Machine-to-machine communication allows smart devices like sensors, actuators, networks, gateways, and other controllers to communicate with one another. The industrial Internet of things (IIoT) has become a vital component. Many industrial devices are connected to perform a task automatically in machine-to-machine communication, but they are not properly secured, allowing an adversary to compromise them against a variety of attacks due to communication system vulnerabilities. Recently, a secure lightweight authentication protocol (SLAP) was proposed by Panda et al. They asserted that every known attack that could happen in the IIoT is deterred by their suggested protocol. In this study, we prove that the SLAP protocol is vulnerable to desynchronization, impersonation, replay, and eavesdropping attacks. To prevent these attacks and enhance that protocol, we need to implement a secure authentication mechanism that ensures the security of communication. This paper proposed a secure M2M Communication in IIoT with a single-factor lightweight authentication protocol (SF-LAP). Single-factor authentication is a simple and secure way to communicate. It uses less power and communication overhead while providing a secure mechanism for conversation. In the machine-to-machine (M2M) scenario, the proposed protocol uses an exclusive-OR operation and a hashing function to ensure secure communication between the sensor and the controller. The proposed mechanism uses a secure preshared key and timestamp technique to protect and safeguard this connection against desynchronization attacks and eavesdropping attacks. We used Burrows Abadi Needham (BAN) Gong, Needham, and Yahalom (GNY) logic, and the automated validation of Internet security protocols applications (AVISPA) tool for formal verification and perform a security analysis as an informal verification to make sure the suggested protocol is secure. Analysis that shows the SF-LAP consumes the least computing and communication overhead and is more secure because it prevents desynchronization and eavesdropping attacks to all of the known attacks that are modification attacks, tracing attacks, impersonation, man-in-the-middle, and replay attacks.
Read full abstract