Multi-factor based session secret key agreement for the Industrial Internet of Things

Abstract

Industrial Internet of Things (IIoT) is the main field of application of the Internet of Things (IoT). The high degree of autonomy and resource constraints of the IIoT network poses challenges to the security of IIoT. Enabling the legitimate users to securely and remotely access resource-constrained intelligent terminal nodes in an open wireless channel has become a challenge in the IIoT environment. User authentication and key agreement schemes have been proposed for different IoT application scenarios to solve this problem. However, most existing three-party authentication and key agreement schemes for remote users have high computational costs and do not consider sufficient security attributes, such as unlinkability and anonymity. To address the aforementioned problems, the proposed scheme uses the IIoT as the application scenario and proposes a novel three-factor authentication and lightweight remote user identity authentication key agreement. This scheme is effective for devices with limited resources because it mainly uses a one-way hash function and a bitwise XOR operation. The security of the proposed scheme is demonstrated under the real-or-random model via a rigorous formal security analysis.