Hu Xiong,Qian Mei,Yanan Zhao

DOI: https://doi.org/10.1109/jsyst.2018.2890126

IF: 4.802

2020-01-01

IEEE Systems Journal

Abstract:With the continuous development of the industrial Internet of Things (IIoT), many organizations opt for storing the data collected by smart devices on a cloud server for saving costs. Considering the untrusted nature of the communication channel, how to ensure the authenticity of data is an urgent matter to be solved. Certificateless signatures that can provide an authentication mechanism for the data seem to be a viable option to this problem. Nevertheless, the certificateless signature scheme proposed so far is either easy to be broken or inefficient. In this paper, a pairing-free and provably secure certificateless parallel key-insulated signature (CL-PKIS) scheme is put forward for securing the communication in the IIoT environment. Unlike previous work in this field, our scheme not only uses elliptic curves to maintain higher efficiency, but also implants key-insulated primitive to reduce the risk of key exposures. Besides, our scheme provides a parallel mechanism to make it more suitable for the IIoT environment, which was not available in previous solutions. Finally, the security of our CL-PKIS scheme is proved under the discrete logarithm assumption in the random oracle model.

Senshan Ouyang,Xiang Liu,Lei Liu,Shangchao Wang,Baichuan Shao,Yang Zhao

DOI: https://doi.org/10.32604/cmes.2023.028895

2024-01-01

Computer Modeling in Engineering & Sciences

Abstract:With the continuous expansion of the Industrial Internet of Things (IIoT), more and more organisations are placing large amounts of data in the cloud to reduce overheads. However, the channel between cloud servers and smart equipment is not trustworthy, so the issue of data authenticity needs to be addressed. The SM2 digital signature algorithm can provide an authentication mechanism for data to solve such problems. Unfortunately, it still suffers from the problem of key exposure. In order to address this concern, this study first introduces a key-insulated scheme, SM2-KI-SIGN, based on the SM2 algorithm. This scheme boasts strong key insulation and secure key-updates. Our scheme uses the elliptic curve algorithm, which is not only more efficient but also more suitable for IIoT-cloud environments. Finally, the security proof of SM2-KI-SIGN is given under the Elliptic Curve Discrete Logarithm (ECDL) assumption in the random oracle.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Ali Muhammad,Noor Ul Amin,Insaf Ullah,Ahmed Alsanad,Saddam Hussain,Suheer Al-Hadhrami,M. Irfan Uddin,Hizbullah Khattak,Muhammad Asghar Khan

DOI: https://doi.org/10.1155/2021/9960264

IF: 1.43

2021-01-01

Mathematical Problems in Engineering

Abstract:Currently, hyperelliptic curve cryptography (HECC) got attractions towards low power devices such as Industrial Internet of Things (IIoT). As we all know, it has the capability of utilizing low key size, which can be suitable for IIoT environment. Inspired by the aforementioned property of HECC, we proposed an efficient scheme for IIoT using certificateless signature with the help of HECC. The presented approach is proven to be unforgeable against the challenges of type I and type II attackers. We tested the security of the designed approach through Automated Validation of Internet Security Protocols and Applications (AVISPA). We also performed the computational and communicational cost comparisons with already existed schemes, and it is observed from our analysis that our scheme is computationally efficient and needs low communication cost.

Xinchao Wang,Wei Wang,Cheng Huang,Ping Cao,Youwen Zhu,Qihui Wu

DOI: https://doi.org/10.1109/jsyst.2023.3345370

IF: 4.802

2024-03-19

IEEE Systems Journal

Abstract:Identity authentication is an essential element for industrial Internet of Things (IIoT), which guarantees secure access control for various devices. Existing authentication schemes face some security threats, including temporary secret leakage attack, key recovery attack, and forgery attack. In this article, we introduce a blockchain-based certificateless conditional anonymous authentication (BCCA) scheme specifically designed for IIoT. To optimize the authentication efficiency, BCCA employs elliptic curve design to avoid the relatively time-consuming bilinear pairing operation. Additionally, we introduce a precomputation strategy, allowing users to prepare essential materials in advance, and one-time verification support for batch signatures is applied, thus reducing authentication latency. To further enhance the security, random verification checksums are employed to counter key recovery attack, and a combination of long-term and short-term secrets is used to mitigate temporary secret leakage attack. Simulation results demonstrate that our scheme has advantages in both security and computational cost.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Yiran Han,Hua Guo,Jianwei Liu,Brou Bernard Ehui,Yapeng Wu,Sijia Li

DOI: https://doi.org/10.1109/jiot.2024.3355228

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The Industrial Internet of Things (IIoT) is the application of the Internet of Things (IoT) in the industrial field. IIoT allows users to remotely access industrial equipment and the data in it, which also brings certain challenges to the security of industrial data. Authentication and key agreement protocols are very effective security technologies in the matter of protecting industrial data. There is a large amount of research work on authentication protocols in IIoT, but most of the protocols have security weaknesses. Recently, Rafique et al. proposed a multi-factor protocol in IIoT that can accomplish authentication and session key establishment through a gateway. Rafique et al. claimed that their protocol is secure, unfortunately, we carefully analyze the protocol of Rafique et al. and find some security flaws, i.e., it is vulnerable to insider attack and known session-specific temporary information (KSSTI) attack, and unable to provide forward security. We explore the factors of insecurity and propose an enhanced multi-factor secure authentication and key agreement protocol in IIoT. The new protocol improves the security of the protocol while using only symmetric cryptography, hash function, and XOR operation. Formal security analysis and informal security discussions demonstrate that the new protocol is resistant to a variety of known attacks. After performance analysis, our protocol has lower computational cost, and increases no significant communication cost, while providing more secure and robust properties.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mimi Ma,Debiao He,Neeraj Kumar,Kim-Kwang Raymond Choo,Jianhua Chen

DOI: https://doi.org/10.1109/tii.2017.2703922

IF: 12.3

2017-01-01

IEEE Transactions on Industrial Informatics

Abstract:With the widespread adoption of Internet of Things and cloud computing in different industry sectors, an increasing number of individuals or organizations are outsourcing their Industrial Internet of Things (IIoT) data in the cloud server to achieve cost saving and collaboration (e.g., data sharing). However, in this environment, preserving the privacy of data remains a key challenge and inhibiting factor to an even wider adoption of IIoT in the cloud environment. To mitigate these issues, in this paper, we design a new secure channel-free certificateless search-able public key encryption with multiple keywords scheme for IIoT deployment. We then demonstrate the security of the scheme in the random oracle model against two types of adversaries, where one adversary is given the power to choose a random public key instead of any user's public key and another adversary is allowed to learn the system master key. In the presence of these types of adversaries, we evaluate the performance of the proposed scheme and demonstrate that it achieves computational) efficiency with low communication cost.

Zirui Qiao,Yanwei Zhou,Bo Yang,Mingwu Zhang,Tao Wang,Zhe Xia

DOI: https://doi.org/10.1109/jsyst.2021.3131589

IF: 4.802

2021-01-01

IEEE Systems Journal

Abstract:To improve the security of industrial Internet of things (IIoT), several concrete constructions of certificate-based proxy signature (CBPS) scheme without bilinear pairing were proposed in the last few years. However, many previous constructions were found impractical, either fail to meet the claimed security properties or contain design flaws. In particular, in some instances, a malicious proxy signer can claim to be the original signer by forwarding the messages from original signer to any proxy signer, and the receiver cannot determine whether the delegation of signing power has been reused. In this article, we first demonstrate some security issues and design flaws in the previous proposals of CBPS scheme. As follows, to further address the above deficiencies, three new constructions of CBPS scheme with improved security are introduced. In the first two proposals, the delegation validity can be verified by the designated verifier (proxy signer), and the delegation of signing power for the last construct is publicly verifiable (any signer). Furthermore, formal security proofs are given using forking lemma in the random oracle, assuming that the discrete logarithm problem is hard. Compared with the previous CBPS schemes, our constructions are efficient with respect to computation and communication. Finally, we discuss the two necessary conditions for constructing secure CBPS schemes, to avoid security flaws in future research.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Zheng Yang,Jun He,Yangguang Tian,Jianying Zhou

DOI: https://doi.org/10.1109/tii.2019.2963328

IF: 12.3

2020-10-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial Internet-of-Things (IIoT) is the basis of Industry 4.0, which extends Internet connectivity beyond traditional computing devices like computers and smartphones to the physical world for improving efficiency and accuracy while reducing the production cost. However, there are tremendous security threats to IIoT, such as IIoT device hijacking and data leaks. Therefore, a lightweight authenticated key agreement (AKA) protocol is commonly applied to establish a session key for securing the communication between IIoT devices. To protect the previous session keys from being compromised, perfect forward secrecy (PFS) has been one of the most important security properties of AKA. In this article, we present an efficient PFS-enabled AKA protocol for IIoT systems, which is developed based on a new dynamic authentication credential (DAC) framework, without using any public-key cryptographic primitives. It is worth noting that our protocol is also faster than the state-of-the-art DAC-based AKA protocols with PFS. Moreover, we give the formal security result of the proposed protocol in the random oracle model.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Rashad Elhabob,Yanan Zhao,Iva Sella,Hu Xiong

DOI: https://doi.org/10.1007/s12652-019-01365-4

2019-01-01

Abstract:Current time organizations have moved from the conventional industries to smart industries by embracing the approach of Industrial Internet of Things (IIoT), which has provided an avenue for the integration of smart devices and communication technologies. IIoT offers reduction of costs on services and technologies since it counts on the flexibility, availability and real-time data processing capabilities of the cloud server. And even with the untrusted nature of the cloud, the privacy and confidentiality of the data outsourced to the cloud has been able to be guaranteed. This has been achieved through encryption techniques apply to the data before outsourcing. This has made it feasible to have the data in the cloud secured. However, the limitation of data recovery due to it having the innate “all-or-nothing” decryption characteristic, results in a challenge in the search functionality for the encrypted data. In order to deal with this challenge, this paper nominates a Certificateless Public Key Cryptography with Authorized Equivalent Test (CL-PKC-AET). Whereby, a cloud server is given authority to actuate if two encryptions consist of the equivalent messages. Furthermore, the extra providence of a fine-grained testing capability to the cloud server makes the CL-PKC-AET scheme adaptable. We define our scheme basing on bilinear pairing and further advocate within the random oracle model its security, based on the Bilinear Diffie-Hellman assumption. Basing on comparison with existing work, our scheme proves to be more effective.

Rui Guo,Qiaoyan Wen,Huixian Shi,Zhengping Jin,Hua Zhang

DOI: https://doi.org/10.1155/2014/980274

IF: 1.43

2014-01-01

Mathematical Problems in Engineering

Abstract:Certificateless cryptography aims at combining the advantages of public key cryptography and identity based cryptography to avoid the certificate management and the key escrow problem. In this paper, we present a novel certificateless public key encryption scheme on the elliptic curve over the ring, whose security is based on the hardness assumption of Bilinear Diffie-Hellman problem and factoring the large number as in an RSA protocol. Moreover, since our scheme requires only one pairing operation in decryption, it is significantly more efficient than other related schemes. In addition, based on our encryption system, we also propose a protocol to protect the confidentiality and integrity of information in the scenario of Internet of Things with constrained resource nodes.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Min Liu,Liangliang Wang,Kai Zhang,Yu Long,Baodong Qin

DOI: https://doi.org/10.1007/s12083-023-01610-w

IF: 3.488

2024-01-16

Peer-to-Peer Networking and Applications

Abstract:Wireless medical sensor networks (WMSNs) realize remote monitoring of patients' health status through the combination of medical sensors and wireless communication. There is an urgent need to ensure the integrity, authenticity, authentication, and privacy of patients' medical data and improve treatment outcomes. Currently, many aggregate signature schemes have been developed to protect patients' medical data in WMSNs. Among them, the pairing operation and key exposure in some aggregate signature schemes can raise efficiency and security issues in medical data transmission, and some of them do not achieve equivalent security, which leads to healthcare professionals receiving inaccurate medical data. Aiming at these, this paper proposes a pairing-free certificate-based key-insulated aggregate signature scheme (CB-KIAS) in WMSNs, which introduces key-insulated technique that can effectively avoid the problem of key exposure. According to formal security proof, this scheme is unforgeable against adaptive-chosen message attacks and having the equivalent security of aggregate signature to ensure that the validity of the aggregate signature is equal to the validities of all single signatures to resist fully chosen-key attacks. The proposed CB-KIAS scheme, utilizing elliptic curves and the combination of online/offline cryptography mechanism, is effective and more suitable for resource-constrained medical sensors when compared with other related schemes.

computer science, information systems,telecommunications

Yanru Chen,Fengming Yin,Shunfang Hu,Limin Sun,Yang Li,Bin Xing,Liangyin Chen,Bing Guo

DOI: https://doi.org/10.1109/jiot.2022.3219233

IF: 10.6

2023-03-11

IEEE Internet of Things Journal

Abstract:Nowadays, Industrial Internet of Things (IIoT) technology has made a great progress and the industrial control systems (ICSs) have been used extensively, which has brought more and more serious information security threats to the ICS at the same time. The authenticated key agreement (AKA) protocol is a common method to ensure the communication security. This work proposes a lightweight AKA protocol based on the elliptic curve cryptography (ECC) algorithm to adapt to the resource-constrained environment. We only employ hash operation, XOR operation, and ECC algorithm to encrypt the data in the authentication and key agreement phase, and avoid involving the register center while proceeding the key agreement, to give consideration to both performance and security. The security analyses indicate that our protocol can meet nine critical security requirements, more than all of the existing protocols, and the performance analysis carried out indicates that our protocol has less computational and communication overheads in contrast to other corelative protocols.

computer science, information systems,telecommunications,engineering, electrical & electronic

Guanglu Wei,Kai Fan,Kuan Zhang,Haoyang Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/jiot.2023.3323275

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In recent years, the Internet of Things (IoT) has gained immense popularity in various aspects of work, learning, and daily life. Within the Internet of Things realm, there is a growing concern regarding communication security issues between users and servers. However, addressing the communication security between servers is equally imperative, which has not received as much attention. To this end, we propose a certificateless anonymous authenticated key agreement (AKA) algorithm based on Learning with Errors (LWE) and Inhomogeneous Small Integer Solution (ISIS) security assumptions. Our scheme provides strong resistance to quantum attacks and protects the privacy of communication servers. It also has constant communication costs and lower computational requirements than existing lattice-based anonymous AKA algorithms on the broadcast channel. Additionally, the proposed scheme eliminates the resource consumption of managing complex certificates and addresses the security risks associated with key escrow in the key generation center (KGC). Through security and performance analysis, we demonstrate that our approach can enhance the security of IoT-based healthcare systems while significantly improving communication efficiency. Our proposed scheme provides a promising solution to security issues related to server communication in IoT systems.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yangyang Bao,Weidong Qiu,Xiaochun Cheng

DOI: https://doi.org/10.1109/jiot.2021.3055861

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Attribute-based signature (ABS) can provide fine-grained and anonymous authentication for the Industrial Internet of Things (IIoT). However, key exposure and the computational performance bottleneck of resource-constrained devices raise a challenge to the IIoT-oriented ABS schemes. To confront the above challenge, this article proposes an intrusion-resilient server-aided ABS (IR-SA-ABS) scheme. This scheme designs to periodically update the signing key with the assistance of a helper device, and the signing key is refreshed for multiple rounds aperiodically within each time period under the supervision of the helper device. In this way, the system remains secure even if both the helper device and the signing device are compromised. During this process, we significantly reduce the computational overheads of resource-constrained devices by delegating all of the key update and refresh operations and most of the signature generation and verification operations to a powerful server. Subsequently, we present the rigorous security proof of IR-SA-ABS. The comparison and experiment demonstrate the efficiency and practicality of IR-SA-ABS in the IIoT scenario.

Qingyang Zhang,Xiaolong Zhou,Hong Zhong,Jie Cui,Jiaxin Li,Debiao He

DOI: https://doi.org/10.1109/tifs.2024.3451357

IF: 7.231

2024-09-11

IEEE Transactions on Information Forensics and Security

Abstract:Several authentication and key agreement (AKA) schemes have been proposed to ensure secure communication in the Industrial Internet of Things (IIoT). However, most of these schemes face two primary problems. First, they cannot resist various attacks, such as impersonation and device capture attacks. Second, these schemes overlook the resource-constrained IIoT devices, failing to guarantee lightweight overhead for device operations. Therefore, we propose a novel and efficient AKA scheme. Utilizing the chameleon hash function and physical unclonable function, the proposed scheme implements a lightweight overhead for both authentication parties while maintaining the overhead of the gateway within a reasonable range. Furthermore, we implement device anonymity based on lightweight operations such as hash and XOR. In addition, we perform a rigorous security analysis using the widely accepted Real-Or-Random model, BAN logic, and Proverif tool. Finally, through heuristic analysis and experiments, we substantiate that our scheme surpasses the compared schemes in terms of both security attributes and system overhead.

computer science, theory & methods,engineering, electrical & electronic

Yang Liu,Peng Yu,Bailing Wang,Xuefeng Bai,Yuan Xinling,Li Geng

2013-01-01

International Journal of Control and Automation

Abstract:With the rapid development in Internet of Thing technology, the security issues have become increasingly prominent. There are many problems and shortcomings in applying current security mechanisms to the Internet of Thing. In this article we build network security architecture by presenting combination of IBE and PKI/CA in the Internet acquisition and transport layer. With the KDC security certification, the node open parameters and the security of the private key of the node with the PKG distribution are implemented, and the nodes and node data transmission together are effectively protected. We also enable the secure authentication and encrypted transmission by PKI/CA in the middle of certification in aggregation nodes and network data processing. Moreover we propose the key management strategy of private key generator and realize the publication of PKG parameter and the fast distribution, update, and withdraw process of private key, which further ensure secure data network transmission.

Xiaotong Zhou,Debiao He,Jianting Ning,Min Luo,Xinyi Huang

DOI: https://doi.org/10.1109/tnse.2023.3300716

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Cloud-assisted Industrial Internet of Things (IIoT) gathers and analyzes multiple types of data (such as ambient and mechanical data) from physical devices to improve intelligent manufacturing. However, the heavy requirements for data storage and sharing have led to increased demands for efficiency and security in the IIoT system. Public-key Encryption with Keyword Search (PEKS) is an encryption method that provides both data confidentiality and efficient retrieval. Unfortunately, inside keyword guessing attacks (IKGA) have been a persistent issue in PEKS. To resist this attack, Public-key Authenticated Encryption with Keyword Search (PAEKS) has been developed. However, the existing PAEKS schemes are generally proven under intractability assumptions, such as Decisional Bilinear Diffie-Hellman (DBDH) and modified Decision Linear (mDLIN) assumptions, or they involve costly bilinear pairing operations, or rely on two non-colluded cloud servers, which are not suitable for large-scale IIoT applications. In this article, we propose a secure and efficient PAEKS scheme with only one server for cloud-assisted IIoT. Our proposal achieves the IKGA-secure property (i.e., it satisfies the trapdoor privacy and multi-ciphertext indistinguishability) and sidesteps the bilinear pairing operation. Our performance analysis demonstrates the feasibility of our scheme in IIoT by significantly improving computation efficiency (at least 21.97 times) with similar communication overhead.

Xinying Yu,Kejun Zhang,Zhufeng Suo,Jun Wang,Wenbin Wang,Bing Zou

DOI: https://doi.org/10.1016/j.jksuci.2024.102166

IF: 9.006

2024-08-30

Journal of King Saud University - Computer and Information Sciences

Abstract:Biometric recognition is extensive for user security authentication in the Industrial Internet of Things (IIoT). However, the potential leakage of biometric data has severe repercussions, such as identity theft or tracking. Existing authentication schemes primarily focus on protecting biometric templates but often overlook the "one-authentication multiple-access" mode. As a result, these schemes still confront challenges related to privacy leakage and low efficiency for users who frequently access the server. In this regard, this paper proposes an efficient authentication scheme syncretizing physical unclonable function (PUF) and revocable biometrics in IIoT. Specifically, we design a revocable biometric template generation method syncretizing the user's biometric data and the device's PUF to enhance the security and revocability of the dual identity information. Given the generated revocable biometric template and the secret sharing, our scheme implements secure authentication and key negotiation between users and servers. Additionally, we establish an access boundary and an authentication validity period to permit multiple accesses following one authentication, thus significantly decreasing the computational cost of the user-side device. We leverage BAN logic and the ROR model to prove our scheme's security. Informal security analysis and performance comparison demonstrate that our scheme satisfies more security features with higher authentication efficiency.

computer science, information systems

Kui Ma,Yanwei Zhou,Ying Wang,Chunsheng Dong,Zhe Xia,Bo Yang,Mingwu Zhang

DOI: https://doi.org/10.1109/jsyst.2023.3269597

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) is helpful in making people's life more convenient and efficient. To ensure that the nodes within IoT can interact securely, a certificateless signature (CLS) can be used to protect message authentication in the IoT. Recently, some concrete constructions of CLS schemes have been proposed in the literature, but through our analyses, we demonstrate that some existing CLS schemes cannot keep their claimed security because of various security flaws. For example, a valid signature can be forged by any Type I adversary by replacing the corresponding user's public key. In this article, we describe the security flaws that need to be addressed and introduce a novel CLS scheme without using bilinear mapping. The existential unforgeability in our proposed scheme can be proved based on the hardness of the elliptic curve discrete logarithm problem in the random oracle model. The comparison with existing CLS schemes shows that our scheme not only enjoys more security features but also is more efficient in computation. Moreover, we introduce an identity authentication protocol as the application of our proposed CLS scheme, which achieves mutual authentication and anonymity in communications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Jangirala Srinivas,Ashok Kumar Das,Xiong Li,Muhammad Khurram Khan,Minho Jo

DOI: https://doi.org/10.1109/tii.2020.3011849

IF: 12.3

2021-01-01

IEEE Transactions on Industrial Informatics

Abstract:Recent technological evolution in the Internet of Things (IoT) age supports better solutions to magnify the management of the power quality and reliability concerns, and imposes the measures of a smart grid. In smart grid environment, a smart meter needs to securely access the services from a service provider via insecure channel. However, since the communication is via public channel, it imposes various security threats by an adversary. To deal with this, in this article we design a new anonymous signature-based authenticated key exchange scheme for IoT-enabled smart grid environment, called AAS-IoTSG. The dynamic smart meter addition phase is also permissible in AAS-IoTSG after initial deployment. The security of AAS-IoTSG has been tested rigorously using formal security analysis under the real-or-random (ROR) model which is one of the broadly-accepted standard random oracle models, formal security verification under the broadly-used automated validation of Internet security protocols and applications (AVISPA) tool and also using informal security analysis. Finally, an exhaustive comparative study unveils that AAS-IoTSG supports better security and functionality features and requires less communication and computation overheads as compared to the existing state-of-art authentication mechanisms in smart grid systems.