Decentralized Identity Authentication Mechanism: Integrating FIDO and Blockchain for Enhanced Security

Round 1

Reviewer 1 Report

In the paper the authors aim to address the security vulnerabilities faced by industrial control systems by proposing a new identity authentication framework. The introduction provides a comprehensive background on the challenges of security in industrial control systems, emphasizing the importance of identity verification. It discusses the limitations of traditional password-based authentication methods and introduces FIDO2 as a more secure alternative. However, the introduction could further enhance its credibility by citing additional relevant literature and studies. Additionally, it should explicitly state the problem the authors are trying to solve and their approach to solving it.

The research design outlined in the materials and methods section appears appropriate for exploring the integration of FIDO2 with blockchain technology. The methods are adequately described, offering detailed steps for both the FIDO2 registration and login processes, as well as the implementation of FIDO2 with blockchain technology. However, the authors should clarify the source of their references to improve the transparency and credibility of their research. Furthermore, the section should explicitly state the uniqueness of the authors' solution and its original contribution to the field.

The results presented in the paper are clear and well-structured. The performance analysis of registration, verification, and access control operations is presented graphically, making it easily understandable for readers. However, the authors should ensure that all references are properly cited and identifiable to improve the overall clarity and reliability of the paper.

The conclusions drawn by the authors are supported by the results presented in the paper. The proposed identity authentication framework demonstrates resistance against various types of attacks and efficient execution times for registration, verification, and access control operations. The authors effectively highlight the advantages of their framework in enhancing security, efficiency, and trustworthiness in identity authentication. However, they should ensure that their conclusions are directly aligned with the stated research objectives and contributions.

In summary, while the paper effectively addresses the integration of FIDO2 with blockchain technology for identity authentication, the authors should consider revising their bibliography and its presentation, clearly state the research problem and their approach in the introduction, explicitly defining the uniqueness of their solution in the materials and methods section, and ensur the transparency and alignment of their conclusions with the research objectives.

Author Response

Thank you for the reviewer's feedback. We have made adjustments in the revised version, particularly in the introduction, where we removed some potentially misleading phrases and provided clearer explanations of our research problem and solution. We have also carefully reviewed and ensured the correct referencing of our sources. Additionally, we have revised and adjusted both the abstract and conclusion sections to better clarify our research objectives and contributions. Furthermore, we have reviewed and adjusted the structure and content of the entire paper to ensure clearer expression of our findings. Once again, we appreciate the reviewer's suggestions.

Author Response File: Author Response.pdf

Reviewer 2 Report

The paper spent the half explaining the background for existing FIDO, FIDO2, and Blockchain. Then propose FIDO2 Blockchain where RP server is replaced with SmartContract. The paper need a revision on the section organization. In the current form. The background works and the contribution of this work are in the same section, just in separate bullet point, which is hard to distinguish the contribution of this work against existing background. It also need more emphasize on what is new, original concept, against the mashup of two existing ideas. And possibly a comparison against other competing systems.
 

Other correction point:
There are two 2.3)
    Line 226 on page 6 and Line 272 on page 7, This and their sub point 2.3.1) 2.3.2) should move to bullet point 2.4

Author Response

Thank you for the reviewer's feedback. We have carefully reviewed and adjusted our sections, providing further explanation and analysis regarding our research questions and contributions. We sincerely appreciate the reviewer's suggestions.

Author Response File: Author Response.pdf

Reviewer 3 Report

The study showcases a significant breakthrough in the realm of identity verification by merging the capabilities of FIDO2 with the robust framework of blockchain technology. This fusion not only mitigates the inherent weaknesses found in FIDO2 but also capitalizes on the decentralized and unchangeable nature of blockchain to boost both security and operational efficiency. To enhance the robustness of your manuscript, you might consider the following enhancements:

1. Expand on the examination of prior research that has explored the combination of FIDO2 and blockchain technologies, if such studies exist. This could furnish a richer context for your work and underscore its innovative aspects.

2. Although the methodology is clearly articulated, adding further technical specifics or instances of how blockchain has been implemented could improve comprehension and practical application.

3. The analysis of the system's performance is revealing. Yet, incorporating additional benchmarks, such as comparisons to conventional systems regarding speed, efficiency in resource use, and scalability, could provide a fuller perspective on the merits of your proposed solution.

4. While the conclusions touch upon future prospects and enhancements, explicitly detailing particular areas for upcoming research or foreseeable hurdles in wider adoption would be advantageous.

5. Explore the wider consequences of your findings for identity verification outside the sphere of industrial control systems. This approach could broaden the relevance and utility of your paper.

Good luck!

Minor editing of English language required.

Author Response

Thank you for the reviewer's feedback. We have enhanced the clarity of our introduction to FIDO, FIDO2, and blockchain technical specifications. Furthermore, we have revised the abstract and conclusion to provide a clearer depiction of the problems addressed by our research and their corresponding solutions. Additionally, we appreciate the reviewer's reminder regarding potentially misleading statements about industrial control systems. In fact, our proposed framework is not limited to industrial control systems, as mentioned by the reviewer; it can be extended to all information application systems. We sincerely appreciate the reviewer's suggestions.

Author Response File: Author Response.pdf

Reviewer 4 Report

In the abstract it is not clarified, what methodology was applied, what are the original findings, what means the higher security level. Some readers may have an access to the abstract. That is why the answers would be needed. The Introduction requires an explanation of the paper structure. Please, explain the content of the paper.

In this paper, author focuses on FIDO2 and blockchain, on their combining,  as well as on the comparison of FIDO2 and author’s solution. I would say it is not a research paper. The literature survey is very poor, there is lack of literature survey. Just a solution’  proposal is generally presented.

I would suggest authors to verify the proposed method by the implementation in reality

I would like to ask authors for the literature review and comparative study to evaluate and present differences among various  similar solutions.

I recommend to rethink the paper and summit it once again.

some mistakes 

Author Response

Thank you for the reviewer's feedback. We have made revisions to both our abstract and conclusion, as well as adjustments to our introduction, with the aim of providing a clearer explanation of the significance of our research and the problems it addresses. Additionally, we have included further analysis and commentary on our research findings in order to present them more clearly. We sincerely appreciate the reviewer's suggestions.

Author Response File: Author Response.pdf

Round 2

Reviewer 4 Report

In my opinion, some improvements have been done, however, there are still many weaknesses. Lack of clear methodology. But the main weakness is poor study of literature. 

“FIDO has developed two main standards: FIDO1 and FIDO2. “ à do you mean that FIDO Alliance has developed that standards?

“FIDO2 adopts public key cryptography, and the FIDO2 59 authentication server only stores public key/verification, avoiding the upload of users' 60 personal data and better safeguarding user privacy.”

“Blockchain is composed of cryptographic algorithms, consensus mechanisms, distributed data storage, and peer-to-peer communication. It possesses characteristics such 246 as transparency, immutability, anonymity, and high security.”

“Blockchain has the following characteristics：”

-à Please, add references

There are many formulations and definitions, which require references.

“2.1 The FIDO architecture”  à  But,  you are writing about FIDO2

The Section Results is not correctly written, there are plenty of definitions which require references. That definitions are not Results from the research.

some spelling mistakes

Author Response

Thank you for your feedback. We have added explanations and references, and corrected some formatting errors. Overall, we have made every effort to revise the paper according to your suggestions, aiming to enhance its completeness and provide a clearer presentation of our research findings to the readers. Once again, we appreciate your feedback.

Author Response File: Author Response.pdf

Round 3

Reviewer 4 Report

Generally, authors have made some improvements in comparisons with the previous versions. The structure of that paper is appropriate, authors explain their approach.

The literature survey is poor; particularly for the section, Results authors could add much more references.

Authors should explain the acronyms, i.e., FIDO2 , FIDO, please, explain them at the first usage, particularly in Abstract, as some readers review just abstracts, and they could avoid misinterpretations.

In Abstract, they are writing about FIDO2, in keywords, they have FIDO, however, it is not the same.

Author Response

Thank you for your feedback. We have restructured the chapters, separating the background information from the Materials and Methods section and creating a new section called Related Work. We have also modified the abstract and supplemented it with additional related research. This should make it clearer to distinguish between the existing framework and our contributions, enabling readers to better understand our research. Once again, we appreciate your feedback.

Author Response File: Author Response.pdf