As the easiest and cheapest way of authenticating an end user, password-based authentication methods have been consistently employed by organizations and businesses as the default mechanism of restricting and monitoring access. The increased adoption of cloud applications and third-party services within an enterprise generally requires employees to keep track of a number of user names and passwords on a daily basis. The fact that employees need to remember multiple login credentials has incurred significant costs for an enterprise due to the increasing number of help desk calls for pass- word reset. Moreover, the current practice of using multiple user names and passwords in enterprises is also exposing the business to more opportunities for security breaches, as demonstrated by recent password leaks in big brands such as Apple, Adobe, and LinkedIn.
Lightweight cryptography has been investigated in the literature for over a decade. Many symmetric key primitives such as block ciphers, stream ciphers, hash functions, and pseudorandom generators have been proposed. Recently, The National Institute of Standards and Technology (NIST) has put effort towards standardization for lightweight cryptographic algorithms. The goal of lightweight cryptography is to provide security and privacy in resource-constrained applications, embedded systems, and Internet-of-Things (IoT) including Radio Frequency Identification (RFID) systems, wireless sensor networks, and vehicle ad-hoc networks.
A blockchain is a decentralized peer-to-peer (P2P) ledger system introduced for the Bitcoin cryptocurrency in 2008, and deployed for many other cryptocurrencies. Notable extensions include Ethereum smart contracts, Ripple’s consensus protocol, etc.. A blockchain, permissionless and permissioned, with its decentralized feature and immutable data makes it potentially applicable to numerous scenarios where value or data is transferred/shared, stored and processed. There are two fundamental challenge problems in blockchain technology. One is the scalability in consensus protocols of blockchain networks for updating the ledger which can resist to attacks on P2P network systems (e.g., Sybil attacks, routing attacks, etc.), and the second is how to provide a certain degree of sender/receiver and transaction privacy required for some applications (e.g., banking, heath care, and supply chain management applications), although transaction transparency is the powerhouse of trust in blockchains.
The Internet-of-Things (IoT) is a world-wide collection of networks of physical objects, sensors, actuators, and computers. IoT devices are distinguished from conventional computers in both their structure and behaviour. They have limited memory and computational resources, are used in specific application domains, and use specialized network protocols. There is consensus that one) IoT will continue to grow by approximately 20 percent per year, and two) the greatest risks for IoT are security, scalability, and reliability.