Blockchain-Based Authentication Scheme with an Adaptive Multi-Factor Authentication Strategy

Authentication is of paramount signifcance to cybersecurity. However, most of conventional authentication schemes are implemented in a centralized mode, in which potential problems that could arise include single-point failure, the exposure of personal information, and the risk of identity theft. Additionally, static single-factor authentication schemes are unsuitable for dynamic environments like mobile applications. In order to tackle these difculties, we propose a blockchain-based authentication scheme with an adaptive multi-factor authentication strategy. Our scheme features a blockchain-based authentication framework that prevents unauthorized information alteration and system corruption. Additionally, we design an adaptive multi-factor authentication strategy model to ensure trustworthy multi-factor authentication in dynamic scenarios. Last, we construct a Raft-based consensus model to select an authoritative leading node for rapid authentication. Te security analysis demonstrates the efectiveness of the proposed scheme in efectively countering various forms of cyberattacks targeted at authentication systems, and experiments demonstrate its superior efectiveness and efciency compared to existing studies.


Introduction
In recent times, due to the rapid advancement and extensive adoption of Internet technology, the number of large-scale distributed mobile systems has increased, necessitating trust and security services to reduce the risk of illegal access.Authentication schemes are crucial for ensuring mobile network security and privacy by providing data confdentiality, audit confrmation, and authorization control.As shown in Figure 1, a typical authentication process involves storing private identifcation information in a centralized mobile server, making them vulnerable to attack methods that can compromise user identity information or disrupt authentication services.Additionally, centralized authentication architectures are unreliable in providing adequate protection for computing devices and applications.From the perspective of service providers, managing and verifying users will inevitably become complex and vulnerable to many mobile network security risks, including but not limited to the following: the occurrence of single-point failure, privacy breaches, and the risk of identity theft [1].Centralized storage of personal identity information on servers creates a potential target for malicious attacks that can compromise the authentication service and lead to the corruption or theft of user authentication information.For instance, in 2014, attackers stole approximately 200 photographs of female Hollywood entertainers, including private and nude content, and uploaded them to social media sites [2].Te investigation revealed that attackers had cracked usernames and passwords stored centrally on servers and used the information to log into mobile applications as legitimate users.
As the vulnerabilities of centralized authentication architectures have become increasingly evident, there is a growing interest in developing decentralized authentication solutions.One potential solution is to leverage blockchain technology, a decentralized, secure, and trustworthy architecture that is capable of preserving time-series data [3].
Blockchain technology utilizes a decentralized, peer-to-peer mobile network structure, enabling services to remain available even if some nodes fail.Te process of verifying, accounting, and broadcasting blockchain data uses a timestamped chain block structure that provides extreme verifability and traceability, adding a temporal dimension to the data.Within the blockchain system, a particular consensus mechanism is utilized to guarantee the uniformity among all nodes.Tis mechanism enables the timely detection of malicious nodes, defends against external attacks, and prevents blockchain data from being tampered with or falsifed [4].Te consensus mechanism plays a vital role in ensuring the security and reliability of the blockchain.It safeguards against malicious nodes attempting to manipulate the blockchain by enforcing a requirement for majority agreement among network nodes before any modifcations to the blockchain can take place.Additionally, the consensus mechanism provides a mechanism for the network to recover from failures or attacks by ensuring that a consistent state is maintained across all nodes in the network.Tese characteristics of decentralization, security, and traceability make blockchain technology a promising solution for developing authentication systems.Indeed, researchers have recently begun to explore the potential of combining blockchain technology and authentication schemes to enhance mobile network security [5][6][7][8][9][10][11].It is noteworthy that due to the high degree of privacy associated with identity authentication information, it is imperative to ensure the privacy and security of identity authentication information which is crucial, particularly in a decentralized storage structure, due to the sensitive nature of this data.Terefore, users should only disclose their private information to a select few trusted institutions [12,13].
Authentication factors, including biological, physical factors, and password factors, are essential for verifying user identity.Due to the recent security threats, authentication schemes based on static and single factors are no longer reliable to adequately protect authentication devices and applications.To ensure ongoing safeguarding of computing devices and essential mobile services against unauthorized access, security can be enhanced by combining authentication techniques from diferent factors.Tis approach, commonly referred to as multi-factor authentication (MFA), utilizes a combination of factors to strengthen security [14].MFA is becoming increasingly necessary due to the growing sophistication and frequency of cyberattacks, which can compromise user credentials and lead to unauthorized access.MFA can enhance security by requiring multiple forms of authentication, making it more challenging for attackers to bypass or compromise authentication.One of the key challenges in implementing MFA is determining the optimal set of authentication factors to use in a given operating environment.Tis challenge arises because there are many possible factors that can be used for authentication, each with its own strengths and weaknesses, and no one solution can address all authentication requirements [15].Te effectiveness of MFA heavily relies on choosing the right combination of authentication factors.Using too few factors will leave systems vulnerable to attacks while using too many will create a cumbersome and time-consuming authentication process that may deter users from adopting MFA.Moreover, the selection of the wrong factors or the incorrect number of factors can increase the risk of data breaches, since attackers may be able to bypass the authentication process.To address this challenge, organizations need to carefully evaluate the risks and requirements of their operating environment and select the most appropriate authentication factors accordingly.Te appropriateness of biometric data, passwords, tokens, and mobile devices as authentication factors may vary depending on the use case, and the combination of factors should be customized to suit the requirements of each organization.
Adopting adaptive MFA presents a potential solution to address this challenge.Tis approach allows for the dynamic adjustment of authentication factors based on the operating environment and the associated risk level.Tis approach can ensure that only the most trustworthy and relevant factors are used to validate users, providing an additional layer of security and fexibility for organizations.
Motivated by the aforementioned discussion, this paper introduces a novel authentication scheme that leverages blockchain technology and incorporates an adaptive multifactor authentication approach.Our work contributes in three main aspects, outlined below: (1) First, a secure and decentralized authentication framework is proposed to prevent unauthorized access and data tampering.
(2) Second, an adaptive multi-factor authentication (A-MFA) strategy model is developed to select the most  Mobile Information Systems trustworthy multi-factor set for authentication in dynamic scenarios, such as mobile applications.(3) Last, a consensus model, named Limited-Raft (LRaft), is designed based on the Raft algorithm to vote for an authoritative leading node to conduct rapid and secure authentication over the blockchain.
Te rest of this article is structured as follows.Section 2 provides a review of recent studies on blockchain-based identity authentication schemes.Section 3 presents the system model and threat model considered in this study.Section 4 details the proposed blockchain-based scheme.Section 5 presents the performance evaluation.Finally, Section 6 concludes the article.

Related Work
In this section, we present a concise overview of the latest advancements in authentication schemes that incorporate blockchain and multi-factor authentication.Tese studies are important in advancing the feld of information security as they provide new insights and solutions that can enhance the security and reliability of authentication systems, protecting computing devices and critical mobile services from malicious attacks and unauthorized access.

2.1.
Blockchain-Based Authentication Scheme.Blockchain-based identity authentication frameworks have sparked a boom in scholarly research in recent years due to their decentralized, secure, and trustworthy architecture.Researchers have proposed a range of authentication schemes that incorporate blockchain technology, including methods for secure data transmission and authentication protocols that can resist various types of cyberattacks.In 2019, Jangirala et al. [5] proposed a blockchain-based RFID authentication protocol specifcally tailored for the supply chain of 5G mobile edge computing.Tis protocol aimed to enhance efciency and security in the authentication process.It used Internet security protocols and automatic application verifcation for security verifcation and could protect against various attacks.In 2020, Guo et al. [7] proposed a distributed authentication system that combines blockchain and edge computing, improving authentication efciency.Te system includes a blockchain edge layer, a blockchain network layer, and an optimized Byzantine fault-tolerant consensus algorithm for creating a consortium chain to store authentication data and logs.In 2021, Zhang et al. [8] developed a hierarchical multi-access edge computing framework based on blockchain for the future VANET ecosystem.Tey introduced a multi-factor trust model within the VANET environment to assess the trustworthiness of vehicles through ofoading calculations.Tis approach ensures the security of communication links between vehicles.In 2022, Xu et al. [9] proposed a blockchain-based cross-domain biometric authentication scheme that tackles the problem of biometric leakage by utilizing fuzzy extraction technology to extract random biometric authentication keys.In the same year, Zhang et al. [10] developed a blockchain-based multi-factor authentication protocol for privacy protection and cross-domain IoT, utilizing hardware fngerprints to generate random numbers encoded with multiple factors and transforming them into computational data.Te blockchain stores dynamic accumulators for each domain, reducing overhead, and on-chain accumulators are employed to verify the identity of crossdomain industrial IoT devices.In 2023, Wang et al. [11] proposed a blockchain-based access control framework which includes an automated quality control mechanism and an authentication mechanism to guarantee the quality of training data and flter out malicious attackers.Simulated experiments validate the efectiveness of the proposed framework in ensuring the security of genetic data while maintaining a balance between availability and accuracy.
Te abovementioned authentication systems combined with blockchain technology are primarily used for identifcation between specifc IoT devices.However, there have been limited studies on general blockchain-based identifcation schemes.

Multi-Factor Authentication Scheme.
MFA is another area of active research as it provides an extra layer of security by requiring two or more independent factors to verify a user's identity.Recent studies have investigated the effectiveness of MFA in various contexts, including mobile devices, cloud computing, and IoT systems.Researchers have proposed new methods for adaptive MFA, which can dynamically adjust the set of authentication factors based on the specifc operating environment and level of risk involved.In 2016, Dasgupta et al. [16] developed a multi-factor selection framework for time-varying operating environments, considering factors such as equipment, media, and surrounding conditions, such as light, noise, motion, and more.User authentication is accomplished by employing a subset of authentication methods and their relevant features.In the same year, Wójtowicz and Joachimiak [17] developed a context-based biometric authentication model for mobile devices.Trough a proof of concept, it determined the most accurate authentication method and the optimal form of validation interaction, laying the foundation for building adaptable and scalable multi-factor contextsensitive systems.In 2018, Roy and Dasgupta [18] used a probabilistic constrained nonlinear programming problem to evaluate the reliability of authentication methods in diferent user devices.Ten, a fuzzy IF-THEN rule and genetic algorithm-based evolutionary strategy were developed for adaptively selecting authentication modes, which were validated through numerical simulation for their efcacy and efciency.In 2021, Hassan et al. [19] proposed a multi-factor selection framework based on prior knowledge.By considering the context factors, the relevant requirements in the decision-making process, and the dynamic authentication method, the adaptive authentication system was developed.In 2022, Calvo and Beltrán [20] proposed a dynamic multi-factor selection model for heterogeneous, distributed, and dynamic environments, which can adjust security control strategies in real time to adapt to diferent risk scenarios.Based on a three-tier architecture Mobile Information Systems and a three-step process including measure, decision, and adaption, the model can be adapted to diferent types of extensible policy and rule frameworks.
In summary, while MFA is an efective approach for enhancing security in authentication systems, it still faces challenges related to usability, implementation, and management cost.Addressing these challenges will require ongoing research and innovation in the feld of information security to improve the efectiveness and usability of MFA solutions.

System Model and Threat Model
Te present section provides an introduction to the system model and threat model adopted in this proposed scheme.
3.1.System Model.Te system model comprises three entities, namely, the client, the authentication server, and the node server, as shown in Figure 2.
(1) Client.Te client is responsible for collecting user authentication information through a factor collector, which is used to facilitate user-server interactions.
(2) Authentication Server.Te authentication server operates an adaptive multi-factor authentication strategy model for the authentication process, handles authentication messages, and connects with the blockchain.(3) Node Server.Multiple node servers are connected to form the blockchain.Te authentication blockchain is a limited-access bulletin board.Te entire authentication process is led by several trusted organizations, and blocks are generated through an LRaft consensus model designed to randomly select lead nodes in a rapid mode.

Treat Model.
Te threat model for a server-centric MFA scheme can be categorized into several categories, as follows: (1) Server Attacks.Te central server is vulnerable to various attacks, such as DDoS attacks, bufer overfow attacks, and SQL injection attacks.Once the server is compromised, the attackers can obtain access to all the user authentication information.(2) Single Point of Failure.In this type of attack, if the central server fails, the authentication system would be completely down, and user authentication would be unavailable.(3) Unauthorized Access.Attackers can bypass the MFA system by exploiting vulnerabilities in the system, such as by stealing user credentials or by intercepting SMS messages.(4) Insufcient Authentication Factor Selection.MFA schemes should select an optimal set of authentication factors based on the operating environment.If an incorrect set of factors is selected, the system could become more vulnerable to attacks.(5) Social Engineering.Attackers can use social engineering techniques to trick users into providing their authentication information.For example, attackers can impersonate IT support staf and ask users for their authentication information.

The Proposed Authentication Scheme
In this section, we provide a detailed description of the proposed scheme, beginning with an outline of the blockchain-based authentication framework, followed by an introduction to the A-MFA strategy model.Last, we introduce the LRaft consensus model.

Blockchain-Based Authentication
Framework.Blockchain technology has received increasing attention in recent years due to its inherent properties such as decentralization, transparency, and security.In the realm of identity authentication, blockchain has emerged as a promising solution for improving the security and privacy of identity information.Traditional identity authentication systems have relied on centralized authorities to store and manage user information, which poses the risk of single points of failure and unauthorized access.Blockchain-based identity authentication frameworks ofer a decentralized and tamper-resistant way of storing and managing identity data, thus enhancing security and privacy.Te proposed scheme for identity authentication based on blockchain, as shown in Figure 3, is characterized by a robust structure that provides secure decentralized authentication services and ensures the prevention of unauthorized information alteration and system corruption.Te authentication server connects to an A-MFA strategy model, which assists in selecting the appropriate factor group, while blockchain technology is employed to store identifcation information and record the authentication process.To ensure efcient and secure authentication, the content of the blockchain is maintained by a node cluster.Te nodes in the cluster reach a consensus through the LRaft consensus model, which facilitates the generation of new blocks while ensuring rapid authentication.
To fulfll the requirements of identity verifcation, the block structure is designed as depicted in Figure 4.Each block comprises two main components: the block header and the block body.Te block header includes essential attributes, such as the Index, PreHash, UserID, TimeStamp, and SignInfo.On the other hand, the block body records the specifc details of the factor information.Te A-MFA strategy model employs a genetic algorithm for the optimization of authentication schemes.Te genetic algorithm ofers several advantages for the considered problem, including solution exploration, solution representation, and an evolutionary process.However, we have considered the potential applicability of alternative evolutionary algorithms, such as evolutionary strategies, genetic programming, or particle swarm optimization.In our evaluation of these alternative algorithms, we found that they may not be well suited for our specifc problem due to the following reasons:

A-MFA Strategy Model
(1) Evolutionary Strategies.Tese strategies typically rely on real-valued representations and continuous optimization, whereas authentication schemes involve discrete factors and confgurations, making evolutionary strategies less suitable for our discrete problem.
(2) Genetic Programming.While genetic programming is efective for evolving computer programs or mathematical expressions, its emphasis on program structures may not align well with the specifc requirements and constraints of authentication scheme optimization problem.
(3) Particle Swarm Optimization.Particle swarm optimization has shown promise in various optimization tasks.However, its efectiveness can be infuenced by factors such as swarm size and parameter settings.Moreover, the exploration capability of particle swarm optimization may not be as efcient in our complex search space of authentication factors and confgurations.
Considering these factors, we concluded that the genetic algorithm was the most appropriate choice for our research, given its advantages in exploring the solution space, representing authentication schemes, and simulating an evolutionary process.
In this section, we present a micro-genetic algorithm that incorporates a dynamic scheme based on the current device and media settings, varying according to diferent scenarios.To ensure security, various authentication schemes are stored separately in virtual machines and retrieved from the user console to the server as needed.In order to maintain privacy and security, a multi-factor authentication scheme needs to be updated when a fxed user changes the authentication device or media.Tis is particularly important when fxed users are in the same operating environment for an extended period of time and face changes in the operating environment or user roles [21].To address these issues, this section considers three types of devices, i.e., fxed, portable, and handheld, and three types of media, i.e., wired, wireless, and cellular.
One of the main challenges of the proposed design is to establish constraints, objective functions, and penalty functions.Te constraints establish the boundaries for various authentication schemes across diferent devices and media.Te objective function is designed to compute the optimal set of solutions with the corresponding tuning parameters, i.e., a subset of the seven modes proposed above.Te penalty function is utilized to regulate the selection of authentication schemes to prevent repeated selection of the same scheme at consecutive authentication triggers.To formulate the objective function of any verifcation scheme, confdence levels are utilized.Te confdence levels are expressed as numeric values that indicate how well a particular validation scheme fts into the current environment.A higher level of confdence represents that the authentication scheme is more trustworthy in the current environment.In this study, the value of confdence is determined through an optimization problem, where the confdence level among diferent devices and media is expressed as a set of constraints using pairwise comparison.Te generated decision pairs are then analyzed using stochastic optimization methods, and linear programming is used to solve this problem.In our approach, the constraint function serves as a guiding principle in determining the optimal arrangement of authentication factors from the available set of seven.Te constraint function considers all possible combinations of the authentication factors and ranks them based on their trustworthiness values.Tese values refect the reliability and efectiveness of each combination in the authentication process.Te purpose of the constraint function is to ensure that the selected authentication factors align with the optimization objective of maximizing the overall trustworthiness and efectiveness of the authentication scheme.By prioritizing the combinations based on their trustworthiness values, we can identify the most suitable and reliable confguration of three authentication factors from the available options.Te constraint function acts as a constraint within the optimization algorithm, infuencing the selection process and guiding the algorithm towards solutions that meet the defned criteria for trustworthiness and efectiveness.It helps ensure that the chosen authentication scheme not only is based on the available devices and media but also considers the trustworthiness of the authentication factors.
Te solution employs a dynamic confdence level calculation for three devices and media, efectively addressing the maximum value of the genetic algorithm's objective function.Tis optimization approach also accommodates the dynamic nature of confdence values and adapts to the constraint sets of various devices and media.For identity 6 Mobile Information Systems ecosystems in diferent environments, we calculate the confdence level of diferent task levels and diferent user types.
Te optimization problem can be expressed with various sets of constraints and provide solutions for these problems.When designing the algorithm's objective function, considerations are given to the impacts of the device and media, assigning appropriate weights to produce distinct efects.Te form of the objective function is defned as follows: where a, b, and c are constants, and the weights as variables are adjusted according to diferent environment settings.X represents the trusted value of the device, and Y represents the trusted value of the media.By weighting the confdence level of the selected pattern, the sum value of the objective function is obtained.
In order for T(M) to choose only three of the seven authentication factors to generate authentication schemes, we introduce additional constraints.One possible approach is to use 0-1 integer programming, where each validating factor has a binary variable that is selected when the variable is 1, and 0 otherwise.Tus, we can convert the original objective function T(M) � (aX + bY + c) into the following form: where X 1 , Y 1 , and Z 1 represent the binary variables of face, fngerprint, and password, respectively; X 2 , Y 2 , and Z 2 represent the binary variables of captcha, SMS, and voice; X 3 , Y 3 , and Z 3 represent the binary variables of keystrokes; and a, b, c, d, e, f, g, h, i represent the coefcients corresponding to each verifcation factor.We then add the following constraints to limit the choice of only three factors: Tese constraints ensure that only three of the selected factors are 1 and the rest are 0. In this way, we can solve the 0-1 integer programming problem to get the best three authentication factors, thus generating the authentication scheme.

LRaft Consensus Model.
A consortium blockchain is a type of blockchain network that is operated by a group of organizations or entities, rather than being open to the public like a public blockchain.In a consortium blockchain, all participants are carefully selected and entrusted with stringent contractual obligations to ensure their adherence to ethical behavior and maintain a high level of integrity.Tis type of blockchain architecture is often used in business environments, where the participants have a vested interest in the security and stability of the network.In a consortium blockchain, the consensus mechanism is typically optimized for efciency and scalability compared to public blockchains, as the number of nodes is predetermined and limited.Consensus algorithms are essential for ensuring the safety and efciency of distributed systems.Te Raft consensus algorithm is a distributed consensus algorithm used for maintaining the consistency of replicated state machines.It is designed to be more understandable than previous consensus algorithms such as Paxos and widely used in distributed systems [22].Raft is designed with simplicity in mind, making it easier to understand, implement, and maintain compared to more complex consensus algorithms.Te algorithm's clear separation of roles and its emphasis on leader-based replication greatly simplify the consensus process.Raft incorporates an efcient leader election mechanism, which ensures the selection of a leader with the most up-to-date log.Tis approach minimizes the chances of split votes or stale leaders, leading to more efcient and reliable consensus.Raft places a strong emphasis on safety and availability.Te algorithm guarantees that a majority of the nodes need to agree on a log entry before it is committed, ensuring data consistency and reliability.Additionally, Raft can tolerate network partitions and node failures, allowing the system to maintain availability even in the presence of disruptions.
In the Raft algorithm, nodes operate in three distinct states: leader, follower, or candidate.Time is divided into terms, each with a fxed duration.At the start of each term, an election takes place where one or more candidates vie to become the leader.If a candidate emerges as the winner, they assume the role of leader for the duration of the term [23].Te complete conversion process is shown in Figure 5. Te Raft algorithm is known for its simplicity and high efciency and is widely used in practical systems.
Te LRaft consensus model is a variant of the Raft algorithm which is designed based on the following conditions: (1) All nodes in the consensus group have the potential to become leaders in Raft.However, in order to improve election efciency and ensure that only a few pivotal nodes are responsible for the critical function of authentication, the number of participating nodes in the election is decreased.Te remaining nodes are responsible for secondary functions, such as block verifcation and message transmission.
(2) Te original Raft model has weak fault tolerance in which the leader nodes maintain accounting and new elections are only carried out when the node fails, making it vulnerable to single point of failure and attacks against critical nodes.To improve fault tolerance, LRaft introduces mechanisms like random leaders and node classifcation.
In the LRaft consensus algorithm, there are two types of nodes: ordinary nodes that act as followers and authoritative nodes that act as potential leader candidates, as shown in Mobile Information Systems Table 2. Te follower is identifed with a fag bit of 0 and is primarily responsible for transmitting messages and continuously verifying blocks to ensure the integrity of system.Te candidate, which uses a fag bit of 1, is a group of preset authoritative nodes that participate in block verifcation and the consensus process.Te leader node, identifed by a fag bit of 2, is the winner elected by the candidate group and is responsible for generating blocks and participating in the consensus process.It is worth noting that the leader is actually included in the candidate group.In LRaft, the follower and candidate nodes play distinct roles in the consensus algorithm, ensuring the security and reliability of the system.
Te state transition is illustrated in Figure 6.In LRaft, only authoritative nodes in the consensus group have an opportunity to become leaders, which are expected to master the critical function of authentication.Te other nodes are responsible for secondary functions such as verifying blocks and transmitting messages.To prevent attackers from guessing the processing node, each request in the proposed authentication scheme is handled by a diferent leader node.During the block production cycle, a new leader is elected to be responsible for generating blocks, and the term is determined based on the block interval.As shown in Algorithm 1, during the initialization phase, all trusted nodes within the specifc group are in the candidate state and have their timeout timers randomly set.Meanwhile, the follower nodes remain in a sleeping state.Te candidate initiates a vote request from other nodes, and upon receiving votes from over half of the nodes, it becomes the leader for the current term.By randomly selecting the leader node and handling each request by a diferent leader node, the LRaft consensus model ensures a higher level of security and prevents attackers from targeting a specifc processing node.

Workfow of Proposed Authentication Scheme.
In this section, we describe the identity authentication process of the proposed scheme, which includes two phases as follows.

Te User Registration
Phase.Before authentication, users must store authentication information within the blockchain.Te registration process is described as follows: Step 1. Te User i inputs the identity ID i and collects the set of authentication factors W � w 1 , w 2 , . . ., w n   through the factor collector.
Step 2. Te Client called ReqNode combines the information of the user and sends a request Request of Registeration ID i , TimeStamp, W, ReqNode   to the blockchain.
Step 3. Te follower node broadcasts the pending message to the blockchain.A leader node will be elected through LRaft consensus algorithm.After election, the leader node broadcasts the user registration request to the blockchain, and other nodes perform blockchain backtracking, respectively, to check whether the user has registered.Te response to check result is Response of CheckReg ID i , Bool  .
Step 4. After receiving responses from more than half of the nodes, the leader node confrms that the user has not registered and packs user information into a block.At the same time, the leader node will generate a pair of keys named PU k and PR k through the RSA algorithm, and the SignInfo is calculated as follows: Hash( ) indicates the SHA256 algorithm and Merkle( ) indicates the result of the hash tree, which can be used to verify any kind of data stored, handled, and transferred in the blockchain.In addition, BlockHash written into BlockHeader is calculated as Step 5.After the Leadr Node builds the block, a message will be broadcast to the blockchain Commit of Registeration ID i , BlockIndex,  TimeStamp, BlockHash, Leadr Node}, and the other nodes begin to synchronize the block.
Step 6. Te requested node returns the symmetric public key (PU k ) of the private key (PR k ) to the user Response of Registeration ID i , Bool, Cert PU k   as one of the credentials for future identity verifcation.

Te User Authentication Phase. Te authentication process is described as follows:
Step 1.When a User x requests authentication, the requested server will detect the user's operating environment.After that, the server informs the user of the required authentication factor group in conformity with the calculation result of the A-MFA strategy model, which is List of Needed Factor w 1 ′ , w 2 ′ ,  . . ., w n ′ }.

Mobile Information Systems
Step 2. Te user sends the authentication information and credentials according to the requirements of the server.We can express this process as Request of Authentication ID x , List of Needed Factor, Cert PU k  .
Step 3. Te follower node broadcasts the pending message to the blockchain.A leader node will be selected through a consensus algorithm.After the election is completed, the leader node requires other nodes to perform blockchain backtracking, respectively, and fnd the latest block to check whether the user exists by checking if there exists a SignInfo in the block header that can be decrypted using k .Te response is Response of Check User Exist ID x , Bool  .
Step 4. When more than half of the nodes confrm that the user exists, then all nodes will verify whether the authentication factor set List of Needed Factor submitted by the user meets the authentication requirements.
Step 5. When more than half of the nodes confrm that the user is legitimate, the leader node will generate a new pair of keys named PU k ′ and PR k ′ and calculate SignInfo with PR k ′ again.
Step 6. Te leader node broadcasts the commitment message to the blockchain, which is Commit of Authentication ID i , BlockIndex,  TimeStamp, BlockHash, Leadr Node}, and other nodes will synchronize the block.
Step 7. Te requested node returns Response of Authentication ID x , Bool, Cert PU k ′   to the user.

Results and Discussion
Tis section presents a comprehensive security analysis of the proposed scheme.We conduct a series of experiments to evaluate the efciency and efectiveness of our scheme.

Security Analysis
5.1.1.Resistance to Brute Force Attacks.Brute force attacks are a type of cyberattack where an attacker tries to guess a password or encryption key by systematically trying every possible combination of characters until the correct one is found.In the proposed scheme, each authentication requires the user to obtain a one-time authentication credential Cert PU k generated by the leader node and returned to the user for safekeeping at each verifcation or registration.As a result, an attacker cannot attempt to brute force a user's password or biometrics because they do not have direct access to these authentication credentials.Even if the attacker obtained a user's one-time authentication credential, it would be useless as it is valid only for a single authentication attempt and would expire after use.Terefore, the blockchain-based MFA scheme can efectively resist brute force attacks.

Resistance to Guessing Attacks.
A guessing attack is a type of attack in which an attacker tries to guess the correct authentication factor set of a user.In the proposed scheme, the adaptive multi-factor selection model dynamically generates the user's authentication factor set W � w 1 , w 2 , . . ., w n   based on factors such as devices and media, making the selection process more complex and less predictable for the attacker.Furthermore, each authentication requires the user to provide authentication credentials Cert PU k or biometrics which are unique and not easily guessable.Overall, it is highly resistant to guessing attacks.

Resistance to Replay Attacks.
A replay attack is a type of attack where an attacker captures a valid message sent between two parties and then replays it to perform some unauthorized action.In the proposed scheme, the authentication process is resistant to replay attacks due to the use of the One Time Password (OTP) Cert PU k generated by the leader node.Te OTP is a time-based authentication certifcate that is updated by the accounting node at each block interval.When a user requests authentication, the leader node will retrieve the latest matching block from the blockchain to verify the user's OTP.If the OTP has been used previously or does not match, the authentication will fail.Tis prevents an attacker from replaying a previously used OTP to gain unauthorized access to the system. 5. 1.4.Resistance to the Single Point of Failure.In the proposed scheme, the resistance to a single point of failure is achieved through the use of a consensus algorithm and a distributed network of nodes.Te authentication process is decentralized and distributed among the nodes in the network.If one node in the network fails, the other nodes in the network can continue to function and maintain the network's integrity.In addition, the consensus algorithm LRaft used in the blockchain-based MFA scheme ensures that a new leader node is elected in the event of a failure, further increasing the system's resiliency to single points of failure.

Resistance to Conspiracy
Attacks.Conspiracy attacks occur when an attacker colludes with a trusted node or insider to impersonate a legitimate user and gain unauthorized system access.To counter such attacks, the proposed scheme utilizes a consortium blockchain architecture, where a group of trusted entities follows strict contractual obligations for proper behavior.Te user's authentication information remains private, posing a challenge for attackers attempting to impersonate legitimate users.Even if an attacker colludes with one of the nodes to pass 10 Mobile Information Systems illegal verifcation, they cannot guarantee that the node will be elected as the leader node within the block generation interval.Furthermore, since verifcation is passed by multiple nodes, any illegal verifcation attempts can be easily detected.Similarly, an attacker cannot pretend to be a blockchain node, especially the leader node, because the trusted node set C is initially limited.
5.1.6.Mutual Dynamic Authentication.In a blockchainbased MFA scheme, mutual dynamic authentication can be achieved through the interaction between the user and the authentication server.When a user sends a verifcation request to the blockchain network, any node that receives the request will frst query its local user information table to fnd the corresponding block.Te user's legitimacy is then verifed by comparing the multi-factor information W � w 1 , w 2 , . . ., w n   stored in the block with the user's submitted identity information.As for the authentication of the user to the blockchain, the scheme uses the consortium chain architecture.Each node in the blockchain has a unique ID for identifcation, and the network cannot be joined arbitrarily.Moreover, each consensus process will use the private key of the leader node to sign the message.Te user can use verify the corresponding signature to complete the authentication to the blockchain.

Consistency of Public Information.
Te consensus algorithm ensures agreement among blockchain nodes, guaranteeing data consistency in the blockchain ledger.Te distributed storage and high redundancy in the blockchain make data tampering challenging, as any tampering will be detected during the next consensus process.Terefore, once public information is recorded on the blockchain, the user's corresponding public information used in authentication remains consistent with the information extracted during registration.
Table 3 shows that the proposed scheme is more secure and more functional than the current schemes.Yao et al. [24] and Masud et al. [25] both implemented centralized server-based authentication schemes, relying on cryptographic techniques such as hashing and homomorphic encryption to ensure the confdentiality and reliability of the authentication process.However, these schemes are vulnerable to single points of failure and collusion attacks by internal personnel.Additionally, they do not guarantee the integrity and protection of data against malicious tampering and destruction.
On the other hand, Bao and You [26] introduced a blockchain-based architecture for authentication, which provides improved security.Tis idea aligns well with the approach we proposed.However, the scheme in [26] utilizes fuzzy extractors to store users' two-factor authentication information within the blockchain, without considering the fact that storing users' identity information within the blockchain makes it susceptible to malicious attackers who can easily steal and launch impersonation and replay attacks.In the proposed scheme, we mitigate such attacks by introducing the user identity authentication credential (Cert PU k ′ ).

Efectiveness Evaluation of A-MFA Strategy Model.
In this section, we conduct experiments to test the proposed A-MFA selection framework with diferent device and media combinations.Te genetic algorithm used in the experiment adopts the NSGA-II algorithm [27], which supports the search for an approximate optimal solution in a multi-objective problem.Te weight values of the devices and media shown in (1) are set in the experiment.Some of the device and media combinations tested include equal weight for devices and media, greater weight for media than devices, and greater weight for devices than media.Figure 7 shows the authentication mode selected by devices and media when events are triggered at diferent times under the scenario of equal weight.
Figure 7 illustrates that diferent trigger events result in unique authentication factor combinations, ensuring diverse selection decisions.Tis robustness makes it challenging for attackers to identify any selection patterns, even in a stable environment over time.Comparing the adaptive selection method to random selection and optimal cost selection, the adaptive selection consistently outperforms the other two approaches in all trigger events.

Efciency Evaluation of LRaft Consensus Model.
In this section, we pay attention to the efciency of the proposed authentication scheme.Te multi-factor authentication strategy model determines the accuracy of authentication, and the consensus algorithm determines the efciency.
In the simulation tests, the hardware system used is an Intel(R) Core(TM) i7-8700 3.20 GHz processor with 16 GB DDR4-2666 dual-channel memory.Te operating system platform used was Kali 2018.2AMD 64.Te simulation tool utilized is the MPICH-3.2.1 Concurrency package involving a complete node simulation.We consider a distributed network with N nodes where there are n highly trusted nodes.Nodes communicate with each other following the Raft algorithm.Te election timeout is randomly set between 100 ms and 200 ms.By changing the number of clusters N and the number of authoritative nodes n, we observe the leader election time to refect the system's effciency.We simulate 10 rounds of elections from 10 nodes to 100 nodes, where the proportion of authoritative nodes is 1/5, and record the time T it spent to elect the leader.Te detection time is the time between the candidate node starting to send the invitation information T 1 and the leader node elected T 2 : Te efectiveness and optimization of LRaft are demonstrated by comparing it with the original Raft algorithm as shown in Table 4. Te data in the table are the average of ten simulation results.
As shown in Table 4, a larger number of nodes lead to an increase in the time required for leader election.However, compared with the original Raft algorithm, our proposed consensus model shows strengths in efciency because of the limitation of the number of nodes participating in the election, thereby helping to improve the efciency of the scheme.Meanwhile, this can also avoid the adverse efects of malicious nodes on the system.

Conclusions
Nowadays, centralized server-based authentication schemes pose signifcant security challenges, including single-point failure, the exposure of personal information, and the risk of identity theft.Moreover, the static and single-factor authentication methods cannot provide adequate protection for computing devices and applications, which is a major challenge in today's security landscape.To address these challenges, this paper proposes a blockchain-based authentication scheme with an adaptive multi-factor selection strategy.Te proposed scheme includes a blockchain-based authentication framework, an adaptive multi-factor authentication strategy model, and a consensus model named LRaft for rapid and secure authentication.Te proposed scheme has been extensively evaluated for resistance against simulated attacks and shown to be highly efective and efcient.Te results have confrmed the efcacy of the proposed scheme, which ofers a secure, decentralized, and fexible solution for authentication in dynamic mobile applications.

Figure 5 :
Figure 5: Te role transition process of Raft.

Figure 6 :ALGORITHM 1 :
Figure 6: Te process of three role transitions after modifcations to the Raft algorithm.
. Te A-MFA strategy model is an emerging trend that provides a secure way to authenticate.As shown in Table1, static authentication schemes have limitations in achieving optimal results in dynamic scenarios.Randomly selected authentication schemes face difculty in measuring available authentication factors accurately.As a result, an adaptive selection algorithm is the

Table 1 :
Comparison of diferent types of authentication schemes.

Table 2 :
Flags and responsibilities of nodes with diferent roles.

Table 3 :
Comparison of the proposed scheme with other schemes.

Table 4 :
Leader election time of LRaft consensus algorithm.