FVF-BIoT: a formal verification framework for blockchain-based IoT authentication

IF 1.7 3区 计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING
Jiaqi Yin, Yuan Fei
{"title":"FVF-BIoT: a formal verification framework for blockchain-based IoT authentication","authors":"Jiaqi Yin, Yuan Fei","doi":"10.1007/s11219-024-09691-3","DOIUrl":null,"url":null,"abstract":"<p>Traditional IoT authentication methods, often centralized and reliant on a Trusted Third Party (TTP), face issues like high communication costs and vulnerability to data loss. Blockchain-based Internet of Things (IoT) authentication can effectively solve the problems brought by traditional IoT authentication. Because the authentication schemes are usually deployed on a large number of IoT devices it would be extremely expensive when there are issues to be fixed after the authentication schemes is deployed. Performing verification early at design time can alleviate this problem. To focus on these requirements, this article proposes a formal verification framework for blockchain-based IoT authentication (FVF-BIoT). Specifically, we design data type mapping and the conversion of elements in smart contracts for the authentication. Then we formalize the smart contracts into formal models in the interactive theorem prover Coq. Several algorithms are presented for the conversion of the smart contracts and the generation of examples. Examples and security properties related to contracts are described in the form of theorems, which are also proved by Coq. Through a case study, we not only demonstrate the effectiveness of the FVF-BIoT framework in ensuring the security and reliability of blockchain technology for IoT authentication but also highlight its innovative integration of formal verification processes. This distinctly addresses the previously unmet need for rigorous, mathematically proven security validations in the design and deployment of blockchain-based IoT authentication methods.</p>","PeriodicalId":21827,"journal":{"name":"Software Quality Journal","volume":"11 1","pages":""},"PeriodicalIF":1.7000,"publicationDate":"2024-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Software Quality Journal","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s11219-024-09691-3","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0

Abstract

Traditional IoT authentication methods, often centralized and reliant on a Trusted Third Party (TTP), face issues like high communication costs and vulnerability to data loss. Blockchain-based Internet of Things (IoT) authentication can effectively solve the problems brought by traditional IoT authentication. Because the authentication schemes are usually deployed on a large number of IoT devices it would be extremely expensive when there are issues to be fixed after the authentication schemes is deployed. Performing verification early at design time can alleviate this problem. To focus on these requirements, this article proposes a formal verification framework for blockchain-based IoT authentication (FVF-BIoT). Specifically, we design data type mapping and the conversion of elements in smart contracts for the authentication. Then we formalize the smart contracts into formal models in the interactive theorem prover Coq. Several algorithms are presented for the conversion of the smart contracts and the generation of examples. Examples and security properties related to contracts are described in the form of theorems, which are also proved by Coq. Through a case study, we not only demonstrate the effectiveness of the FVF-BIoT framework in ensuring the security and reliability of blockchain technology for IoT authentication but also highlight its innovative integration of formal verification processes. This distinctly addresses the previously unmet need for rigorous, mathematically proven security validations in the design and deployment of blockchain-based IoT authentication methods.

Abstract Image

FVF-BIoT:基于区块链的物联网身份验证的形式化验证框架
传统的物联网身份验证方法通常是集中式的,依赖于可信第三方(TTP),面临着通信成本高、数据易丢失等问题。基于区块链的物联网(IoT)身份验证可以有效解决传统物联网身份验证带来的问题。由于身份验证方案通常部署在大量物联网设备上,如果在身份验证方案部署后出现问题需要修复,那么成本将非常高昂。在设计阶段尽早进行验证可以缓解这一问题。针对这些需求,本文提出了基于区块链的物联网身份验证的形式化验证框架(FVF-BIoT)。具体来说,我们设计了用于认证的智能合约中的数据类型映射和元素转换。然后,我们在交互式定理证明器 Coq 中将智能合约形式化为形式化模型。我们介绍了几种转换智能合约和生成示例的算法。与合约相关的示例和安全属性以定理的形式进行了描述,这些定理也由 Coq 进行了证明。通过案例研究,我们不仅证明了 FVF-BIoT 框架在确保用于物联网认证的区块链技术的安全性和可靠性方面的有效性,还强调了它与形式验证过程的创新集成。这明显满足了以前在设计和部署基于区块链的物联网认证方法时对严格的、经过数学验证的安全验证的需求。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Software Quality Journal
Software Quality Journal 工程技术-计算机:软件工程
CiteScore
4.90
自引率
5.30%
发文量
26
审稿时长
>12 weeks
期刊介绍: The aims of the Software Quality Journal are: (1) To promote awareness of the crucial role of quality management in the effective construction of the software systems developed, used, and/or maintained by organizations in pursuit of their business objectives. (2) To provide a forum of the exchange of experiences and information on software quality management and the methods, tools and products used to measure and achieve it. (3) To provide a vehicle for the publication of academic papers related to all aspects of software quality. The Journal addresses all aspects of software quality from both a practical and an academic viewpoint. It invites contributions from practitioners and academics, as well as national and international policy and standard making bodies, and sets out to be the definitive international reference source for such information. The Journal will accept research, technique, case study, survey and tutorial submissions that address quality-related issues including, but not limited to: internal and external quality standards, management of quality within organizations, technical aspects of quality, quality aspects for product vendors, software measurement and metrics, software testing and other quality assurance techniques, total quality management and cultural aspects. Other technical issues with regard to software quality, including: data management, formal methods, safety critical applications, and CASE.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信