Abstract
Vinoth et al. proposed an authenticated key agreement scheme for industrial IoT (Internet of Things) applications. Vinoth et al.’s scheme aimed to protect the remote sensing data of industrial IoT devices under hostile environments. The scheme is interesting because the authorized user is allowed simultaneously to access the multiple IoT sensing devices. Therefore, we carefully analyzed the security and privacy implications of Vinoth et al.’s scheme. Our findings are summarized as follows. One, Vinoth et al.’s scheme failed to defeat user impersonation attacks. Second, Vinoth et al.’s scheme did not prevent IoT sensing device impersonation attacks. Third, Vinoth et al.’s scheme suffered from replay attacks. Fourth, Vinoth et al.’s scheme was vulnerable to desynchronization attacks. Fifth, Vinoth et al.’s scheme could not maintain user privacy. As a case study, our analysis results enlighten researchers and engineers on the design of robust and efficient authenticated key agreement schemes for IoT applications.
Highlights
The Internet of Things (IoT) is a fast development in the long and continuing revolution of communications and computing
The IoT has expanded the interconnection of billions of industrial and personal objects through IoT sensing devices, which are typically composed of sensors, actuators, microcontrollers, transceivers, and batteries
An attacker may exploit the vulnerabilities in the authenticated key agreement scheme to perform attacks, because the messages of the authentication session are often transmitted through a public channel, and this brings security problems in the industrial IoT environment
Summary
The Internet of Things (IoT) is a fast development in the long and continuing revolution of communications and computing. IoT sensing devices bound to objects deliver sensor information, act on their environments, and in some cases adapt for the overall management of a larger system, such as a factory [1] or a city [2]. Under the industrial IoT environment, sensing devices can be remotely accessed and controlled by authorized users. (4) Low cost: IoT sensing devices are always manufactured, purchased, and deployed in the millions This fact provides great incentive for manufacturers and customers to minimize the cost of these devices. In the normal course of things, the user requires simultaneously access to multiple IoT sensing devices for a complex industrial task. Because of serious security and privacy threats, IoT sensing devices, especially remote devices, are required to support mutual authentication and secret key establishment with their users. Our research focused on outside but inside attackers, i.e., malicious users and corrupt IoT sensing devices
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call