Liang Kou,Yiqi Shi,Liguo Zhang,Duo Liu,Qing Yang

DOI: https://doi.org/10.32604/cmc.2019.03760

2019-01-01

Abstract:With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.

Yiran Han,Hua Guo,Jianwei Liu,Brou Bernard Ehui,Yapeng Wu,Sijia Li

DOI: https://doi.org/10.1109/jiot.2024.3355228

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The Industrial Internet of Things (IIoT) is the application of the Internet of Things (IoT) in the industrial field. IIoT allows users to remotely access industrial equipment and the data in it, which also brings certain challenges to the security of industrial data. Authentication and key agreement protocols are very effective security technologies in the matter of protecting industrial data. There is a large amount of research work on authentication protocols in IIoT, but most of the protocols have security weaknesses. Recently, Rafique et al. proposed a multi-factor protocol in IIoT that can accomplish authentication and session key establishment through a gateway. Rafique et al. claimed that their protocol is secure, unfortunately, we carefully analyze the protocol of Rafique et al. and find some security flaws, i.e., it is vulnerable to insider attack and known session-specific temporary information (KSSTI) attack, and unable to provide forward security. We explore the factors of insecurity and propose an enhanced multi-factor secure authentication and key agreement protocol in IIoT. The new protocol improves the security of the protocol while using only symmetric cryptography, hash function, and XOR operation. Formal security analysis and informal security discussions demonstrate that the new protocol is resistant to a variety of known attacks. After performance analysis, our protocol has lower computational cost, and increases no significant communication cost, while providing more secure and robust properties.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wenting Li,Ping Wang

DOI: https://doi.org/10.1016/j.future.2019.06.020

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:Due to the sensitiveness of the physical environments and resource-constrained nature of edge devices, how to securely and efficiently access real-time data in Industrial Internet-of-Things (IIoT) is becoming an increasingly imperative concern. Though intensive efforts have been made to design password-based user authentication schemes for IIoT environments, the majority of them are subject to weaknesses, either suffering from various known attacks or lack of critical features. To ameliorate this situation, firstly, we put forward a criteria set on the basis of related state-of-art evaluation set to fairly assess authentication schemes for IIoT environments. The effectiveness and practicality of our criteria are tested by 42 representative schemes. Secondly, we revisit two representative schemes, namely Amin et al.’s scheme and Gope–Hwang’s scheme, as case studies to demonstrate the common pitfalls in designing robust schemes. Finally, we propose a practical authentication scheme for Industrial Internet-of-Things with provable security, and shed light on how to tackle node capture attack by using the “honeywords” technique. The security and performance evaluation results show that our new scheme is superior to other related ones, and thus, more suitable for IIoT environments.

Mengxia Shuai,Ling Xiong,Changhui Wang,Nenghai Yu

DOI: https://doi.org/10.1016/j.comcom.2020.06.012

IF: 5.047

2020-01-01

Computer Communications

Abstract:Industrial Internet of Things (IIoT) is a non-negligible subset of IoT, which focuses on solving special requirements in industrial applications. In IIoT environments, remote monitoring based on wireless sensor networks (WSNs) is an important application instance, which facilitates the user like professional to manage the factory remotely. The sensitive data collected from industrial sensor nodes is very important for real-time decisions. Since the user and the industrial sensor nodes communicate over insecure communication channels, the transmitted information may be intercepted and altered easily by a malicious adversary, and any modifications on these parameters may have negative effect on decisions. Therefore, there is a great need to design a secure authentication scheme to protect the transmitted information from unauthorized access. Most of the existing schemes reported in the literature are vulnerable to various known attacks, especially the inability to provide forward secrecy between gateway node and the sensor nodes. In allusion to the above problems, in this paper, we propose a new secure authentication scheme with forward secrecy for IIoT systems, in which Rabin cryptosystem is employed and the password verification table is avoided. The rigorous formal proof and heuristic analysis demonstrate that the proposed scheme provides the desired security and functional features. Compared with nine related schemes, the proposed scheme achieves a delicate balance between security and efficiency, and it is more suitable for realistic scenarios.

Guanglei Zhao,Xianping Si,Jingcheng Wang,Xiao Long,Ting Hu

DOI: https://doi.org/10.1109/ICMIC.2011.5973767

2011-01-01

Abstract:This paper presents a novel mutual identity authentication scheme which can be applied securely in Internet of Things. Based on secure hash algorithm(SHA), feature extraction and elliptic curve cryptography(ECC), we propose an asymmetric mutual authentication scheme between the platform and the terminal node, which imposes light computation and communication cost, through security analysis it is also shown that the proposed scheme is secure and feasible for applications in the Internet of Things.

Yimin Guo,Yajun Guo,Ping Xiong,Fan Yang,Chengde Zhang

DOI: https://doi.org/10.1109/tifs.2024.3382934

IF: 7.231

2024-05-10

IEEE Transactions on Information Forensics and Security

Abstract:Designing an efficient and secure authentication scheme is a significant means to ensure the security of IoT systems. Hundreds of authentication schemes tailored for IoT environments have been proposed in recent years, and regrettably, many of them were soon found to have succumbed to security vulnerabilities. In an effort to investigate the underlying reason for this, Wang et al. (at TIFS'23) recently analyzed the vulnerability of authentication schemes from the perspective of provable security. However, we observe that some authentication schemes with sound security proofs and heuristic security analysis are also not resistant to certain attacks, and even those that have been improved several times are still not immune. To explore the deep-seated reasons for security vulnerabilities in IoT authentication schemes, we divide security attacks into explicit and implicit attacks and find that many authentication schemes exhibit security under explicit attacks but are rendered vulnerable under implicit attacks. Further, we propose the relationship between the design goals of security attributes of authentication schemes and implicit attacks, analyze the vulnerability of three typical authentication schemes under implicit attacks, and find that only the security attributes capable of resisting the strongest implicit attacks are secure. Finally, we offer some specific suggestions on how to achieve the security attribute goals.

computer science, theory & methods,engineering, electrical & electronic

Zuowen Tan,Jintao Jiao,Mengjiang Yu

DOI: https://doi.org/10.1155/2022/9919089

IF: 1.968

2022-10-18

Security and Communication Networks

Abstract:Nowadays, the industrial Internet of Things (IIoT) is playing a promising role in the optimization of industrial systems. IIoT devices generate a great amount of data that could be used for different applications. Due to the untrusted nature of machine-to-machine (M2M) communication channels, data authenticity and integrity are an important issue that must be addressed. Especially, it is challenging to deal with the privacy disclosure that the heterogeneity of IIoT brings about. In this paper, we propose a privacy-preserving scheme for authenticity in heterogeneous IIoT systems. Our authentication schemes support many kinds of IIoT devices with multicryptographic configurations such as RSA-based, DL-based, ECC-based, and lattice-based cryptosystems. We provide the formalized proof of the unforgeability and privacy of the proposed schemes in the random oracle model. The experimental simulation demonstrates that the proposed schemes are feasible in the heterogeneous IIoT environment.

computer science, information systems,telecommunications

Xiong Li,Jianwei Niu,Md Zakirul Alam Bhuiyan,Fan Wu,Marimuthu Karuppiah,Saru Kumari

DOI: https://doi.org/10.1109/tii.2017.2773666

IF: 12.3

2017-01-01

IEEE Transactions on Industrial Informatics

Abstract:Wireless sensor networks (WSNs) play an important role in the industrial Internet of Things (IIoT) and have been widely used in many industrial fields to gather data of monitoring area. However, due to the open nature of wireless channel and resource-constrained feature of sensor nodes, how to guarantee that the sensitive sensor data can only be accessed by a valid user becomes a key challenge in IIoT environment. Some user authentication protocols for WSNs have been proposed to address this issue. However, previous works more or less have their own weaknesses, such as not providing user anonymity and other ideal functions or being vulnerable to some attacks. To provide secure communication for IIoT, a user authentication protocol scheme with privacy protection for IIoT has been proposed. The security of the proposed scheme is proved under a random oracle model, and other security discussions show that the proposed protocol is robust to various attacks. Furthermore, the comparison results with other related protocols and the simulation by NS-3 show that the proposed protocol is secure and efficient for IIoT.

Hang Xu,Chingfang Hsu,Lein Harn,Janqun Cui,Zhuo Zhao,Ze Zhang

DOI: https://doi.org/10.1109/tsc.2023.3257569

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:With the increasing popularity and wide application of the Internet, the users (such as managers and data consumers) in the Industrial Internet of Things (IIoT) can remotely analyze and control real-time data collected by various smart sensor devices. However, there are many security and privacy issues in the process of transmitting collected data through public channels in IIoT environment. In order to against the illegal access by opponents, a novel anonymous user authentication and key agreement scheme based on hash and elliptic curve encryption is proposed in this paper, which not only uses a pseudonym tuple database in control nodes to realize the functions of user dynamic joining and anonymity protection, but also resists key loss and device capture attacks through fuzzy biometric extraction technology. In addition, the formal secure analysis of the proposed scheme is carried out using the BAN logic model and ROR model, which proves the security of the proposed scheme. Meanwhile, we also prove the scheme can against the described existing attacks and meet the design goals by a detailed informal security discussion. Compared with the latest similar IIoT authentication proposals, our solution has a very obvious advantage in communication efficiency and realizes more functions. Hence, our scheme is more suitable for the IIoT environment, and can also generate greater benefits.

computer science, information systems, software engineering

Xinying Yu,Kejun Zhang,Zhufeng Suo,Jun Wang,Wenbin Wang,Bing Zou

DOI: https://doi.org/10.1016/j.jksuci.2024.102166

IF: 9.006

2024-08-30

Journal of King Saud University - Computer and Information Sciences

Abstract:Biometric recognition is extensive for user security authentication in the Industrial Internet of Things (IIoT). However, the potential leakage of biometric data has severe repercussions, such as identity theft or tracking. Existing authentication schemes primarily focus on protecting biometric templates but often overlook the "one-authentication multiple-access" mode. As a result, these schemes still confront challenges related to privacy leakage and low efficiency for users who frequently access the server. In this regard, this paper proposes an efficient authentication scheme syncretizing physical unclonable function (PUF) and revocable biometrics in IIoT. Specifically, we design a revocable biometric template generation method syncretizing the user's biometric data and the device's PUF to enhance the security and revocability of the dual identity information. Given the generated revocable biometric template and the secret sharing, our scheme implements secure authentication and key negotiation between users and servers. Additionally, we establish an access boundary and an authentication validity period to permit multiple accesses following one authentication, thus significantly decreasing the computational cost of the user-side device. We leverage BAN logic and the ROR model to prove our scheme's security. Informal security analysis and performance comparison demonstrate that our scheme satisfies more security features with higher authentication efficiency.

computer science, information systems

Junhui Zhao,Fanwei Huang,Huanhuan Hu,Longxia Liao,Dongming Wang,Lisheng Fan

DOI: https://doi.org/10.1016/j.adhoc.2024.103427

IF: 4.816

2024-01-31

Ad Hoc Networks

Abstract:5G technology has been applied and popularized, leading to the widespread usage of the Internet of Things (IoT) in various areas such as intelligent transportation, home security, fire protection, industrial monitoring, healthcare, and data collection intelligence. Data sharing is one of the key factors for successful application in these fields. However, real-time data sharing through open channels may result in transmitted messages being illegally accessed by attackers, leading to privacy breaches. At present, most existing authentication schemes focus on single gateway authentication models. In order to overcome issues such as elevated communication overhead, reduced network performance, and inefficient cross-domain access in the single gateway model with larger network sizes, we introduce a multi-gateway lightweight authentication scheme as a solution. Firstly, our scheme is based on a three-factor authentication scheme of Chebyshev chaotic mapping, hash function, and XOR operation. This scheme achieves secure authentication between sensor nodes and users, establishes session keys, and also supports user key updates. Secondly, through security analysis, we demonstrate that the proposed scheme resists internal disguise attacks, sensor capture attacks, temporary secret leakage attacks, and achieves forward security of session keys. We additionally provide a demonstration of the semantic security of session keys by utilizing a Random Oracle Model (ROM). Finally, compared to other schemes, the results show that our proposed scheme has lower communication overhead and computational resource requirements, and is more in line with the requirements of lightweight device security authentication in the IoT.

computer science, information systems,telecommunications

Senshan Ouyang,Xiang Liu,Lei Liu,Shangchao Wang,Baichuan Shao,Yang Zhao

DOI: https://doi.org/10.32604/cmes.2023.028895

2024-01-01

Computer Modeling in Engineering & Sciences

Abstract:With the continuous expansion of the Industrial Internet of Things (IIoT), more and more organisations are placing large amounts of data in the cloud to reduce overheads. However, the channel between cloud servers and smart equipment is not trustworthy, so the issue of data authenticity needs to be addressed. The SM2 digital signature algorithm can provide an authentication mechanism for data to solve such problems. Unfortunately, it still suffers from the problem of key exposure. In order to address this concern, this study first introduces a key-insulated scheme, SM2-KI-SIGN, based on the SM2 algorithm. This scheme boasts strong key insulation and secure key-updates. Our scheme uses the elliptic curve algorithm, which is not only more efficient but also more suitable for IIoT-cloud environments. Finally, the security proof of SM2-KI-SIGN is given under the Elliptic Curve Discrete Logarithm (ECDL) assumption in the random oracle.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Zengpeng Li,Zheng Yang,Pawel Szalachowski,Jianying Zhou

DOI: https://doi.org/10.1109/jiot.2020.3008773

IF: 10.6

2021-01-15

IEEE Internet of Things Journal

Abstract:Industrial Internet of Things (IIoT) brings together computers, devices, advanced analytics, and people in industries such as transportation, oil plant and power grid, that leads to major efficiency and productivity gains for almost any industrial procedures. Due to the interconnection of devices in IIoT, communication security has become a critical issue to address in many emerging industry standards which require the authentication and key exchange procedure to be done to guarantee the authorized machine access (e.g., from users) and secure the data transmission between machines. To overcome the shortcoming (i.e., low entropy) of the memorable password in user authentication, it is rightfully recommended by industry standards (such as IEC-62443 family) to use multi-factor authentication for higher security levels. Notably, latency is one of the main sources of inefficiency when a device is communicating with other machines on IIoT. To mitigate latency, smooth projective hash function (SPHF) built from wellstudied standard assumptions is used to achieve low-interactivity multi-factor authenticated key exchange protocol (MFAKE), because SPHF allows each party to prove to the others that he knows the right authentication factor(s). In this paper, we are therefore motivated to build a new MFAKE named "secure remote multifactor (SRMF)" to achieve the human involved "machine-to-machine" secure communication in IIoT. That is, SRMF leverages multiple user-centric authentication factors (such as password, biometric fingerprints, and PIN), and it can synergistically support multi-factor registration (MFR), multi-factor authentication (MFA) and multifactor key exchange (MFKE). Further, to prevent authentication factors stored at the server exposing to attackers, the password-harden service (i.e., Pythia-PRF, USENIX'15) inspires us to develop a multifactor hardening service (MFHS) -tilizing an oblivious pseudorandom function (OPRF). The balanced security of the proposed protocol is proved under the model of Bellare-Pointcheval-Rogaway (EUROCRYPTO' 00) along with theoretical and experimental evaluations.

computer science, information systems,telecommunications,engineering, electrical & electronic

Na Li,Maode Ma,Hui Wang

DOI: https://doi.org/10.3390/s24041243

IF: 3.9

2024-02-15

Sensors

Abstract:With the increasing demand for a digital world, the Industrial Internet of Things (IIoT) is growing rapidly across various industries. In manufacturing, particularly in Industry 4.0, the IIoT assumes a vital role. It encompasses many devices such as sensing devices, application servers, users, and authentication servers within workshop settings. The security of the IIoT is a critical issue due to wireless networks' open and dynamic nature. Therefore, designing secure protocols among those devices is an essential aspect of IIoT security functionality and poses a significant challenge to the IIoT systems. In this paper, we propose a lightweight anonymous authentication protocol to preserve privacy for IIoT users, enabling secure IIoT communication. The protocol has been validated to demonstrate its comprehensive ability to overcome various vulnerabilities and prevent malicious attacks. Finally, the performance evaluation confirms that the proposed protocol is more effective and efficient than the existing alternatives.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Qingyang Zhang,Xiaolong Zhou,Hong Zhong,Jie Cui,Jiaxin Li,Debiao He

DOI: https://doi.org/10.1109/tifs.2024.3451357

IF: 7.231

2024-09-11

IEEE Transactions on Information Forensics and Security

Abstract:Several authentication and key agreement (AKA) schemes have been proposed to ensure secure communication in the Industrial Internet of Things (IIoT). However, most of these schemes face two primary problems. First, they cannot resist various attacks, such as impersonation and device capture attacks. Second, these schemes overlook the resource-constrained IIoT devices, failing to guarantee lightweight overhead for device operations. Therefore, we propose a novel and efficient AKA scheme. Utilizing the chameleon hash function and physical unclonable function, the proposed scheme implements a lightweight overhead for both authentication parties while maintaining the overhead of the gateway within a reasonable range. Furthermore, we implement device anonymity based on lightweight operations such as hash and XOR. In addition, we perform a rigorous security analysis using the widely accepted Real-Or-Random model, BAN logic, and Proverif tool. Finally, through heuristic analysis and experiments, we substantiate that our scheme surpasses the compared schemes in terms of both security attributes and system overhead.

computer science, theory & methods,engineering, electrical & electronic

Sangjukta Das,Suyel Namasudra

DOI: https://doi.org/10.1002/ett.4716

IF: 3.6

2023-01-04

Transactions on Emerging Telecommunications Technologies

Abstract:The proposed scheme consists of three entities, namely IoT device (IoTD), gateway, and central administrator (CA). An IoTD is a resource‐constrained device associated with a patient's body. It collects patients' real‐time healthcare data and sends them to the intended entity via a gateway device. The gateway acts as an intermediate entity between the IoTD and user. The CA is the central entity of the proposed scheme. In recent years, Internet of Things (IoT) technology has been adopted in numerous application areas, such as healthcare, agriculture, industrial automation, and many more. The use of IoT and other technologies like cloud computing and machine learning has made the modern healthcare system to be smart, automated, and efficient. However, the continuous proliferation of cyber‐attacks on IoT devices has increased IoT challenges like data security, privacy protection, authentication, and so forth. In smart healthcare systems, due to the lack of authentication protocols, attackers can undermine the availability, confidentiality, and integrity of both smart healthcare devices and data, which can be life‐threatening in some situations. In this article, a privacy‐preserving mutual authentication scheme for IoT‐enabled healthcare systems is proposed to achieve lightweight and effective authentication of network devices. To support the processing capabilities of the IoT devices, this proposed authentication scheme is designed using lightweight cryptographic primitives, namely XOR, concatenation, and hash operation. The proposed scheme can establish a secure session between an authorized device and a gateway, and prevent unauthorized devices from getting access to healthcare systems. The security analysis and performance analysis assess the proposed authentication technique's effectiveness over existing well‐known schemes.

telecommunications

Hsiao-Ling Wu,Chin-Chen Chang,Yao-Zhu Zheng,Long-Sheng Chen,Chih-Cheng Chen

DOI: https://doi.org/10.3390/s20195604

IF: 3.9

2020-09-30

Sensors

Abstract:The Internet of Things (IoT) is currently the most popular field in communication and information techniques. However, designing a secure and reliable authentication scheme for IoT-based architectures is still a challenge. In 2019, Zhou et al. showed that schemes pro-posed by Amin et al. and Maitra et al. are vulnerable to off-line guessing attacks, user tracking attacks, etc. On this basis, a lightweight authentication scheme based on IoT is proposed, and an authentication scheme based on IoT is proposed, which can resist various types of attacks and realize key security features such as user audit, mutual authentication, and session security. However, we found weaknesses in the scheme upon evaluation. Hence, we proposed an enhanced scheme based on their mechanism, thus achieving the security requirements and resisting well-known attacks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Chun-Ta Li,Tsu-Yang Wu,Chin-Ling Chen,Cheng-Chi Lee,Chien-Ming Chen

DOI: https://doi.org/10.3390/s17071482

2017-06-23

Abstract:In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients' physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu-Chung's scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

Hsiao-Ling Wu,Chin-Chen Chang,Long-Sheng Chen

DOI: https://doi.org/10.1016/j.pmcj.2020.101177

IF: 3.848

2020-09-01

Pervasive and Mobile Computing

Abstract:<p>The Internet of Things technology allows devices automatically connect with others or a server for the purposes of exchanging data. People can conveniently integrate data from those devices for a smart home, vehicular ad-hoc network, e-Health, etc. In 2017, Wang et al. proposed a simple authentication scheme for the Internet of Things. Although they formally proved that their scheme is secure, they did not consider the privacy of devices and stolen verifier attack. In this paper, we first demonstrate the weaknesses of Wang et al.'s scheme. Accordingly, we present a higher security level authentication scheme to resist the above weaknesses.</p>

computer science, information systems,telecommunications

Qingshui Xue,Xingzhong Ju,Haozhi Zhu,Haojin Zhu,Fengying Li,Xiangwei Zheng

DOI: https://doi.org/10.1007/978-3-030-22971-9_12

2019-01-01

Abstract:IoT is an important part of the new generation of information technologies and the next big thing in the IT industry after the computer and the internet. The IoT has great development potential and a wide range of possible applications, especially commercial applications. And information security of the IoT is the key to the long-term development of the whole industry. Currently, the two most significant factors in the development of the IoT are user identity authentication and privacy protection. This paper contains an analysis on the current picture of inter-device user identity authentication in the IoT and proposes an inter-device biometric authentication solution for the IoT that’s designed to work with larger devices, addressing the shortcomings of the traditional user identity authentication technologies including security and efficiency problems. A strategy for further solution optimization is also included. This paper elaborates on the specific process of user identity authentication carried out by users on devices and between devices making use of fingerprints. We’ll demonstrate the security of this solution against existing attack methods and in the last part, we enumerate various possible applications of this solution in smart homes.