BP-AKAA: Blockchain-enforced Privacy-preserving Authentication and Key Agreement and Access Control for IIoT

Abstract

The Industrial Internet of Things (IIoT) links multiple subnets to accomplish more real-time, efficient, and high-class production. Authentication is an essential prerequisite for secure communication and data sharing between mutually untrusted subdomains.However, solving trust issues between subnets through third-party trusted servers inevitably introduces security and efficiency bottlenecks. In addition, the issue of not compromising the privacy of mutual authentication remains a challenge. Furthermore, key agreement and access control, as two follow-up steps of authentication, is non-negligible for achieving secure and efficient data sharing. Existing authentication works either require heavy computational overhead or lack necessary features for data sharing. Therefore, this paper proposed a blockchain-enforced cross-domain private-protected authentication and key agreement scheme supporting attribute-based access control, named BP-AKAA. To the best of our knowledge, this is the first scheme that simultaneously supports privacy authentication, key agreement, and access control. Non-interactive zero-knowledge proof technology is adopted to protect the identities of devices. In addition, with the assistance of distributed blockchain, the untrust issue of cross-domain authentication is solved.Performance analysis demonstrates that our scheme satisfies multiple functions, including cross-domain, privacy-preserving, and mutual authentication, and outperforms existing schemes in terms of key generation, authentication, and access control.