Next Article in Journal
FPGA-Based Reconfigurable Convolutional Neural Network Accelerator Using Sparse and Convolutional Optimization
Previous Article in Journal
Controllable and Scalable Fabrication of Superhydrophobic Hierarchical Structures for Water Energy Harvesting
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Secure Authentication and Key Agreement Protocol for Cloud-Assisted Industrial Internet of Things

1
School of Information Engineering, East China Jiaotong University, Nanchang 330013, China
2
School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China
*
Author to whom correspondence should be addressed.
Submission received: 20 April 2022 / Revised: 14 May 2022 / Accepted: 17 May 2022 / Published: 22 May 2022
(This article belongs to the Section Computer Science & Engineering)

Abstract

:
With the expansion of the Industrial Internet of Things (IIoT), real-time data collected by smart sensors deployed in factories are shared over open channels , which may cause unauthorized access of transmitted messages by adversaries, thus causing the problem of privacy leakage. User authentication is the first line of defense for security protection in the IIoT environment. In this paper, we propose a cloud—assisted authentication scheme based on Chebyshev polynomial encryption, in which only authorized users can access the sensing devices in the Internet of Things (IoT) to obtain real-time data. The scheme uses fuzzy extraction technology to verify biometric characteristics. There are three factors to verify the user’s login request: the smart card, password and the user’s personal biometrics. The commonly adopted formal security analysis, the ROR model, is applied to prove the semantic security of session key, and a detailed informal security analysis is performed to show that the proposed scheme can withstand multiple known attacks. Compared with other related user authentication schemes, the proposed scheme provides several extra functionality features, including offline sensor node registration, updating user passwords and biometrics, adding new sensor node deployment, user anonymity and untraceability. In addition, the cost of computation, communication and security is compared with similar schemes, and results show that our scheme has more security performance while the cost is acceptable.

1. Introduction

The Internet of Things (IoT) uses sensors to connect any device over the Internet to share information, with the growth of the number of mobile devices and the development of 6G technology (which, in comparison with 5G technology, has greatly improved in data rate and transmission delay [1,2], making it more suitable for the application of the IoT) [3], IoT can connect to billions of devices and to provide the foundation for systems such as telemedicine, smart homes, and industrial monitoring [4]. However, sensors with limited computing and storage resources cannot support the utilization of large quantity of heterogeneous data generated by a massive amount of IoT devices. In order to avoid resource waste and make better use of the data obtained by devices in the IoT in the monitoring or production process, the sensor can periodically transfer the data to the cloud for storage, so that users can use the strong computing power of cloud servers to analyze and process the data. In addition, cloud computing technology [5] can provide almost unlimited computing power and storage to compensate for resource limitations of the IoT [6]. At the same time, IoT also brings a lot of real data to cloud computing. The merger of cloud computing and the IoT brings new opportunities and security challenges, such as information leaks caused by data stored in cloud servers being accessed by illegal attackers. Among all kinds of security measures, user authentication is an effective method to ensure system security.
The Industrial Internet of Things (IIoT) is one of the most important features of the development of industry 4.0 in the 21st century and also a major driving force for the application and promotion of the IoT. It has been widely used in many industries, including medical automation, transportation, and environmental protection. For example, it can help realize real-time monitoring, vehicle tracking, and intelligent parking in the field of intelligent transportation. In addition to the above applications, IIoT has been widely used to improve the production efficiency of industrial products and help enterprises utilize automatic and intelligent manufacturing. In the process of industrial production, we use cloud computing technology to process and store a large amount of data generated by sensors, so as to extract the results of industrial production guidance suggestions to improve production efficiency. However, the secure production of the IIoT is faced with two key problems: first, data stored on cloud servers may be accessed illegally by competitors, which leads to information leakage; and, second, when users need to access information, we need to provide users with privacy protection and achieve user anonymity.

1.1. Motivation

In the IIoT environment, sensors deployed in the factory can detect the surrounding environment in real time, and the sensors upload the monitored data to the gateway node (GWN) through the public network. However, the data are transmitted through open (insecure) channels, which means that all kinds of attacks are possible [7]. For example, attackers can eavesdrop, modify, intercept communication messages, or impersonate trusted entities, which threatens the security and privacy of messages. Furthermore, there is the possibility of physical and irreparable damage, such as an adversary issuing malicious instructions to the sensor. The design of an authentication protocol can ensure the mutual authentication of communication participants in an open and chaotic network environment, and establish an exclusive session key for secure access later.
This paper designs a user authentication scheme based on Chebyshev polynomial encryption for IIoT constructs mutual authentication among communication participants, and establishes session keys between users and sensors. The proposed scheme uses the user’s biometric characteristics, password, and smart card as three factors to authenticate legitimate users. At the same time, the protocol needs to be able to resist some common attacks and can guarantee the security of session keys even when temporary secret values are disclosed.

1.2. System Model

Network models and threat models are described for cloud-assisted IIoT systems in this section.

1.2.1. Network Model

The cloud-assisted IIoT model is shown in Figure 1, and the main components are: sensors, base stations, gateway node, users, and the cloud server. We deploy a set of sensors in the target area of the factory to monitor the environment, collect information about the production of the product or the operation of the production equipment, etc. Then, sensors send the collected information to G W N through the base station [8]. G W N sends the massive, heterogeneous data that it collects to the cloud server. Meanwhile, in this factory, there will be a need for users of different identities to access the data in the sensors in real time, such as the personnel on duty who can detect the sensors to determine whether the factory equipment is abnormal, or the manager who can use the information to make decisions or analysis.
The process of information transmission through the public channel is as follows: firstly, the user sends the login information to G W N , and G W N verifies the validity of the user’s identity. Secondly, if the authentication is successful, G W N sends the encrypted authentication information to the sensor, which returns the key exchange information to the user. Finally, the session key is generated for future communication between user and sensor.
In the cloud-assisted IIoT architecture, the sensor sends the collected information to G W N , which periodically uploads it to the cloud server via the Internet. It should be noted that the sensitive information uploaded is through a pre-shared security mechanism between G W N and the cloud server. In this model, by treating the cloud server as a node and granting a unique identity, and performing a sensor-like registration process, mutual identity authentication can be performed with users, and establish session keys with each other. After successful authentication, users can access massive amounts of data stored in the cloud server. This mechanism helps users to systematically analyze previous data and is also of great benefit to decision-making and forecasting.

1.2.2. Threat Model

The scheme uses the widely used Dolev–Yao (DY) threat model [9]. According to the definition of the model, the adversary is allowed to insert, delete, and modify the transmitted information on any two parties through a common channel. Due to some malicious attack, an adversary may be able to capture the sensors deployed in the factory and obtain information stored therein. G W N is believed to be a trusted third party entity in the model. Smart cards accidentally lost by users or stolen by adversaries can be used to perform sophisticated power analysis [10] to extract secret credentials stored in them. Additionally, the widely accepted ROR model uses rigorous mathematical analysis to verify the security of the scheme.

1.3. Contribution

The contributions of the paper are summarized as follows:
  • A user authentication scheme based on Chebyshev polynomial encryption in cloud-assisted IIoT environment is proposed, which can help users and sensor nodes to complete mutual authentication and negotiate session keys. The scheme uses smart cards, passwords, and biometrics to detect the identity of legitimate users. Furthermore, the scheme also allows users to update passwords and biometrics locally, revoke smart cards, and deploy new sensors.
  • Mutual identity authentication and session key agreement can be achieved between the cloud server and users, which can prevent unauthorized users from accessing resources from the cloud server.
  • The security of the scheme is proved by formal (mathematical) and informal security analysis. The formal security proves the semantic security of the proposed scheme and guarantees the security of the session key between the user and the sensor node (described in Section 4.1). In addition, the proposed scheme is demonstrated to be secure against other possible multiple known attacks through the use of informal security analysis (discussed in Section 4.2).
  • The proposed scheme has advantages in security performance and functional features (described in Section 5) under the premise of lower cost.

1.4. Paper Outline

Section 2 gives a brief overview of the related work. Section 3 describes the mathematical preliminaries used in the protocol and the detailed phases of the proposed scheme. Section 4 provides the ROR model proof and informal security analysis . Section 5 gives the comparison between the proposed scheme and the related schemes in terms of overhead, performance, and functional features. Section 6 presents the conclusions.

2. Related Work

Das [11] mainly summarized some security defects and inefficient problems existing in Jiang et al. [12] ’s scheme and improved it on the basis, making it more applicable to actual scenarios. Chang and Le [13] designed two authentication protocols for sensing devices with limited resources, therein which P 1 is lightweight because only hashing and XOR operations are used, and P 2 uses the elliptic curve encryption (ECC) algorithm, P 2 has higher cost, but can also meet higher security features. Li et al. [14] proposed an authentication scheme to protect user anonymity in the IIoT, which applied biometric fuzzy extractor features and solved the problem of fault tolerance in user biometric information extraction. Wazid et al. [15] proposed a solution to meet various safety performances in a smart home environment, which used only some lightweight operations and is ideal for smart appliances with limited computing resources.
Das et al. [16] designed an authentication protocol to enable users to access data stored in wearable devices in real time, and the simulation results of various network parameters (such as delay, throughput, etc.) display that can be used in real scenarios. Liu et al. [17] proposed a protocol based on cross authentication, which realized security authentication and synchronous authentication at the same time, and can integrate two related devices into one session. However, Srinivas et al. [18] pointed out that Liu et al. [17] did not have functions such as dynamic wearable devices and changing users’ mobile terminals. In order to eliminate these limitations, Srinivas et al. [18] proposed an authentication protocol applicable to the medical monitoring system. In this scheme, user registration was performed in the big data registry, and the authentication process with wearable devices was completed with the assistance of the cloud center.
Chatterjee et al. [19] designed an authentication scheme based on Chebyshev chaotic mapping, biological hashing, and symmetric key encryption/decryption for multi-server environments, which allowed users to manage authentication for different servers with a single identity and password. Srinivas et al. [20] proposed an anonymous user authentication scheme using fuzzy extraction technology for biometric authentication in IIoT. Three-factor authentication was used in [19,20]. Yu et al. [21] introduced an effective universal three-factor authentication framework, which can upgrade two-factor to three-factor authentication on the premise of maintaining user anonymity, and improve the security of the system. Wazid et al. [22] proposed a solution that would allow real-time access to data monitored by unmanned aerial vehicle. Chatterjee et al. [23] have developed an authentication protocol that uses identity-based encryption, physical non-clonable function (PUF), and hash function, and a secure video surveillance camera model has been established based on this protocol.
To sum up, most of the user authentication schemes proposed for the IoT have some defects, such as insecurity against various known attacks and inability to provide security protection for user anonymity. Most of the encryption technologies used in existing schemes are hash functions or XOR operations, which are lightweight but not secure, while ECC algorithms require more overhead. At the same time, we also noticed that these solutions support users to access the sensor in real time, but do not take into account the data storage generated by the sensor, which cannot provide users with previous data for analysis, resulting in a waste of resources. Inspired by the above references and [24], IIoT needs a user authentication scheme, compared with other user authentication protocols before, and the proposed scheme can provide higher safety and extra features while meeting lower overhead, and the data generated by the sensor can be stored, for example, uploaded to the cloud server. After mutual authentication between the user and the cloud server, users can securely access the cloud server.

3. The Proposed Scheme

The proposed scheme is a three-party authentication protocol based on Chebyshev polynomial encryption, and includes three stages: sensor node registration, user registration, and authentication key exchange. In this section, we first give the mathematical preparations used in this paper, and then present the detail process of the proposed scheme. and Table 1 introduces the mathematical notation in the scheme.

3.1. One-Way Hash Function

h : 0 , 1 * 0 , 1 n is a one-way hash function that compresses an input message of arbitrary length into a fixed-length output [25].
Definition 1.
A d v A h a s h r t = Pr n 1 , n 2 R A : n 1 n 2 , h n 1 = h n 2 , where the input pair n 1 , n 2 R A indicates that A randomly selects two numbers n 1 and n 2 , A d v A h a s h r t is denoted as the probability that A finds a hash conflict within the running time r t . An ξ , r t adversary A attacking the collision resistance of h · , which implies that the running time of A is at most r t and A d v A h a s h r t ξ .

3.2. Chebyshev Polynomial

Chebyshev polynomials not only have much lower computational overhead than traditional ECC algorithms, but also meet our security requirements [19,20]. In this paper, the basic concepts of Chebyshev polynomials are introduced to design our scheme. The recursion of the improved Chebyshev polynomial is shown below:
T n ( x ) = 1 n = 0 x n = 1 2 x T n 1 ( x ) T n 2 ( x ) n 2 .
where x ( , + ) , T u ( T v ( x ) ) T u v ( x ) T v ( T u ( x ) ) ( mod p ) , and p is a large prime number, the computational problem associated with Chebyshev polynomial is in Definition 2.
Definition 2.
Given any x and y, it is hard to find an integer n that satisfies T n ( x ) = y ( mod p ) . It is known as the chaotic map-based discrete logarithm problem (CMDLP). The probability advantage of A associated with CMDLP is
A d v A C M D L P t 2 = Pr A x , y = n : n Z p * , y = T n ( x ) ( mod p )
where Z p * = { r | 0 < r < p , gcd ( r , p ) = 1 } = { 1 , 2 , , p 1 } . P r E is the probability of an event E. An ς , t 1 -adversary A breaking CMDLP means that A d v A C M D L P t 1 ς at most within the running time t 1 .

3.3. Sensor Node Registration

During the sensor node registration phase, G W N selects a 160-bit random number as the master key s, and assigns the unique identity I D S N j to each deployed sensor node S N j , then calculates temporal credential of I D S N j as T C S N j = h I D S N j s . G W N stores T C S N j , I D S N j into S N j ’s memory before it was deployed to the IoT environment, and stores information I D G W N , s , T C S N j , I D S N j into its database.

3.4. User Registration Phase

The process of registering a user with G W N is done offline, and the following is the process and is shown in Figure 2:
  • R e g 1 : U i chooses her/his own I D i and P W i , selects a 160-bit random numbers n a , and calculates R I D i = h ( I D i n a ) and R P W i = h ( P W i I D i n a ) , then securely transmits the registration request R I D i , R P W i to G W N .
  • R e g 2 : Upon receipt of the request from the U i , G W N calculates C i = R I D i R P W i h ( s I D G W N ) and distributes a smart card S C i = C i , h ( · ) to U i through a secure channel.
  • R e g 3 : U i imprints her/his biometrics B I O i on the sensor of the specified device after receiving S C i , and computes ( σ i , τ i ) = G e n ( B I O i ) , A i = n a h ( I D i σ i ) , B i = h ( I D i P W i σ i ) , C i = C i h ( σ i I D i ) . Then, U i replaces C i with C i and stores A i , B i , C i , σ i , τ i , G e n ( · ) , R e p ( · ) and t into S C i , where S C i = A i , B i , C i , h ( · ) , G e n ( · ) , R e p ( · ) , τ i , t .

3.5. Login Phase

The following shows the detailed U i login process:
  • L o g 1 : The S C i is inserted by U i into the reader of the terminal equipment, and U i inputs his/her I D i , P W i and B I O i * . When the hamming distance between B I O i and B I O i * does not exceed the threshold value t, S C i calculates σ i * = R e p ( B I O i * , τ i ) , B i * = h ( I D i P W i σ i * ) .
  • L o g 2 : S C i checks whether B i * = B i , if the equation does not hold, the I D i , P W i and B I O i * entered by U i is considered to be an invalid authentication information and the login request is rejected. Otherwise, U i is considered to be a legitimate user and proceeds with the next step, S C i further calculates n a * = A i h ( I D i σ i * ) , R I D i = h ( I D i n a * ) , R P W i = h ( P W i R I D i ) , C i = C i h ( σ i * I D i ) , D i = C i R I D i R P W i , then U i selects the I D S N j of the sensor node S N j in the IoT that he/she wants to access.
  • L o g 3 : S C i then generates a random number n i and the timestamp T S 1 of the current system, and calculates E i = h ( D i h ( I D i P W i ) T S 1 ) , M 1 = T n i ( R I D i I D S N j E i ) , M 1 = M 1 h ( R I D i D i T S 1 ) , A U G = h ( R I D i M 1 I D S N j T S 1 ) , E i = E i h ( R I D i D i T S 1 ) , R I D i = R I D i h ( I D S N j T S 1 ) , I D S N j = I D S N j h ( E i D i T S 1 ) . U i ’s login request message M S G 1 = { E i , R I D i , A U G , I D S N j , T S 1 , M 1 } is sent to G W N over a public channel.

3.6. Authentication and Key Agreement Phase

The user and sensor will authenticate with each other and share a session key with the assistance of G W N in this stage, and the specific steps are as follows:
  • A K 1 : When G W N receives the user’s login request message M S G 1 at T S 1 , the condition | T S 1 T S 1 | Δ T is checked, where Δ T is the maximum transmission delay. If the inequality is not met, G W N rejects the login request; otherwise, it calculates G i = h ( x I D G W N ) , I D S N j = I D S N j h ( E i G i T S 1 ) , R I D i = R I D i h ( I D S N j T S 1 ) and M 1 * = M 1 h ( R I D i G i T S 1 ) . Then, G W N checks whether the equation A U G = h ( R I D i M 1 * I D S N j T S 1 ) is true; if not, the process is terminated.
  • A K 2 : Otherwise, G W N generates a timestamp T S 2 for the current system, and computes E i = E i h ( R I D i G i T S 1 ) , M 2 = E T C S N j ( R I D i , M 1 * , E i ) and A G S = h ( T C S N j I D S N j M 1 * T S 2 ) . Then, G W N transmits the message M S G 2 = { M 2 , A G S , T S 2 } to S N j through a public channel.
  • A K 3 : After receiving the message M S G 2 from G W N at time T S 2 , S N j determines whether the condition T S 2 T S 2 Δ T is satisfied. If the validation fails, S N j rejects G W N . Otherwise, S N j uses the secret key T C S N j to decrypt ( R I D i , M 1 * , E i ) , then calculates whether this satisfies the equation A G S = h ( T C S N j I D S N j M 1 * T S 2 ) .
  • A K 4 : If the validation fails, S N j rejects M S G 2 . Otherwise, S N j picks a random value n j and the timestamp T S 3 of the system at the moment, and computes F j = T n j ( R I D i I D S N j E i ) . Then, S N j generates and saves the secret key of the session S K i j = h ( T n j ( M 1 * ) R I D i I D S N j T S 3 ) , which is used for subsequent communication between S N j with U i . Finally, S N j calculates A U S = h ( S K i j F j T S 3 ) , F j = F j h ( R I D i I D S N j T S 3 ) , and transmits the message M S G 3 publicly to U i .
  • A K 5 : As soon as U i receives M S G 3 , the message is checked for freshness | T S 3 T S 3 | Δ T , where T S 3 is the time when the M S G 3 is received. If the condition is met, U i computes F j = F j h ( R I D i I D S N j T S 3 ) , and generates the session key S K i j * = h ( T n i ( F j ) R I D i I D S N j T S 3 ) with S N j . Then, U i verifies that equation A U S = h ( S K i j * F j T S 3 ) is satisfied; if the authentication passes, U i saves the session key S K i j * , and U i and S N j can communicate securely using S K i j * . The specific login and authentication process is shown in Figure 3.

3.7. Password and Biometric Update Phase

Registered users can update their passwords and biometric keys by following these steps.
  • S t e p 1 : After inserting S C i into the reader, U i enters his/her I D i and previous password P W i o l d and biometric key B I O i o l d , S C i then computes σ i o l d = R e p ( B I O i o l d , t i ) , n a = A i h ( I D i σ i o l d ) , R I D i = h ( I D i n a ) , R P W i o l d = h ( P W i o l d R I D i ) , h ( s I D G W N ) = R I D i R P W i C i h ( σ i o l d I D i ) , B i o l d = h ( I D i P W i o l d σ i o l d ) and checks the equation B i o l d = B i . If this matches, this means that U i is legal and can update password and biometric key (if necessary).
  • S t e p 2 : U i enters a new password P W i n e w and biometric key B I O i n e w , then S C i computes ( σ i n e w , τ i n e w ) = G e n ( B I O i n e w ) , R P W i n e w = h ( P W i n e w R I D i ) , A i n e w = n a h ( I D i σ i n e w ) , B i n e w = h ( I D i P W i n e w σ i n e w ) , C i n e w = h ( s I D G W N ) R I D i R P W i n e w h ( σ i n e w I D i ) .
  • S t e p 3 : S C i finally updates A i , B i and C i with A i n e w , B i n e w and C i n e w in its memory, respectively.

3.8. Smartcard Revocation Phase

A registered user who has lost his/her smart card can perform the following steps to obtain a new smart card S C i n e w .
  • S t e p 1 : U i enters the previous I D i , but selects a different password P W i , U i then selects a random number n a and computes R I D i = h ( I D i n a ) , R P W i = h ( P W i R I D i ) and submits the revocation request R I D i , R P W i to the G W N via a safe channel.
  • S t e p 2 : G W N receives the message and checks the availability of R I D i in the database. If R I D i is not available, then G W N assigns a new smart card S C i n e w to U i .
  • S t e p 3 : Upon receipt of the smart card S C i n e w , U i imprints biometrics B I O i and computes ( σ i , τ i ) = G e n ( B I O i ) , A i = n a h ( I D i σ i ) , B i = h ( I D i P W i σ i ) and C i = C i h ( σ i I D i ) . U i replaces C i in S C i n e w with C i , and stores A i and B i into S C i n e w ’s memory. Thus, S C i n e w = A i , B i , C i , h ( · ) , G e n ( · ) , R e p ( · ) , τ i , t .

3.9. New Sensing Node Deployment Phase

By performing the following steps, G W N can deploy new IoT sensor nodes S N j new into an existing network while offline.
  • S t e p 1 : G W N assigns a unique identity I D S N j n e w to the new sensor nodes S N j new and then uses its own master key s to calculate T C S N j n e w = h I D S N j n e w s .
  • S t e p 2 : G W N stores the credentials T C S N j n e w and I D S N j n e w into S N j new ’memory prior to its deployment. G W N also stores T C S N j n e w and I D S N j n e w in its database. Finally, G W N broadcasts information about the newly deployed sensor nodes S N j new to all the registered users, who can access it according to their own needs.

4. Security Analysis

The formal and informal security analysis of the scheme will be demonstrated in this section.

4.1. Formal Security

The security of the session key is proved by detailed and rigorous mathematical analysis of protocol using an ROR model (given in Theorem 1). We also provide primitives related to ROR models. The proposed scheme mainly involves three participants, namely sensor node S N j , user U i , and G W N . The following is a detailed description of the ROR model [20,26].
P a r t i c i p a n t s : the instances u , v and t of U i , G W N and S N j are represented as U i u , G W N v and S D j t , respectively, which are known as oracles.
A c c e p t e d s t a t e : When the instance t receives the last message during protocol communication, then its state changes to the accept state. t concatenates all the communicated messages sequentially, and t forms the current session identifier ( s i d ).
P a r t n e r i n g : Instances t 1 and t 2 are partners to each other as long as they meet the following three conditions: (1) They are in a state of acceptance; (2) t 1 and t 2 are mutually authenticated and share s i d . (3) They are partners of each other.
F r e s h n e s s : The instances U i u or S D j t are considered fresh if A does not acquire S K i j through using the following R e v e a l ( t ) query.
A d v e r s a r y : Assume that A has complete control over all communication in the system and can not only intercept messages but also tamper with them. In addition, A can also perform the following queries.
  • E x e c u t e ( t , u , v ) : A can carry out an eavesdropping attack under this query because A can intercept all communications of three party entities during protocol execution.
  • R e v e a l ( t ) : A can obtain the session keys created by the two instances by executing the query.
  • S e n d Π t , m s g : A can send a message m s g to the instance Π t through this query, In response, A also can receive a message from instance Π t .
  • C o r r u p t S C ( U i u ) : A can obtain credentials stored in the smart card through this query, which is modeled as the smart card loss attack.
  • C o r r u p t S N ( S N j t ) : It is an attack in which the secret T C S N j stored in the sensor divulges to A . C o r r u p t S C and C o r r u p t S N are both weak-corruption models, where the internal information related to the instance and the temporary key is not corrupted.
  • t e s t ( t ) : Toss an unbiased coin c, the result of which determines the output of the t e s t query and is known only to A , who executes the t e s t query on the premise that S K i j is fresh, the instance t returns S K i j at c = 1 or a random number at c = 0; otherwise, it prints (null).
R a n d o m O r a c l e : All communication participants including A have access to the hash function h · (which is described in Section 3.1), a random oracle modeling h · , say h a s h .
Theorem 1.
Let A represents an adversary running in polynomial time t versus our proposed protocol P . In addition, q s e n d and q h represent the number of S e n d and h a s h queries, respectively. h a s h the range space of the hash function, m indicates the number of bits of the biological key σ i , D is used to represent a uniformly distributed password dictionary, A d v P C M D L P represents the probability that A breaks our protocol’ s semantic security in run time t and is estimated as
A d v P ( t ) q h 2 h a s h + q s e n d 2 m 1 · D + 2 A d v C M D L P ( t )
Proof .
The proof is similar to that proved in [18,26]. There are five games, say G a m e i , i = 0 , 1 , 2 , 3 , 4 in total. s u c c i is used to represent the probability that A correctly guesses bit c in the G a m e i . The games are defined in the following:
G a m e 0 : In the execution game, A follows the ROR model to make a real attack on the proposed protocol P . A must guess bit c before the game begins, it follows that
A d v P ( t ) = 2 . P r s u c c 0 1
G a m e 1 : This game simulates A using E x e c u t e query for eavesdropping attack. A performs the t e s t query to check whether the result is a real session key or a random number at the end of the game. Note that the S K i j is calculated as S K i j = h ( T n j ( M 1 * ) R I D i I D S N j T S 3 ) , where R I D i = h ( I D i n a * ) , F j = T n j ( R I D i I D S N j E i ) , E i = h ( D i h ( I D i P W i ) T S 1 ) , D i = C i R I D i R P W i = h ( x I D G W N ) . Because S K i j contains the long-term secrets x, I D G W N , R I D i , I D S N j , and short-term random secrets n j and n i . Without these secrets, the probability of A ’s winning G a m e 1 is not changed by eavesdropping the messages M S G 1 = { E i , R I D i , A U G , I D S N j , T S 1 , M 1 } , M S G 2 = { M 2 , A G S , T S 2 } and M S G 3 = { A U S , F j , T S 3 } to compute the session key S K i j . It follows that
P r s u c c 0 = P r s u c c 1
G a m e 2 : G a m e 1 is transformed into G a m e 2 by adding S e n d and h a s h queries, where A tries to trick the participants into receiving the error messages. Under this game, A can perform h a s h queries repeatedly to check for conflicts in the hash digest. All the communication messages M S G 1 , M S G 2 , and M S G 3 contain the identity information of the entities, random nonces, timestamps, and long-term secrets. Therefore, there is no conflict when A makes the S e n d queries. The birthday paradox gives the following results:
Pr [ s u c c 1 ] Pr [ s u c c 2 ] q h 2 / 2 h a s h
G a m e 3 : G a m e 2 is transformed into G a m e 3 by simulating C o r r u p t S C ( U i u ) query. Under this game, A will obtain the credentials A i , B i and C i stored by S C i . A tries to utilize the dictionary attacks from these credentials to guess right I D i and P W i . Since A i = n a h ( I D i σ i ) , B i = h ( I D i P W i σ i ) , and A also needs other secret parameters such as n a and σ i . Suppose the system specifies the number of times an incorrect password can be entered. Then, the results are as follows:
Pr [ s u c c 2 ] Pr [ s u c c 3 ] q S e n d / 2 m . D
G a m e 4 : This is the last game, where A can physically capture a sensor by simulating the C o r r u p t S N query, then A can retrieve the information T C S N j , I D S N j stored in the S D j . A wants to calculate the S K i j , wherein S K i j = h ( T n j ( M 1 * ) R I D i I D S N j T S 3 ) = h ( T n i ( F j ) R I D i I D S N j T S 3 ) , suppose A also intercepts all messages M S G i i = 1 , 2 , 3 . It is clear that A needs R I D i and T n j ( M 1 * ) or T n i ( F j ) , but A can not get random numbers n j or n i . A needs to solve CMDLP in run time t ; for this case, the probability is at most
Pr [ s u c c 4 ] Pr [ s u c c 3 ] A d v C M D L P ( t )
All the random oracles are simulated; A only needs to guess bit c after executing the T e s t query to win the game. Thus, we get the following:
Pr [ s u c c 4 ] = 1 / 2
From Equations (1), (2), and (6), we have
1 2 A d v P ( t ) = P r s u c c 0 1 2 = P r s u c c 1 P r s u c c 4
Using Equations (3)–(5) gives the following:
1 2 A d v P ( t ) Pr succ 1 Pr succ 2 + Pr succ 2 Pr succ 4 Pr succ 1 Pr succ 2 + Pr succ 2 Pr succ 3 + Pr succ 3 Pr succ 4 q h 2 / ( 2 | hash | ) + q S e n d / 2 m . D + A d v C M D L P ( t )

4.2. Informal Security Analysis

4.2.1. Stolen Smart Card

Under this attack, assuming the adversary A has acquired a registered user U i ’s smart card, power analysis is used to extract information A i , B i , C i , h ( · ) , G e n ( · ) , R e p ( · ) , τ i , t from the S C i , however, it is almost impossible for A to figure out I D i and P W i from the one-way hash function without knowing random number n a . In addition, if A intends to get I D i and P W i from A i , B i , C i , it is almost impossible to compute the I D i and the P W i if A does not know n a .

4.2.2. Privileged-Insider Attack

Assume that A is a malicious internal user who has obtained the trust of G W N . In the stage of user registration, U i sends a registration request message R I D i , R P W i to G W N in a secure manner. Even if A knows this information, without knowing the random secret keys n a and I D i , it is impossible to calculate P W i for the collision-resistant properties of h · . Hence, our scheme can effectively defend against privileged insider attacks.

4.2.3. User Impersonation Attack

A can intercept the login message M S G 1 sent by the user in this attack. A attempts to get some useful information from M S G 1 to deceive G W N that he/she is a legal user. To deceive G W N , A utilizes the existing information to generate a valid login request, but without knowing the parameters D i and I D S N j used to calculate parameters such as E i and M 1 . Therefore, A is nearly impossible to get a valid request login message, so our protocol can resist this attack.

4.2.4. GWN Impersonation Attack

Let A intercepts the messages M S G 2 = { M 2 , A G S , T S 2 } to S N j , and attempts to generate a valid authentication message M S G 2 to convince S N j that it is a real G W N . However, A cannot get the secret T C S N j shared with S N j and M 1 * . Thus, our solution is secure enough to resist G W N impersonation attack.

4.2.5. Sensing Node Impersonation Attack

Suppose A intercepts the message M S G 3 = { A U S , F j , T S 3 } sent by the sensor to the user. A needs to generate a valid M S G 3 to masquerade as a real sensor node. However, A cannot obtain parameters E i , F j and random secret n j to compute A U S , F j and S K i j , so a valid response message cannot be generated. Therefore, it is not computationally feasible for A to impersonate S N j . Combined with the above, our scheme can resist sensor impersonation attacks.

4.2.6. User Anonymity and Untraceability

If A intercepts all communications messages M S G 1 , M S G 2 , and M S G 3 . However, in the case that A does not know the secret credentials E i , D i , M 1 , and n i , it is difficult to calculate the correct user identity I D i only from the intercepted messages. Therefore, our scheme can protect the user’s identity from disclosure and protect user anonymity.

4.2.7. Resilience against Sensing Node Capture Attack

Suppose the sensor S N j deployed in the factory is physically captured by A and the credentials I D S N j and T C S N j stored therein are also extracted by A , where T C S N j = h ( I D S N j s ) , because the identity I D S N j of each sensor node S N j is unique, and A cannot calculate the session key between other uncaptured sensors and users from the captured S N j ’s memory. Therefore, even if some sensors are captured, the session key between other normal sensors and the user will not be compromised or affected. Thus, the scheme can resist sensor capture attack.

4.2.8. Mutual Authentication

U i , G W N , and S N j authenticate each other in the following three ways in this paper:
  • The mutual authentication between U i and G W N mainly relies on shared secret credentials D i = C i R I D i R P W i = h ( x I D G W N ) and A U G = h ( R I D i M 1 I D S N j T S 1 ) . When receiving login request message from U i , G W N can use the stored information to calculate G i = h ( x I D G W N ) and M S G 1 to verify A U G ;
  • The key to mutual authentication between G W N and S N j is the secret credential T C S N j = h I D S N j s that they previously shared, since M 2 = E T C S N j ( R I D i , M 1 * , E i ) , A G S = h ( T C S N j I D S N j M 1 * T S 2 ) , S N j can decrypt M 2 using T C S N j stored during registration, then verifies A G S with the received M S G 2 ;
  • U i can directly verify S N j and establish session key by checking A U S . Therefore, our protocol can provide mutual authentication.

4.2.9. Replay Attack

Let us assume that A wants to intercept messages M S G i ( i = 1 , 2 , 3 ) during communication. Because of the timestamp added to these messages, and Δ T is typically very small, the replay message will be invalid because it fails to pass the timestamp threshold validation. Upon receiving the message, participants validate the attached current timestamp, which ensures that our solution is resistant to replay attacks.

4.2.10. Man-in-the-Middle Attack

Suppose A wants to intercept and tamper with the messages M S G i ( i = 1 , 2 , 3 ) to convince the participant that the information received is real. A must obtain parameters R I D i and I D S N j to calculate R I D i , A U G , I D S N j , and M 1 to modify M S G 1 . Similarly, A cannot modify other messages M S G 2 and M S G 3 for the same reason. Therefore, the scheme can resist man-in-the-middle attack.

4.2.11. Ephemeral Secret Leakage (ESL) Attack

After mutual authentication as shown above (Section 4.2.8), both U i and S N j establish a shared session key S K i j = h ( T n j ( M 1 * ) R I D i I D S N j T S 3 ) ( = S K i j * ) , we now consider session key security in two cases:
  • Now suppose that A knows the short-term secret credentials n i and n j , but A cannot create the session key S K i j because it lacks the long-term secrets R I D i , I D S N j , x , I D G W N and T C S N j ;
  • If the long-term keys R I D i , I D S N j , x , and I D G W N are accidentally leaked to A , but only knowing these without knowing the temporary secret credentials n i and n j , A also cannot calculate the correct session key.
From what has been discussed above, the session key S K i j can be calculated only when A obtains both the short and long-term secret credentials. Furthermore, even if for some reason S K i j is compromised, previous and future session keys are different because of long-term secrets and dynamically generate random numbers, thus protecting the forward and backward security of session keys. Previous and future session keys are not affected if some session keys are compromised under some attacks. Thus, our scheme is still safe under ESL attack.

5. Comparative Analysis

We compare the proposed scheme with other related works in the aspects of computing and communication overhead in this section. In addition, we also analyzed safety performance.

5.1. Comparison of Computation Costs

Table 2 summarizes the computational overhead of our scheme and other schemes [13,14,15]. The data are based on the results of experiment [19,20,27]. The running time of different operations are T e c m 0.063075 s , T h 0.00032 s , T f e 0.063075 s , T E / D 0.0056 s , T c 0.0171 s , and the schemes of Chang-Le [13], Li et al. [14], Wazid [15], and ours are approximately 259.02, 259.34, 92.515, and 150.035 milliseconds, respectively. Our scheme requires less computational overhead than scheme [13,14]. Although our scheme requires a bit more computational overhead than scheme [15], we can provide more security features. Figure 4 shows the computational overhead of each scheme on user, GWN, and sensor. The overhead of GWN in our scheme is relatively low, which means that we can process user login requests more quickly. In Chang-Le [13]’s solution, GWN has a lower computational overhead, but sensors occupy higher computational resources, our solution is more acceptable for resource-constrained sensors in the IIoT environment.

5.2. Comparison of Communication Costs

The communication costs of this scheme and other related schemes during the user login and authentication phases are shown in Table 3. We use 160 bits for random numbers, 160 bits for identities, 128 bits for symmetrically encrypted or decrypted block (using AES-128 algorithm [28]), 160 bits for hash digests (using SHA-1 hashing algorithm [29]), and 32 bits for timestamp. The number of bits consumed in the three messages transmitted by the scheme is M S G 1 = 160 + 160 + 160 + 160 + 32 + 160 = 832 bits, M S G 2 = 160 + 32 + 384 = 576 bits, M S G 3 = 160 + 160 + 32 = 352 bits, respectively, the total communication overhead is 1760 bits.
It is reasonable that the communication overhead of some nodes in our scheme is slightly higher than that of others under the condition of satisfying more security performance and resist more attacks (see Table 4). Firstly, schemes [13,15] do not support stolen smart card attacks, resulting in a slightly lower communication overhead of users than our scheme. In order to achieve this function, it is necessary to perform multiple disguises on the user’s identity, which will consume more communication overhead. Secondly, since scheme [13] does not support GWN impersonation attack, but in our scheme, T C S N j stored in GWN is an important certificate to identify the identity of GWN, and T C S N j needs to be encrypted and transmitted, so the GWN communication cost of scheme [13] is lower than ours. Finally, for sensor nodes, because scheme [14] does not support adding new sensor device functions, its communication overhead is also low. Moreover, our solution has the lowest total communication cost. Figure 5 intuitively shows the communication consumption of each scheme on user, GWN, and sensor, respectively.

5.3. Comparison of Security and Functionality Features

Informal security analysis shows that our scheme can resist most known attacks (see Section 4.2), while also supporting password and biometric key changes, smartcard revocation, and adding new sensors’ deployments. The security and functional features of our scheme are compared with those in [13,14,15] as shown in Table 4. According to the table, none of the other schemes can resist ESL attack except ours. In addition, neither scheme [13] nor [14] can satisfy the dynamic sensor node addition function. Compared with other solutions, ours can meet better security performance and function.

6. Conclusions

This paper designs a user authentication scheme based on Chebyshev polynomial encryption and fuzzy extraction operation for cloud-assisted IIoT, which can realize mutual authentication and key agreement between users and sensors. Furthermore, users can also implement the scheme to authenticate with the cloud server for access to the data in the cloud server. The protocol supports password/biometric updates, smart card reactivation, and new IoT sensor device addition without the involvement of GWN. A detailed formal (mathematical) and informal security analysis of the scheme shows that it can withstand 11 known attacks. Rigorous mathematical analysis also proves that the probability of the session key between the user and the sensor node being cracked by the adversary is almost slim. Compared with other schemes, our scheme can meet higher security performance, and the communication cost is the lowest, and the computing cost is also within the acceptable range, which is more suitable for the IIoT environment.

Author Contributions

Conceptualization, H.H. and L.L.; methodology, H.H.; software, H.H.; validation, L.L. and H.H.; formal analysis, H.H.; investigation, L.L. and J.Z.; resources, J.Z.; writing—original draft preparation, H.H.; writing—review and editing, H.H., L.L., and J.Z. All authors have read and agreed to the published version of the manuscript.

Funding

This research was funded by the National Natural Science Foundation of China (U2001213 and 61971191) and the Beijing Natural Science Foundation under Grant Nos. L182018 and L201011 and National Key Research and Development Project (2020YFB1807204) and the Key project of the Natural Science Foundation of Jiangxi Province (20202ACBL202006).

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The data presented in this study are available in [19,20,27].

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Cao, J.; Yan, Z.; Ma, R.; Zhang, Y.; Fu, Y.; Li, H. LSAA: A Lightweight and Secure Access Authentication Scheme for Both UE and mMTC Devices in 5G Networks. IEEE Internet Things J. 2020, 7, 5329–5344. [Google Scholar] [CrossRef]
  2. Zhao, J.; Liu, J.; Yang, L.; Ai, B.; Shanjin, N. Future 5G-oriented system for urban rail transit: Opportunities and challenges. China Commun. 2021, 18, 1–12. [Google Scholar] [CrossRef]
  3. Guo, F.; Yu, F.R.; Zhang, H.; Li, X.; Ji, H.; Leung, V.C.M. Enabling Massive IoT Toward 6G: A Comprehensive Survey. IEEE Internet Things J. 2021, 8, 11891–11915. [Google Scholar] [CrossRef]
  4. Zhao, J.; Ni, S.; Yang, L.; Zhang, Z.; Gong, Y.; You, X. Multiband Cooperation for 5G HetNets: A Promising Network Paradigm. IEEE Veh. Technol. Mag. 2019, 14, 85–93. [Google Scholar] [CrossRef]
  5. Jiang, Q.; Zhang, N.; Ni, J.; Ma, J.; Ma, X.; Choo, K.K.R. Unified Biometric Privacy Preserving Three-Factor Authentication and Key Agreement for Cloud-Assisted Autonomous Vehicles. IEEE Trans. Veh. Technol. 2020, 69, 9390–9401. [Google Scholar] [CrossRef]
  6. Zhao, J.; Li, Q.; Gong, Y.; Zhang, K. Computation Offloading and Resource Allocation For Cloud Assisted Mobile Edge Computing in Vehicular Networks. IEEE Trans. Veh. Technol. 2019, 68, 7944–7956. [Google Scholar] [CrossRef]
  7. Huang, Y.; Li, X.; Akram, Z.; Zhu, H.; Qi, Z. Generation of Millimeter-Wave Nondiffracting Airy OAM Beam Using a Single-Layer Hexagonal Lattice Reflectarray. IEEE Antennas Wirel. Propag. Lett. 2021, 20, 1093–1097. [Google Scholar] [CrossRef]
  8. Zhao, J.; Yang, L.; Xia, M.; Motani, M. Unified Analysis of Coordinated Multi-Point Transmissions in mmWave Cellular Networks. IEEE Internet Things J. 2021. [Google Scholar] [CrossRef]
  9. Dolev, D.; Yao, A. On the security of public key protocols. IEEE Trans. Inf. Theory 1983, 29, 198–208. [Google Scholar] [CrossRef]
  10. Messerges, T.S.; Dabbish, E.A.; Sloan, R.H. Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 2002, 51, 541–552. [Google Scholar] [CrossRef] [Green Version]
  11. Das, A.K. A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw. Appl. 2016, 9, 223–244. [Google Scholar] [CrossRef]
  12. Jiang, Q.; Ma, J.; Lu, X.; Tian, Y. An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw. Appl. 2015, 8, 1070–1081. [Google Scholar] [CrossRef]
  13. Chang, C.C.; Le, H.D. A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks. IEEE Trans. Wirel. Commun. 2016, 15, 357–366. [Google Scholar] [CrossRef]
  14. Li, X.; Niu, J.; Kumari, S.; Wu, F.; Sangaiah, A.K.; Choo, K.K.R. A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. J. Netw. Comput. Appl. 2018, 103, 194–204. [Google Scholar] [CrossRef]
  15. Wazid, M.; Das, A.K.; Odelu, V.; Kumar, N.; Susilo, W. Secure Remote User Authenticated Key Establishment Protocol for Smart Home Environment. IEEE Trans. Dependable Secur. Comput. 2020, 17, 391–406. [Google Scholar] [CrossRef]
  16. Das, A.K.; Wazid, M.; Kumar, N.; Khan, M.K.; Choo, K.K.R.; Park, Y. Design of Secure and Lightweight Authentication Protocol for Wearable Devices Environment. IEEE J. Biomed. Health Inf. 2018, 22, 1310–1322. [Google Scholar] [CrossRef]
  17. Liu, W.; Liu, H.; Wan, Y.; Kong, H.; Ning, H. The yoking-proof-based authentication protocol for cloud-assisted wearable devices. Pers. Ubiquitous Comput. 2016, 20, 469–479. [Google Scholar] [CrossRef]
  18. Srinivas, J.; Das, A.K.; Kumar, N.; Rodrigues, J.J.P.C. Cloud Centric Authentication for Wearable Healthcare Monitoring System. IEEE Trans. Dependable Secur. Comput. 2020, 17, 942–956. [Google Scholar] [CrossRef]
  19. Chatterjee, S.; Roy, S.; Das, A.K.; Chattopadhyay, S.; Kumar, N.; Vasilakos, A.V. Secure Biometric-Based Authentication Scheme Using Chebyshev Chaotic Map for Multi-Server Environment. IEEE Trans. Dependable Secur. Comput. 2018, 15, 824–839. [Google Scholar] [CrossRef]
  20. Srinivas, J.; Das, A.K.; Wazid, M.; Kumar, N. Anonymous Lightweight Chaotic Map-Based Authenticated Key Agreement Protocol for Industrial Internet of Things. IEEE Trans. Dependable Secur. Comput. 2020, 17, 1133–1146. [Google Scholar] [CrossRef]
  21. Yu, J.; Wang, G.; Mu, Y.; Gao, W. An Efficient Generic Framework for Three-Factor Authentication with Provably Secure Instantiation. IEEE Trans. Inf. Forensics Secur. 2014, 9, 2302–2313. [Google Scholar] [CrossRef] [Green Version]
  22. Wazid, M.; Das, A.K.; Kumar, N.; Vasilakos, A.V.; Rodrigues, J.J.P.C. Design and Analysis of Secure Lightweight Remote User Authentication and Key Agreement Scheme in Internet of Drones Deployment. IEEE Internet Things J. 2019, 6, 3572–3584. [Google Scholar] [CrossRef]
  23. Chatterjee, U.; Govindan, V.; Sadhukhan, R.; Mukhopadhyay, D.; Chakraborty, R.S.; Mahata, D.; Prabhu, M.M. Building PUF Based Authentication and Key Exchange Protocol for IoT Without Explicit CRPs in Verifier Database. IEEE Trans. Dependable Secur. Comput. 2019, 16, 424–437. [Google Scholar] [CrossRef]
  24. Zhao, J.; Sun, X.; Li, Q.; Ma, X. Edge Caching and Computation Management for Real-Time Internet of Vehicles: An Online and Distributed Approach. IEEE Trans. Intell. Transp. Syst. 2021, 22, 2183–2197. [Google Scholar] [CrossRef]
  25. Sarkar, P. A simple and generic construction of authenticated encryption with associated data. ACM Trans. Inf. Syst. Secur. (TISSEC) 2010, 13, 1–16. [Google Scholar] [CrossRef] [Green Version]
  26. Wazid, M.; Das, A.K.; Odelu, V.; Kumar, N.; Conti, M.; Jo, M. Design of Secure User Authenticated Key Management Protocol for Generic IoT Networks. IEEE Internet Things J. 2018, 5, 269–282. [Google Scholar] [CrossRef]
  27. Challa, S.; Wazid, M.; Das, A.K.; Khan, M.K. Authentication Protocols for Implantable Medical Devices: Taxonomy, Analysis and Future Directions. IEEE Consum. Electron. Mag. 2018, 7, 57–65. [Google Scholar] [CrossRef]
  28. Heron, S. Advanced encryption standard (AES). Netw. Secur. 2009, 2009, 8–12. [Google Scholar] [CrossRef]
  29. FIPS PUB 180-4; Secure Hash Standard. U.S. Department of Commerce: Washington, DC, USA, 2015. [CrossRef]
Figure 1. Cloud-assisted authentication model in IIoT.
Figure 1. Cloud-assisted authentication model in IIoT.
Electronics 11 01652 g001
Figure 2. The user registration phase.
Figure 2. The user registration phase.
Electronics 11 01652 g002
Figure 3. Login and authentication phases.
Figure 3. Login and authentication phases.
Electronics 11 01652 g003
Figure 4. Computational overhead.
Figure 4. Computational overhead.
Electronics 11 01652 g004
Figure 5. Communication overhead.
Figure 5. Communication overhead.
Electronics 11 01652 g005
Table 1. The mathematical symbols.
Table 1. The mathematical symbols.
SymbolDescription
I D G W N Identity of G W N
U i , S N j i th user and j th sensor, respectively
I D i , I D S N j Identity of U i and identity of S N j , respectively
P W i Password of U i
S C i smart card of U i
B I O i Biometrics of U i
σ i , τ i Biometric secret keys of U i and public replication parameters, respectively
G e n ( · ) , R e p ( · ) Fuzzy extractor generation and reproduction methods, respectively
tFuzzy extractor threshold parameter
T n ( x ) Chebyshev polynomial of degree n
, Bitwise XOR concatenation, respectively
h · hash function
A Adversary
Table 2. Computation costs comparison.
Table 2. Computation costs comparison.
SchemeUserGWNSensing Node
Chang-Le. [13] 2 T e c m + 7 T h 9 T h 2 T e c m + 5 T h
Li et al. [14] 9 T h + 2 T e c m + T f e 9 T h + T e c m 4 T h
Wazid [15] T f e + 7 T h + T D 8 T h + 2 T E 7 T h + T D
Our. T f e + 13 T h + 2 T c m 6 T h + T E 2 T c m + 4 T h + T D
Tecm: the time of an ECC point multiplication; Tfe: the time for a fuzzy extraction operation; Th: the time for a one-way hash function; TE/D: the time for an encryption/decryption using symmetric cryptographic technique; Tcm: The time of a Chebyshev chaotic map operation.
Table 3. Communication Cost Comparison.
Table 3. Communication Cost Comparison.
SchemeUserGWNSensing NodeTotal (Bits)
Chang-Le. [13]67251210882272
Li et al. [14]112011203202560
Wazid [15]51210883841984
Our.8325763521760
Table 4. Safety performance and function comparison.
Table 4. Safety performance and function comparison.
FeatureChang-Le.Wazid.Li et al.Our.
S F 1 ×××
S F 2 ××
S F 3
S F 4 ×
S F 5
S F 6
S F 7
S F 8
S F 9
S F 10
S F 11 ×××
S F 12 ×
S F 13 ××
SF1: StolenMobile/Smart card attack; SF2: Privileged-Insider attack; SF3: User Impersonation Attack; SF4: GWN Impersonation Attack; SF5: Sensing Node Impersonation Attack; SF6: User Anonymity and Untraceability; SF7: Sensing Node Capture Attack; SF8: Mutual Authentication; SF9: Man-in-the-Middle Attack; SF10: Replay Attack; SF11: ESL Attack; SF12: Support Password and Biological Key Update; SF13: Supports Adding Sensor Devices.
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Hu, H.; Liao, L.; Zhao, J. Secure Authentication and Key Agreement Protocol for Cloud-Assisted Industrial Internet of Things. Electronics 2022, 11, 1652. https://0-doi-org.brum.beds.ac.uk/10.3390/electronics11101652

AMA Style

Hu H, Liao L, Zhao J. Secure Authentication and Key Agreement Protocol for Cloud-Assisted Industrial Internet of Things. Electronics. 2022; 11(10):1652. https://0-doi-org.brum.beds.ac.uk/10.3390/electronics11101652

Chicago/Turabian Style

Hu, Huanhuan, Longxia Liao, and Junhui Zhao. 2022. "Secure Authentication and Key Agreement Protocol for Cloud-Assisted Industrial Internet of Things" Electronics 11, no. 10: 1652. https://0-doi-org.brum.beds.ac.uk/10.3390/electronics11101652

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop