An Authentication Protocol Achieving Online Registration and Privilege Separation for Industrial Internet of Things

doi:10.3969/j.issn.1671-1122.2021.07.001

Abstract

Abstract:

In order to resist the internal malicious attackers, protect the security of control instructions and industrial data, achieve the authentication of users and facilities, this paper designs a secure identity authentication protocol for the industrial Internet of things. Based on the realization of legitimacy verification, this paper introduces the mechanism of separation of users’ privilege and online registration of participating entities to improve the security and availability of the protocol. Finally, the security of the protocol is verified by simulation tool AVISPA and non-formal security analysis. Performance analysis and comparative analysis show that the protocol can be applied to industrial Internet of things identity authentication.

Key words: IIoT, authentication protocol, malicious user attack, online registration, privilege separation

CLC Number:

TP309

LIU Xin, YANG Haorui, GUO Zhenbin, WANG Jiayin. An Authentication Protocol Achieving Online Registration and Privilege Separation for Industrial Internet of Things[J]. Netinfo Security, 2021, 21(7): 1-9.

Figures/Tables 14

References 18

[1]	LASI H, FETTKE P, KEMPER H G, et al. Industry 4.0[J]. Business & Information Systems Engineering, 2014, 6(4):239-242.
[2]	KANG Shilong, DU Zhongyi, LEI Yongmei, et al. Overview of Industrial Internet of Things[J]. Internet of Things Technologies, 2013, 3(6):80-82, 85.
	康世龙, 杜中一, 雷咏梅, 等. 工业物联网研究概述[J]. 物联网技术, 2013, 3(6):80-82,85.
[3]	LI Shining, LUO Guojia. The Overview of Technologies and Applications for Industrial IOT[J]. Telecommun Netw Technol, 2014(3):26-31.
	李士宁, 罗国佳. 工业物联网技术及应用概述[J]. 电信网技术, 2014(3):26-31.
[4]	ALESSANDRO A, JAVIER L, FABIO M. Foundations of Security Analysis and Design VII[M]. Heidelberg: Springer, 2014.
[5]	JIANG Qi, MA Jianfeng, WEI Fushan, et al. An Untraceable Temporal-credential-based Two-factor Authentication Scheme Using ECC for Wireless Sensor Networks[EB/OL]. https://www.sciencedirect.com/science/article/abs/pii/S1084804516302302, 2020-11-14.
[6]	LI Xiong, NIU Jianwei, BHUIYAN M Z A, et al. A Robust ECC-based Provable Secure Authentication Protocol with Privacy Preserving for Industrial Internet of Things[J]. IEEE Transactions on Industrial Informatics, 2017, 14(8):3599-3609. doi: 10.1109/TII.9424 URL
[7]	LI Xiong, NIU Jianwei, SARU K, et al. A Three-factor Anonymous Authentication Scheme for Wireless Sensor Networks in Internet of Things Environments[J]. Journal of Network and Computer Applications, 2018, 103(C):194-204. doi: 10.1016/j.jnca.2017.07.001 URL
[8]	BANERJEE S, ODELU V, DAS A K, et al. A Provably Secure and Lightweight Anonymous User Authenticated Session Key Exchange Scheme for Internet of Things Deployment[J]. IEEE Internet of Things Journal, 2019, 6(5):8739-8752. doi: 10.1109/JIoT.6488907 URL
[9]	FAR H A N, BAYAT M, DAS A K, et al. LAPTAS: Lightweight Anonymous Privacy-preserving Three-factor Authentication Scheme for WSN-based IIoT[J]. Wireless Networks, 2021, 27(2):1389-1412. doi: 10.1007/s11276-020-02523-9 URL
[10]	AHMED M, HUANG Xu, SHARMA D, et al. Wireless Sensor Network Internal Attacker Identification with Multiple Evidence by Dempster-shafer Theory[C]// Springer. International Conference on Algorithms and Architectures for Parallel Processing, September 4-7, 2012, Fukuoka, Japan. Heidelberg: Springer, 2012: 255-263.
[11]	AMIN R, BISWAS G P, A Secure Light Weight Scheme for User Authentication and Key Agreement in Multi-gateway Based Wireless Sensor Networks[EB/OL]. https://www.sciencedirect.com/science/article/abs/pii/S1570870515001274, 2020-12-20.
[12]	YANG Jincui. Research on Key Technology of Control Security in Internet of Things Environment[D]. Beijing: Beijing University of Posts and Telecommunications, 2013.
	杨金翠. 物联网环境下的控制安全关键技术研究[D]. 北京:北京邮电大学, 2013.
[13]	ARMANDO A, BASIN D, BOICHUT Y, et al. The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications[C]// Springer. International Conference on Computer Aided Verification, July 6-10, 2005, Edinburgh, United Kingdom. Heidelberg: Springer, 2005: 281-285.
[14]	LEE H, KANG D, RYU J, et al. A Three-factor Anonymous User Authentication Scheme for Internet of Things Environments[EB/OL]. https://www.sciencedirect.com/science/article/pii/S2214212619308051, 2020-12-22.
[15]	ALZAHRANI B A, CHAUDHRY S A, BARNAWI A, et al. ILAS-IoT: An Improved and Lightweight Authentication Scheme for IoT Deployment[J]. Journal of Ambient Intelligence and Humanized Computing, 2020: 12(6):1-13. doi: 10.1007/s12652-020-02846-7 URL
[16]	SHIM K A. BASIS: A Practical Multi-user Broadcast Authentication Scheme in Wireless Sensor Networks[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(7):1545-1554. doi: 10.1109/TIFS.2017.2668062 URL
[17]	LI Xiong, IBRAHIM M H, KUMARI S, et al. Anonymous Mutual Authentication and Key Agreement Scheme for Wearable Sensors in Wireless Body Area Networks[EB/OL]. https://www.sciencedirect.com/science/article/abs/pii/S1389128617301044, 2020-12-24.
[18]	LIU Xin. Research on Authentication Scheme for Wireless Sensor Networks[D]. Lanzhou: Lanzhou University, 2019.
	刘忻. 基于无线传感器网络的身份认证协议的研究[D]. 兰州:兰州大学, 2019.

	文献[9]协议	文献[14]协议	文献[15]协议	本文协议
恶意用户攻击	N	N	Y	Y
追踪攻击	Y	N	Y	Y
在线猜测攻击	Y	Y	Y	Y
重放攻击	Y	N	Y	Y
节点捕获攻击	N	Y	N	Y

符号	运算类型	用户终端耗时/ms	GW与SN耗时/ms
T_m	点乘运算	20.23	2450
T_R	生物特征模糊提取运算	20.23	2450
T_S	对称加/解密运算	0.12	3.5
T_H	哈希运算、HMAC()运算、Ver()运算	0.03	8

协议	U	GW	SN	总开销/ms
文献[9]				2630.96
文献[14]				160.06
文献[15]				112.83
本文				212.59

协议	用户通信开销/bit		GW通信开销/bit		SN通信开销/bit		总开销/bit
协议	发送	接收	发送	接收	发送	接收	总开销/bit
文献[9]	960	640	1440	1440	480	800	2880
文献[14]	512	512	1152	1152	640	640	2304
文献[15]	352	512	864	704	352	192	1488
本文	672	352	864	1024	352	512	1888

协议	SC存储开销/bit	GW存储开销/bit	SN存储开销/bit	总开销/bit
文献[9]	1120	640	480	2240
文献[14]	640	320	160	1120
文献[15]	960	160	320	1440
本文	960	960	160	2080