Introduction
Related works
Conventional authentication methods
Authentication method | Advantages | Disadvantages | |
---|---|---|---|
Knowledge-based authentication [22] | Static knowledge-based authentication | No need for hardware Low implementation cost High user convenience | Less secure than the other authentication methods Vulnerable to various attacks, such as shoulder surfing attacks and smudge attacks |
Dynamic knowledge-based authentication | Better security than the static knowledge-based authentication Questions and answers based on the user’s personal information; no need to set password | Users must memorize their own records because they will not know the questions in advance Malicious users can access via the exposed personal information of other users | |
Possession-based authentication [23] | Hardware type | Better security than the knowledge-based authentication method | Users must possess separate hardware, such as a One Time Password (OTP) terminal If the terminal is lost, it can lead to security threats |
Software type | Better security than the knowledge-based authentication method Higher portability and convenience compared to the hardware type of possession-based authentication | High risk of leakage because it is stored in a logical storage medium | |
Inherence-based authentication [22] (Biometric-based authentication) | Based on the user’s physical characteristics | Authentication based on various parts of the user’s body, such as face recognition, iris recognition, fingerprint recognition, vein recognition, and heart rate and ECG recognition High security High convenience | Difficult to implement and manage High cost Data loss due to physical recognition error |
Based on the user’s physical behaviors | Authentication based on the recognition of the user’s behaviors, including voice, typing rhythm, signature pattern, signature pressure, and user motion High security High convenience | Difficult to implement and manage High cost Vulnerable to a recorded voice Difficult to set the recognition tolerance range | |
Multi-factor authentication [22] | Higher security compared to single-factor authentication Reduced masquerade threat | Vulnerable to man-in-the-middle attacks Difficult to implement and manage High cost |
Blockchain
-
Efficiency: A blockchain is easy to manage and can track complex data logs. Even if diverse mobile devices participate, the complex processes of system integration can be bypassed.
-
Security: A blockchain has better security than centralized data management. Centralized data management faces the possibility of catastrophic damage due to hacker intrusions. Data falsification is almost impossible with a blockchain because it would require simultaneous control of all the mobile devices in which the data is distributed and then changing all the data stored in the devices.
-
Resilience: A blockchain does not have a single point of failure (SPOF), as with centralized data management, because all information is shared equally among the participating mobile devices. For this reason, even if some mobile devices subject to errors or performance degradation, an MRM infrastructure with a blockchain is unlikely to receive malicious threats and can easily recover.
-
Transparency: A blockchain transparently opens all the resource status and usage data by default because it shares the resource metadata with all the participating mobile devices. The exclusive occupation of resources by specific mobile devices inside the MRM infrastructure was prevented in this research.
Secure Authentication Management human-centric Scheme (SAMS)
Mobile resource management without a cloud server (MRM)
Block management
Configuration | Description | |
---|---|---|
SAMS block header | Previous block hash | Hash value of the previous block |
Current block hash | Hash value using the previous block hash value and the Merkle Value | |
Merkle value | Hash value using the MAC, IP, CPU, STORAGE, and MEMORY of the SAMS Mobile Information | |
Time stamp | Creation time of the current block | |
Next block hash | The next block hash is added when the next block is created, and the last block value is always zero | |
Nonce | Disposable values used in hash functions | |
SAMS mobile information | MAC | MAC address of the mobile device |
IP | IP address of the mobile device | |
Dynamic CPU | CPU usage (%) of the mobile device | |
Static CPU | Static CPU capacity (GHZ) of the mobile device | |
Dynamic storage | Storage usage (%) of the mobile device | |
Static storage | Static storage size (GB) of the mobile device | |
Dynamic memory | Memory usage (%) of the mobile device | |
Static memory | Static memory size (GB) of the mobile device |
-
Step 1: The master node creates its own block and stores the block.
-
Step 2: When a new client node wants to connect, the client node creates a block. The client node sends its own information and the created block to the master node.
-
Step 3: The master node creates a block with the received client information.
-
Step 4: The master node determines whether the client block that it created is identical to the block received from the client node.
-
Step 5: If they are identical, the client block is connected to the master block.
-
Step 1: A new client node attempts to connect to the master node, and the client node creates a block. The client node sends its own information and the created block to all the connected mobile devices in the SAMS.
-
Step 3: All the connected mobile devices in the SAMS authenticate the block received as a new client.
-
Step 4: If 51% of all the connected mobile devices in the SAMS authenticate it, and the number of such mobile devices is at least three, the block is connected.
-
Step 5: When a new client is added, Steps 1 to 4 are repeated.
Design of the SAMS
-
User interface (for interacting with users)
-
Master manager (to work as the master node)
-
Client manager (to work as the client node)
-
Event handler (to process resources in order to monitor the resource state of the client node, master node, and blockchain and deliver the resources to the activity)
-
Activity (to provide the MRM operation status information in the SAMS to the users).
-
Set (for setting the resource permission information with client information)
-
ID (for entering the IP to access the master node)
-
Port (for entering the port)
-
Connect (for attempting to connect to the master code)
-
Stop (for disconnection).
-
Set (for setting the maximum number of clients accepted in the MRM infrastructure)
-
Port (for setting the port through which the client will gain access)
-
Start (for activating the master server)
-
Stop (for releasing the master server).
-
Server enabler (for activating the server of the master node)
-
Device management (for managing the connected client nodes)
-
Resource clustering (RC) Management (for hierarchical management of the resources of the client node)
-
Task management (for managing the overall tasks)
-
Task scheduler (for allocating tasks to clients)
-
Client heartbeat (CH) Checker (for identifying the operation status of the client node)
-
Client (C) fault tolerance (for responding to the failure state of the client node detected by the CH Checker).
-
Master connecter (for connecting a client node to the master node)
-
Resource analyzer (for analyzing the resource status of the client node)
-
Task management (for allocating tasks from the master node and handling them)
-
Master heartbeat (MH) Checker (for checking the operation status of the master node)
-
M-Fault tolerance (for detecting and coping with the failure of the master node)
-
Task requester (for requesting computing service from the master node).
-
Create block (CB) (for creating a block)
-
Create nonce (CN) (for creating a nonce)
-
Hash-set (for setting the hash function when the information is hashed)
-
Blockchain check (BCC) (for sending the created block to each client and authenticating it)
-
Block mobile list (BML), to which clients that have been found to be malicious are added.
-
Connection activity (for connecting the user to the master node and client node)
-
Mobile device information (MDI) Activity (for visualizing the integrated resources of the mobile device and the blockchain status)
-
Set activity (for setting the master node and the client node from the user)
-
Mobile resource (MR) graph activity (for visualizing the mobile resource status as a graph)
-
Dynamic mobile resource information (DMRI) Activity (for visualizing the dynamic changes of the mobile resources).
Implementation of the SAMS
Performance evaluation
Authentication type | Description |
---|---|
Client node does not create a block with its own information | The client node cannot connect to the blockchain because it attempts to receive authentication by sending its own information and block to all the connected mobile devices |
Client node attempts to change an already connected block | Even if one client node changes all of its blockchain, it takes a long time to change the blockchain stored in the other mobile devices |
Client node falsifies its own data and spreads it | The connection is impossible because the authentication conditions (at least three of all mobile devices connected in the SAMS and at least 51% of all mobile devices) have not been met |