An Authentication Scheme Based on SGX for Industrial Internet of Things

doi:10.3969/j.issn.1671-1122.2021.06.001

Abstract

Abstract:

Industrial internet of things is widely used in manufacturing, logistics, petroleum, aviation and other fields, which brings revolutionary opportunities for the production and operation of modern industry. However, due to the openness of the communication channel of the industrial Internet of things and the limited resources of the terminal equipment, the security, real-time and high efficiency of data and control instruction transmission are particularly important. Therefore, a secure and efficient authentication scheme for industrial Internet of things is indispensable. In recent years, most of the authentication schemes are vulnerable to privileged user attacks and terminal equipment tracking attacks. This paper designs an authentication scheme based on SGX for industrial Internet of things. The scheme uses SGX to store the master key and realizes the confidential computing by the characteristics of SGX memory confidentiality, which can effectively resist the privileged user attacks and the terminal equipment tracking attacks. Finally, the AVISPA simulation tool and the formal security analysis prove that the proposed scheme has more comprehensive security. The performance comparison and NS3 simulation prove that the scheme has better practicability and advanced nature.

Key words: industrial internet of things security, authentication scheme, confidential computing, privileged user attacks

CLC Number:

TP309

LIU Xin, GUO Zhenbin, SONG Yuchen. An Authentication Scheme Based on SGX for Industrial Internet of Things[J]. Netinfo Security, 2021, 21(6): 1-10.

Figures/Tables 16

References 20

[1]	HUSSAIN S, ULLAH I, KHATTAK H, et al. A Lightweight and Provable Secure Identity-based Generalized Proxy Signcryption(IBGPS) Scheme for Industrial Internet of Things(IIoT)[EB/OL]., 2021-01-18.
[2]	ZHANG Meng. Risk Analysis and Countermeasure Research of Industrial Internet of Things Security[J]. China Compute Review, 2017(4):42-50.
	张猛. 工业物联网安全风险分析及对策研究[J].中国工业评论, 2017(4):42-50.
[3]	TURKANOVIĆ M, BRUMEN B, HOELBL M. A Novel User Authentication And Key Agreement Scheme for Heterogeneous Ad Hoc Wireless Sensor Networks, Based on the Internet of Things notion[J]. Ad Hoc Neweorks, 2014,20(2):96-112.
[4]	TAI Weiliang, CHANG Yafen, LI Weihan. An IoT Notion-based Authentication and Key Agreement Scheme Ensuring User Anonymity for Heterogeneous[J]. Ad Hoc Wireless Sensor Networks, 2017,34(2):133-141.
[5]	ELDEFRAWY M H, FERRARI N, GIDLUND M. Dynamic User Authentication Protocol for Industrial IoT without Timestamping[EB/OL]. , 2019-07-11.
[6]	LI Xiong, NIU Jianwei, BHUIYAN M, et al. A Robust ECC-Based Provable Secure Authentication Protocol with Privacy Preserving for Industrial Internet of Things[J]. IEEE Transactions on Industrial Informatics, 2018,14(8):3599-3609. doi: 10.1109/TII.9424 URL
[7]	PALIWAL S. Hash-based Conditional Privacy Preserving Authentication and Key Exchange Protocol Suitable for Industrial Internet of Things[EB/OL]. , 2019-09-16.
[8]	KARATI A, ISLAM S H, KARUPPIAH M. Provably Secure and Lightweight Certificateless Signature Scheme for IIoT Environments[J]. IEEE Transactions on Industrial Informatics, 2018,14(8):3701-3711. doi: 10.1109/TII.9424 URL
[9]	ZHANG Bo, ZHU Tianqing, HU Cengyu, et al. Cryptanalysis of a Lightweight Certificateless Signature Scheme for IIOT Environments[EB/OL]. , 2018-11-27.
[10]	JANGIRALA S, KUMAR D A, MOHAMMAD W, et al. Anonymous Lightweight Chaotic Map-based Authenticated Key Agreement Protocol for Industrial Internet of Things[J]. IEEE Transactions on Dependable & Secure Computing, 2020,17(6):1133-1146.
[11]	AMIN R, BISWAS G P. A Secure Light Weight Scheme for User Authentication and Key Agreement in Multi-gateway Based Wireless Sensor Networks[EB/OL]. , 2021-01-10.
[12]	HADLINGTON L, POPOVAC M, JANICKE H. Exploring the Role of Work Identity and Work Locus of Control in Information Security Awareness[J]. Computers & Security, 2019,81(1):41-48. doi: 10.1016/j.cose.2018.10.006 URL
[13]	WANG Juan, FAN Chengyang, CHENG Yueqiang, et al. Analysis and Research on SGX Technology[J]. Journal of Software, 2018,29(9):2778-2798.
	王鹃, 樊成阳, 程越强, 等. SGX技术的分析和研究[J]. 软件学报, 2018,29(9):2778-2798.
[14]	YANG Zheng, HE Jun, TIAN Yangguang, et al. Faster Authenticated Key Agreement with Perfect Forward Secrecy for Industrial Internet-of-things[J]. IEEE Transactions on Industrial Informatics, 2020,16(10):6584-6596. doi: 10.1109/TII.9424 URL
[15]	SHIM K A. A Practical Multi-user Broadcast Authentication Scheme in Wireless Sensor Networks[J]. IEEE Transactions on Information Forensics & Security, 2017,12(7):1545-1554.
[16]	CHEN Chienming, XIANG Bing, WU Tsuyang, et al. An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors in Wireless Body Area Networks[EB/OL]. , 2018-07-02.
[17]	LIU Xin. Research on Authentication Scheme for Wireless Sensor Networks[D]. Lanzhou: Lanzhou University, 2019.
	刘忻. 基于无线传感器网络的身份认证协议的研究[D]. 兰州:兰州大学, 2019.
[18]	FAR H A N, BAYAT M, DAS A K, et al. LAPTAS: Lightweight Anonymous Privacy-preserving Three-factor Authentication Scheme for WSN-based IIoT[J]. Wireless Networks, 2021,27(4):1-24. doi: 10.1007/s11276-020-02437-6 URL
[19]	MO Jiaqing, CHEN Hang. A Lightweight Secure User Authentication and Key Agreement Protocol for Wireless Sensor Networks[EB/OL]. , 2019-12-16.
[20]	LUO Hanguang, WEN Guangjun, SU Jian. Lightweight Three Factor Scheme for Real-time Data Access in Wireless Sensor Networks[J]. Wireless Networks, 2020,26(2):955-970. doi: 10.1007/s11276-018-1841-x URL

操作	能耗
计算1 ms时间	$3.0\text{V}\times 8.0\text{mA}\times 1\text{ms}=0.024\text{mJ}$
发送1 bit数据	$3.0\text{V}\times 17.4\text{mA}\times \frac{1\text{bit}}{250\text{Kbps}}\approx 0.00021\text{mJ}$
接收1 bit数据	$3.0\text{V}\times 19.7\text{mA}\times \frac{1\text{bit}}{250\text{Kbps}}\approx 0.00024\text{mJ}$

符号	计算类型	用户运算时间/ms	ISN运算时间/ms
${{T}_{m}}$	点乘运算	20.23	2450
${{T}_{R}}$	生物特征模糊提取	20.23	2450
${{T}_{S}}$	对称加/解密运算	0.12	3.5
${{T}_{H}}$	哈希函数运算、$HMa{{c}_{k}}$运算、$Ve{{r}_{k}}$运算	0.03	8

安全性质	文献[18]协议	文献[19]协议	文献[20]协议	本文协议
特权用户攻击	Y	N	N	Y
追踪攻击	Y	N	Y	Y
在线猜测攻击	N	Y	Y	Y
重放攻击	N	Y	Y	Y
节点捕获攻击	Y	N	Y	Y

协议	用户开销	GWN开销	ISN开销	总开销/ms
文献[18]	$9{{T}_{H}}\text{+}{{T}_{R}}\text{+2}{{T}_{m}}$	$10{{T}_{H}}\text{+2}{{T}_{m}}$	$5{{T}_{H}}$	5080.69
文献[19]	$13{{T}_{H}}\text{+}{{T}_{R}}\text{+4}{{T}_{m}}$	$10{{T}_{H}}\text{+}{{T}_{S}}$	$5{{T}_{H}}\text{+2}{{T}_{m}}\text{+}{{T}_{S}}$	5128.54
文献[20]	$11{{T}_{H}}\text{+}{{T}_{R}}$	$11{{T}_{H}}$	$5{{T}_{H}}$	148.56
本文	$11{{T}_{H}}\text{+}{{T}_{R}}$	$14{{T}_{H}}$	$6{{T}_{H}}$	180.56

协议	用户开销/bit		GWN开销/bit		ISN开销/bit		总开销/bit
协议	发送	接收	发送	接收	发送	接收	总开销/bit
文献[18]	960	640	1440	1440	480	800	2880
文献[19]	992	704	1216	1504	512	512	2720
文献[20]	512	352	864	864	352	512	1728
本文	640	320	800	960	320	480	1760