Secure Multifactor Authenticated Key Agreement Scheme for Industrial IoT

Hong

Security and Communication Networks

2021

Nowadays, as one of the key applications of Internet of Things, Industry IoT (IIoT) has recently received significant attention and has facilitated our life. In IIoT environments, an amount of data generally requires to be transmitted between the user and sensing devices in an open channel. In order to ensure safe transmission of these data, it is necessary for the user and sensing devices to authenticate each other and establish a secure channel between them. Recently, a multifactor authenticated key agreement scheme for IIoT was proposed, which aims to tackle this problem and provide solutions for user multiple sensing devices’ access. This work claims that the proposed scheme is secure against vario us attacks and has less communication and computational costs than other existing related schemes. Unfortunately, we find that this scheme cannot resist smart card attack and sensing device capture attack. Furthermore, we show that this scheme fails to provide forward secrecy, which is essential for a secure multifactor authentication scheme.

Section: Revisiting Vinoth Et Al's Schemementioning

confidence: 99%

“…Recently, Vinoth et al [8] proposed a multifactor authenticated key agreement scheme for the IIoT environment, aiming to support the authorized user remotely accessing multiple sensing devices. ey claimed that their scheme is suitable for the resource-constrained IIoT and has less cost during communication and computation processes.…”

Section: Introductionmentioning

confidence: 99%

Revisiting a Multifactor Authentication Scheme in Industrial IoT

Hong

Security and Communication Networks

2021

Security and Communication Networks

“…As shown in [8], the authors' security analysis does not mention or refer to IF3, IF5, IF7, and IF14. From [47], we know that [48] cannot resist reply and sensor node capture attacks. As shown in [47], the authors' security analysis does not mention or refer to IF2, IF11, and IF12.…”

Section: Security Comparisonmentioning

confidence: 99%

An Efficient and Provable Multifactor Mutual Authentication Protocol for Multigateway Wireless Sensor Networks

Zhang

Liu

2021

As the most popular way of communication technology at the moment, wireless sensor networks have been widely concerned by academia and industry and plays an important role in military, agriculture, medicine, and other fields. Identity authentication offers the first line of defence to ensure the security communication of wireless sensor networks. Since the sensor nodes are resource-limited in the wireless networks, how to design an efficient and secure protocol is extremely significant. The current authentication protocols have the problem that the sensor nodes need to execute heavy calculation and communication consumption during the authentication process and cannot resist node capture attack, and the protocols also cannot provide perfect forward and backward security and cannot resist replay attack. Multifactor identity authentication protocols can provide a higher rank of security than single-factor and two-factor identity authentication protocols. The multigateway wireless sensor networks’ structure can provide a larger communication coverage area than the single-gateway network structure, so it has become the focus of recent studies. Therefore, we design a novel multifactor authentication protocol for multigateway wireless sensor networks, which only apply the lightweight hash function and are given biometric information to achieve a higher level of security and efficiency and a larger communication coverage area. We separately apply BAN logic, random oracle model, and AVISPA tool to validate the security of our authentication protocol in Case 1 and Case 2. We put forward sixteen evaluation criteria to comprehensively evaluate our authentication protocol. Compared with the related authentication protocols, our authentication protocol is able to achieve higher security and efficiency.

“…Real-or-Random (ROR) model [10,18,19] is used to prove semantic security of the proposed protocol and to obtain session key security (SK-security), as shown in theorem 1. . If and have similar session IDs in accepted state that are directly linked to each other and complete a successful session, they will establish a partnership, one being the initiator and the other responder.…”

Section: Security Proofmentioning

confidence: 99%

A Secure Anonymous D2D Mutual Authentication and Key Agreement Protocol for IoT Environments

Hajian

Haghighat

Erfani

2021

Preprint

Internet of Things (IoT) is a developing technology in our time that is prone to security problems as it uses wireless and shared networks. A challenging scenario in IoT environments is Device-to-Device (D2D) communication that an authentication server as a trusted third-party, does not involve in the authentication and key agreement process. It is only involved in the process of allocating long-term secret keys and their update. A lot of authentication protocols have been suggested for such situations. This article demonstrated that three state-of-the-art related protocols failed to remain anonymous, insecure against key compromise impersonation (KCI) attack, and clogging attack. To counter the pitfalls of them, a new D2D mutual authentication and key agreement protocol is designed here. The proposed protocol is anonymous, untraceable, and highly secure. Moreover, there is no need for a secure channel to generate a pair of private and public keys in the registration phase.) Formal security proof and security analysis using BAN logic, Real-Or-Random (ROR) model, and Scyther tool showed that our proposed protocol satisfied security requirements. Furthermore, communication cost, computation cost, and energy consumption comparisons denoted our schema has better performance, compared to other protocols.