodes, a private blockchain is constructed
achieve hierarchical authentication between nodes based on between cluster heads in a single WSN, and base stations of
hybrid blockchain, the Ethernet workshop is deployed on all WSN are added to the public blockchain. A hybrid block-
the node and the base station, respectively. In this section, chain model is constructed between the whole network. In
the performance of the proposed scheme is analyzed to this model, the identity information registration between
verify its effectiveness. Because the research on blockchain- cluster head nodes and ordinary nodes and communication
based identity authentication scheme for IoT is still in its authentication between nodes are completed. Finally, the
infancy and there are few related literatures, it is impossible security and performance analysis show that the scheme has
to verify the effectiveness of this scheme by comparing with good security and efficiency.
other schemes. Therefore, starting from the core idea of the
scheme, through the analysis of each step in the execution
process, this paper compares the calculation consumption,
ACKNOWLEDGMENTS
storage consumption and energy consumption of different This work was supported by the National Key Research and
types of nodes to verify whether the performance of the Development Program of China (Grant No. 2018YFC1604000),
scheme meets the expectations of the scheme design. National Natural Science Foundation of China (Grant Nos.
Computing Consumption. It can be seen from the execution 61806138, U1636220, 61961160707, 61976212), Key R&D
of the scheme that ordinary nodes without complex comput- program of Shanxi Province (International Cooperation, Grant
ing power do not need to carry out computational operations No. 201903D421048), and Key R&D program of Shanxi
such as encryption and signature, but put these operations Province (High Technology, Grant No. 201903D121119).
on cluster head nodes and base stations, which is more in
line with the identity positioning of ordinary nodes in the
REFERENCES
IoT environment and their own limitations. Comparatively
speaking, cluster head nodes have strong computing power [1] S. Kumari and H. Om, “Authentication protocol for wireless sen-
sor networks applications like safety monitoring in coal mines,”
and can perform some complex operations. Base stations, as Comput. Netw., vol. 104, pp. 137–154, 2016.
WSN managers, generally have strong computing power [2] P. Gope and T. Hwang, “A realistic lightweight anonymous authen-
and can act as mining nodes in the blockchain. tication protocol for securing real-time application data access in
wireless sensor networks,” IEEE Trans. Ind. Electron., vol. 63, no. 11,
Storage Consumption. In the initialization stage, ordinary pp. 7124–7132, Nov. 2016.
nodes save IDcard to prove their identity, which occupies [3] R. Amin, S. H. Islam, N. Kumar, and K.-K. R. Choo, “An untrace-
little space; cluster head nodes, as members of local block- able and anonymous password authentication protocol for hetero-
chain and public blockchain, can be regarded as light nodes geneous wireless sensor networks,” J. Netw. Comput. Appl., vol. 104,
pp. 133–144, 2018.
in the public chain, and only when necessary, can download [4] Z. Cui, Y. Cao, X. Cai, J. Cai, and J. Chen, “Optimal leach protocol
the required node identity information from the base station with modified bat algorithm for big data sensing systems in internet
for relevant verification. Base stations have relatively more of things,” J. Parallel Distrib. Comput., vol. 132, pp. 217–229, 2019.
[5] F. Xue, H. Tang, Q. Su, and T. Li, “Task allocation of intelligent
sufficient storage space, which can store block information warehouse picking system based on multi-robot coalition,” KSII
on public chain to meet the needs of node verification. Trans. Internet Inf. Syst., vol. 13, no. 7, pp. 3566–3582, 2019.
Energy Consumption. The energy consumption of nodes in [6] J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, “Internet of
the IoT mainly exists in the transmission of messages. In this things (IoT): A vision, architectural elements, and future directions,”
Future Gener. Comput. Syst., vol. 29, no. 7, pp. 1645–1660, 2013.
section, the size of messages transmitted by nodes is used as [7] M. A. Khan and K. Salah, “IoT security: Review, blockchain solu-
the basis for comparative analysis. We compare the message tions, and open challenges,” Future Gener. Comput. Syst., vol. 82,
interaction between nodes and the size of the submission mes- pp. 395–411, 2018.
sage of blockchain transaction during the execution of the [8] F. Wu et al., “A lightweight and robust two-factor authentica-
tion scheme for personalized healthcare systems using wireless
scheme, and the result is shown in the Fig. 4. It can be seen medical sensor networks,” Future Gener. Comput. Syst., vol. 82,
from the figure that in the registration and authentication pp. 727–737, 2018.
Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on August 13,2024 at 09:00:01 UTC from IEEE Xplore. Restrictions apply.
 250 IEEE TRANSACTIONS ON SERVICES COMPUTING, VOL. 13, NO. 2, MARCH/APRIL 2020

[9] M. A. Ferrag, L. A. Maglaras, H. Janicke, J. Jiang, and [32] T. Salman, M. Zolanvari, A. Erbad, R. Jain, and M. Samaka, “Security
L. Shu, “Authentication protocols for Internet of Things: A services using blockchains: A state of the art survey,” IEEE Commun.
comprehensive survey,” Secur. Commun. Netw., vol. 2017, Surv. Tuts., vol. 21, no. 1, pp. 858–880, Jan.–Mar. 2019.
pp. 6 562 953:1–6 562 953:41, 2017. [33] M. Wu, K. Wang, X. Cai, S. Guo, M. Guo, and C. Rong, “A com-
[10] M. A. Ferrag, L. Maglaras, and A. Ahmim, “Privacy-preserving prehensive survey of blockchain: From theory to IoT applications
schemes for ad hoc social networks: A survey,” IEEE Commun. and beyond,” IEEE Internet Things J., vol. 6, no. 5, pp. 8114–8154,
Surveys Tuts., vol. 19, no. 4, pp. 3015–3045, Oct.–Dec. 2017. Oct. 2019.
[11] S. Biswas, K. Sharif, F. Li, B. Nour, and Y. Wang, “A scalable [34] Z. Shae and J. Tsai, “AI blockchain platform for trusting news,” in
blockchain framework for secure transactions in IoT,” IEEE Inter- Proc. IEEE 39th Int. Conf. Distrib. Comput. Syst., 2019, pp. 1610–1619.
net Things J., vol. 6, no. 3, pp. 4650–4659, Jun. 2019. [35] X. Cai, J. Zhang, H. Liang, L. Wang, and Q. Wu, “An ensemble bat
[12] J. Huang, L. Kong, G. Chen, M.-Y. Wu, X. Liu, and P. Zeng, algorithm for large-scale optimization,” Int. J. Mach. Learn. Cybern.,
“Towards secure industrial IoT: Blockchain system with credit- vol. 10, no. 11, pp. 3099–3113, 2019.
based consensus mechanism,” IEEE Trans. Ind. Informat., vol. 15, [36] K. E. Heraguemi, N. Kamel, and H. Drias, “Multi-objective bat algo-
no. 6, pp. 3680–3689, Jun. 2019. rithm for mining numerical association rules,” Int. J. Bio-Inspired
[13] Z. Bao, W. Shi, D. He, and K.-K. R. Chood, “IoTChain: A three-tier Comput., vol. 11, no. 4, pp. 239–248, 2018.
blockchain-based IoT security architecture,” CoRR, 2018. [Online]. [37] X. Cai, P. Wang, L. Du, Z. Cui, W. Zhang, and J. Chen, “Multi-objec-
Available: https://arxiv.org/abs/1806.02008 tive 3-dimensional DV-hop localization algorithm with NSGA-II,”
[14] R. Almadhoun, M. Kadadha, M. Alhemeiri, M. Alshehhi, and IEEE Sensors J., vol. 19, no. 21, pp. 10 003–10 015, Nov. 2019.
K. Salah, “A user authentication scheme of IoT devices using [38] J. Barnett and P. Treleaven, “Algorithmic dispute resolution the
blockchain-enabled fog nodes,” in Proc. IEEE/ACS 15th Int. Conf. automation of professional dispute resolution using AI and block-
Comput. Syst. Appl., 2018, pp. 1–8. chain technologies,” Comput. J., vol. 61, no. 3, pp. 399–408, 2017.
[15] M. T. Hammi, B. Hammi, P. Bellot, and A. Serhrouchni, “Bubbles 
[39] V. Kersic, P. Stukelj, A. Kamisalic, S. Karakatic, and M. Turkanovic,
of trust: A decentralized blockchain-based authentication system “A blockchain-and AI-based platform for global employability,” in
for IoT,” Comput. Secur., vol. 78, pp. 126–142, 2018. Proc. Int. Congr. Blockchain Appl., 2019, pp. 161–168.
[16] N. S. Bitcoin, “Bitcoin: A peer-to-peer electronic cash system,” [40] Z. Cui, Y. Chang, J. Zhang, X. Cai, and W. Zhang, “Improved
2008. [Online]. Available: https://bitcoin.org/bitcoin.pdf NSGA-III with selection-and-elimination operator,” Swarm Evol.
[17] Z. Zheng, S. Xie, H. Dai, X. Chen, and H. Wang, “An overview of Comput., vol. 49, pp. 23–33, 2019.
blockchain technology: Architecture, consensus, and future trends,” [41] T. N. Dinh and M. T. Thai, “AI and blockchain: A disruptive inte-
in Proc. IEEE Int. Congr. Big Data, 2017, pp. 557–564. gration,” Computer, vol. 51, no. 9, pp. 48–53, 2018.
[18] S. Aggarwal, R. Chaudhary, G. S. Aujla, N. Kumar, K.-K. R. Choo, [42] X. Cai et al., “An under-sampled software defect prediction
and A. Y. Zomaya, “Blockchain for smart communities: Applica- method based on hybrid multi-objective cuckoo search,” Concur-
tions, challenges and opportunities,” J. Netw. Comput. Appl., vol. 144, rency Comput. Pract. Experience, 2019, Art. no. e5478. [Online].
pp. 13–48, 2019. Available: https://doi.org/10.1002/cpe.5478
[19] T. McGhin, K.-K. R. Choo, C. Z. Liu, and D. He, “Blockchain in [43] K. Sarpatwar, V. Sitaramagiridharganesh Ganapavarapu,
healthcare applications: Research challenges and opportunities,” K. Shanmugam, A. Rahman, and R. Vaculin, “Blockchain enabled
J. Netw. Comput. Appl., vol. 135, pp. 62–75, 2019. AI marketplace: The price you pay for trust,” in Proc. IEEE Conf.
[20] S. Wang, L. Ouyang, Y. Yuan, X. Ni, X. Han, and F.-Y. Wang, Comput. Vis. Pattern Recognit. Workshops, 2019, pp. 1–10.
“Blockchain-enabled smart contracts: Architecture, applications, [44] Z. Cui et al., “A pigeon-inspired optimization algorithm for many-
and future trends,” IEEE Trans. Syst., Man, Cybern. Syst., vol. 49, objective optimization problems,” Sci. China Inf. Sci., vol. 62,
no. 11, pp. 2266–2277, Nov. 2019. pp. 070 212:1–070 212:3, 2019.
[21] M. Liu, F. R. Yu, Y. Teng, V. C. Leung, and M. Song, “Distributed [45] A. Reyna, C. Martın, J. Chen, E. Soler, and M. Dıaz, “On block-
resource allocation in blockchain-based video streaming systems chain and its integration with IoT. Challenges and opportunities,”
with mobile edge computing,” IEEE Trans. Wireless Commun., Future Gener. Comput. Syst., vol. 88, pp. 173–190, 2018.
vol. 18, no. 1, pp. 695–708, Jan. 2019. [46] J. Pan, J. Wang, A. Hester, I. Alqerm, Y. Liu, and Y. Zhao,
[22] X. Cai, X.-Z. Gao, and Y. Xue, “Improved bat algorithm with optimal “EdgeChain: An edge-IoT framework and prototype based on
forage strategy and random disturbance strategy,” Int. J. Bio-Inspired blockchain and smart contracts,” IEEE Internet Things J., vol. 6, no. 3,
Comput., vol. 8, no. 4, pp. 205–214, 2016. pp. 4719–4732, Jun. 2019.
[23] X. Deng, P. Jiang, X. Peng, and C. Mi, “An intelligent outlier detec-
tion method with one class support tucker machine and genetic
algorithm toward big sensor data in internet of things,” IEEE
Zhihua Cui received the PhD degree in control
Trans. Ind. Electron., vol. 66, no. 6, pp. 4672–4683, Jun. 2019. theory and engineering from Xi’an Jiaotong Uni-
[24] L. Li et al., “CreditCoin: A privacy-preserving blockchain-based versity, Xi’an, China, in 2008. He is currently a
incentive announcement network for communications of smart professor with the School of Computer Science
vehicles,” IEEE Trans. Intell. Transp. Syst., vol. 19, no. 7, pp. 2204–2220, and Technology, Taiyuan University of Science
Jul. 2018. and Technology, China. He is the editor-in-chief
[25] Z. Cui, F. Xue, X. Cai, Y. Cao, G.-G. Wang, and J. Chen, “Detection
of the International Journal of Bio-inspired Com-
of malicious code variants based on deep learning,” IEEE Trans. putation. His research interests include computa-
Ind. Informat., vol. 14, no. 7, pp. 3187–3196, Jul. 2018. tional intelligence, stochastic algorithm, and
[26] Y. Cao, Z. Ding, F. Xue, and X. Rong, “An improved twin support combinatorial optimization.
vector machine based on multi-objective cuckoo search for soft-
ware defect prediction,” Int. J. Bio-Inspired Comput., vol. 11, no. 4,
pp. 282–291, 2018.
[27] V. L. Lemieux, “Trusting records: Is blockchain technology the Fei Xue received the MS degree in computer
answer?” Rec. Manage. J., vol. 26, no. 2, pp. 110–139, 2016. application technology from the Taiyuan Univer-
[28] I.-C. Lin and T.-C. Liao, “A survey of blockchain security issues and sity of Science and Technology, Taiyuan, China,
challenges,” Int. J. Netw. Secur., vol. 19, no. 5, pp. 653–659, 2017. in 2011, and the PD degree in computer science
[29] N. Z. Aitzhan and D. Svetinovic, “Security and privacy in decen- and technology from the Beijing University of
tralized energy trading through multi-signatures, blockchain and Technology, Chaoyang, China, in 2016. He is
anonymous messaging streams,” IEEE Trans. Dependable Secure currently a lecturer with the School of Information,
Comput., vol. 15, no. 5, pp. 840–852, Sep./Oct. 2018. Beijing Wuzi University. His research interests
[30] G. Karame, “On the security and scalability of bitcoin’s blockchain,” include swarm intelligence and network security.
in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., 2016,
pp. 1861–1862.
[31] A. Ouaddah, A. Abou Elkalam, and A. Ait Ouahman, “FairAccess:
A new blockchain-based access control framework for the Internet
of Things,” Secur. Commun. Netw., vol. 9, no. 18, pp. 5943–5964,
2016.

Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on August 13,2024 at 09:00:01 UTC from IEEE Xplore. Restrictions apply.
 CUI ET AL.: HYBRID BLOCKCHAIN-BASED IDENTITY AUTHENTICATION SCHEME FOR MULTI-WSN 251

Shiqiang Zhang received the BS degree in Wensheng Zhang received the PhD degree in
computer science and technology from the Beijing pattern recognition and intelligent systems from
University of Chemical Technology, Chaoyang, the Institute of Automation, CAS, Beijing, China,
China, in 2016. He is currently working toward the in 2000. He is currently a professor of Machine
PhD degree at the College of Computer Science, Learning and Data Mining and the director of the
Beijing University of Technology, Chaoyang, China. Research and Development, Institute of Automa-
His research interests include swarm intelligence, tion, Chinese Academy of Sciences (CAS). His
network security, and big data analysis. research interests include computer vision, pat-
tern recognition, artificial intelligence, and com-
puter-human interaction.

Jinjun Chen received the PhD degree in computer

Xingjuan Cai received the PhD degree in control science and software engineering from the Swin-
theory and engineering from Tongji University, Zha burne University of Technology, Hawthorn, Aus-
Bei Qu, Shanghai, China, in 2017. She is currently tralia. He is currently an associate professor with
an associate professor of the School of Computer the Faculty of Engineering and IT, University of
Science and Technology, Taiyuan University of Technology Sydney (UTS), Australia. He is the
Science and Technology, China. Her interest director of the Lab of Cloud Computing and Distrib-
includes bio-inspired computation and applications. uted Systems. His research interests include cloud
computing, big data, workflow management, pri-
vacy and security, and related various research
topics. He is a senior member of the IEEE.

Yang Cao received the MS degree in computer sci-

" For more information on this or any other computing topic,
ence and technology from the Taiyuan University of
Science and Technology, Taiyuan, China, in 2015, please visit our Digital Library at www.computer.org/csdl.
and the PD degree in computer science and tech-
nology from the Beijing University of Technology,
Chaoyang, China, in 2019. He is currently a lec-
turer with the School of Information, Beijing Wuzi
University. His research interests include swarm
intelligence and network security.

Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on August 13,2024 at 09:00:01 UTC from IEEE Xplore. Restrictions apply.