Internet of Things 23 (2023) 100844

Contents lists available at ScienceDirect

Internet of Things
journal homepage: www.elsevier.com/locate/iot

Review article

Blockchain-based multi-factor authentication: A systematic

literature review
Mwaheb S. Almadani a ,∗, Suhair Alotaibi a , Hada Alsobhi a , Omar K. Hussain b ,
Farookh Khadeer Hussain a
a
School of Computer Science, University of Technology Sydney, Sydney, 2007, NSW, Australia
b
School of Business, University of New South Wales, Sydney, 2052, NSW, Australia

ARTICLE INFO ABSTRACT

Keywords: Blockchain-based multi-factor authentication (BMFA) combines multi-factor authentication with

Blockchain-based authentication
Multi-factor authentication
Multi-factor authentication-as-a-service
blockchain technology to provide a reliable and secure authentication mechanism. In other
words, it adds a layer of protection and creates a comprehensive system that protects sensitive
credentials in a decentralized ledger. This makes it challenging for unauthorized users to
access or modify authentication credentials. However, BMFA is still in its infancy, and its
effectiveness in preventing potential security breaches and unauthorized access has yet to be
explored sufficiently. Thus, its development can be further advanced by reducing complexity,
improving flexibility, decreasing costs, and enhancing authenticity. Furthermore, it is becoming
increasingly important to ensure robust security measures and authentication mechanisms
are in place as distributed systems, such as IoT, Fog, and WSN, become more sophisticated
and integrated into our daily lives. Thus, such systems must have effective authentication
mechanisms to function efficiently and effectively. This paper presents a comprehensive analysis
of using blockchain technology with multi-factor authentication techniques in different subject
areas. Also, the paper proposes a blockchain-based multi-factor authentication-as-a- service
(BMFAaaS) approach and identifies the key requirements for its effective implementation. A
systematic literature review was conducted between 2019–2023 to review existing studies and
analyze the results against those key requirements. The review was concluded by discussing
research challenges and future works in BMFAaaS for distributed systems.

1. Introduction

Multi-factor authentication (MFA) has become a crucial part of enhancing the security of sensitive information and implementing
more robust access control measures. MFA is the combination of at least two different components, each of which is unique, which
enhances the security of end users as well as the security of enterprises by adding an additional layer of protection against the many
different forms of attacks that can be launched [1]. An individual can be authenticated in three ways: through knowledge, possession,
or inheritance. The knowledge factor refers to something a person must possess to gain access. Password-based authentication,
in which account owners are authenticated using a pre-shared value (password), is an extremely commonly used method. The
possession factor refers to user authentication credentials based on items the user possesses, typically hardware devices such as the
user’s phone or security token. For inherence factors, the biometric-based authentication method, which uses fingerprints, voice, or
facial recognition to authenticate users, is the most common. As password-based authentication is still the dominant standard for

∗ Corresponding author.
E-mail address: mwaheb.almadani@student.uts.edu.au (M.S. Almadani).

https://doi.org/10.1016/j.iot.2023.100844
Received 15 March 2023; Received in revised form 7 June 2023; Accepted 9 June 2023
Available online 25 June 2023
2542-6605/© 2023 Published by Elsevier B.V.
M.S. Almadani et al. Internet of Things 23 (2023) 100844

Fig. 1. The primary differences between blockchain-based authentication and centralized authentication.

online authentication and identity verification, it is more vulnerable to attacks through techniques such as phishing [2]. A secondary
verification method, such as finger-prints, iris scans, or other identifiers used alongside the password to verify the user’s identity,
ensures that the users critical credentials are protected and cannot be accessed by unauthorized parties.
However, despite the advanced authentication techniques proposed by the current literature, existing authentication mechanisms
which rely on centralized infrastructures, are incompatible with distributed and decentralized frameworks and cannot protect
against numerous attack vectors [3]. Distributed systems consist of several independent nodes that work together to provide
services and applications. Nodes are connected through heterogeneous networks and communicate with each other to provide highly
reliable, scalable, and fault-tolerant systems that manage massive amounts of data. There are different types of distributed systems,
including the Internet of Things (IoT), the Web of Things, peer-to-peer networks and Fog computing [4]. Distributed networks have
transformed the way individuals and entities engage with devices and things. Since different types of distributed applications are
rapidly being integrated into daily activities, robust security measures and authentication mechanisms have become imperative.
Thus, authentication mechanisms must protect hybrid and distributed networks to ensure that only authorized users can access the
system and that sensitive credentials are stored in immutable and distributed ledgers [5]. Consequently, blockchain technology has
emerged as a promising solution to enhance MFA since credentials are stored on a decentralized ledger that effectively protects
sensitive data from cyber threats.

1.1. Background of blockchain-based multi-factor authentication

Blockchain technology has several characteristics that make it an effective solution for authentication issues, including increased
reliability, unforgeability, and immutability. Thus, researchers have developed a blockchain-based authentication system to address
the aforementioned issues [6]. Blockchain-based authentication ensures the authenticity, confidentiality, and integrity of a system
so that it is not susceptible to security threats such as unauthorized access, data theft, and identity theft. Moreover, blockchain
technology can also be used to integrate smart contracts, which provide fine-grained access control in several areas. Also, blockchain
technology and cloud computing offer a reasonable basis for developing and managing time-sensitive decentralized and distributed
trust and security solutions. For example, [7] proposed a decentralized access control and blockchain-based authentication system
that can be applied to create a controlled and secure environment in many different scenarios. The proposed mechanism performs
better than current traditional authentication techniques for decentralized environments.
Blockchain-based authentication differs from centralized authentication, where the decentralized ledger can be used to au-
thenticate peers using a unique consensus algorithm. Users’ sensitive credentials are securely stored in the ledgers and can be
controlled by users after registration. Hence, blockchain authentication should be conducted in multiple stages. First, entities
must register with the blockchain network to obtain their cryptographic keys (public–private key pairs). Then, they create their
authentication configuration (two-factor or multi-factor) and credentials (passwords or biometrics), which will be mined and stored
on the blockchain ledger. Secondly, if an entity wishes to access a particular system, its credentials must be validated by the
blockchain nodes before access can be granted to that entity by the system. Thirdly, once the blockchain nodes have reached
consensus on the credentials provided, access is granted to the entity. This process is shown in Fig. 1.

2
M.S. Almadani et al. Internet of Things 23 (2023) 100844

1.2. Motivation of the paper

Distributed ledger technology, such as blockchain, has attracted immense interest as a method of establishing digital trust in
business. As a result, several industry applications are currently exploring the integration of blockchain technology and cloud
architectures to ensure trust and decentralization [8]. Moreover, the use of virtualization to distribute resources is becoming
increasingly common in organizations as a means of increasing availability, maximizing efficiency, and reducing costs [9]. Recently,
Blockchain-as-a-Service (BaaS) has been proposed as an end-to-end solution that provides blockchain security services and the
capability to build highly available blockchain networks. To improve the efficiency and availability of blockchain applications,
several companies, including IBM, Microsoft Azure, and Amazon, have adopted the BaaS solution [10].
However, the current traditional MFA techniques need to be optimized for blockchain networks, distributed systems, and BaaS
solutions because they are designed for a centralized and cloud infrastructure which is vulnerable to attacks and has overheads
associated with access control mechanisms [11]. Also, as these platforms store user credentials on the cloud or in local databases,
they are easy to exploit and increase the possibility of a single point of failure. For this reason, several research studies have
introduced blockchain-based authentication, which ensures these sensitive credentials are not stored in a single database or
cloud platform, but rather on distributed blockchain ledgers [12]. Thus, rather than having sensitive information controlled by
a service provider or central authority, entities are authenticated by consensus mechanisms, which increase the level of trust and
reliability [13]. Therefore, as blockchain technology is evolving and being integrated into a variety of applications, blockchain-based
multi-factor authentication (BMFA) needs to be easily implemented, reliable, and cost-effective. Through the provision of blockchain-
based multi-factor authentication-as-a-service (BMFAaaS), blockchain applications will be able to incorporate effective security
regulations and overcome the significant challenges associated with implementing complex access control systems. Businesses and
organizations seeking to adopt blockchain technology into their distributed applications can reduce additional overhead costs and
administrative burdens.
This paper reports on a systematic literature review (SLR) that was conducted to provide an in-depth understanding of BMFAaaS
development for developers who want to create secure, convenient, high-performance blockchain ecosystems for their applications.
Also, the paper aims to evaluate and categorize the current literature to address relevant challenges regarding the development of a
robust BMFAaaS platform and identify the critical requirements for its implementation. BMFAaaS must meet a set of requirements to
provide a secure, practical, and flexible multi-factor authentication solution for blockchain applications that can be integrated into
existing authentication systems and used by most of the blockchain community. The following requirements have been identified.
R1 refers to the ability to provide BMFAaaS. R2 refers to the ability of the service to be universally accessible and highly responsive
to customer needs. R3 refers to the ability to integrate and import authentication credentials from other authentication platforms
efficiently and quickly. Thus, developers should incorporate these advanced requirements (R1–R3) into the BMFAaaS platform to
increase network performance and reduce development costs. The contributions of this paper are as follows:

• We conduct a categorical analysis to provide a comprehensive understanding of the current literature on BMFA.
• We identify three key requirements R1 to R3 that assist the development of BMFAaaS for distributed systems such as IoT, Fog,
and WSN.
• We undertake a comparative analysis to determine if the current literature addresses the three key requirements.
• We identify the open challenges in the field and propose future research directions.

The structure of the paper is as follows. Section 2 presents three key requirements that should serve as the foundation for the
BMFAaaS platform. Section 3 provides an overview of the process adopted for shortlisting the papers for this SLR, including the
criteria used to search the literature and the criteria for the inclusion and exclusion process. In Section 4, the shortlisted papers
are summarized and a comparative analysis is presented based on the criteria outlined in Section 2. Section 5 outlines the open
challenges that need to be addressed for BMFAaaS in various systems. Finally, Section 6 concludes the SLR and details our future
research.

2. Key requirements for BMFAaaS

In this section, we discuss the requirements that are necessary to implement BMFAaaS, which will be the basis for comparing
the current papers. Due to the need for services that facilitate the initiation and implementation of blockchain-based multi-factor
authentication, we identify three requirements that must be met in order for BMFA to be efficient and reliable. We propose the three
key requirements for BMFAaaS, which are fundamental to distributed systems delivered as a service according to [14]. Table 1 shows
the key requirements for BMFAaaS.

2.1. The ability to provide blockchain-based multi-factor authentication-as-a-service (R1)

Blockchain technology creates a trustworthy ecosystem among stakeholders in an unreliable distributed system. In addition to
providing privacy, blockchain technology securely stores information within the blocks of the transactions. Since authentication-
related data is stored using blockchain technology, data transparency, trustworthiness, availability, and immutability are all
obtained [15]. In this age of rapidly advancing technology, trust and security have become challenging. For individuals to have
confidence in distributed systems executing their request, data integrity and confidentiality are essential and make up the security

3
M.S. Almadani et al. Internet of Things 23 (2023) 100844

Table 1
Key requirements for BMFAaaS.
R1 (2.1) The ability to provide blockchain-based multi-factor authentication-as-a-service.
R2 (2.2) The ability of the service to be universally accessible and highly responsive.
R3 (2.3) The ability to integrate and import authentication credentials from other authentication platforms efficiently and quickly.

model. Several security measures employed by enterprises for identity, authentication, and permission have grown ever more
vulnerable. Many attack vectors are being introduced to many companies as a result of authentication issues with various cloud-based
applications and distributed platforms [16]. Additionally, the solutions for dealing with authentication and access-control security
in various insecure environments present a number of challenges to many organizations [17].
The introduction of BMFA by new organizations and enterprises poses many challenges, including the need to invest in hardware,
software, and other infrastructure to deal with many sensitive credential records. Also, implementing and designing the methodology
can be complex, especially for organizations with little experience in this area. Thus, to reduce implementation overheads and risks,
the BMFAaaS model should be implemented. It offers an attractive solution for entities seeking to improve their blockchain-based
authentication systems.

2.2. The ability of the service to be universally accessible and highly responsive (R2)

Blockchains are fundamentally decentralized and open-source database systems that can be used for a variety of purposes,
including creating secure and efficient ways of storing and exchanging information [18]. Blockchain technology has become
increasingly well-known due to the fact that it provides robust guarantees as to the availability and quality of data, in addition
to its capacity to utilize community consensus in place of centralized curation [19]. With decentralized infrastructures, networking
can expand gradually and sustainably as service prices determined by consumer demand and usage pay for the services provided
by interconnected network devices. Blockchain transactions can be used to coordinate economic flows, whereas routing decisions
are used to coordinate data movement [20].
Providing BMFAaaS can be made more accessible by considering a variety of blockchain platforms, geographic locations, and
blockchain protocols. By increasing the availability of BMFAaaS, a wide range of distributed applications can adopt the service,
regardless of location, the platform used or technical expertise. For the service to be highly responsive, it must be scalable enough
to handle the increased demand for authentication requests in interconnected networks. Developing a scalable and efficient BMFAaaS
enables entities to be sure that the service will handle the increased workload while maintaining its speed and responsiveness. The
use of standardized protocols and technologies can help ensure universal accessibility, while optimizing the network architecture
and leveraging edge computing can enhance responsiveness. Additionally, the continuous monitoring and fine-tuning of the system
can help ensure that the service remains highly responsive over time. Thus, universal accessibility and high responsiveness should
be crucial implementation requirements in ensuring the secure distribution and efficient services in BMFAaaS.

2.3. The ability to integrate and import authentication credentials from other authentication platforms efficiently and quickly (R3)

As blockchain technology develops, some organizations have moved toward more secure authentication mechanisms for storing
critical user credentials. Traditional authentication protocols such as OAuth 2.0, OpenID Connect and JSON Web Tokens are used
to authenticate and manage user authentication credentials by different applications. In most applications, sensitive credentials are
stored in centralized servers or in cloud storage facilities and are used for authentication [21]. Thus, organizations are gradually
shifting toward blockchain-based authentication platforms because of their distributed nature, low cost of ownership, and resource
efficiency [22].
Integrating and importing authentication credentials from other authentication platforms efficiently and quickly can improve the
adoption rate of BMFAaaS by making it easier for users to accept the system. In addition, by integrating and importing authentication
credentials from other platforms, BMFAaaS can offer a more comprehensive set of authentication methods, which can increase the
system’s overall reliability, usability, and flexibility. Therefore, the model should be able to import or integrate authentication
credentials from various authentication services to expand and improve user authentication for blockchain-based applications.

3. Systematic literature review process

The systematic literature review (SLR) is a research method widely applied in various fields, including computer science, which
systematically collects and critically examines research projects or publications. It is a comprehensive approach to review and
evaluate all relevant academic articles and studies on a specific research question or subject [23]. In this section, we describe
the SLR that was conducted following the guidelines presented in [24]. The SLR procedure included the following steps, as shown
in Fig. 2.

4
M.S. Almadani et al. Internet of Things 23 (2023) 100844

Fig. 2. The filtration process.

3.1. Step 1: Searching the literature

This step involves identifying the data sources and defining the search terms and procedures to find relevant studies in the
existing literature. This step consists of the following steps:

• Databases Used: We searched four electronic scientific databases to collect relevant articles for our systematic review:

1. Scopus (https://www.scopus.com).
2. IEEE Xplore Digital Library (www.ieexplore.ieee.org/Xplore).
3. SpringerLink (https://link.springer.com).
4. ProQuest (https://www.proquest.com).

• Search Terms Used: The following key terms were used in the search for relevant articles from the databases: (‘‘Blockchain’’
AND ‘‘Multi-factor authentication’’ OR ‘‘Two-factor authentication’’), (‘‘Blockchain’’ ‘‘AND’’ ‘‘MFA’’ OR ‘‘2FA’’), (‘‘Blockchain-
based MFA’’ OR ‘‘Blockchain-based 2FA’’). We also conducted a search for additional articles using Google Scholar to locate

5
M.S. Almadani et al. Internet of Things 23 (2023) 100844

additional high-quality articles that may not have been discovered during the initial search. However, as Google Scholar
contains non-peer-reviewed sources, our search was restricted to articles published by well-known databases.
• Publication Time and Results: The search period was between 2019–2023 since blockchain-based multi-factor authentication
had received limited attention before this time. Our investigation is restricted to studies that were published within the last
four years due to the novelty of BMFA. As a result of the initial search process, 91 articles were shortlisted. The papers were
subjected to additional filters based on inclusion and exclusion criteria.

3.2. Step 2: Inclusion and exclusion criteria

From all the studies that were identified in the previous step, the most relevant papers were selected based on the inclusion and
exclusion criteria. This step involves the following:

1. Inclusion Criteria:

• The paper must be published between 2019 and 2023.

• The paper must focus on BMFA or two-factor authentication.
• The paper must be in a scientific journal or conference proceedings.

2. Exclusion Criteria:

• The paper is written in a language other than English.

• The paper is a duplicated record.
• The paper primarily focuses on blockchain-based authentication and does not investigate two-factor or multi-factor
authentication techniques.
• Paper Selection Procedure: This step involves deciding whether an article should be included in the SLR. There are three
stages in the filtration process.
First stage: The titles and keywords of 91 studies were reviewed, and unrelated articles were excluded if they did not
meet the defined criteria or the aim of this study. If it was unclear from the titles and keywords whether a paper was
relevant, it was evaluated further at the next stage. This stage resulted in 47 papers remaining.
Second stage: A review of the abstracts of these papers was conducted to determine their relevance to this research.
Papers were selected if their abstracts were relevant, otherwise, they were excluded. At the end of this stage, 27 papers
were identified as relevant.
Third stage: After reading the full texts of the remaining papers, only 21 articles were selected as relevant.

3.3. Step 3: Quality assessment

In this step, three quality assessment criteria (QA.1-QA.3) were developed to assess each shortlisted article. The following three
questions were utilized in the process of evaluating the quality of the 21 selected papers:

QA.1: Does the paper cover the relevant work and investigate the research subject?

QA.2: Does the paper provide sufficient details of the methodology to be reproduced?

QA.3: Does the paper provide a concise description and evaluation of the results that can be replicated?

If the answer was “yes” to at least two of the three quality assessment criteria, it was included in this SLR. Of the 21 papers, only
18 satisfied the quality assessment criteria, as shown in Table 2.

3.4. Step 4: Categorizing the shortlisted papers by subject area

As shown in Table 3, 18 articles met at least two of the three quality assessment criteria. Fig. 3 presents a pie chart showing
the percentages of study papers categorized by subject area. We observed that 33% of the study papers proposed BMFA systems
to protect sensitive credentials while maintaining the privacy and integrity of IoT and fog services. In addition, 28% of the study
papers examine the security of the BMFA system, including its encryption algorithms and design protocols. BMFA was used in
17% of study papers to provide a decentralized and secure method for protecting digital user identity and supporting a variety
of digital interactions and transactions. In 11% of the study papers, BMFA was applied to provide decentralized data storage and
multiple-user management for LoRaWAN networks. 6% of the study papers applied BMFA to improve the authenticity of users’
sensitive credentials in the education sector. Finally, 5% of study papers used BMFA to provide a consensus mechanism for secure
and reliable user authentication in various applications. Fig. 4 presents the study papers in a bar chart according to the year they
were published. Section 4 evaluates and discusses the articles based on requirements R1–R3 which are necessary for BMFAaaS, as
defined in Section 2.

6
M.S. Almadani et al. Internet of Things 23 (2023) 100844

Table 2
Evaluation of studies based on the three quality assessment criteria.
Study number QA.1 QA.2 QA.3
Darshan et al. [25] Yes Yes No
Kim et al. [26] Yes Yes Yes
Bao and You [27] Yes Yes Yes
Catalfamo et al. [28] Yes Yes Yes
Mercan et al. [29] Yes Yes No
Breuer et al. [30] Yes Yes Yes
Narayanan et al. [31] Yes Yes Yes
Kebande et al. [32] Yes Yes Yes
Abubakar et al. [33] Yes Yes No
Zhang et al. [34] Yes Yes Yes
Thompson et al. [35] Yes No Yes
Umoren et al. [36] Yes Yes Yes
Danish et al. [37] Yes Yes Yes
Danish et al. [38] Yes No Yes
Abayomi-Zannu et al. [39] Yes Yes Yes
Zhao et al. [40] Yes Yes Yes
Putri et al. [41] Yes No No
Cardoso et al. [2] Yes No No
Prabakaran and Ramachandran [42] Yes No No
Addobea et al. [43] Yes Yes Yes
Ahmad et al. [44] Yes Yes Yes

Fig. 3. Percentage of study papers categorized by subject area.

4. Analysis of shortlisted papers in addressing the requirements of BMFAaaS

In the current literature, BMFA is discussed in terms of application areas and technical advancements area. Thus, We divided
the articles into two broad categories of BMFA techniques: the application area and the technical advancement area, as shown in
Fig. 5. An application area refers to a domain in which BMFA is applied for a specific purpose. On the other hand, the technical
advancement area refers to the various components and technologies involved in implementing a BMFA system. We summarized
the articles related to the application area in Section 4.1 and the articles related to the technical advancement area in Section 4.2.
Also, we compared and analyzed the 18 articles in relation to the three key requirements R1–R3, as shown in Table 4.

4.1. Application area

Application areas have different security measures depending on the sensitive data they handle and their unique characteristics.
There are a few application areas covered in the literature, such as education, IoT, and fog services.

7
M.S. Almadani et al.
Table 3
Primary study papers that meet the quality assessment criteria.
Study number
Darshan et al. [25]
Kim et al. [26]
Bao and You [27]
Addobea et al. [43]
Narayanan et al. [31]
Catalfamo et al. [28]
Mercan et al. [29]
Breuer et al. [30]
Ahmad et al. [44]
Abubakar et al. [33]
Zhang et al. [34]
Thompson et al. [35]
Umoren et al. [36]
Kebande et al. [32]
Danish et al. [38]
Danish et al. [37]
Abayomi-Zannu et al. [39]
Zhao et al. [40]
4.1.1. Education
By using BMFA, educational institutions can improve the security, efficiency, and privacy of their identity verification processes.
For example, Zhao et al. [40] proposed a blockchain-based system for digital education to enhance authentication techniques for
transactions. The purpose of this system is to improve the security of identification data in transactions. In this system, blockchain
Internet of Things 23 (2023) 100844
Date Title Category
2022 A Secured BlockChain Based Facial Recognition System for Two Factor Digital user identity
Authentication Process
2022 Multi-Factor Authentication with Randomly Selected Authentication Methods Digital user identity
with DID on a Random Terminal
2021 Two-factor identity authentication scheme based on blockchain and fuzzy Digital user identity
extractor
2023 Secure multi-factor access control mechanism for pairing blockchains Security
2022 Decentralized blockchain based authentication for secure data sharing in Security
Cloud IoT
2021 A Microservices and Blockchain Based One Time Password (MBB-OTP) Security
Protocol for Security-Enhanced Authentication
2021 Blockchain-Based Two-Factor Authentication for Credit Card Validation Security
2021 Cryptocurrencies with Security Policies and Two-Factor Authentication Security
2023 BAuth-ZKP–A Blockchain-Based Multi-Factor Authentication Mechanism for IOT and fog services
Securing Smart Cities
2022 A Lightweight and User-centric Two-factor Authentication Mechanism for IoT IOT and fog services
Based on Blockchain and Smart Contract
2022 Efficient and Privacy-preserving Blockchain-based Multi-factor Device IOT and fog services
Authentication Protocol for Cross-domain IIoT
2022 Multifactor IoT Authentication System for Smart Homes Using Visual IOT and fog services
Cryptography, Digital Memory, and Blockchain Technologies
2022 Securing Fog Computing with a Decentralised User Authentication Approach IOT and fog services
Based on Blockchain
2021 A Blockchain-Based Multi-Factor Authentication Model for a Cloud-Enabled IOT and fog services
Internet of Vehicles
2020 Securing the LoRaWAN Join Procedure using Blockchains LoRaWAN
2019 A Lightweight Blockchain Based Two Factor Authentication Mechanism for LoRaWAN
LoRaWAN Join Procedure
2019 A Proposed Mobile Voting Framework Utilizing Blockchain Technology and Consensus mechanisms
Multi-Factor Authentication
2020 Design and Implementation of the Digital Education Transaction Subject Education
Two-factor Identity Authentication System Based on Blockchain
Fig. 4. The number of study papers by year of publication.
8
M.S. Almadani et al. Internet of Things 23 (2023) 100844

technology was applied to secure and maintain identity data, give individuals full ownership of their identity data instead of third-
party platforms, and create redundant copies of identity data to prevent its loss in the event of a single system failure. Using the
Hyperledger Fabric blockchain platform, the system provides two levels of authentication: password and biometrics (fingerprint and
iris). As soon as a user enters a password or fingerprint and iris as part of a login request, the system initiates a new chain code to
examine the requirement and establish an authorization limit; if the requirement is valid, the system initiates a second chain code
to push the user’s complete identification information.
Despite the fact that this study uses blockchain technology in order to authenticate digital education transactions, the system
was not evaluated and tested. However, it is essential that the solution meets the needs and requirements of the education sector
and avoids relying on an untrusted third-party service provider.

4.1.2. IoT and fog services

In IoT and fog services, multiple devices collect, transmit, and process sensitive information. By BMFA, these devices can securely
authenticate users and ensure the privacy and security of the information they collect. In addition, blockchain technology can
provide a decentralized and secure way to manage authentication data, reducing the risk of data breaches and unauthorized access
to sensitive information. Also, these technologies play a critical role in IoT and fog services by improving the security and privacy of
IoT and fog services while providing scalability and reliability to these systems. For instance, Kebande et al. [32] proposed a secure
multi-factor authentication method based on blockchain technology for IoT ecosystems. The model employs an embedded Digital
Signature (MFBC eDS) to improve the authentication technique of IoT systems for vehicular clouds and the cloud-enabled Internet
of Vehicles. A detailed evaluation of the proposed approach indicates that the model offers a reliable method of improving data
confidentiality and the integrity of IoT-to-Cloud connected vehicles. Also, Abubakar et al. [33] proposed a blockchain-based two-
factor authentication method for web-based access to sensor data. The method uses Ethereum1 and smart contract functionality.
Decentralization in blockchains allows them to address the significant security issues associated with third-party platforms used
to verify authentication tokens. The smart contracts generate the tokens and validate the user’s identity. A proof-of-concept was
presented to demonstrate the use of blockchain and smart contracts to design and implement a two-factor authentication system
for accessing data from IoT devices. As a result of this approach, the problem of weak passwords is solved for IoT applications,
and users have complete control over their authentication data without being dependent on a third party to store and maintain
their identities. Because the authentication process is completed via smart contracts, the proposed system is secure and immune
to common authentication attacks, such as man-in-the-middle attacks, cryptographic attacks, and network attacks. Ahmad et al.
[44] introduced Blockchain Authentication Zero-Knowledge Proof (BAuth-ZKP), a multi-factor authentication technique based on
smart contracts to authenticate users without exposing their Personal Identifiable Information (PII). Moreover, it emphasizes the
significance of MFA in smart city systems by integrating it with the Ethereum blockchain as a proof of concept (PoC). The results
demonstrate that the proposed system improved the Quality of Service (QoS) by developing an immutable, transparent, and secure
authentication system.
Zhang et al. [34] developed a secure and efficient privacy-preserving BMFA protocol for cross-domain Industrial Internet of
Things (IIoT) using blockchain. A proof-of-concept prototype was designed to improve security and build trust among several IIoT
domains. As devices from different IIoT domains interact with each other and work together to solve complex industrial tasks,
the proposed protocol uses MFA and the blockchain to ensure device interactions are protected across domains. The evaluation
shows that this is an effective and trustworthy protocol that offers protection against several attacks and guarantees anonymity
and unlinkability while maintaining privacy. Thompson et al. [35] proposed a multi-factor authentication system based on digital
memory, visual cryptography, and blockchain technologies to ensure the security of digital memories in smart homes. This study
used a two-factor authentication method that encrypted the users’ digital memories and divided them into two shares, one stored
on their smartphones and the other on their digital memory authentication service. A mobile application for testing and developing
a smart home’s digital memory-based authentication system allows authorized remote access. According to the evaluation results
obtained using the Scyther tool, the proposed method is secure and fast. Compared to existing crypto-based public-key authentication
systems, it achieves a speed increase of approximately 50%. Umoren et al. [36] proposed a decentralized authentication system that
uses the Ethereum blockchain and smart contracts to authenticate users securely. As fog devices face authentication and security
issues, blockchain technology has been used to address these issues. To authenticate users in fog devices, the proposed approach uses
multi-factor authentication methods, including passwords and biometrics. This system can manage authentication and registration
requests using the user’s email address, Ethereum address, username, password, and biometric sensor data. The experiment results
show that the proposed system is more efficient, consumes fewer Ethereum resources, and scales to a broader range of devices.

4.2. Technical advancement area

Several technical aspects of BMFA require a profound understanding of security protocols, cryptographic algorithms, hardware,
and software architecture. Also, as part of developing secure authentication methods, technological advancements that utilize
BMFA are crucial since they address some of the key challenges and limitations associated with designing and implementing
tokens, algorithms, and cryptographic keys. This area includes blockchain consensus algorithms, decentralized identity management,
LoRaWAN, and security.

1 https://ethereum.org/.

9
M.S. Almadani et al. Internet of Things 23 (2023) 100844

4.2.1. Consensus mechanism

A consensus mechanism in a blockchain network is used to reach an agreement among all participants on the validity of
transactions and the state of the system. This ensures the integrity and security of the data stored on the blockchain. BMFA
provides a consensus mechanism for secure and reliable user authentication in a variety of applications, improving the overall
security and privacy of these systems. For example, Abayomi-Zannu et al. [39] proposed a framework for m-voting using multi-
factor authentication to verify voters prior to voting. Additionally, the system makes use of blockchain technology to record votes
in a safe manner. This not only improves the transparency of the voting process but also increases voter confidence in the electoral
process. The results of the study demonstrate that the proposed framework provides an efficient system.

4.2.2. LoRaWAN
LoRaWAN (Long Range Wide Area Network) is a low-power, long-range wireless communication technology designed for IoT
devices. It provides secure, bi-directional communication over long distances and is well-suited for IoT applications such as smart
cities, smart homes, and industrial automation. Using LoRaWAN with BMFA can provide a secure, scalable, and decentralized
solution for IoT devices, enhancing the overall security of the IoT ecosystem. For instance, Danish et al. [37] designed a two-
factor authentication approach for the LoRaWAN join procedure using blockchain technology to increase authentication security
and to establish confidence between LoRa end devices and the network server. The agent node implements and owns the smart
contract which becomes immutable once it is uploaded to the blockchain. Because a LoRa end device typically only conducts the
authentication procedure once every 24 h, the proposed method enables efficient system performance while increasing security. In
addition, Danish et al. [38] introduced a distributed framework for the LoRaWAN join method which uses blockchain technology
to provide a reliable authentication mechanism for LoRaWAN networks. The suggested architecture mitigates vulnerabilities in
the LoRaWAN join process caused by jamming and replay attacks, while simultaneously bolstering confidence between LoRa end
devices and network hosts. The two-factor authentication framework minimizes expenses by delivering a lightweight, cost-effective
authentication solution for the LoRaWAN join procedure, which requires neither a large nor very powerful network nor particularly
high-performance standards.

4.2.3. Digital user identity

Users need a secure and reliable digital user identity to authenticate themselves to access various online services and resources.
BMFA provides a decentralized and secure way to manage user identity information, ensuring that only authorized users can
access the system. In addition, blockchain technology can provide a tamper-resistant and decentralized way to store user identity
information, reducing the risk of data breaches and unauthorized access to sensitive information. For example, Darshan et al. [25]
overcame the difficulties of existing methods of identity verification by focusing on face recognition and storing the resulting data
on the blockchain. The system uses deep learning and blockchain that exceeds existing systems in terms of security due to the use
of deep learning convolutional neural networks, which are unaffected by the quality of the input photos. The VGG-Face model is
employed to generate robust results regardless of picture quality. The trained VGG16 model was evaluated using a variety of picture
and weight datasets, and the results of these evaluations were provided. By utilizing smart contracts, vital data can be maintained
in a secure environment, which ensures the data’s immutability and prevents unauthorized access via the public Ethereum chain
network.
Kim et al. [26] proposed a multi-factor authentication system that uses blockchain technology to ensure the security and integrity
of a user’s identity. This system is based on two leading technologies, DID (decentralized identity) and biometrics. Due to the
increased security issues related to the existing authentication methods, such as using an ID, password and biometric recognition,
there is a need for a blockchain-based multi-level approach to control biometric data in case of a lost device and to avoid key-
logging or server attacks. A combination of ID/password sign-in and face recognition authentication was employed as a stand-in for
a representative authentication approach. Facial authentication involves storing specific information on the blockchain, including a
user’s ID, password, and face vector data. The data stored by the service provider is only used to confirm the user’s information in a
blockchain transaction while maintaining anonymity. As a result of this approach, a security and integrity-oriented authentication
procedure that is secure and reliable can be developed. Bao and You [27] proposed a novel method that utilizes both the fuzzy
extractor and blockchain technology. The Fabric architecture was selected for blockchain deployment because of its scalability,
simplicity of implementation, and platform independence. A technique for two-factor authentication using blockchain technology
is suggested. It maintains the public information of biometrics, making it easier for users to recover the random key as a biometric
factor on the basis of the immutable blockchain and distributed storage as the underlying data storage architecture. Identity
authentication can only be performed if both the certificate information and biometric information are collected by the adversary
at the same time, so in terms of certificate information leakage and service node access, the system offers a solid security assurance.

4.2.4. Security
As part of the research conducted in the security domain, BMFA was studied to improve encryption algorithms and design
protocols that support multiple factors to prevent unauthorized access, cyber-attacks, and data breaches. For example, Mercan
et al. [29] proposed a permissioned blockchain as a secure framework to store two-factor authentication (2FA) credentials certified
by the bank. They applied an out-of-bounds authentication method for pre-authorizing online transactions to prevent credit card
fraud. They developed a proof-of-concept based on Hyperledger Fabric2 to demonstrate the framework’s security and feasibility.

2 https://www.hyperledger.org/.

10
M.S. Almadani et al. Internet of Things 23 (2023) 100844

Fig. 5. Categorization of papers by subject area.

As a result of the performance evaluation and security analysis, transaction latency and throughput improved. Breuer et al. [30]
proposed a system that employed a smart contract to execute a 2FA mechanism in the case of significant incidents such as key theft
or transactions to new addresses. These policies should be specified by the fund owner to force an additional line of defence to
safeguard against suspicious transactions. The model was implemented on Ethereum, and the performance evaluation shows that
adding 2FA to Ethereum is cost-effective. Addobea et al. [43] proposed a multi-factor certificateless (MFACLC) access control model
that relies on certificateless cryptography for user authentication on the blockchain. Various MFA techniques such as passwords,
mobile devices, and fingerprints are used to verify user credentials. Moreover, a proof of authority(PoA) reputation-based consensus
model was applied to authenticate users on-chain. It was simulated using pairing Ethereum library (Py-Eth library) and EIP libraries
to determine the computational cost, transmission overhead, and gas cost complexity. The results show that the model performed
better than other existing pairing schemes.
Narayanan et al. [31] proposed a novel decentralized blockchain-based security scheme (DeBlock-Sec) to address security
challenges in resource-constrained IoT environments. Multi-factor authentication techniques were used to authenticate users and
devices using a decentralized blockchain-based authentication protocol. In addition to reducing security and privacy threats, this
approach is flexible enough to adapt to changes in the current communication environment and various application deployment
scenarios. As a result of extensive experiments conducted in the Spark environment, the proposed work achieved better performance
in terms of computation time, data storage, and throughput. Catalfamo et al. [28] prevented single points of failure by generating and
distributing one-time passwords (OTPs) in a decentralized manner. They presented the MBB-OTP, a decentralized Microservices and
Blockchain-based One-Time Password (MBB-OTP) protocol to improve authentication security. They combined a decentralized 2FA
system with the non-repudiation and immutability features of smart contracts to mitigate MITM and DOS attacks in microservices
applications. The results show that this protocol can be implemented in a private or public blockchain without compromising CPU
performance.

5. Open challenges

Based on the comparative analysis presented in Table 4, it is clear that while some approaches address the need for BMFAaaS in
different areas, such as the IoT, cloud, fog, and microservices, there are still some challenges and issues that need to be addressed
when integrating these services into different distributed networks. Thus, further work should be undertaken in the following areas:

5.1. Reliable approaches for implementing BMFAaaS

Developing an effective BMFAaaS requires solid technical knowledge, rigorous implementation, and practical evaluation. Yet,
only some studies, such as [25,28,36] have evaluated the functionality of BMFAaaS, including response time and throughput metrics.
The comprehensive testing of the BMFAaaS can identify areas of performance issues related to response times, error rates, and system
uptime. Thus, several scenarios in various systems should be tested to ensure that the proposed approach is practical across various
use cases. A simulation environment or real-world scenarios should also be used to evaluate the proposed approach’s performance
and reliability.
Another challenge that needs to receive more attention in some studies, such as [26,27,29] is the issue of scalability. BMFAaaS
is still relatively new, and it can take time to scale the infrastructure to meet the demands of large and distributed applications.
This will ensure that the service is scalable enough to handle volumes of requests and respond in a reasonably timely manner.
Therefore, it is essential to ensure that BMFAaaS can handle the increased number of authentication requests in such applications
and meet requirements R1 and R2. A multi-sharding mechanism can be developed to enable this approach to be split into smaller
partitions, allowing more MFA requests to be processed simultaneously.

11
M.S. Almadani et al. Internet of Things 23 (2023) 100844

Table 4
Comparative analysis of study papers against requirements R1–R3.
Study number Key requirements
R1 R2 R3
Darshan et al. [25] Yes No No
Kim et al. [26] Yes No No
Bao and You [27] Yes No No
Catalfamo et al. [28] Yes No No
Mercan et al. [29] No No No
Breuer et al. [30] Yes Yes No
Narayanan et al. [31] Yes No No
Kebande et al. [32] Yes No No
Abubakar et al. [33] No No No
Zhang et al. [34] No No No
Thompson et al. [35] Yes No No
Umoren et al. [36] Yes No No
Danish et al. [37] No No No
Danish et al. [38] No No No
Abayomi-Zannu et al. [39] No No No
Zhao et al. [40] No No No
Addobea et al. [43] Yes Yes No
Ahmad et al. [44] Yes Yes No

5.2. Cloud-based solutions for BMFAaaS

The combination of blockchain-based authentication and cloud computing can make managing and controlling sensitive
credentials more secure, transparent, and decentralized. Furthermore, as the number of devices and things connected to the network
increases, cloud computing allows BMFAaaS to scale up or down according to the needs of distributed applications. Some studies
such as [31,32] focused on developing BMFAaaS on top of the cloud in different areas. However, they did not specify if significant
adjustments would need to be made to the existing infrastructure, which can be time-consuming and costly. Furthermore, where
the data is stored is another issue, as keeping sensitive credentials in the cloud may be subject to regulatory requirements based on
the entity’s location. For example, GDPR requires the storage of certain data on-premises rather than in the cloud [45].
In addition, some studies such as [28,33] focused on mitigating the risk of potential attacks, including MITM and DOS attacks
against BMFAaaS. Their solution, however, failed to consider common attacks such as 51% attacks, double-spending attacks, or
smart contract vulnerabilities that could lead to unauthorized access to cloud resources. Thus, in the literature, there needs to be
more research on how to identify potential vulnerabilities when integrating different protocols, infrastructures, and services on
cloud-based BMFAaaS.
Cloud-based BMFAaaS can ensure the availability of a system by providing redundant, highly available resources, enabling users
to be authenticated, even in the event of a disruption or outage, thus, meeting requirements R1 and R2. Accordingly, to implement
cloud-based BMFAaaS successfully, it is imperative that their requirements are understood and that the necessary changes to the
infrastructure are planned.

5.3. Integration with current authentication services

The distributed environment is characterized by a variety of authentication protocols used by different stakeholders and
devices, which can make interoperability difficult. With the integration of multiple authentication protocols and blockchain-based
authentication, BMFAaaS can be more flexible and accommodate a broader range of devices and stakeholders. Some studies
highlighted the value of including different protocols in BMFAaaS, such as [34,43]. However, none of the existing literature provides
mechanisms to import authentication credentials from different authentication services. A key feature of BMFAaaS is its ability to
efficiently incorporate existing authentication services and import credentials from other platforms. It is crucial that BMFAaaS is
able to accept the various authentication methods, infrastructures, and protocols used by distributed systems since most of them
depend on cloud or central authentication services.
Therefore, research should be directed toward developing a standardized BMFAaaS protocol for decentralized applications to
meet requirement R3.

5.4. Compatibility with multiple blockchain platforms across domains

Multiple blockchain platforms are available, each with unique features and design methodologies. Ethereum and Hyperledger
are the most popular platforms in the related studies with distinct consensus mechanisms and applications. While both Ethereum
and Hyperledger can be used to create secure and decentralized BMFAaaS, the choice of platform depends on specific application
requirements, performance, security, and scalability needs. For example, [40] proposed a methodology using Hyperledger to create
a two-factor identity authentication scheme in education institutions, while [39,44] proposed an approach using Ethereum to secure

12
M.S. Almadani et al. Internet of Things 23 (2023) 100844

mobile voting and smart city applications using multi-factor authentication. On the other hand, the method used in [30] can be
implemented using either Hyperledger or Ethereum-based methodologies, allowing different blockchain networks to interact.
Another area of BMFAaaS that should be considered is the lack of simulations in the literature. Some papers [37,38] simulated
a private Ethereum blockchain to test the security of the LoRaWAN network. However, most of the simulations focused on the
Ethereum blockchain, which reduces the adaption of BMFAaaS. On the other hand, some papers, such as [33,35] reported difficulty
performing a simulation due to the complexity of the system, security concerns, network conditions, and resource restrictions
involved. Therefore, to assist in the development of reliable and highly accessible BMFAaaS (R1, R2), an effective simulation method
will be required.
Therefore, a BMFAaaS approach compatible with multiple platforms provides communication and data transfer, expanding the
range of available blockchain-based services and increasing efficiency and scalability while offering flexibility for businesses and
developers to choose the best platform for their needs.

6. Conclusion and future work

In conclusion, with the development of the internet, entities are carrying out their daily activities online, which has led to the
need for authentication techniques that can address various security risks and vulnerabilities in different systems and structures.
This comprehensive investigation of the literature on BMFA has shown the significant contribution of this technology in optimizing
and enhancing the security of authentication methods for many systems. As a result of building BMFAaaS, it will be possible to
develop authentication mechanisms that combine the decentralized, immutable characteristics of blockchain technology with MFA
techniques. This can guarantee that sensitive credentials are well-secured against unauthorized access and modification. However,
to strengthen security, improve usability, and reduce the implementation costs of distributed applications, BMFAaaS needs to meet
three key requirements.
This SLR highlights the importance of BMFA to enhance the authentication techniques of distributed and heterogeneous networks.
It gives clear knowledge of the state of BMFAaaS in the literature. Nonetheless, the current research and development approaches
in this field have provided promising outcomes and created novel ideas for future study and invention. We found only 18 relevant
studies, which were critically analyzed, compared to the three requirements, and used to identify the research challenges. Overall,
the literature review highlights the importance of continued research and development in this area to harness the full potential of
BMFAaaS and bring it to widespread adoption.
In the future, we intend to develop a framework that addresses the aforementioned challenges for distributed networks and
applications.

Declaration of competing interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared
to influence the work reported in this paper.

Data availability

Data will be made available on request

References

[1] S.W. Shah, S.S. Kanhere, Recent trends in user authentication–a survey, IEEE Access 7 (2019) 112505–112519, http://dx.doi.org/10.1109/ACCESS.2019.
2932400.
[2] J.A.A. Cardoso, F.T. Ishizu, J.T. de Lima, J. de Souza Pinto, Blockchain based MFA solution: The use of hydro raindrop MFA for information security on
WordPress websites, Braz. J. Oper. Prod. Manage. 16 (2) (2019) 281–293, http://dx.doi.org/10.14488/BJOPM.2019.v16.n2.a9.
[3] A.J. Bidgoly, H.J. Bidgoly, Z. Arezoumand, A survey on methods and challenges in EEG based authentication, Comput. Secur. 93 (2020) 101788,
http://dx.doi.org/10.1016/j.cose.2020.101788.
[4] M.P. Singh, A.K. Chopra, The internet of things and multiagent systems: Decentralized intelligence in distributed computing, in: 2017 IEEE 37th International
Conference on Distributed Computing Systems, ICDCS, IEEE, 2017, pp. 1738–1747, http://dx.doi.org/10.1109/ICDCS.2017.304.
[5] T. Nandy, M.Y.I.B. Idris, R. Md Noor, L. Mat Kiah, L.S. Lun, N.B. Annuar Juma’at, I. Ahmedy, N. Abdul Ghani, S. Bhattacharyya, Review on security of
internet of things authentication mechanism, IEEE Access 7 (2019) 151054–151089, http://dx.doi.org/10.1109/ACCESS.2019.2947723.
[6] G. Cheng, Y. Chen, S. Deng, H. Gao, J. Yin, A blockchain-based mutual authentication scheme for collaborative edge computing, IEEE Trans. Comput.
Soc. Syst. 9 (1) (2021) 146–158, http://dx.doi.org/10.1109/TCSS.2021.3056540.
[7] U. Khalid, M. Asim, T. Baker, P.C. Hung, M.A. Tariq, L. Rafferty, A decentralized lightweight blockchain-based authentication mechanism for IoT systems,
Cluster Comput. 23 (3) (2020) 2067–2087, http://dx.doi.org/10.1007/s10586-020-03058-6.
[8] W. Zheng, Z. Zheng, X. Chen, K. Dai, P. Li, R. Chen, NutBaaS: a blockchain-as-a-service platform, IEEE Access 7 (2019) 134422–134433, http:
//dx.doi.org/10.1109/ACCESS.2019.2941905.
[9] S. Patel, A. Sahoo, B.K. Mohanta, S.S. Panda, D. Jena, Dauth: A decentralized web authentication system using ethereum based blockchain, in: 2019
International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN), IEEE, 2019, pp. 1–5, http://dx.doi.org/10.
1109/ViTECoN.2019.8899393.
[10] A. Kernahan, U. Bernskov, R. Beck, Blockchain out of the box–where is the blockchain in blockchain-as-a-service? in: Proceedings of the 54th Hawaii
International Conference on System Sciences, 2021, p. 4281, http://dx.doi.org/10.24251/HICSS.2021.520.
[11] W.H. Hassan, et al., Current research on internet of things (IoT) security: A survey, Comput. Netw. 148 (2019) 283–294, http://dx.doi.org/10.1016/j.
comnet.2018.11.025.

13
M.S. Almadani et al. Internet of Things 23 (2023) 100844

[12] K. Kaur, S. Garg, G. Kaddoum, F. Gagnon, S.H. Ahmed, Blockchain-based lightweight authentication mechanism for vehicular fog infrastructure, in: 2019
IEEE International Conference on Communications Workshops (ICC Workshops), IEEE, 2019, pp. 1–6, http://dx.doi.org/10.1109/ICCW.2019.8757184.
[13] M. Zhaofeng, M. Jialin, W. Jihui, S. Zhiguang, Blockchain-based decentralized authentication modeling scheme in edge and IoT environment, IEEE Internet
Things J. 8 (4) (2020) 2116–2123, http://dx.doi.org/10.1109/JIOT.2020.3037733.
[14] W. Yang, E. Aghasian, S. Garg, D. Herbert, L. Disiuta, B. Kang, A survey on blockchain-based internet service architecture: requirements, challenges, trends,
and future, IEEE Access 7 (2019) 75845–75872, http://dx.doi.org/10.1109/ACCESS.2019.2917562.
[15] M.T. Hammi, B. Hammi, P. Bellot, A. Serhrouchni, Bubbles of trust: A decentralized blockchain-based authentication system for IoT, Comput. Secur. 78
(2018) 126–142, http://dx.doi.org/10.1016/j.cose.2018.06.004.
[16] S.S. Panda, D. Jena, B.K. Mohanta, S. Ramasubbareddy, M. Daneshmand, A.H. Gandomi, Authentication and key management in distributed IoT using
blockchain technology, IEEE Internet Things J. 8 (16) (2021) 12947–12954, http://dx.doi.org/10.1109/JIOT.2021.3063806.
[17] T. Wahyuningsih, F.P. Oganda, M. Anggraeni, et al., Design and implementation of digital education resources blockchain-based authentication system,
Blockchain Front. Technol. 1 (01) (2021) 74–86, http://dx.doi.org/10.34306/bfront.v1i01.19.
[18] D. Berdik, S. Otoum, N. Schmidt, D. Porter, Y. Jararweh, A survey on blockchain for information systems management and security, Inf. Process. Manage.
58 (1) (2021) 102397, http://dx.doi.org/10.1016/j.ipm.2020.102397.
[19] R. Henry, A. Herzberg, A. Kate, Blockchain access privacy: Challenges and directions, IEEE Secur. Priv. 16 (4) (2018) 38–45, http://dx.doi.org/10.1109/
MSP.2018.3111245.
[20] L. Navarro, I. Castro, A. Sathiaseelan, E. Dimogerontakis, M. Selimi, R. Baig, Blockchain models for universal connectivity, 2018, URL: https://people.ac.
upc.edu/leandro/docs/blockchain_models_for_universal_connectivity.pdf.
[21] M.H. Barkadehi, M. Nilashi, O. Ibrahim, A.Z. Fardi, S. Samad, Authentication systems: A literature review and classification, Telemat. Inform. 35 (5)
(2018) 1491–1511, http://dx.doi.org/10.1016/j.tele.2018.03.018.
[22] R. Goyat, G. Kumar, R. Saha, M. Conti, M.K. Rai, R. Thomas, M. Alazab, T. Hoon-Kim, Blockchain-based data storage with privacy and authentication in
internet-of-things, IEEE Internet Things J. (2020) http://dx.doi.org/10.1109/JIOT.2020.3019074.
[23] C. Okoli, K. Schabram, A guide to conducting a systematic literature review of information systems research, SSRN Electron. J. (2010) http://dx.doi.org/
10.2139/ssrn.1954824.
[24] V. Garousi, M. Felderer, M.V. Mäntylä, Guidelines for including grey literature and conducting multivocal literature reviews in software engineering, Inf.
Softw. Technol. 106 (2019) 101–121, http://dx.doi.org/10.1016/j.infsof.2018.09.006.
[25] M. Darshan, S. Raswanth, S. Skandan, S. Shakthi Saravanan, R. Chandramohanan, P. Kumar, A secured BlockChain based facial recognition system
for two factor authentication process, in: International Conference on Electrical and Electronics Engineering, Springer, 2022, pp. 492–502, http:
//dx.doi.org/10.1007/978-981-19-1677-9_44.
[26] S. Kim, H.-J. Mun, S. Hong, Multi-factor authentication with randomly selected authentication methods with DID on a random terminal, Appl. Sci. 12 (5)
(2022) 2301, URL: https://doi.org/10.3390/app12052301.
[27] D. Bao, L. You, Two-factor identity authentication scheme based on blockchain and fuzzy extractor, Soft Comput. (2021) 1–13, http://dx.doi.org/10.1007/
s00500-021-05936-6.
[28] A. Catalfamo, A. Ruggeri, A. Celesti, M. Fazio, M. Villari, A microservices and blockchain based one time password (MBB-OTP) protocol for security-
enhanced authentication, in: 2021 IEEE Symposium on Computers and Communications, ISCC, IEEE, 2021, pp. 1–6, http://dx.doi.org/10.1109/ISCC53001.
2021.9631479.
[29] S. Mercan, M. Cebe, K. Akkaya, J. Zuluaga, Blockchain-based two-factor authentication for credit card validation, in: Data Privacy Management,
Cryptocurrencies and Blockchain Technology, Springer, 2021, pp. 319–327, http://dx.doi.org/10.1007/978-3-030-93944-1_22.
[30] F. Breuer, V. Goyal, G. Malavolta, Cryptocurrencies with security policies and two-factor authentication, in: 2021 IEEE European Symposium on Security
and Privacy (EuroS&P), IEEE, 2021, pp. 140–158, http://dx.doi.org/10.1109/EuroSP51992.2021.00020.
[31] U. Narayanan, V. Paul, S. Joseph, Decentralized blockchain based authentication for secure data sharing in cloud-IoT, J. Ambient Intell. Humaniz. Comput.
13 (2) (2022) 769–787, http://dx.doi.org/10.1007/s12652-021-02929-z.
[32] V.R. Kebande, F.M. Awaysheh, R.A. Ikuesan, S.A. Alawadi, M.D. Alshehri, A blockchain-based multi-factor authentication model for a cloud-enabled internet
of vehicles, Sensors 21 (18) (2021) 6018, URL: https://doi.org/10.3390/s21186018.
[33] M. Abubakar, Z. Jaroucheh, A. Al Dubai, X. Liu, A lightweight and user-centric two-factor authentication mechanism for IoT based on blockchain
and smart contract, in: 2022 2nd International Conference of Smart Systems and Emerging Technologies, SMARTTECH, IEEE, 2022, pp. 91–96,
http://dx.doi.org/10.1109/SMARTTECH54121.2022.00032.
[34] Y. Zhang, B. Li, J. Wu, B. Liu, R. Chen, J. Chang, Efficient and privacy-preserving blockchain-based multi-factor device authentication protocol for
cross-domain IIoT, IEEE Internet Things J. (2022) http://dx.doi.org/10.1109/JIOT.2022.3176192.
[35] A. Thompson, A. Abayomi, A.J. Gabriel, Multifactor IoT authentication system for smart homes using visual cryptography, digital memory, and blockchain
technologies, in: Blockchain Applications in the Smart Era, Springer, 2022, pp. 273–290, http://dx.doi.org/10.1007/978-3-030-89546-4_14.
[36] O. Umoren, R. Singh, Z. Pervez, K. Dahal, Securing fog computing with a decentralised user authentication approach based on blockchain, Sensors 22
(10) (2022) 3956, URL: https://doi.org/10.3390/s22103956.
[37] S.M. Danish, M. Lestas, W. Asif, H.K. Qureshi, M. Rajarajan, A lightweight blockchain based two factor authentication mechanism for LoRaWAN join
procedure, in: 2019 IEEE International Conference on Communications Workshops (ICC Workshops), IEEE, 2019, pp. 1–6, http://dx.doi.org/10.1109/
ICCW.2019.8756673.
[38] S.M. Danish, M. Lestas, H.K. Qureshi, K. Zhang, W. Asif, M. Rajarajan, Securing the LoRaWAN join procedure using blockchains, Cluster Comput. 23 (3)
(2020) 2123–2138, http://dx.doi.org/10.1007/s10586-020-03064-8.
[39] T. Abayomi-Zannu, I. Odun-Ayo, T. Barka, A proposed mobile voting framework utilizing blockchain technology and multi-factor authentication, in: Journal
of Physics: Conference Series, Vol. 1378, IOP Publishing, 2019, 032104, URL: https://iopscience.iop.org/article/10.1088/1742-6596/1378/3/032104/pdf.
[40] G. Zhao, B. Di, H. He, Design and implementation of the digital education transaction subject two-factor identity authentication system based on
blockchain, in: 2020 22nd International Conference on Advanced Communication Technology, ICACT, IEEE, 2020, pp. 176–180, http://dx.doi.org/10.
23919/ICACT48636.2020.9061393.
[41] M.C.I. Putri, P. Sukarno, A.A. Wardana, Two-factor authentication framework based on ethereum blockchain with dapp as token generation system instead
of third-party on web application, Register: J. Ilmiah Teknol. Sist. Inform. 6 (2) (2020) 74–85, http://dx.doi.org/10.26594/register.v6i2.1932.
[42] D. Prabakaran, S. Ramachandran, Secure channel for financial transactions in cloud environment using blockchain technology, 2022, http://dx.doi.org/
10.21203/rs.3.rs-1639189/v1.
[43] A.A. Addobea, Q. Li, I.A. Obiri Jr., J. Hou, Secure multi-factor access control mechanism for pairing blockchains, J. Inf. Secur. Appl. 74 (2023) 103477,
http://dx.doi.org/10.1016/j.jisa.2023.103477.
[44] M.O. Ahmad, G. Tripathi, F. Siddiqui, M.A. Alam, M.A. Ahad, M.M. Akhtar, G. Casalino, Bauth-ZKP—A blockchain-based multi-factor authentication
mechanism for securing smart cities, Sensors 23 (5) (2023) 2757, http://dx.doi.org/10.3390/s23052757.
[45] M. Barati, O. Rana, Tracking GDPR compliance in cloud-based service delivery, IEEE Trans. Serv. Comput. 15 (3) (2022) 1498–1511, http://dx.doi.org/
10.1109/TSC.2020.2999559.

14