Secure Multifactor Authenticated Key Agreement Scheme for Industrial IoT

Abstract

The application of Internet of Things (IoT) has generally penetrated into people’s life and become popular in recent years. The IoT devices with different functions are integrated and applied to various domains, such as E-health, smart home, Industrial IoT (IIoT), and smart farming. IIoT obtains the general attention among these domains, which allows the authorized user remotely access and control the sensing devices. The user suffices to attain the real-time data collected by sensing devices during the process of production. However, these data is usually transmitted via an insecure channel, which brings the problem of the security and privacy arising from the hostile attacks in IIoT. To resist the hostile attacks by the adversary and protect the security of the transmitted data, we propose a secure multifactor authenticated key agreement scheme for IIoT to support the authorized user remotely accessing the sensing device. The scheme adopts password, biometrics, and smart card to identify the user in the IIoT environment. We employ the secret-sharing technology and Chinese remainder theorem to construct a group key among legitimate sensing devices, and then this group key is utilized to assist in negotiating a secure session key between the user and multiple sensing devices. The proposed scheme is suitable for the resource-constrained IIoT as it only uses hash function, bitwise XOR operation, and symmetric cryptography. The performance analysis indicates that our scheme has less communication and computational costs in contrast to other correlative schemes. Besides, the security analysis indicates that our scheme can withstand many known attacks.