{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T00:42:36Z","timestamp":1771980156387,"version":"3.50.1"},"reference-count":39,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2024,6,1]],"date-time":"2024-06-01T00:00:00Z","timestamp":1717200000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Internet of Things (IoT) technology is evolving over the peak of smart infrastructure with the participation of IoT devices in a wide range of applications. Traditional IoT authentication methods are vulnerable to threats due to wireless data transmission. However, IoT devices are resource- and energy-constrained, so building lightweight security that provides stronger authentication is essential. This paper proposes a novel, two-layered multi-factor authentication (2L-MFA) framework using blockchain to enhance IoT devices and user security. The first level of authentication is for IoT devices, one that considers secret keys, geographical location, and physically unclonable function (PUF). Proof-of-authentication (PoAh) and elliptic curve Diffie\u2013Hellman are followed for lightweight and low latency support. Second-level authentication for IoT users, which are sub-categorized into four levels, each defined by specific factors such as identity, password, and biometrics. The first level involves a matrix-based password; the second level utilizes the elliptic curve digital signature algorithm (ECDSA); and levels 3 and 4 are secured with iris and finger vein, providing comprehensive and robust authentication. We deployed fuzzy logic to validate the authentication and make the system more robust. The 2L-MFA model significantly improves performance, reducing registration, login, and authentication times by up to 25%, 50%, and 25%, respectively, facilitating quicker cloud access post-authentication and enhancing overall efficiency.<\/jats:p>","DOI":"10.3390\/s24113575","type":"journal-article","created":{"date-parts":[[2024,6,3]],"date-time":"2024-06-03T05:58:00Z","timestamp":1717394280000},"page":"3575","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Two-Layered Multi-Factor Authentication Using Decentralized Blockchain in an IoT Environment"],"prefix":"10.3390","volume":"24","author":[{"given":"Saeed","family":"Bamashmos","sequence":"first","affiliation":[{"name":"Department of Computer Science and Information Technology, La Trobe University, Bundoora, Melbourne 3086, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5396-8897","authenticated-orcid":false,"given":"Naveen","family":"Chilamkurti","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Information Technology, La Trobe University, Bundoora, Melbourne 3086, Australia"}]},{"given":"Ahmad Salehi","family":"Shahraki","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Information Technology, La Trobe University, Bundoora, Melbourne 3086, Australia"}]}],"member":"1968","published-online":{"date-parts":[[2024,6,1]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"42279","DOI":"10.1109\/ACCESS.2018.2859781","article-title":"A collaborative PHY-aided technique for end-to-end IoT device authentication","volume":"6","author":"Hao","year":"2018","journal-title":"IEEE Access"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"14757","DOI":"10.1109\/ACCESS.2019.2893918","article-title":"An Unlinkable Authentication Scheme for Distributed IoT Application","volume":"7","author":"Zhou","year":"2019","journal-title":"IEEE Access"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"51014","DOI":"10.1109\/ACCESS.2019.2908499","article-title":"Design of a Secure Password-Based Authentication Scheme for M2M Networks in IoT Enabled Cyber-Physical Systems","volume":"7","author":"Renuka","year":"2019","journal-title":"IEEE Access"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"424","DOI":"10.1109\/TDSC.2018.2832201","article-title":"Building PUF Based Authentication and Key Exchange Protocol for IoT without Explicit CRPs in Verifier Database","volume":"16","author":"Chatterjee","year":"2018","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Braeken, A. (2018). PUF Based Authentication Protocol for IoT. Symmetry, 10.","DOI":"10.3390\/sym10080352"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"110049","DOI":"10.1016\/j.comnet.2023.110049","article-title":"DACP: Enforcing a dynamic access control policy in cross-domain environments","volume":"237","author":"Salehi","year":"2023","journal-title":"Comput. Netw."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"e3292","DOI":"10.1002\/ett.3292","article-title":"A Secure Lightweight Signature Based Authentication for Cloud-IoT Crowdsourcing Environments","volume":"30","author":"Kumar","year":"2019","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1007\/s11227-017-2105-8","article-title":"On the Security of a New Ultra-Lightweight Authentication Protocol in IoT Environment for RFID Tags","volume":"74","author":"Wang","year":"2018","journal-title":"J. Supercomput."},{"key":"ref_9","first-page":"95","article-title":"A Lightweight Multi-Factor Secure Smart Card Based Remote User Authentication Scheme for Cloud-IoT Applications","volume":"42","author":"Sharma","year":"2018","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"e3323","DOI":"10.1002\/dac.3323","article-title":"Secure Multi-Factor Remote User Authentication Scheme for Internet of Things Environments","volume":"30","author":"Dhillon","year":"2017","journal-title":"Int. J. Commun. Syst."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Salehi Shahraki, A., Lauer, H., Grobler, M., Sakzad, A., and Rudolph, C. (2023). Access Control, Key Management, and Trust for Emerging Wireless Body Area Networks. Sensors, 23.","DOI":"10.3390\/s23249856"},{"key":"ref_12","first-page":"139","article-title":"A Biometric-Based IoT Device Identity Authentication Scheme","volume":"Volume 1","author":"Xue","year":"2019","journal-title":"Artificial Intelligence for Communications and Networks: Proceedings of the First EAI International Conference, AICON 2019"},{"key":"ref_13","first-page":"255","article-title":"A Lightweight Biometrics Based Remote User Authentication Scheme for IoT Services","volume":"32","author":"Dhillon","year":"2017","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Mohammed, F.F., and Qyser, A.A.M. (2019). A Hybrid Approach for Secure Iris-Based Authentication in IoT. ICICCT 2019\u2013System Reliability, Quality Control, Safety, Maintenance and Management, Springer.","DOI":"10.1007\/978-981-13-8461-5_18"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"5067","DOI":"10.1007\/s12652-020-02532-8","article-title":"An Improved Lightweight Anonymous User Authenticated Session Key Exchange Scheme for Internet of Things","volume":"14","author":"Kumar","year":"2023","journal-title":"J. Ambient. Intell. Humaniz. Comput."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"13823","DOI":"10.1007\/s11042-022-11927-y","article-title":"A Novel Protocol for Efficient Authentication in Cloud-Based IoT Devices","volume":"81","author":"Alam","year":"2022","journal-title":"Multimed. Tools Appl."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"1900","DOI":"10.1007\/s12083-023-01498-6","article-title":"A Lightweight Authentication Approach Based on Linear Feedback Shift Register and Majority Function for Internet of Things","volume":"16","author":"Ebrahimpour","year":"2023","journal-title":"Peer-to-Peer Netw. Appl."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"2961","DOI":"10.1109\/TIFS.2023.3272772","article-title":"Secure and Lightweight User Authentication Scheme for Cloud-Assisted Internet of Things","volume":"18","author":"Wang","year":"2023","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"100902","DOI":"10.1016\/j.iot.2023.100902","article-title":"CMAF-IIoT: Chaotic Map-Based Authentication Framework for Industrial Internet of Things","volume":"23","author":"Tanveer","year":"2023","journal-title":"Internet Things"},{"key":"ref_20","first-page":"5798","article-title":"Secure and Anonymous Authentication Scheme for Mobile Edge Computing Environments","volume":"1","author":"Lee","year":"2023","journal-title":"IEEE Internet Things J."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Salehi, S.A., Razzaque, M.A., Tomeo-Reyes, I., Hussain, N., and Kaviani, V. (2016, January 25\u201327). Efficient high-rate key management technique for wireless body area networks. Proceedings of the 2016 22nd Asia-Pacific Conference on Communications (APCC), Yogyakarta, Indonesia.","DOI":"10.1109\/APCC.2016.7581513"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"101003","DOI":"10.1016\/j.iot.2023.101003","article-title":"Implicit IoT Authentication Using On-Phone ANN Models and Breathing Data","volume":"24","author":"Vhaduri","year":"2023","journal-title":"Internet Things"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"1045","DOI":"10.1109\/TMTT.2023.3305055","article-title":"Physical-Layer Identification of Wireless IoT Nodes Through PUF-Controlled Transmitter Spectral Regrowth","volume":"72","author":"Zhou","year":"2023","journal-title":"IEEE Trans. Microw. Theory Tech."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"1057","DOI":"10.1007\/s11280-019-00677-x","article-title":"A PUF-Based Unified Identity Verification Framework for Secure IoT Hardware via Device Authentication","volume":"23","author":"Huang","year":"2020","journal-title":"World Wide Web"},{"key":"ref_25","unstructured":"Shahraki, A.S., Rudolph, C., and Grobler, M. (January, January 29). Attribute-based data access control for multi-authority system. Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"501","DOI":"10.1109\/TC.2022.3157996","article-title":"A Blockchain-Based Decentralized, Fair and Authenticated Information Sharing Scheme in Zero Trust Internet-of-Things","volume":"72","author":"Liu","year":"2022","journal-title":"IEEE Trans. Comput."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"9550","DOI":"10.1109\/ACCESS.2024.3349955","article-title":"A Novel Distributed Authentication of Blockchain Technology Integration in IoT Services","volume":"12","author":"Deep","year":"2024","journal-title":"IEEE Access"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"100691","DOI":"10.1016\/j.iot.2023.100691","article-title":"A Lightweight Blockchain and Fog-Enabled Secure Remote Patient Monitoring System","volume":"22","author":"Cheikhrouhou","year":"2023","journal-title":"Internet Things"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"4372","DOI":"10.1007\/s11227-019-02779-9","article-title":"A Blockchain-Based Decentralized Efficient Investigation Framework for IoT Digital Forensics","volume":"75","author":"Ryu","year":"2019","journal-title":"J. Supercomput."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"126","DOI":"10.1016\/j.cose.2018.06.004","article-title":"Bubbles of Trust: A Decentralized Blockchain-Based Authentication System for IoT","volume":"78","author":"Hammi","year":"2018","journal-title":"Comput. Secur."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"38431","DOI":"10.1109\/ACCESS.2019.2905846","article-title":"A Novel Attribute-Based Access Control Scheme Using Blockchain for IoT","volume":"7","author":"Ding","year":"2019","journal-title":"IEEE Access"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"6428","DOI":"10.1007\/s11227-017-2048-0","article-title":"A Secure Authentication Scheme Based on Elliptic Curve Cryptography for IoT and Cloud Servers","volume":"74","author":"Kumari","year":"2018","journal-title":"J. Supercomput."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1016\/j.adhoc.2019.03.003","article-title":"Lightweight Hashing Method for User Authentication in Internet-of-Things","volume":"89","author":"Rao","year":"2019","journal-title":"Ad Hoc Netw."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"580","DOI":"10.1109\/JIOT.2018.2846299","article-title":"Lightweight and Privacy-Preserving Two-Factor Authentication Scheme for IoT Devices","volume":"6","author":"Gope","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_35","unstructured":"(2023, March 10). SRAM PUF: The Secure Silicon Fingerprint. White Paper. Available online: https:\/\/www.intrinsic-id.com\/physical-unclonable-functions\/free-white-paper-sram-puf-secure-silicon-fingerprint\/."},{"key":"ref_36","unstructured":"(2023, April 15). Internet of Things Authentication: A Blockchain Solution Using SRAM Physical Unclonable Functions. White Paper. Available online: https:\/\/www.intrinsic-id.com\/wp-content\/uploads\/2017\/05\/gt_KSI-PUF-web-1611.pdf."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1007\/s40860-018-0062-5","article-title":"Multi-factor User Authentication Scheme for IoT-Based Healthcare Services","volume":"4","author":"Dhillon","year":"2018","journal-title":"J. Reliab. Intell. Environ."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"1771","DOI":"10.1007\/s12652-019-01225-1","article-title":"Advanced Lightweight Multi-factor Remote User Authentication Scheme for Cloud-IoT Applications","volume":"11","author":"Sharma","year":"2019","journal-title":"J. Ambient. Intell. Humaniz. Comput."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1109\/MPOT.2018.2850541","article-title":"Proof of Authentication: IoT-Friendly Blockchains","volume":"38","author":"Puthal","year":"2019","journal-title":"IEEE Potentials"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/11\/3575\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T14:52:24Z","timestamp":1760107944000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/11\/3575"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,1]]},"references-count":39,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2024,6]]}},"alternative-id":["s24113575"],"URL":"https:\/\/doi.org\/10.3390\/s24113575","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,6,1]]}}}