T-Auth: A Novel Authentication Mechanism for the IoT Based on Smart Contracts and PUFs

In recent years, the number of Internet-of-Things (IoT) devices has grown at an explosive rate. With the dramatic surge of the IoT, security issues have also come to the fore. Consequently, ensuring the security of the IoT communication community environment and trust between entities have become important research topics. In this paper, we design a passwordless IoT authentication mechanism, namely, T-Auth, to address these issues. The identity of a device in T-Auth is based on physical unclonable functions (PUFs), a hardware-based device fingerprint technology, which can greatly improve the security level compared to hardcoded passwords. A smart contract is a program that runs on the blockchain, which provides design flexibility and operational reliability. Our mechanism establishes a new trust architecture that enables devices to exchange information securely and reliably. The main contribution of this paper is to propose a new authentication mechanism that utilizes PUFs and combines them with blockchain to greatly improve the security and reliability of a system. Additionally, by leveraging Ethereum smart contracts, our mechanism supports cross-service group authentication.