International Journal of Computer Network and Information Security(IJCNIS)

ISSN: 2074-9090 (Print), ISSN: 2074-9104 (Online)

Published By: MECS Press

IJCNIS Vol.12, No.3, Jun. 2020

Privacy Protection in Smart Cities by a Personal Data Management Protocol in Blockchain

Full Text (PDF, 1547KB), PP.44-52

Views:1   Downloads:0


Hossein Mohammadinejad, Fateme Mohammadhoseini

Index Terms

Blockchain;Privacy;Secure Channel;Decentralized Personal Data Management;Authentication Protocol;Access Control


Due to the increase of cybercrime and security risks in computer networks as well as violations of user privacy, it is essential to upgrade the existing protection models and provide practical solutions to meet these challenges. An example of these risks is the presence of a third party between users and various services, which leads to the collection and control of large amounts of users' personal information and the possibility of their databases being misused or hacked. Blockchain technology and encrypted currencies have so far shown that a decentralized network of peer-to-peer users, along with a general ledger, can do reliable computing. So, in this article, we are going to introduce a protocol that converts the blockchain network to an automated access control manager without the presence of a third party. To this end, we designed a mutual authentication protocol to create a secure channel between the user and the service and then demonstrate its accuracy and completeness using the Gong-Nidham-Yahalom belief logic [1]. The results of our evaluations show that our proposed protocol is secure enough to be used on the blockchain network and attackers are unable to penetrate, track, impersonate, inject, misrepresent or distort information using the common attacks.

Cite This Paper

Hossein Mohammadinejad, Fateme Mohammadhoseini, "Privacy Protection in Smart Cities by a Personal Data Management Protocol in Blockchain", International Journal of Computer Network and Information Security(IJCNIS), Vol.12, No.3, pp.44-52, 2020. DOI: 10.5815/ijcnis.2020.03.05


[1]Gong, L., R. Needham, and R. Yahalom. Reasoning about belief in cryptographic protocols. in Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy. 1990. IEEE.

[2]Jangirala, S., A.K. Das, and A.V. Vasilakos, Designing secure lightweight blockchain-enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment, in IEEE Transactions on Industrial Informatics. 2019.

[3]Riesco, R., X. Larriva-Novo, and V. Villagra, Cybersecurity threat intelligence knowledge exchange based on blockchain. Telecommunication Systems, 2019: p. 1-30.

[4]Cremers, C., M. Dehnel-Wild, and K. Milner, Secure authentication in the grid: A formal analysis of DNP3 SAv5. Journal of Computer Security, 2019. 27(2): p. 203-232.

[5]Souri, A. and M. Norouzi, A state-of-the-art survey on formal verification of the internet of things applications. Journal of Service Science Research, 2019. 11(1): p. 47-67.

[6]Zhao, G., et al. Design and Formal Verification of a VANET Lightweight Authentication Protocol. in 2018 IEEE 18th International Conference on Communication Technology (ICCT). 2018. IEEE.

[7]Saxena, M. and A. Dua. Security solutions against attacks in mobile ad hoc networks and their verification using BAN logic. in 2017 International Conference on Energy, Communication, Data Analytics and Soft Computing (ICECDS). 2017. IEEE.

[8]Lee, J.H., Systematic approach to analyzing security and vulnerabilities of blockchain systems. 2019, Massachusetts Institute of Technology.

[9]Hopper, N.J. and M. Blum, A secure human-computer authentication scheme. 2000, CARNEGIE-MELLON UNIV PITTSBURGH PA SCHOOL OF COMPUTER SCIENCE.

[10]Karrothu, A., R. Scholar, and J. Norman. An analysis of LPN based HB protocols. in 2016 Eighth International Conference on Advanced Computing (ICoAC). 2017. IEEE.

[11]Juels, A. and S.A. Weis. Authenticating pervasive devices with human protocols. in Annual international cryptology conference. 2005. Springer.

[12]He, L., et al. An Improved HB++ Protocol Against Man-in-Middle Attack in RFID System. in 2008 4th International Conference on Wireless Communications, Networking and Mobile Computing. 2008. IEEE.

[13]Hammouri, G. and B. Sunar. PUF-HB: A tamper-resilient HB based authentication protocol. in International Conference on Applied Cryptography and Network Security. 2008. Springer.

[14]Munilla, J. and A. Peinado, HB-MP: A further step in the HB-family of lightweight authentication protocols. Computer Networks, 2007. 51(9): p. 2262-2267.

[15]Leng, X., K. Mayes, and K. Markantonakis. HB-MP+ protocol: An improvement on the HB-MP protocol. in 2008 IEEE international conference on RFID. 2008. IEEE.

[16]Gilbert, H., M.J. Robshaw, and Y. Seurin. : Increasing the Security and Efficiency of. in Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2008. Springer.

[17]Ouafi, K., R. Overbeck, and S. Vaudenay. On the security of HB# against a man-in-the-middle attack. in International Conference on the Theory and Application of Cryptology and Information Security. 2008. Springer.

[18]Tian, Y., G. Chen, and J. Li, A new ultralightweight RFID authentication protocol with permutation. IEEE Communications Letters, 2012. 16(5): p. 702-705.

[19]Yoon, B., et al. HB-MP++ protocol: An ultra light-weight authentication protocol for RFID system. in 2009 IEEE International Conference on RFID. 2009. IEEE.

[20]Madhavan, M., et al. NLHB: A light-weight, provably-secure variant of the HB protocol using simple non-linear functions. in 2010 National Conference On Communications (NCC). 2010. IEEE.

[21]Ali, S.A., R.M. Mohamed, and M.H. Fahim. RCHB: Light-weight, provably-secure variants of the HB protocol using rotation and complementation. in 2011 5th International Conference on Network and System Security. 2011. IEEE.

[22]Shi, Z., et al., An Improved HB+ Protocol and its Application to EPC Global Class-1 Gen-2 Tags. International Journal of Security and Its Applications, 2015. 9(8): p. 211-220.

[23]Khoureich, K.A., Light-hHB: A new version of hHB with improved session key exchange. Cryptology ePrint Archive, Report 2015/713, 2015.

[24]Avoine, G., et al. A terrorist-fraud resistant and extractor-free anonymous distance-bounding protocol. in Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 2017. ACM.

[25]Pagnin, E., et al., HB+ DB: Distance bounding meets human based authentication. Future Generation Computer Systems, 2018. 80: p. 627-639.

[26]Kiltz, E., et al. Efficient authentication from hard learning problems. in Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2011. Springer.

[27]Jeong, Y.S., J.S. Park, and J.H. Park, An efficient authentication system of smart device using multi factors in mobile cloud service architecture. International Journal of Communication Systems, 2015. 28(4): p. 659-674.

[28]Dey, S., S. Sampalli, and Q. Ye. Message digest as authentication entity for mobile cloud computing. in 2013 IEEE 32nd International Performance Computing and Communications Conference (IPCCC). 2013. IEEE.

[29]Omri, F., et al. Cloud-ready biometric system for mobile security access. in International Conference on Networked Digital Technologies. 2012. Springer.

[30]Schwab, D. and L. Yang. Entity authentication in a mobile-cloud environment. in Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop. 2013. ACM.

[31]Abolfazli, S., et al., Rich mobile applications: genesis, taxonomy, and open issues. Journal of Network and Computer Applications, 2014. 40: p. 345-362.

[32]Aminzadeh, N., Z. Sanaei, and S.H. Ab Hamid, Mobile storage augmentation in mobile cloud computing: Taxonomy, approaches, and open issues. Simulation Modelling Practice and Theory, 2015. 50: p. 96-108.

[33]Zyskind, G. and O. Nathan. Decentralizing privacy: Using blockchain to protect personal data. in 2015 IEEE Security and Privacy Workshops. 2015. IEEE.

[34]Dahab, R. and J. López, An overview of elliptic curve cryptography. Institute of Computing State University of Campinas Brazil, Brazil, 2000.