HMACCE: Establishing Authenticated and Confidential Channel From Historical Data for Industrial Internet of Things

Abstract

Industrial Internet of Things (IIoT) is a new paradigm for building intelligent industrial control systems, and how to establish a secure channel in IIoT for machine-to-machine (M2M) communication is a critical problem because the devices in IIoT suffer from various attacks and may leak confidential information. Traditional authenticated and confidential channel establishment (ACCE) protocols neither apply for resource-constrained IIoT devices nor satisfy leakage resilience. In this paper, we introduce a new security notion: historical data based multi-factor ACCE (HMACCE) to address this issue and propose two HMACCE protocols. Our HMACCE protocols use three authentication factors, i.e., a symmetric secret key, historical data, and a set of secret tags associated with the historical data, to establish a secure communication channel between the client and the server. The key idea is to use the secret key managed by an IIoT edge device to quickly verify the relationship between the historical data and its associated tags stored on the server. Our HMACCE has the following remarkable features. First, it is lightweight and tailored for resource-constrained IIoT devices. Second, it is bounded historical tag leakage resilience, which means that if a small portion of the secret tags is leaked to an adversary, it will not affect its security with an overwhelming probability. Moreover, as a security enhancement service, our HMACCE can be easily integrated with legacy IIoT devices by running simple authenticated key exchange protocols.