BDPM: A secure batch dynamic password management scheme in industrial internet environments

Abstract

The rapid development of Industrial Internet has promoted the deep integration of Information Technology (IT) and Industrial Control (IC), so that network attacks have gradually invaded IC zone. Password security is the first line of defense to ensure the security of IC devices. In this paper, we propose a secure Batch Dynamic Password Management (BDPM) scheme in Industrial Internet environments. Aiming to automatically configure strong passwords for IC devices, our scheme can achieve a batch password generation algorithm based on SM3 Cryptographic Hash Algorithm, which encrypts the input string and then intercepts and replaces the hash value to ensure the uniqueness and crack resistance of passwords. Moreover, we continuously monitor the status of vulnerable IT devices through a zero trust anomaly monitoring mechanism and introduce a password updating mechanism for relevant IC devices, which is triggered by sending an alarm to IC devices that have interaction rights with the compromised IT device. Subsequently, we construct a resilient blockchain called PS_chain and execute two different password storage schemes based on the threshold of password updates to ensure storage security and reduce the load on block storage. The security analysis shows that our scheme can defend against the threat model and can comprehensively improve the security of IC device passwords. The simulation results show that our scheme can enhance the strength of IC device passwords while securely storing IC device passwords in a low-load manner.