Yiran Han,Hua Guo,Jianwei Liu,Brou Bernard Ehui,Yapeng Wu,Sijia Li

DOI: https://doi.org/10.1109/jiot.2024.3355228

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The Industrial Internet of Things (IIoT) is the application of the Internet of Things (IoT) in the industrial field. IIoT allows users to remotely access industrial equipment and the data in it, which also brings certain challenges to the security of industrial data. Authentication and key agreement protocols are very effective security technologies in the matter of protecting industrial data. There is a large amount of research work on authentication protocols in IIoT, but most of the protocols have security weaknesses. Recently, Rafique et al. proposed a multi-factor protocol in IIoT that can accomplish authentication and session key establishment through a gateway. Rafique et al. claimed that their protocol is secure, unfortunately, we carefully analyze the protocol of Rafique et al. and find some security flaws, i.e., it is vulnerable to insider attack and known session-specific temporary information (KSSTI) attack, and unable to provide forward security. We explore the factors of insecurity and propose an enhanced multi-factor secure authentication and key agreement protocol in IIoT. The new protocol improves the security of the protocol while using only symmetric cryptography, hash function, and XOR operation. Formal security analysis and informal security discussions demonstrate that the new protocol is resistant to a variety of known attacks. After performance analysis, our protocol has lower computational cost, and increases no significant communication cost, while providing more secure and robust properties.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shan Gao,Junjie Chen,Bingsheng Zhang,Kui Ren,Xiaohua Ye,Yongsheng Shen

DOI: https://doi.org/10.23919/cje.2023.00.192

IF: 1.019

2024-01-01

Chinese Journal of Electronics

Abstract:In modern industrial control systems (ICSs), when user retrieving the data stored in field device like smart sensor, there exists two main problems: one is lack of the verification for identification of user and field device; the other is that user and field device need exchange a key to encrypt sensitive data transmitted over the network. We propose a comprehensive authentication and key agreement framework that enables all connected devices in an ICS to mutually authenticate each other and establish a peer-to-peer session key. The framework combines two types of protocols for authentication and session key agreement: The first one is an asymmetric cryptographic key agreement protocol based on transport layer security handshake protocol used for Internet access, while the second one is a newly designed lightweight symmetric cryptographic key agreement protocol specifically for field devices. This proposed lightweight protocol imposes very light computational load and merely employs simple operations like one-way hash function and exclusive-or (XOR) operation. In comparison to other lightweight protocols, our protocol requires the field device to perform fewer computational operations during the authentication phase. The simulation results obtained using OpenSSL demonstrates that each authentication and key agreement process in the lightweight protocol requires only 0.005 ms. Our lightweight key agreement protocol satisfies several essential security features, including session key secrecy, identity anonymity, untraceability, integrity, forward secrecy, and mutual authentication. It is capable of resisting impersonation, man-in-the-middle, and replay attacks. We have employed the Gong-Needham-Yahalom (GNY) logic and automated validation of Internet security protocols and application tool to verify the security of our symmetric cryptographic key agreement protocol.

Zengpeng Li,Zheng Yang,Pawel Szalachowski,Jianying Zhou

DOI: https://doi.org/10.1109/jiot.2020.3008773

IF: 10.6

2021-01-15

IEEE Internet of Things Journal

Abstract:Industrial Internet of Things (IIoT) brings together computers, devices, advanced analytics, and people in industries such as transportation, oil plant and power grid, that leads to major efficiency and productivity gains for almost any industrial procedures. Due to the interconnection of devices in IIoT, communication security has become a critical issue to address in many emerging industry standards which require the authentication and key exchange procedure to be done to guarantee the authorized machine access (e.g., from users) and secure the data transmission between machines. To overcome the shortcoming (i.e., low entropy) of the memorable password in user authentication, it is rightfully recommended by industry standards (such as IEC-62443 family) to use multi-factor authentication for higher security levels. Notably, latency is one of the main sources of inefficiency when a device is communicating with other machines on IIoT. To mitigate latency, smooth projective hash function (SPHF) built from wellstudied standard assumptions is used to achieve low-interactivity multi-factor authenticated key exchange protocol (MFAKE), because SPHF allows each party to prove to the others that he knows the right authentication factor(s). In this paper, we are therefore motivated to build a new MFAKE named "secure remote multifactor (SRMF)" to achieve the human involved "machine-to-machine" secure communication in IIoT. That is, SRMF leverages multiple user-centric authentication factors (such as password, biometric fingerprints, and PIN), and it can synergistically support multi-factor registration (MFR), multi-factor authentication (MFA) and multifactor key exchange (MFKE). Further, to prevent authentication factors stored at the server exposing to attackers, the password-harden service (i.e., Pythia-PRF, USENIX'15) inspires us to develop a multifactor hardening service (MFHS) -tilizing an oblivious pseudorandom function (OPRF). The balanced security of the proposed protocol is proved under the model of Bellare-Pointcheval-Rogaway (EUROCRYPTO' 00) along with theoretical and experimental evaluations.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chintan Patela,Ali Kashif Bashirb,Ahmad Ali AlZubic,Rutvij H Jhaveri

DOI: https://doi.org/10.48550/arXiv.2207.13419

2022-07-27

Abstract:Industrial IoT (IIoT) aims to enhance services provided by various industries such as manufacturing and product processing. IIoT suffers from various challenges and security is one of the key challenge among those challenges. Authentication and access control are two notable challenges for any Industrial IoT (IIoT) based industrial deployment. Any IoT based Industry 4.0 enterprise designs networks between hundreds of tiny devices such as sensors, actuators, fog devices and gateways. Thus, articulating a secure authentication protocol between sensing devices or a sensing device and user devices is an essential step in IoT security. In this paper, first, we present cryptanalysis for the certificate-based scheme proposed for similar environment by Das et al. and prove that their scheme is vulnerable to various traditional attacks such as device anonymity, MITM, and DoS. We then put forward an inter-device authentication scheme using an ECC (Elliptic Curve Cryptography) that is highly secure and lightweight compared to other schemes for a similar environment. Furthermore, we set forth a formal security analysis using the random oracle based ROR model and informal security analysis over the Doleve-Yao channel. In this paper, we present the comparison of the proposed scheme with existing schemes based on communication cost, computation cost and security index to prove that the proposed EBAKE-SE is highly efficient, reliable, and trustworthy compared to other existing schemes for inter-device authentication. At long last, we present an implementation for the proposed EBAKE-SE using MQTT protocol

Cryptography and Security

Krishna, Hosakota Vamshi,Sekhar, Krovi Raja

DOI: https://doi.org/10.1007/s00500-023-09585-9

IF: 3.732

2024-01-13

Soft Computing

Abstract:The industrial internet of things (IIoT) refers to a system of interconnected equipment, sensors, and devices deployed within industrial environments whose primary function is to collect and facilitate the exchange of data. IIoT has gained significant traction in several domains, encompassing remote monitoring, equipment management, and condition tracking. The utilization of IIoT in different environments gives rise to apprehensions regarding the security of data. As a result of this, it is imperative to ensure that rigorous safety measures are in place to safeguard the confidentiality of the sensitive information being transmitted. The utilization of elliptic curve cryptography (ECC) and quantum key exchange (QKE) in IIoT networks holds promise for achieving robust and predictable security measures. ECC is a widely adopted type of public-key cryptography due to its efficiency and security. It has gained significant popularity in contemporary systems. QKE is an innovative methodology that originates from the fundamental principles of quantum physics. The system has the ability to generate a secret key that is impervious to hacking attempts, as it leverages natural principles instead of conventional mathematical procedures. Due to this characteristic, quantum key distribution (QKD) is widely recognized as one of the most reliable methods for key exchange. The combination has led to the creation of a novel cryptographic model that integrates elliptic curve cryptography (ECC) and quantum key exchange (QKE) techniques for the generation and distribution of cryptographic keys. The model leads to an increase in the base probability of the Bennett–Brassard protocol (BB84) from 0.5 to 1. Subsequently, the keys that are produced are employed for the encryption of data through a streamlined and adapted variant of the Advanced Encryption Standard (AES), thereby expediting the secure exchange of data while upholding its level of safeguarding.

computer science, artificial intelligence, interdisciplinary applications

Qing Fan,Jianhua Chen,Mohammad Shojafar,Saru Kumari,Debiao He

DOI: https://doi.org/10.1109/tii.2022.3145584

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:Security in the Industrial Internet of Things (IIoT) is vital as there are some cases where IIoT devices collect sensory information for crucial social production and life. Thus, designing secure and efficient communication channels is always a research hotspot. However, end devices have memory, computation, and power-supplying capacities limitations. Moreover, perfect forward secrecy (PFS), which means that long-term key exposure still discloses previous session keys, is a critical security property for authentication and key exchange (AKE). This article proposes an AKE protocol named SAKE* for the IIoT environment, where two types of keys (i.e., a master key and an evolution key) guarantee PFS. In addition, the SAKE* protocol merely uses concatenation, XOR, and hash-function operations to achieve lightweight authentication, key exchange, and message integrity. We also compare the SAKE* protocol with seven current and IoT-related authentication protocols regarding security properties and performance. Comparison results indicate that the SAKE* protocol consumes the least computation resource and third-least communication cost among eight AKE protocols while equipping 12 security properties.

Mutaz Elradi S. Saeed,Qun-Ying Liu,GuiYun Tian,Bin Gao,Fagen Li

DOI: https://doi.org/10.1007/s11276-018-1704-5

IF: 2.701

2018-01-01

Wireless Networks

Abstract:WSNs are one of the important components in the Internet of Things (IoTs), since they enable gathering and transmitting of data to the cloud server via the Internet medium. Designing an efficient secure cryptography scheme for the IoTs is a challenging task, since sensor node is a resource-constrained device. In this paper, an authentication key agreement scheme is proposed to build a secure channel between WSNs and a cloud server in the IoTs. The proposed scheme has two properties: (1) it has a lightweight computation, and (2) it provides various security properties of key agreement. In addition, it is proven to be secure under computation Diffe–Hellman assumption in the random oracle model. AKAIoTs is implemented using Contiki OS and use Z1 emulator to evaluate time overhead and memory usage. Three different curves; “BN-P158”, “SECG-P160” and “NIST-P192” are used. The implementation results verify that, the proposed scheme is computationally efficient and memory usage between 51 and 52% from total memory of ROM, and between 59 and 62% from total memory of RAM for three different security levels. As a result, curve SECG-P160 might be a good choice to supply security for the IoTs devices, since it consumes reasonable time which result in less power consumption than curve NIST-P192 and more secure than curve BN-P158. Compared with existing relevant schemes, the proposed AKAIoTs is efficient in terms of energy consumption. Moreover, two application scenarios are given to show how the proposed scheme can be applied in the IoTs applications.

Senshan Ouyang,Xiang Liu,Lei Liu,Shangchao Wang,Baichuan Shao,Yang Zhao

DOI: https://doi.org/10.32604/cmes.2023.028895

2024-01-01

Computer Modeling in Engineering & Sciences

Abstract:With the continuous expansion of the Industrial Internet of Things (IIoT), more and more organisations are placing large amounts of data in the cloud to reduce overheads. However, the channel between cloud servers and smart equipment is not trustworthy, so the issue of data authenticity needs to be addressed. The SM2 digital signature algorithm can provide an authentication mechanism for data to solve such problems. Unfortunately, it still suffers from the problem of key exposure. In order to address this concern, this study first introduces a key-insulated scheme, SM2-KI-SIGN, based on the SM2 algorithm. This scheme boasts strong key insulation and secure key-updates. Our scheme uses the elliptic curve algorithm, which is not only more efficient but also more suitable for IIoT-cloud environments. Finally, the security proof of SM2-KI-SIGN is given under the Elliptic Curve Discrete Logarithm (ECDL) assumption in the random oracle.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Qingyang Zhang,Xiaolong Zhou,Hong Zhong,Jie Cui,Jiaxin Li,Debiao He

DOI: https://doi.org/10.1109/tifs.2024.3451357

IF: 7.231

2024-09-11

IEEE Transactions on Information Forensics and Security

Abstract:Several authentication and key agreement (AKA) schemes have been proposed to ensure secure communication in the Industrial Internet of Things (IIoT). However, most of these schemes face two primary problems. First, they cannot resist various attacks, such as impersonation and device capture attacks. Second, these schemes overlook the resource-constrained IIoT devices, failing to guarantee lightweight overhead for device operations. Therefore, we propose a novel and efficient AKA scheme. Utilizing the chameleon hash function and physical unclonable function, the proposed scheme implements a lightweight overhead for both authentication parties while maintaining the overhead of the gateway within a reasonable range. Furthermore, we implement device anonymity based on lightweight operations such as hash and XOR. In addition, we perform a rigorous security analysis using the widely accepted Real-Or-Random model, BAN logic, and Proverif tool. Finally, through heuristic analysis and experiments, we substantiate that our scheme surpasses the compared schemes in terms of both security attributes and system overhead.

computer science, theory & methods,engineering, electrical & electronic

Hang Xu,Chingfang Hsu,Lein Harn,Janqun Cui,Zhuo Zhao,Ze Zhang

DOI: https://doi.org/10.1109/tsc.2023.3257569

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:With the increasing popularity and wide application of the Internet, the users (such as managers and data consumers) in the Industrial Internet of Things (IIoT) can remotely analyze and control real-time data collected by various smart sensor devices. However, there are many security and privacy issues in the process of transmitting collected data through public channels in IIoT environment. In order to against the illegal access by opponents, a novel anonymous user authentication and key agreement scheme based on hash and elliptic curve encryption is proposed in this paper, which not only uses a pseudonym tuple database in control nodes to realize the functions of user dynamic joining and anonymity protection, but also resists key loss and device capture attacks through fuzzy biometric extraction technology. In addition, the formal secure analysis of the proposed scheme is carried out using the BAN logic model and ROR model, which proves the security of the proposed scheme. Meanwhile, we also prove the scheme can against the described existing attacks and meet the design goals by a detailed informal security discussion. Compared with the latest similar IIoT authentication proposals, our solution has a very obvious advantage in communication efficiency and realizes more functions. Hence, our scheme is more suitable for the IIoT environment, and can also generate greater benefits.

computer science, information systems, software engineering

Muhammad Tanveer,Ahmed A. Abd El-Latif,Abd Ullah Khan,Musheer Ahmad,Abdelhamied A. Ateya

DOI: https://doi.org/10.1109/access.2024.3357090

IF: 3.9

2024-03-06

IEEE Access

Abstract:The Internet of Things (IoT) has emerged as a revolutionary communication technology, enabling the connection of resource-limited devices to the Internet. These devices are deployed in various industrial control systems to remotely monitor and control industrial applications. However, the public Internet's inherent vulnerability to malicious attacks poses a significant challenge to the secure operation of these systems. To address this challenge, a lightweight and efficient authentication framework, LEAF-IIoT, is proposed. LEAF-IIoT leverages authenticated encryption (AE) techniques to provide a multifaceted security solution encompassing confidentiality, authentication, and data integrity. It establishes a secure channel by exchanging messages between the user, gateway, and smart embedded device, culminating in the creation of a session key for secure data exchange. Rigorous security assessment confirms the robustness of LEAF-IIoT, while performance evaluation demonstrates its significantly lower computational cost and reduced communication overhead compared to existing frameworks. Despite these efficiencies, LEAF-IIoT continues to provide strong security features, ensuring the integrity and confidentiality of data exchanged in the IIoT context.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rupesh Bhandari,V B Kirubanand,Kirubanand V B

DOI: https://doi.org/10.11591/ijece.v9i5.pp3732-3738

2019-10-01

International Journal of Electrical and Computer Engineering (IJECE)

Abstract:Internet of things is the latest booming innovation in the current period, which lets the physical entity to process and intervene with the virtual entities. As all the entities are connected with each other, it generates load of data, which lacks proper security and privacy standards. Cryptography is one of the domains of Network Security, which is one such mechanism that helps the data transmission process to be secure enough over the wireless or wired channel and along with that, it provides authenticity, confidentiality, integrity of data and prevents repudiation. In this paper, we have proposed an alternate enhanced cryptographic solution combing the characteristic of symmetric, asymmetric encryption algorithms and Public Key Server. Here, the key pairs of end points (User’s Device and IoT device) are generated using Elliptic Curve Cryptography and the respective public keys are registered in Public Key Server along with their unique MAC address. Thereafter, both the ends will agree on one common private secret key, which will be the base for further cryptographic process using AES algorithm. This model can be called as multi-phase protection mechanism. It will make the process of data transmission secure enough that no intermediate can tamper the data.

Xiang Gong,Ting Kou,Yan Li

DOI: https://doi.org/10.3390/sym16101282

2024-09-29

Symmetry

Abstract:The communication of Industrial Internet of Things (IIoT) devices faces important security and privacy challenges. With the rapid increase in the number of devices, it is difficult for traditional security mechanisms to balance performance and security. Although schemes based on encryption and authentication exist, there are still difficulties in achieving lightweight security. In this paper, an authentication and key exchange scheme combining hardware security features and modern encryption technology is proposed for the MQTT-SN protocol, which is not considered security. The scheme uses Physical Unclonable Functions (PUFs) to generate unpredictable responses, and combines random numbers, time stamps, and shared keys to achieve two-way authentication and secure communication between devices and broker, effectively preventing network threats such as replay and man-in-the-middle attacks. Through verification, the proposed scheme has proved effective in terms of security and robustness, has computational and communication cost advantages compared with recent schemes, and provides higher availability.

multidisciplinary sciences

V. M. Padmapriya,K. Thenmozhi,M. Hemalatha,V. Thanikaiselvan,C. Lakshmi,Nithya Chidambaram,Amirtharajan Rengarajan

DOI: https://doi.org/10.1007/s11042-024-18962-x

IF: 2.577

2024-04-10

Multimedia Tools and Applications

Abstract:This research allows the secure surveillance approach for the Internet of Things (IoT) methodology to be developed by integrating wireless signalling and image encryption strategy. Since the Cloud Service Telco (CST) is a semi-trusted body in cloud services, user data is encrypted before uploading to a cloud server for data protection from disclosure. The flexibility of encrypted data sharing is essential for cloud storage users. This study investigates the Discrete Wavelet Transform (DWT) technique with modified Huffman compression and Elliptic Curve Cryptography (ECC). It encrypts and decrypts the data and enhances industrial security surveillance in transmission. It uses the wireless network's next generation (5G or 6G) as uplink Single Carrier Frequency Division Multiple Access (SC-FDMA) strategies via the IoT. This study presented a novel approach to proposing hardware architecture for a secure web camera integrated with the Atmel in the mega AVR family (ATMEGA) microcontroller, suitable for IoT applications. The experimental results confirm the proposed model's efficacy compared with existing robustness and security analysis algorithms. These systems are also used by implementing industry-standard protocols using IoTs to monitor industrial applications. The proposed framework can also minimise bandwidth, transmission cost, storage space, tracking data, and decisions about abnormal events such as potential fraud and extinguisher detection in surveilling applications.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Dongfeng Fang,Yi Qian,Rose Qingyang Hu

DOI: https://doi.org/10.1109/jiot.2020.2970974

IF: 10.6

2020-04-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) applications have been rapidly deployed into pervasive environment, where both challenges and opportunities abound. On the one hand, a large number of IoT devices and their rich functions contribute significant volumes of data, which has brought tremendous convenience to the daily lives of end users. On the other hand, the heterogeneous IoT devices and a large amount of private information transmitted through networks also bring serious security and privacy issues. It is a big challenge to model IoT systems and trust relationships between different entities with a large number of heterogeneous IoT devices. In this article, we study a general IoT system architecture with consideration of heterogeneous IoT devices. Different trust models are proposed and analyzed based on the trust relationships between different entities in the IoT system. We propose a flexible and efficient authentication scheme with a consideration of heterogeneous IoT devices based on the least trust-required model. The proposed scheme provides security and privacy to resource-limited IoT devices flexibly and efficiently by utilizing IoT devices with better storage and computational ability. Moreover, secure data transmission is presented with contextual privacy and data integrity services. The proposed scheme achieves not only the mutual authentication, initial session key agreement, and data integrity but also anonymity, contextual privacy, forward security, end-to-end security, and key escrow resilience. Security analysis is presented to provide verification of the proposed protocol and security objectives. Moreover, performance evaluation is presented with comparison to the other schemes in terms of security features, computational overhead, and communication overhead. The performance comparisons show that our proposed scheme provides flexible and efficient security by consideration of heterogeneous IoT devices. With the higher proportion of resource-limited IoT devic-s, our proposed scheme outperforms other similar schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chandranshu Gupta,Gaurav Varshney

2023-11-07

Abstract:The Internet of Things (IoT) has improved people's lives by seamlessly integrating into many facets of modern life and facilitating information sharing across platforms. Device Authentication and Key exchange are major challenges for the IoT. High computational resource requirements for cryptographic primitives and message transmission during Authentication make the existing methods like PKI and IBE not suitable for these resource constrained devices. PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE. PUF provides an unclonable and tamper sensitive unique signature based on the PUF chip by using manufacturing process variability. Therefore, in this study, we use lightweight bitwise XOR, hash function, and PUF to Authenticate IoT devices. Despite several studies employing the PUF to authenticate communication between IoT devices, to the authors' knowledge, existing solutions require intermediary gateway and internet capabilities by the IoT device to directly interact with a Server for Authentication and hence, are not scalable when the IoT device works on different technologies like BLE, Zigbee, etc. To address the aforementioned issue, we present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself. The results of a thorough security study are validated against adversarial attacks and PUF modeling attacks. For formal security validation, the AVISPA verification tool is also used. Performance study recommends this protocol's lightweight characteristics. The proposed protocol's acceptability and defenses against adversarial assaults are supported by a prototype developed with ESP32.

Cryptography and Security

Zhishuo Zhang,Wen Huang,Ying Huang,Yongjian Liao,Zhun Zhang,Shijie Zhou

DOI: https://doi.org/10.1109/jiot.2023.3349005

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Authenticated Key agreement protocol (AKA) is one of the essential components for reliable secure communication in Industrial Internet-of-Things (IIoT) communication model. Recently, Srinivas et al. proposed a three-factor elliptic curve cryptosystem (ECC)-based AKA protocol called UAP-BCIoT for WSN-based intelligent transportation system (ITS). In this paper, we first find out that their protocol has a security weak point inherently called master secret disclose and key forgery defect which makes their protocol susceptible to variant impersonation attacks. To overcome the deficiency of their protocol, we construct an improved ECC-based three-factors (credential, password and biometric) tripartite authenticated key agreement protocol among managers Ui, domain gateway DG and IIoT nodes INj with identity dynamic revocation and online updating (IDR-OU-TAKA) for secure communication in IIoT. Unlike the vast majority of previous GWN-assisted MAKA protocols that only negotiate the session key between Ui and INj, our IDR-OU-TAKA protocol can selectively achieve Ui DG INj tripartite key negotiation according to Ui’s IPv6 addresses, meaning that any two parties can use the session key to establish a secure channel which can achieve isolation security within the IIoT domain. Besides, in our proposed IDR-OU-TAKA, the overdue or corrupted manager can be immediately revoked by dynamically maintaining the revocation list and the identity of manager can be securely updated online through an open channel. We give rigorous security proof based on real-or-random (ROR) model and the non-mathematical (informal) security analysis to our proposed IDR-OU-TAKA protocol. Finally, we conduct a comprehensive comparison and evaluation to our proposed IDR-OU-TAKA protocol with other state-of-art MAKA protocols in terms of security and functionality features, communication, and computation costs which clearly indicate that our protocol is more practical and suitable for IIoT.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ali Muhammad,Noor Ul Amin,Insaf Ullah,Ahmed Alsanad,Saddam Hussain,Suheer Al-Hadhrami,M. Irfan Uddin,Hizbullah Khattak,Muhammad Asghar Khan

DOI: https://doi.org/10.1155/2021/9960264

IF: 1.43

2021-01-01

Mathematical Problems in Engineering

Abstract:Currently, hyperelliptic curve cryptography (HECC) got attractions towards low power devices such as Industrial Internet of Things (IIoT). As we all know, it has the capability of utilizing low key size, which can be suitable for IIoT environment. Inspired by the aforementioned property of HECC, we proposed an efficient scheme for IIoT using certificateless signature with the help of HECC. The presented approach is proven to be unforgeable against the challenges of type I and type II attackers. We tested the security of the designed approach through Automated Validation of Internet Security Protocols and Applications (AVISPA). We also performed the computational and communicational cost comparisons with already existed schemes, and it is observed from our analysis that our scheme is computationally efficient and needs low communication cost.

Mengxia Shuai,Ling Xiong,Changhui Wang,Nenghai Yu

DOI: https://doi.org/10.1016/j.comcom.2020.06.012

IF: 5.047

2020-01-01

Computer Communications

Abstract:Industrial Internet of Things (IIoT) is a non-negligible subset of IoT, which focuses on solving special requirements in industrial applications. In IIoT environments, remote monitoring based on wireless sensor networks (WSNs) is an important application instance, which facilitates the user like professional to manage the factory remotely. The sensitive data collected from industrial sensor nodes is very important for real-time decisions. Since the user and the industrial sensor nodes communicate over insecure communication channels, the transmitted information may be intercepted and altered easily by a malicious adversary, and any modifications on these parameters may have negative effect on decisions. Therefore, there is a great need to design a secure authentication scheme to protect the transmitted information from unauthorized access. Most of the existing schemes reported in the literature are vulnerable to various known attacks, especially the inability to provide forward secrecy between gateway node and the sensor nodes. In allusion to the above problems, in this paper, we propose a new secure authentication scheme with forward secrecy for IIoT systems, in which Rabin cryptosystem is employed and the password verification table is avoided. The rigorous formal proof and heuristic analysis demonstrate that the proposed scheme provides the desired security and functional features. Compared with nine related schemes, the proposed scheme achieves a delicate balance between security and efficiency, and it is more suitable for realistic scenarios.

Mikail Mohammed Salim,Jungho Kang,Yi Pan,Jong Hyuk Park

DOI: https://doi.org/10.3934/mbe.2022546

2022-01-01

Mathematical Biosciences and Engineering

Abstract:Internet of Things (IoT) devices supporting intelligent cloud applications such as healthcare for hospitals rely on connecting with local base stations and access points to provide rich data analysis and real-time services to users. Devices authenticate with local base stations and perform handover operations to connect with access points with higher signal strength. Attackers disguise as valid base stations and access points using publicly accessible SSID information connect with local IoT devices during the handover process and give rise to data integrity and privacy concerns. This paper proposes a lightweight authentication scheme for private blockchain-based networks for securing devices from rogue base stations during the handover process. An authentication certificate is designed for base stations and machines in local clusters using SHA256 and modulo operations for enabling quick handover operations. The keys assigned to each device and base station joining the network are hashed, and their sizes are reduced using modulo operations. Furthermore, the compressed key size forms a certificate, which is used by the machines and the base stations to authenticate mutually. In comparison with existing studies, the performance analysis of the proposed scheme is based on the transmission of three messages required for completing the authentication process. Evaluation based on the Communication Overhead demonstrates a minimum improvement of 99.30% fewer bytes exchanged during the handover process and 89.58% reduced Storage Overhead compared with existing studies.