Building Low-Interactivity Multifactor Authenticated Key Exchange for Industrial Internet of Things

Abstract

Industrial Internet of Things (IIoT) brings together computers, devices, advanced analytics, and people in industries, such as transportation, oil plant, and power grid that leads to major efficiency and productivity gains for almost any industrial procedures. Due to the interconnection of devices in IIoT, communication security has become a critical issue to address in many emerging industry standards that require the authentication and key exchange procedure to be done to guarantee the authorized machine access (e.g., from users) and secure the data transmission between machines. To overcome the shortcoming (i.e., low entropy) of the memorable password in user authentication, it is rightfully recommended by industry standards (such as IEC-62443 family) to use multifactor authentication (MFA) for higher security levels. Notably, latency is one of the main sources of inefficiency when a device is communicating with other machines on IIoT. To mitigate latency, a smooth projective hash function (SPHF) built from well-studied standard assumptions is used to achieve a lowinteractivity multifactor authenticated key exchange protocol (MFAKE) because SPHF allows each party to prove to the others that he knows the right authentication factor(s). In this article, we are, therefore, motivated to build a new MFAKE named “secure remote multifactor (SRMF)” to achieve the humaninvolved “machine-to-machine” secure communication in IIoT. That is, SRMF leverages multiple user-centric authentication factors (such as password, biometric fingerprints, and PIN), and it can synergistically support multifactor registration (MFR), MFA, and multifactor key exchange (MFKE). Furthermore, to prevent authentication factors stored at the server exposing to attackers, the password-harden service (i.e., Pythia-PRF and USENIX'15) inspires us to develop a multifactor hardening service (MFHS) utilizing an oblivious pseudorandom function (OPRF). The balanced security of the proposed protocol is proved under the model of Bellare-Pointcheval-Rogaway (EUROCRYPTO'00) along with theoretical and experimental evaluations.