Design and analysis of lightweight and robust authentication protocol for securing the resource constrained IIoT environment

Ahmed Mohammed Alghamdi

doi:10.1371/journal.pone.0318064

Abstract

The Internet of Things (IoT) is a vast network of devices, sensors, wearables, or any other object capable of processing, storing, sending, and receiving data over an open network channel. This versatility gives IoT numerous applications, one of them being in the industry, also known as the Industrial Internet of Things (IIoT). As IIoT relies on an open network channel for data sharing, it is vulnerable to numerous threats, including side channels, impersonation attacks, and clock synchronization issues for which device authentication becomes crucial. Researchers occasionally proposed numerous authentication protocols using conventional cryptographic methods, identity-based cryptographic techniques, or certificateless methods; however, these protocols either suffer from modular exponentiation partial private key distribution problems or are completed in four to five round-trips during authentication. Therefore, this article presents an Elliptic Curve Cryptographic (ECC)-based efficient technique that emerges as a significant solution, addressing the certificate revocations, overheads problem, and the partial private key distribution problem of identity-based cryptography, respectively. The security of the proposed ECC-based protocol is of utmost importance in addressing all the known vulnerabilities in IIoT, freeing the industrial system from the urgency and the issue of data breaches. Its potential to instil a sense of security and confidence in IIoT deployment is crucial in improving user trust. Upon comparing the proposed protocol with state-of-the-art schemes, the result demonstrated that the proposed protocol enhanced 51.44% in terms of communication costs and 91.88% in terms of computation costs. So, it is recommended for practical implementation due to its fast and provable secure nature, making the industry feel confident and safe about its implementation.

Citation: Alghamdi AM (2025) Design and analysis of lightweight and robust authentication protocol for securing the resource constrained IIoT environment. PLoS ONE 20(2): e0318064. https://doi.org/10.1371/journal.pone.0318064

Editor: Elochukwu Ukwandu, Cardiff Metropolitan University - Llandaff Campus: Cardiff Metropolitan University, UNITED KINGDOM OF GREAT BRITAIN AND NORTHERN IRELAND

Received: December 3, 2024; Accepted: January 9, 2025; Published: February 6, 2025

Copyright: © 2025 Ahmed Mohammed Alghamdi. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Data Availability: All relevant data are within the paper and its Supporting Information files.

Funding: The authors extend their appreciation to the Deputyship for Research & Innovation, Ministry of Education in Saudi Arabia, for funding this research through project number MoE-IF-UJ-R2-22-1247-1.

Competing interests: The authors have declared that no competing interests exist.

Introduction

The Internet of Things (IoT) is a comprehensive system with three main components: information transmission, data or information detection, and processing capabilities [1]. This vast network of intelligent connected things has numerous applications, including Industry. Industry is the digital transformation of manufacturing and connected industries, introducing smart factories into substance-creation procedures [2]. The Industrial Internet of Things (IIoT) is a key player in this transformation, combining Industry and IoT specifically for industrial communication technologies [3]. It has become an essential development area, offering a cost-effective solution for real-time data collection, monitoring, and controlling machine activity during industrial processes. In an IIoT setup, a user can control and access the sensing devices remotely during the industrial processes. In a security-critical environment, it is mandatory to authenticate the user when requested to access the data. Among the several approaches available for the authentication process, a digital signature is one of the most favorable and usable techniques in the cryptographic research community. This technique empowers the sender to sign a message using their private key, a hash value, and a randomly generated private number only known to them, giving them complete control over the delivery to the receiver [4]. When the receiver receives the aggregate signature, it can be verified through the sender’s public key and other known parameters [5]. Unfortunately, aggregate signature is affected by the renewal and revocation of certificates, which can burden poor resource IIoT devices as it is based on the old public key method (OPKM).

In contrast to OPKM, the identity-based signature was introduced, which can avoid the renewal and revocation of certificates process, by introducing a signature in a way that can include the Private Key Generation Center (PKGC), which is responsible for creating the private and public key for the participating users when they give their identities [6]. Here, the problem identity-based signature is that PKGC delivers the processed private and public keys to users with the help of a secure channel, and another problem in identity-based signature is that when PKGC is not trusted, the whole system’s security will be compromised (key escrow problem). After that, certificateless cryptography was introduced, allowing the key generation center (KGC) to process and deliver the partial private key to users, and a user can create their own private and public keys [7]. The problem in [7] is the key escrow, and it still needs to provide the partial private key to users using the open Internet. Then, certificate-based cryptography was coined in [8] to overcome the above concerns, which enables the Certificate Authority (CA) to make and deliver a certificate to the users. In [8], the users are empowered to create their private and public keys on their base (PKG), a process that is both practical and easy, and then transmit them to each associated user for further communication. Both [8,9] bypass the key escrow problem by allowing the user to create their private key, a feature that ensures user empowerment and keeps the key unknown to CA. They also both use an open network for certificate delivery. However, [8] distinguishes itself by not requiring the process of certificate renewal and revocation, a feature that can bring a sense of relief and reduced burden. The issue described for [8,9] is the same for [10].

Motivation

The possibility of communication between devices and exchange of information between Internet of Things networks provides low cost and the ability to expand on many industrial and commercial fields. Among these, one of the broad applications of this network is monitoring industrial processing systems via devices called Industrial Internet of Things (IIoT), which provide various services to industries and their production. These IIoTs have small memory and low computing power and can be placed in different industrial units for collecting and processing sensitive industrial information. The signals these IIoT collect contain voluminous data; they supervise different parts of the industry and send it to various points through wireless channels, which are exposed to many attacks, putting a lot of threats to sensitive information. Its security is crucial and requires rigorous security mechanisms to make it prone-free. Therefore, maintaining the security of such a vulnerable network is fundamental, and it has attracted the attention of many researchers. The urgency of this issue cannot be exaggerated; preventing these attacks and establishing a secure industrial environment requires understanding the architecture of the whole industrial system and discovering the network they use. So, it represented a centralized network architecture with a Gateway having more processing capability, sending information over a long distance; however, the remaining devices, limited energy, low-powered devices, and lowest processing capabilities, cannot afford the heavyweight cryptographic burden of a security protocol. So, these issues and challenges of IIoT motivated me to design a security protocol with a robust security and lightweight nature. Therefore, an efficient authentication scheme that utilizes the ECC method can efficiently and effectively reduce the computational and communicational burden of IIoT and provide robust security to all the associated devices disseminated in the industry for tactical task completion.

Contributions

Although the discussions regarding the signature, identity, certificate and certificateless-based method for message authentication have been made in the introduction above, it has been clear that the IIoT environment can sometimes generate the same type of data from the same or different devices, so in this case, an elliptic curve cryptographic-based with key insulation will be the highly recommended preventive measures when taking the above discussion into account. In this technique, in the setup phase, the gateway can generate an ECC-based key with a key insulation method for IIoT data and then deliver it to the user and sensor node for secure authentication before starting the tactical task. The gateway node is a trusted entity responsible for collecting and processing the ECC-based key; after reception, it performs the routing of messages process and sends it to the users and IIoT. In the letter, users/IIoT can verify an ECC-based key for availability and authenticity. The simple ECC, a known technique for resource-hungry devices, can be expensive for poor-resource devices due to its use of a 160-bit key and other parameters. In contrast, the ECC is a lightweight method that provides the same level of security as the RSA but with a 160-bit key size instead of 1024 bits for RSA and other parameters, making it a cost-effective solution for resource-constrained IIoT devices. Therefore, the key contributions of the research work are as follows:

ECC-Based Authentication Protocol for Efficient Performance and Robust Security: As IIoT relies on an open network channel for data sharing, it is vulnerable to numerous threats, including side channels, impersonation attacks, and clock synchronization issues for which device authentication becomes crucial. Researchers occasionally proposed numerous authentication protocols using conventional cryptographic methods, identity-based cryptographic techniques, or certificateless methods; however, these protocols either suffer from modular exponentiation partial private key distribution problems or are completed in four to five round-trips during authentication. Therefore, this research article presents an efficient authentication scheme that utilizes the ECC method, which can efficiently and effectively reduce the computational and communicational costs of IIoT and provide robust security to all the associated devices disseminated in the industry for tactical task completion.
Formal Security Validation: The proposed ECC-based authentication scheme can be scrutinized using well-known and widely used toolkits, such as AVISAP and ProVerif, to show its robustness and suitability for the IIoT environment.
Performance Measurement: This research includes a detailed performance analysis of the proposed scheme, focusing on key factors such as storage, communication, and computation costs. This analysis provides valuable insights into the scheme’s practical implications and confirms the balancing of security with performance, a challenging task often missing in prior works.
Comparative Analysis: This paper comparatively analyses the proposed ECC-based authentication scheme from two perspectives: performance trade-off (which refers to the balance between the system’s performance and resource consumption) and security functionalities. It shows the balance of performance with security, which are contradictory features missing in the state of the artwork.

Preliminaries & backgrounds

Information security is a set of procedures that protect personal data against unauthorized access and alteration while being stored or transmitted. Information security aims to protect data, electronic, and other sensitive and private information from unwanted access.

Elliptic curve cryptography (ECC)

Based on elliptic curve theory, elliptical curve cryptography (ECC) [11] is a public key encryption method that may produce quicker, smaller, and more effective cryptographic keys. ECC, a substitute for the Rivest-Shamir-Adleman (RSA) cryptographic algorithm [12], is most frequently utilized for one-way encryption, and it is a looping line that intersects two axes, lines on a graph showing a point’s location over an equation y² = x³ + ax + b and form an ellipse or oval shape. ECC and other public key cryptography technologies combine two keys mathematically and then use the result to encrypt and decode data. One is a private key that only the sender and recipient of the data know, while the other is a public key known to everyone.

Security principles

An industry should require a policy to protect its critical operations and describe employees’ conduct and duties. So, the industry should recommend security protocols that address the most critical aspects of designing a security protocol for a vulnerable and sensitive environment, such as the industrial Internet of Things (IIoT). These three main features must be taken into account while installing a security system for the tactical industrial operation:

Confidentiality

It is not just a key component but the cornerstone of protecting information in the IIoT environment. Only a responsible and properly authenticated entity will have permission to utilize the services for which they have been installed. To bring these characteristics to the proposed ECC-based authentication scheme, we will employ all the available security measures, including strong passwords, encryption, authentication, and protection against all known attacks.

Integrity

The caretaker of data in IIoT, is about preserving data and preventing it from being corrupted by human error or malicious intent. To make the proposed security scheme by integrating these key features, we have to ensure data integrity by withstanding the proposed security system to all known cyber-attacks. In this technique, the proposed protocol can ensure confidentiality and also play a role in securing data integrity, as cyber attackers cannot alter data without prior permission, which is, of course, not possible in the proposed scheme.

Availability

It is a fundamental aspect of any security protocol, which means ensuring that data is available to those who become properly authenticated and not to those who don’t. This critical security feature in the proposed protocol can only be incorporated if the proper credentials are accessed. Any illegal access can promptly be discarded by the system and should be considered a potential replay, DoS, MITM, and other attacks.

Design objectives/goals

The proposed ECC-based authentication protocol for the IIoT system serves multiple design objectives/goals, including:

✔. To ensure the security and privacy of industrial sensitive information processing.
✔. To ensuring access to industrial information/data is only by authorized users/operators.
✔. Protecting and preventing unauthorized users/attackers from disclosing industrial sensitive information processing.
✔. Accessing advantages of main server storage to scalability, enhancing efficiency, and convenience.
✔. Minimizing load on server by incorporating a control server to improve security and privacy, efficiently managing all the connected devices, fast and securely registering them, and providing networking facilities.
✔. Timely access to industrial information which can impact industry outcomes/production.
✔. Adopting strict regulatory requirements due to installing robust security protocol.
✔. Incorporating interoperability features to facilitate seamless communication and data sharing while maintaining security standards.
✔. Manage industry data access and ensure that processing of sensitive information remains protected while enabling authorized users to retrieve and utilize it when needed.

Network model

Fig 1 illustrates the proposed network model for the ECC-based security mechanism proposed for the IIoT environment. This security mechanism is functional mainly for three entities, including the User/operator (U), Industrial Internet of Things (IIoT)/sensing devices, and the gateway (GW). The process begins when IIoT devices need to share data with data users/different operational units, which is necessary for the IIoT to mandatorily authenticate with the data users/operational units. To do so, they send a registration request, including their identities, to the gateway (GW). Upon receiving a registration request for each identity, the GW swiftly generates a message/certificate and dispatches it to the IIoT/sensing devices through operational units/users. Once the registration/certificate is obtained from the GW and data users/operational units, they can create their own message. Following this, the IIoT devices can generate a key and store it in their memory for the record. The transmission of different parameters from the user to the gateway and IIoT and vice versa occurs upon authentication with an open network channel. The entities involved in this process are described as follows, highlighting the efficiency of the data-sharing process in the industrial process:

Download:

Fig 1. Proposed Network Model.

https://doi.org/10.1371/journal.pone.0318064.g001

User (U)

“Data users” conduct and carry out the process inside an industry by directly evaluating integrated datasets at the unit record level. Their work is closely intertwined with industrial data integration, highlighting the importance of teamwork in this process. End users, who are typically management or decision-makers, look at industrial production, IIoT functionality, and their generated outputs to make strategic decisions and optimize processes.

Industrial Internet-of-Things (IIoT)

The industry is undergoing a significant digital transformation, and at the heart of this change is the Industrial Internet of Things (IIoT). It introduces smart factories and connected machinery/devices into substance-creation procedures, revolutionizing industrial communication technologies. IIoT has become an essential development area, offering a cost-effective solution for real-time data collection, monitoring, and controlling machine activity during industrial processes. In an IIoT setup, a user can control and access the sensing devices remotely during the industrial processes. The IIoT is also utilized for Process monitoring, Equipment maintenance, and Asset monitoring.

Gateway (GW)

An industry owner is responsible for uploading/installing the overall system to provide services to numerous devices/machinery/functioning, etc. This is the gateway that addresses the difficulty in service provision, which arises when someone attempts to access and look into the sensitive IIoT function, deterring the privacy of IIoT/user data and the ability to track and identify these devices. After applying the appropriate policy, the data is moved to the data user dataset by operationalizing the proposed security mechanism to maintain the overall security-related activities. As the proposed security framework makes the record randomized, it significantly increases the challenge for an adversary to determine the proper sequence in which the data were received from the provider manufacturing, thereby enhancing your security.

Threat model

This research adopts the threat models defined by Dolev-Yao, called DY [13]. According to these models, a system can face numerous threats; some of these threats are as follows:

False data injection threat

The adversary might influence the information gathered by numerous IIoT, measure the state variable, and record valuable credentials.

Privacy threat

The adversary accesses the open network channel, installing aircrack-ng [14] for identity hacking, airodump-ng [14] for packet direction, and airplay-ng [14] for de-authentication, which in turn disturbs the operation of an industry.

Traffic analysis threat

The packets transmitted among the different parts of an industry can be captured by an adversary, analyzed, and later used for malicious deeds. As the industry has several IIoT devices for data collection, the said transmission is performed via wireless media, which is vulnerable to the adversary; if the security mechanism is susceptible, they can easily extract the internal secret from the packets and later use for potential attacks.

Access control threat

The adversary can identify policies, rules, and the legitimacy of legal peers, take control, and violate authenticity, change privileges, and cause considerable loss to the operation of an industry.

Identity spoofing threat

The main system inside an industry working for controlling the IIoT can also have a chance to become masquerade/impersonated by an adversary who enters through a spoofed identity.

Reply attack

An attacker captures data from the open channel, eavesdrops, and later uses it for a potential replay attack to gain access to the centralized system illegally.

Desynchronization threat

Suppose a legal user desires to update their identity/password or biometrics; in the upcoming session, the legal peers do not know the changed credentials, creating a desynchronization threat to the system. Similarly, an adversary enters the server and disturbs the synchrony of the shared memory.

Man-in-the-middle (MITM) attack

The adversary alters the packet flow toward a third or his system instead of transmitting to a legitimate participant. The attacker can divert and modify the flow, steal the identity and password from it, and impersonate the whole system.

Stolen-verifier attack

The attacker steals some useful device (IIoT) from an industry, extracts the internal secret credentials from it, and later use for potential reply, masquerade, and denial-of-service (DoS) attacks.

Password-guessing attack

The adversary gets the encrypted password, performs numerous guesses, if matched, succeeds. So, there is also a chance with the adversary to guess the system’s password.

Related works

By using physically unclonable functions (PUF) and elliptic curve cryptography (ECC), the [15] offers a lightweight security protocol for the IIoT that can withstand replay and DoS attacks while enabling mutual authentication between IoT nodes and the server. Nevertheless, it needs to be implemented in real industrial environments and heavily relies on IoT nodes rather than gateways, which might increase the burden on IIoT devices with limited resources. Similarly, the IIoT has serious security issues, as the authors of [15] have shown, and they said that the IIoT does not make good use of security features and the operators encounter challenges related to security by facing hurdles that can hinder the implementation of best security practices, even with current protocols. As a result, they reviewed various security models for IIoT that operate over the Internet but are less widely used than IPv6 when installed. They [15] went on to say that strict protocol development is necessary to improve security configuration for IIoT deployments and make the industrial environment safe from any unauthorized event, thereby boosting IIoT security. The models they [15] presented in their article are also not capable of detecting ‘extra elements, which refer to any additional or unexpected elements in the system, such as unauthorized access attempts or unusual data patterns, to answer the known vulnerabilities. In their analysis of the security implications of transferring industrial appliances from closed networks to the Internet, the esteemed researchers Dahlmanns et al. [16] focused on the IIoT and emphasized the necessity of secure communication protocols to secure IIoT systems. Their [16] evaluation of 10 industrial protocols, conducted in accordance with security best practices, is a testament to their expertise in the field. To ensure comprehensive data, their [17] study also examines the entire IPv4 address space, further establishing the credibility of their research.

Singh et al. [18] proposed an effective, lightweight, and safe IIoT authentication protocol by lowering exponential calculations and computational costs. They compared it with other authentication systems and shared keys securely using the Diffie-Hellman algorithm. Das et al. [19] devised a biometric-based privacy-preserving authentication mechanism called BP2UA for use with smart cards in an IIoT context. They used NS2 to conduct a comprehensive security study, which forms the basis of their scheme. However, their scheme is susceptible to side-channel attacks.

On the other hand, Hu et al. [20] have put up a safe authentication plan for the IIoT. Their plan, which makes use of Chebyshev polynomial encryption, improves security through secure mutual authentication and session key agreement. They also provide users the option to update their biometrics and passwords locally. However, their protocol is vulnerable to an insider attack, stolen verifiers, and insufficient security that prevent data storage for analysis. In order to guarantee perfect forward and backward secrecy in an IIoT context, Fan et al. [21] devised a secure authentication key agreement technique. They generated and distributed the session secret key securely and effectively by using a trusted authority center. However, their system has high computation costs and high energy consumption because of its restricted computing power. Despite these challenges, the potential of these IIoT authentication protocols gives hope for a more secure future in IIoT.

According to the researchers in [22], ProVerif does not assess node capture attacks, a type of cyber-attack where an adversary captures a node in a network and uses it to compromise the security of the entire network. It is becoming increasingly clear that conventional security solutions are inadequate for IoT devices with limited resources. These protocols either provide low-resource security for IoT devices or rely heavily on the creation of certificates for authentication, which causes difficulties in efficient services. These schemes may lead to vulnerabilities if multi-factor authentication is not implemented correctly, resulting in errors or complications during the authentication procedures when multi-device access requests are received [22]. The need for a more robust solution is evident. In order to validate the security of their biometrics-based authentication protocol with ECC for wireless sensor networks (WSNs), Li et al. [23] used random oracle models to demonstrate that an adversary has no chance of breaking the protocol and that their work performs better than previous efforts. They have addressed the shortcomings of earlier protocols in their protocol [24] and have produced a reliable and energy-efficient protocol for Internet of Things applications. However, the procedure they suggested in [24] may have a traceability problem. By analyzing the previous systems, Li et al. [25] established an improved set of requirements for IIoT contexts and created a safe authentication scheme with formal evidence. The introduction of a “honeywords” approach for malicious server detection has effectively eliminated the common flaws.

As stated, the data storage and processing are carried out inside with industrial machines that can be protected from outsider attackers. However, collecting and transmitting IIoT data can be done through the open Internet, which can be affected when an unauthorized user can participate in the network. To eliminate the harmful activity of an attacker in the IIoT network, authentication is the most attractive technique that can be fulfilled through a digital signature. For the authentication of users in the IIoT ecosystem, Karati et al. [26] give a certificateless signature scheme and claim that the scheme is efficient in terms of computations. Another claim of the authors in this scheme is that the proposed secures from both types of adversary, i.e., type 1 (who can eavesdrop on the communication) and type 2 (who can actively interfere with the communication). However, according to the detailed cryptanalysis of B. Zhang et al. [27] and Y. Zhang et al. [28], the scheme proposed in [25] is not safeguarded from type 1 and type 2 adversaries, further the authors of [28] designed a new certificateless signature scheme with the help of elliptic curve cryptography. They claim that their proposed scheme needs significantly less computational effort. Unfortunately, the scheme used in [27] does not stand against the Unforgeability attack, according to Zhang et al. [28] in the analysis.

Running parallel to these schemes, Xiong et al. [29] have developed a certificate approach for the IIoT environment, leveraging key insulation and elliptic curve cryptography. Rezaeibagha et al. [30] have introduced an enhanced approach using a Certificateless signature in the standard model. The authors of this scheme assert that it is resilient against both types of adversaries, i.e., type 1 and type 2. M. Ali et al. [31] have devised a certificateless approach for the IIoT environment, employing -elliptic curve cryptography. They argue that their proposed scheme is more efficient in terms of computational and communication costs than the existing certificate signature for the IIoT environment. These innovative approaches not only provide practical solutions but also inspire optimism for the future of IIoT security, instilling a sense of hope and positivity in the audience.

After a rigorously and thoroughly reviewing these schemes, the following common flaws were identified: (1) they are based on Certificateless cryptography that can be affected by partial private key distribution problems that must need a secure network (2) they are not providing the facilities of data aggregations. Hence, to fulfill such limitations, Verma et al. [32] constructed a new approach that removes the partial private key distribution problem by using certificate-based cryptography and includes the data aggregation technique that performs aggregation on IIoT data in run time. However, the approach of Verma et al. [32] cannot withstand types 1 and type 2 adversaries concerning Unforgeability property [32]. Then, utilizing the bilinear pairing operation with the key insulation method, the authors in [33] used the certificate-based aggregate signature scheme. However, due to heavy operations in bilinear pairing, there will be a better method for resource-hungry IIoT devices. Hwang and Lee [34] proposed a certificate-based aggregate signature scheme using the elliptic curve point multiplication operations with a key insulation method. However, their [34] scheme is not feasible for resource-constraint IIoT devices due to elliptic curve point multiplication and more time-consuming operations said by [35]; the summary of the remaining literature review critically is presented in Table 1.

Download:

Phase 1. User Registration Phase.

Download:

Table 1. Summary of the literature review.

https://doi.org/10.1371/journal.pone.0318064.t001

Proposed protocol

The system parameters/credentials are produced/yielded and disseminated among the participants via the gateway (GW). The GW also registers each participant, both user (U) and sensing/IIoT devices, and securely exchanges confidential credentials with them in an offline mode, ensuring the highest level of confidentiality and trust. Upon receiving the registration parameters from the GW, the user (U) can establish a secure session for the key SK by communicating with IIoT through public channels. The symbols/notations used for the description of the proposed protocol are shown in Table 2, while the protocol’s phases are described one by one as follows:

Download:

Phase 2. Sensing/IIoT Device Registration Phase.

Download:

Table 2. Symbols/Notations and their Descriptions.

https://doi.org/10.1371/journal.pone.0318064.t002

User registration phase

A legitimate user first chooses a unique identity ID_U and password PW_U, generates biometrics B_U and generates ê. After the selection/generation/extraction of these credentials, the user computes Gen (B_U) = (ú, ϑ), whereas ú and ϑ are variables, P = h(ê||PW_U), Q = h(P||ϑ), R = h(P||ϑ||ID_U) and communicate {ID_U, Q} towards the gateway. When the gateway node receives {ID_U, Q} message, it calculates S = h(msk||ID_U) and T = S ⊕ Q. The gateway chooses r₁ and calculates U = h(r₁), encrypts ID_U||r₁ and makes the private credentials of dynamic identity DID_U. After that, the gateway stores {S, DID_U} and sends {T, PK_GW, U} to the user and stores it, too. The user, when receiving {T, PK_GW, U} parameters of the gateway, can also store it in its memory, as shown in phase 1.

Sensing/IIoT device registration phase

The sensing/IIoT device (SD) chooses a unique identity ID_SD and transmits it towards the gateway (GW). When the gateway receives the identity of the sensing/IIoT device, check it on its record; if found, reject the process; else, calculate V = h(msk||ID_SD), W = h(V||s), X = E_s(V), storing {V, X, ID_SD} and sends {X, V} towards sensing/IIoT devices through a secure channel where it stores the said {X, V} message in its memory, as shown in phase 2.

Authentication phase

This is the most crucial phase of the protocol. This phase is accomplished in the following steps:

KC01: The user starts by providing identity ID_U, types password PW_U and imprints biometric B_U. The system then processes this information of the user by computing ϑ=Rep(B_U^*, ú), R^*=h(h(ê||PW_U)||ϑ^*||ID_U), confirms R^*? = R, if matched, it then generates r₂ and computes Q^*=h(h((ê||PW_U)||ϑ), T^*=S ⊕ Q, Y₁ = r₁.PK_U, Y₂ = r₂.s, Y₃ = h(S||Y₁||Y₂||V) and sends {Y₁, Y₃} towards the gateway over a public channel

KC02: When the gateway receives {Y₁, Y₃} message, check the key Y₂^*=s.Y₁ = r₂.(s. PK_U), decrypts the user’s dynamic identity DID_U through master secret key (msk) Dec_msk(DID_U) = (T||r₁) and calculates S = T ⊕ Q, Y₃^*=h(S||Y₁||Y₂||V), verifies Y₃^*=Y₃, if not verified, the gateway considered a potential replay attack, discard the message and stop the process of session key computation. For successful confirmation of Y₃^*=Y₃, the gateway selects r₃, computes S^*=h(msk||ID_U), V^*=S^*⊕U and generates dynamic user identity DID_U and calculates Y₄ = r₃.PK_GW, Y₅ = Y₄.r₃, Y₆ = Y₄ ⊕ h(DID_U||V), Y₇ = Y₄ ⊕ Y₅, Y₈ = h(DID_U||V^*||T^*||Y₄||Y₅) and build {Y₆, Y₇, Y₈} message for sending towards the sensing/IIoT device (SD) over an open channel

KC03: When the sensing/IIoT device received {Y₆, Y₇, Y₈} message, computes V^*=S^*⊕U, Y₄ = Y₆ ⊕ h(DID_U||V^*), Y₅ = Y₇ ⊕ Y₄, Y₈^*= h(DID_U||V^*||T^*||Y₄||Y₅) and verifies Y₈^*? = Y₈, if not verified, the gateway considered a potential replay attack, discard the message and stop the process of session key computation. For successful confirmation of Y₈^*? = Y₈ the device select r₄ and restores V^*=h(V) from its memory and computes Y₉ = r₄.Y₅, Y₁₀ = Y₉ ⊕ Y₅, SK_SD = h(DID_U||Y₄||Y₅||Y₉), Y₁₁ = h(V^*||T^*||SK_SD||Y₅) and sends {Y₁₀, Y₁₁} message back towards the gateway over an insecure channel. The exchanged of the credentials in the authentication phase is represented diagrammatically in Fig 2.

Download:

Fig 2. Vector Diagram of the Proposed Protocol.

https://doi.org/10.1371/journal.pone.0318064.g002

KC04: When the gateway received {Y₁₀, Y₁₁} message computes Y₉ = Y₁₀ ⊕ Y₅, SK_GW = h(DID_U||Y₄||Y₅||Y₉), Y₁₁^*= h(V^*||T^*||SK_GW||Y₅) and verifies Y₁₁^*? = Y₁₁, if not verified, the gateway considered a potential replay attack, discard the message and stop the process of session key computation. For successful confirmation of Y₁₁^*? = Y₁₁, the gateway computes U^*=h(U), Y₁₂ = r₃ ⊕ S^*, Y₁₃ = Y₂ ⊕ Y₅, Y₁₄ = Y₅ ⊕ Y₉, Y₁₅ = h(SK_GW||r₃||Y₂) and build {Y₁₂, Y₁₃, Y₁₄, Y₁₅} for sending it towards the end-user over a public communication channel.

KC04: Upon receiving {Y₁₂, Y₁₃, Y₁₄, Y₁₅} message from the gateway, the user computes Y₅ = Y₁₃ ⊕ Y₂, Y₄ = r₂.Y₅, Y₉ = Y₅ ⊕ Y₁₄, r₃^*=S ⊕ Y₁₂, SK_U = h(DID_U||Y₄||Y₅||Y₉), Y₁₅^*= h(SK_U||r₃||Y₂) a verifies Y₁₅^*? = Y₁₅ if not verified, the gateway considered a potential replay attack, discard the message and stop the process of session key computation. For successful confirmation of Y₁₅^*? = Y₁₅, the store values U = h(U) were changed and replaced by U^*=h(U).

Security analysis

In this section of the article, the security analysis of the proposed protocol can be demonstrated both formally [49,50] using AVISPA [51], ProVerif [52] and informally [53,54] through illustrations/pragmatic discussions, which is a crucial step of a security protocol. These two types of security analysis are explained as follows:

Informal security analysis

The security analysis in this section is anchored in the unique features of the elliptic curve cryptographic-based protocol and the one-way hash function [53,54]. The ECC is a distinctive feature, prevents attackers such as T_TP1 and T_TP2 from deciphering the ECC-keys Y₁ = r₁.PK_U, Y₂ = r₂. s, Y₉ = r₄.Y₅, and Y₄ = r₂.Y₅. The one-way hash function, a mathematically rigorous technique, ensures irreversibility, allowing us to provide variable-size data and a fixed length value. These unique features form the foundation of our scheme’s security attributes, including unforgeability against T_TP1 and T_TP2, integrity, and non-repudiation, as demonstrated in the following steps.

Unforgeability against

Let’s consider a scenario where T_TP1, acting as a forger, is unaware of the secret keys msk and s of GW. T_TP1 aims to create λ, necessary for Y₂ = r₂. s, Y₂^*=s, Y₁ = r₂. (s. PK_U), and S^*=h (msk||ID_U), which must have the nature of solving the ECC-keys. In this case, T_TP1 also needs r₁, r₂, r₄, and the user’s identity for further computation of the private numbers. However, T_TP1 is faced with the challenge of solving ECC keys twice, which are transmitted publicly among different participating entities, making it impossible for T_TP1. Therefore, from this illustration, we can confidently state that the proposed protocol is not just resistant but highly resilient to forgeability from T_TP1 providing a strong defense against a forgery attack because T_TP1 cannot eavesdrop on the open communication channel.

Unforgeability against

Suppose T_TP2 is actively playing as a forger by knowing the msk, which is the master secrete key of GW, and wants to make a message {Y₁, Y₃}, has to pass Y₁ = r₁.PK_U, Y₂ = r₂.s, Y₃ = h(S||Y₁||Y₂||V), S = h(msk||ID_U), and V = h(msk||ID_SD) which is consisted of random number r₁, r₂ and the private numbers s. Therefore, T_TP2 needs s from Y₂ = r₂.s, which is the ECC key. T_TP2 required V and S from Y₃ = h(S||Y₁||Y₂||V), which contain sensing device identity ID_SD and user ID_U that can be computed from S = h(msk||ID_U), and V = h(msk||ID_SD). From this discussion, it has been confirmed that the proposed approach withstands against forge ability from T_TP2.

Mutual authentication

The user transmits {Y₁, Y₃} whereas Y₁ = r₁.PK_U and Y₂ = r₂.s and Y₃ = h(S||Y₁||Y₂||V), in which r₂ is an arbitrarily selected number from the finite field of ECC. The gateway then generates {Y₆, Y₇, Y₈} whereas Y₆ = Y₄ h (DID_U | | V), Y₇ = Y₄ Y₅, and Y₈ = h (DID_U | | V*| | T*| | Y4 | | Y₅) in which Y₅ = Y₄. r₃, Y₄ = r₃. PK_GW. When sending these values towards the sensing/IIoT device, it computes V^*=S ⊕ U, Y₄ = Y₆ ⊕ h(DID_U||V), Y₅ = Y₇ ⊕ Y₄, Y₈^*= h(DID_U||V^*||T^*||Y₄||Y₅) verifies Y₈^*? = Y₈ for checking the authenticity of the dynamic user identity, secret values s and master secret key msk of the gateway. On the other side, the gateway when receiving {Y₁₀, Y₁₁} message from sensing device, computes Y₉ = Y₁₀ ⊕ Y₅, SK_GW = h(DID_U||Y₄||Y₅||Y₉), Y₁₁^*= h(V^*||T^*||SK_GW||Y₅), verifies Y₁₁^*? = Y₁₁ for checking the authenticity of sensing device and the user when receiving {Y₁₂, Y₁₃, Y₁₄, Y₁₅} message from gateway, computes Y₅ = Y₁₃ ⊕ Y₂, Y₄ = r₂.Y₅, Y₉ = Y₅ ⊕ Y₁₄, r₃^*=S ⊕ Y₁₂, SK_U = h(DID_U||Y₄||Y₅||Y₉), Y₁₅^*= h(SK_U||r₃||Y₂), verifies Y₁₅^*? = Y₁₅ for checking the authenticity of the gateway and finally agreed on SK_U = h(DID_U||Y₄||Y₅||Y₉), SK_GW = h(DID_U||Y₄||Y₅||Y₉) and SK_SD = h(DID_U||Y₄||Y₅||Y₉). So, the proposed protocol provides mutual authentication to all the participants in an efficient, effective manner, instilling confidence in its performance.

Integrity

The user sends {Y₁, Y₃} message to the gateway consisting of Y₁ = r₂.PK_U and Y₂ = r₂.s and Y₃ = h(S||Y₁||Y₂||V) in which r₂ is an arbitrarily large number, PK_U is the public key of the user, and s is the secret value. Upon reception of {Y₁, Y₃} message, the gateway first checks the ECC-key Y₂^*=s.Y₁ = r₂.(s. PK_U) and then decrypts the dynamic identity of user Dec_msk(DID_U) = (T||r₁) and computes S = T ⊕ Q, Y₃^*=h(S||Y₁||Y₂||V), confirms Y₃^*=Y₃ to check the integrity of the message sent by the user; if it is held, then the integrity is maintained otherwise the text a modification is done by someone, the system discarded and stop the whole process.

Non-repudiations

The messages sent to and from the user, i.e., {Y₁₂, Y₁₃, Y₁₄, Y₁₅} and {Y₁₀, Y₁₁} usually contains Y₆ = Y₄ ⊕ h(DID_U||V), Y₇ = Y₄ ⊕ Y₅, Y₈ = h(DID_U||V^*||T^*||Y₄||Y₅), Y₁₂ = r₃ ⊕ S^*, Y₁₃ = Y₂ ⊕ Y₅, Y₁₄ = Y₅ ⊕ Y₉, and Y₁₅ = h(SK_GW||r₃||Y₂) that further includes the private key s of the gateway that can associated with the PK_U and PK_GW, so that it cannot repudiate from their own generated message. Therefore, a non-repudiation security feature exists in the proposed protocol, ensuring accountability and trust in the system.

Insider threat

Suppose an adversary enters the gateway or user data unit and desires to find something useful for later launching another attack. In the proposed protocol, the user memory consisted of {T, PK_GW, U} credentials, made from complex computation T = S ⊕ Q, whereas S = h(msk||IDU), and Q = h(P||ϑ) which an adversary cannot reach out these parameters. The memory of the gateway consisted of {S, DID_U}, with dynamic user identities that change for different sessions, making it impossible for the adversary to recognize them. The memory of sensing devices/IIoT contains {X, V} parameters whereas V = h(msk||ID_SD), X = E_s(V), msk is the master secret key and V is encrypted through a public key, so again, the adversary cannot succeed. Therefore, an insider attack on the proposed security mechanism is not possible.

Man-in-the-middle attack

Suppose the adversary captures the message {Y₁, Y₃} transmitted publically between the user and gateway and tries to identify useful credentials from the message, Y₁ = r₂.PK_U and Y₃ = h(S||Y₁||Y₂||V), nothing is open; all the credentials are concealed in the first message, so they fail for such an illegal attempt. If the adversary went for the second message {Y₆, Y₇, Y₈}, which is transmitted between gateway and IIoT, this message consisted of Y₆ = Y₄ ⊕ h(DID_U||V), Y₇ = Y₄ ⊕ Y₅, and Y₈ = h(DID_U||V^*||T^*||Y₄||Y₅) whereas Y₄ = r₃.PK_GW and Y₅ = Y₄.r₃, again every credential is communicated very secretly, so the adversary definitely fails in such an attempt. For the reaming two messages, i.e., {Y₁₀, Y₁₁}, Y₁₀ = Y₉ ⊕ Y₅, Y₁₁ = h(V^*||T^*||SK_SD||Y₅), whereas Y₉ = r₄.Y₅ and Y₅ = Y₄.r₃, so the third message and last message {Y₁₂, Y₁₃, Y₁₄, Y₁₅}, which is Y₁₂ = r₃ ⊕ S^*, Y₁₃ = Y₂ ⊕ Y₅, Y₁₄ = Y₅ ⊕ Y₉, Y₁₅ = h(SK_GW||r₃||Y₂) whereas Y₁₁^*= h(V^*||T^*||SK_GW||Y₅) adversary will never succeeded. Therefore, MITM is not possible on the proposed protocol.

DoS (denial-of-servic) attack

Suppose the adversary tries to deny the devices, they will have to pass from R^*? = R whereas R^*=h(h(ê||PW_U)||ϑ^*||ID_U) in the first phase, decrypt (DID_U) = (T||r₁) in the second step, confirmed Y₈^*? = Y₈ whereas Y₈^*= h(DID_U||V^*||T^*||Y₄||Y₅) in the 3^rd step, verifies Y₁₁^*? = Y₁₁ whereas Y₁₁ = h(V^*||T^*||SK_SD||Y₅) in the 4^th step, and passes Y₁₅^*? = Y₁₅ whereas Y₁₅^*= h(SK_U||r₃||Y₂) in the last step which is of course impossible. Therefore, the adversary cannot launch a DoS attack on the proposed protocol, ensuring the unbreakable nature of our security system.

Formal validation through AVISAP

The proposed protocol was validated using Automated Validation of Internet Security Protocols and Applications (AVISPA) [51]. This semi-automated validation tool allows for verification of authentication methods’ security robustness by examining the confidentiality of important parameters and their susceptibility to hackers. The message exchange of the protocol is meticulously converted to HLPSL (high-level protocol specification language) code. In this process, each entity is defined as a role-playing communication agent, and every object has a specified role that includes every parameter that is sent and received in messages (States). Throughout the code execution process, any parameters that need to be kept private are signaled and monitored. The protocol is deemed secure (SAFE) and there is not a single secret value that outsiders might compromise, as shown in Fig 3.

Download:

Fig 3. Formal Security Validation using AVISPA.

https://doi.org/10.1371/journal.pone.0318064.g003

ProVerif simulation

This simulation [52] is used to check the correctness of the proposed protocol. It also demonstrated whether the protocol is safe against a man-in-the-middle attack. The result generated below shows that confidentiality, authorization, and integrity are verified, and the attacker is completely unable to forge the secret transmitted over a public network channel. The reachability of the secret session key is authenticated, ensuring the audience’s sense of security as shown in Fig 4.

Download:

Fig 4. ProVerif Simulation Result.

https://doi.org/10.1371/journal.pone.0318064.g004

Performance evaluation

In this section of the article, we thoroughly measure the performance metrics by considering computational and communicational costs and storage overheads. These metrics are then compared with recent state-of-the-art schemes to check their effectiveness and efficiency. Our research process involves an implementation setup for calculating the execution time for different cryptographic operations utilized in the proposed ECC-based protocol. Three participating entities are involved in the proposed protocol, including user, gateway, and sensing/IIoT devices. We use a Samsung Galaxy A32 quad-core CPU, HP Laptop core i7, 5th generation of RAM 16 GM having installed Windows 8 Pro and an Arduino circuit/device, respectively. The Samsung A32 is considered for the user (U), HP Core i₇ Laptop for the gateway, and Arduino for sensing/IoT devices. It is worth noticing that the execution time for XOR and concatenation functions is too small, negligible, and considered zero. Similarly, according to [55], the encryption/decryption function occupies 256-bit space of the communication line, a hash image is 256 bits, XOR is 160 bits, the ECC key is 160 bits, the identity is 64 bits, the password is 56 bits, and the random number is 60 bits. The thoroughness of our research is evident in the detailed results shown in Table 3 below:

Download:

Phase 3. Authentication Phase.

Download:

Table 3. Cryptographic Operations Execution Time in Milliseconds.

https://doi.org/10.1371/journal.pone.0318064.t003

Computational cost

There are three main types of participants involved in the proposed protocol: user (U), gateway (GW), and sensing/IIoT device (SD). In the mutual authentication phase, the user (U) side computes eight (8) times the hash cryptographic function, three (03) times ECC point multiplication, and one (01) time encryption function like 8T_H + 3T_X + 1T_E. Now, by putting the values recorded for different cryptographic operations from Table 3, we get 8(0.980) + 3(0.405) + 1(0.830) = 7.84 + 1.215 + 0.83 = 9.885 ms. The gateway side computes eight (08) times the hash function, four (04) times ECC point multiplication function, and one (01) time decryption function like 8T_H + 4T_X + 1T_D. Now, by putting the recorded values for different cryptographic operations from Table 3, we get 8(0.885) + 4 (0.420) + 1(0.945) = 7. 08 + 1.68 + 0.945 = 9.705 ms. Finally, the sensing device (SD) computes five (05) times the hash function, one (01) time the ECC point multiplication, and no encryption/decryption like 5T_H + 1T_X + 0T_E/D. Now, by putting values from Table 3, we get 5(2.11) + 1(1.320) + 0(1.875) = 10.55 + 1.320 + 0 = 11.87 ms. The cumulative computation cost of the proposed protocol is 9.885 + 9.705 + 11.87 = 31.46 ms, which is a key metric for evaluating the efficiency of the protocol, as depicted in Table 4.

Download:

Table 4. Computation cost of the proposed protocol.

https://doi.org/10.1371/journal.pone.0318064.t004

Communication cost

The first message communicated from the user towards the gateway is {Y₁, Y₃}, whereas Y₁ = r₂.PK_U and Y₃ = h(S||Y₁||Y₂||V) in which Y₁ is the ECC key of 160-bit size, and Y₃ is a hash image of 256-bit space, so the cost of the first transmitted message is 160 + 256 = 416 bits. Now, the gateway communicated {Y₆, Y₇, Y₈} message towards the sensing/IIoT device in which Y₆ = Y₄ ⊕ h(DID_U||V), Y₇ = Y₄ ⊕ Y₅, Y₈ = h(DID_U||V^*||T^*||Y₄||Y₅) in which Y₆ and Y₇ are 160 bits each, Y₈ is 256 bits, the total cost of the second message is 160 + 160 + 256 = 576 bits. The third message transmitted between sensing device and gateway is {Y₁₀, Y₁₁} in which Y₁₀ = Y₉ ⊕ Y₅ is 160 bits and Y₁₁ = h(V^*||T^*||SK_SD||Y₅) is 256 bits of total 160 + 256 = 416 bits. The last transmitted message is {Y₁₂, Y₁₃, Y₁₄, Y₁₅} containing Y₁₂ = r₃ ⊕ S^*, Y₁₃ = Y₂ ⊕ Y₅, Y₁₄ = Y₅ ⊕ Y₉ and Y₁₅ = h(SK_GW||r₃||Y₂) of cost 160 + 160 + 160 + 256 = 736. Keeping in view the cost for each transmitted message above, the commutative communicational cost of the proposed protocol is 416 + 576 + 416 + 736 = 2144 bits as depicted in Table 5.

Download:

Table 5. Communication Cost of The Proposed Protocol.

https://doi.org/10.1371/journal.pone.0318064.t005

Storage overheads

Upon registering a user with the gateway, the user ID_U, PWU, BU and generates ê; computes Gen (B_U) = (ú, ϑ), whereas ú and ϑ are variables, P = h(ê||PW_U), Q = h(P||ϑ), R = h(P||ϑ||ID_U) and sends {ID_U, Q} to the gateway. The gateway computes S = h(msk||ID_U) and T = S ⊕ Q. The gateway chooses r₁ and calculates U = h(r₁), encrypts ID_U||r₁, and makes the private credentials of dynamic identity DID_U in which the gateway stores {S, DID_U} and user stores {T, PK_GW, U} credentials. Now, keeping in view the values of each parameter, the memory space occupied by S is 256 bits, and DID_U is 64 bits, so the total storage occupied on the gateway side is 320 bits. The user side stored {T, PK_GW, U} credentials in which T = S ⊕ Q is 160 bits, PK_GW is ECC-key of size is 160 bits, and U = h(r₁) is hash code of size 256 bits, so the total space reserved at user side is 160 + 160 + 256 = 576 bits. Similarly, when the sensing/IIoT device is registered with the gateway, the sensing device identity ID_SD when transmitted towards the gateway computes V = h(msk||ID_SD), W = h(V||s), X = E_s(V), and stores {V, X, ID_SD} credentials in which W and V are hash codes of size 256 bits each and X is encryption function of size 192 bits; the total space reserved at gateway side is 256 + 256 + 192 = 704 bits at device side 192 + 256 = 448 bits. The credentials stored in the memory of the gateway occupy 320 + 704 = 1024, the user 576 bits, and the device 448 bits. So the commutative storage overheads of the proposed protocol are 1024 + 576 + 448 = 2048 bits, as depicted in Table 6.

Download:

Table 6. Storage overhead of the proposed protocol.

https://doi.org/10.1371/journal.pone.0318064.t006

The communication, computation and storage costs analysis is diagrammatically represented in Fig 5.

Download:

Fig 5. Computation, Computation and Storage Costs Analysis a diagrammatic Representation.

https://doi.org/10.1371/journal.pone.0318064.g005

Comparative analysis

This is a crucial step in our comprehensive evaluation process, which aims to determine whether the proposed protocol is superior and more robust than the prior works. We will conduct a thorough comparison of the proposed protocol’s security and performance, ensuring that our security measures are well-designed, scalable, and reliable.

Performance comparison

By comparing the proposed protocol, which is designed to optimize communication and computation costs, with existing protocols. The result depicted in Table 7 demonstrated that the communication cost of Challa et al. [56] is 2720, which is higher than the proposed protocol, indicating that our scheme is 21.17% better than Challa et al. [56]. The protocol presented by Rangwani et al. [57] has a communication cost of 3648 bits, which is significantly higher compared to our scheme. The proposed protocol is 41.22% better than Rangwani et al. [57]. The scheme designed by Zhao et al. [58] for IIoT has a communication cost of 4416 bits, which is also significantly higher compared to the proposed scheme. The proposed scheme is 51.44% better than Zhao et al. [58]. The communication cost of Guo et al. [59] is 3296 bits, higher than the proposed protocol. The improvement in communication cost against Guo et al. [59] is 34.95%. The protocol developed by Tanveer et al. [60] has 2112 bits communication costs, which is slightly better than the proposed protocol. No significant improvement in communication costs has been noted against Tanveer et al. [53]. The communication cost of Xu et al. [61] is 3104 bits higher than our scheme. The proposed protocol is 30.92% better than Xu et al. [61]. The communication cost noted by Sutrala et al. [55] is 3200 bits, also higher than the proposed protocol. Our scheme is 33% better than the scheme presented by Sutrala et al. [62]. Therefore, overall, the proposed protocol, with its focus on optimizing communication cost is better compared to Challa et al. [56], Rangwani et al. [57], Zhao et al. [58], Guo et al. [59], Xu et al. [60], and Sutrala et al. [61] except Tanveer et al. [62] which is slightly better than our scheme, as shown in Table 7.

Download:

Table 7. Comparative analysis in terms of performance metrics.

https://doi.org/10.1371/journal.pone.0318064.t007

Similarly, the proposed protocol is meticulously designed to optimize computation cost with existing protocols. The result depicted in Table 7 demonstrated that the computation cost of Challa et al. [56] is 60.8 ms, which is higher than the proposed protocol, indicating that our scheme is 48.25% better than Challa et al. [56]. The protocol presented by Rangwani et al. [57] has a computation cost of 36.08 ms, which is significantly higher compared to our scheme. The proposed protocol is 12.80% better than Rangwani et al. [57]. The scheme designed by Zhao et al. [58] for IIoT has a computation cost of 387.8 ms, which is also significantly higher compared to the proposed scheme. The proposed scheme is 91.88% better than Zhao et al. [58]. The computation cost of Guo et al. [59] is 70.4 ms, higher than the proposed protocol. The improvement in computation cost against Guo et al. [59] is 55.31%. The protocol developed by Tanveer et al. [60] has 38.75 ms of computation cost higher than the proposed protocol, and our scheme is 18.81% better than Tanveer et al. [60]. The communication cost of Xu et al. [61] is 70.63 ms higher than our scheme. The proposed protocol is 55.51% better than Xu et al. [61]. The computation cost noted by Sutrala et al. [62] is 103.33 ms, which is also higher than the proposed protocol. Our scheme is 69.55% better than the scheme presented by Sutrala et al. [62]. Therefore, overall, the proposed protocol, with its meticulous design and focus on optimizing computation cost, is better compared to Challa et al. [56], Rangwani et al. [57], Zhao et al. [58], Guo et al. [59], Xu et al. [61], Sutrala et al. [56] and Tanveer et al. [60], plotted diagrammatically in Fig 6.

Download:

Fig 6. Comparative Analysis of the Proposed Protocol with State of the Art Works.

https://doi.org/10.1371/journal.pone.0318064.g006

Security comparison

Suppose all the schemes for IIoT can be checked for DoS attacks, Device Hacking, Man-in-the-middle Attacks, Password guessing attacks, Impersonation attacks, Replay attacks, Inside attacks, Data tempering, Data and identity theft, Supply Chain attacks, Anonymity, Forward Secrecy, Backward Secrecy, and Mutual Authentication. Then, the result depicted in Table 8 demonstrated that [56] doesn’t impersonate, resist insider attacks and lack perfect backward secrecy. The protocol presented in [57] is weak against MITM, DoS and replay attacks and lacks anonymity and mutual authentication. The scheme [58] is not withstanding supply-chain attack and cannot offer perfect forward secrecy. [59] is weaker against impersonation and identity theft and cannot deliver mutual authentication. [60] is suffering from data tempering and supply-chain attacks, and backward secrecy is not being offered. [61] is not safe against both identity and data theft and lack of anonymity issues, while [62] is vulnerable to DoS, replay and impersonation attacks and doesn’t offer forward secrecy. However, the proposed scheme, having been thoroughly evaluated against all known attacks and offering all security functionalities, is the most reliable option. Therefore, overall, the proposed protocol is much safer than all its competitors.

Download:

Table 8. Comparative analysis security functionalities.

https://doi.org/10.1371/journal.pone.0318064.t008

Round trip time (RTT)

The time required to complete one complete run of the protocol for computing the shared session secret key is round trip time (RTT). So far, in the proposed protocol, the total number of hash operations on the user side is 7T_H, the number of ECC multiplication functions on the user side is 3T_X, and the total number of encryption/decryption functions on the user side is T_E/D are 0T_E/D, so the time computation time complexity of user is 7T_H + 3T_X + 0T_E/D. By putting the values from the experiment conducted and recorded, the values in Table 3 are 7(0.980) + 3(0.405) + 0 = 6.86 + 1.215 = 8.08 ms. Now, the total number of hash operations on theon the gateway side is 8T_H, the total number of ECC point multiplication operations on the gateway side is 5T_X and the total number of encryption/decryption functions on the gateway side is 1T_E/D. So, the total computation time on gateway side is 6T_H + 5T_X + 1T_E/D; by putting the values from Table 3, 6 (0.885) + 5 (0.420) + 1 (0.945) = 5.31 + 2.1 + 0.945 = 8.36 ms. Finally, the total number of hash operations on the IIoT/sensing device side is 5T_H, the total number of ECC multiplication operations on the IIoT/sensing device side is 1T_X, and the total number of encryption/decryption functions on the IIoT/sensing device side is 0T_E/D. So the total cost is 5T_H + 1T_X + 0T_E/D; by putting values from Table 3, 5 (2.11) + 1 (1.320) + 0 = 10.55 + 1.320 = 11.88 ms. By summing the computation time of the user, gateway and IIoT/sensing device, i.e., = 8.08 + 8.36 + 11.88 = 28.32 ms. Therefore, the complete round trip time of the proposed protocol is 28.32 ms, as depicted in Table 9 and plotted in Fig 7.

Download:

Table 9. Round Trip Time in Milliseconds.

https://doi.org/10.1371/journal.pone.0318064.t009

Download:

Fig 7. Round Trip Time (RTT) of the Proposed Protocol.

https://doi.org/10.1371/journal.pone.0318064.g007

Conclusion

In this paper, we have designed an ECC-based authentication protocol for the application of IIoT. We have one-way hash cryptographic (SHA2 or SHA256) for the newly designed scheme, which is the alternate version of the SHA1 with the same security hardiness and collision-free services. We have provided the discussion in the security analysis phase on how the proposed scheme is protected from Type 1 and Type 2 attackers. Also, the formal validation through AVISAP and ProVerif demonstrated the robustness of the proposed ECC-based scheme. Keeping in view the computational cost, communicational cost, storage overheads, and comparative analysis, the proposed scheme utilizes less CPU processing time and a lower amount of bits to be transmitted compared to nearly publish-related schemes. The proposed protocol improved 51.44% in communicational costs and 91.55% in computational cost, which validated that this scheme is feasible for practical implementation in the Industrial Internet of Things (IIoT) application. In the future, the Quantum Key Derivation (QKD) technique will be the linchpin of secure ECC key generation. This technique will enable secure communication among the participating entities through the QKD Network. The proposed protocol, fortified by QKD, is a crucial defense against quantum adversaries, especially in the new era of quantum computing, including machine learning and advanced AI attacks.

Supporting Information

S1 File 1. AVISPA Simulation Code.

https://doi.org/10.1371/journal.pone.0318064.s001

(PDF)

S2 File 2. ProVerif Simulation Code.

https://doi.org/10.1371/journal.pone.0318064.s002

(TXT)

Acknowledgment

The authors extend their appreciation to the Deputyship for Research & Innovation, Ministry of Education in Saudi Arabia for funding this research work through the project number MoE-IF-UJ-R2-22-1247-1.

References

1. Nalbant KG, Almutairi S, Alshehri AH, Kemal H, Alsuhibany SA, Choi BJ. An efficient algorithm for data transmission certainty in IIoT sensing network: a priority-based approach. PLoS One. 2024;19(7):e0305092. pmid:39018273
- View Article
- PubMed/NCBI
- Google Scholar
2. Zhou X, Qian L, Aziz H, White M. A model study of teaching method reform of computer laboratory course integrating internet of things technology. PLoS One. 2024;19(4):e0298534. pmid:38635843
- View Article
- PubMed/NCBI
- Google Scholar
3. Feng Y. Inducement factor of talent agglomeration in the manufacturing industrial sector: a survey on the readiness of Industry 4.0 adoption. PLoS One. 2023;18(10):e0263783. pmid:37796815
- View Article
- PubMed/NCBI
- Google Scholar
4. Umran SM, Lu S, Abduljabbar ZA, Zhu J, Wu J. Secure data of industrial internet of things in a cement factory based on a blockchain technology. Appl Sci. 2021 Jul 9;11(14):6376.
- View Article
- Google Scholar
5. Al-Hawawreh M, Hossain MS. Digital twin-driven secured edge-private cloud industrial Internet of Things (IIoT) framework. J Netw Comput Appl. 2024 Jun 1;226:103888.
- View Article
- Google Scholar
6. Ullah I, Khan MA, Alsharif MH, Nordin R. An anonymous certificateless signcryption scheme for secure and efficient deployment of internet of vehicles. Sustainability. 2021 Sep 30;13(19):10891.
- View Article
- Google Scholar
7. Nagarajan SM, Devarajan GG, Mohammed AS, Ramana TV, Ghosh U. Intelligent task scheduling approach for IoT integrated healthcare cyber physical systems. IEEE Trans Netw Sci Eng. 2022 Nov 25;10(5):2429–38.
- View Article
- Google Scholar
8. Qiao D, Li M, Guo S, Zhao J, Xiao B. Resources-efficient adaptive federated learning for digital twin-enabled IIoT. IEEE Trans Netw Sci Eng. 2024 Apr 3.
- View Article
- Google Scholar
9. Ming Y, Yu X, Shen X. Efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare internet of things. IEEE Access. 2020 Aug 21;8:153561–76.
- View Article
- Google Scholar
10. Wang C, Zhou T, Ma M, Xiong Y, Zhang X, Liu C. An efficient certificateless blockchain-enabled authentication scheme to secure producer mobility in named data networks. J Netw Comput Appl. 2024 Dec 1;232:104007.
- View Article
- Google Scholar
11. Bos JW, Halderman JA, Heninger N, Moore J, Naehrig M, Wustrow E. Elliptic curve cryptography in practice. In: Financial Cryptography and Data Security: 18th International Conference, FC 2014, Christ Church, Barbados, March 3–7, 2014, Revised Selected Papers 18. Springer Berlin Heidelberg. 2014, pp. 157–75.
12. Milanov E. The RSA algorithm. RSA laboratories. 2009 Jun 3, p. 1–1.
13. Dolev D, Yao A. On the security of public key protocols. IEEE Trans Inform Theory. 1983 Mar;29(2):198–208.
- View Article
- Google Scholar
14. Jan SU, Qayum F, Khan HU. Design and analysis of lightweight authentication protocol for securing IoD. IEEE Access. 2021 Apr 29;9:69287–306.
- View Article
- Google Scholar
15. Garg S, Kaur K, Kaddoum G, Choo KK. Toward secure and provable authentication for Internet of Things: realizing industry 4.0. IEEE Internet Things J. 2019 Sep 18;7(5):4598–606.
- View Article
- Google Scholar
16. Dahlmanns M, Wehrle K. Protocol Security in the Industrial Internet of Things. In: NOMS 2024-2024 IEEE Network Operations and Management Symposium. 2024 May 6. IEEE, pp. 1–4.
17. Zhou X, He D, Ning J, Luo M, Huang X. Single-server public-key authenticated encryption with keyword search and its application in IIoT. IEEE Trans Netw Sci Eng. 2023.
- View Article
- Google Scholar
18. Singh J, Gimekar A, Venkatesan S. An efficient lightweight authentication scheme for human‐centered industrial Internet of Things. Int J Commun Syst. 2023 Aug;36(12):e4189.
- View Article
- Google Scholar
19. Das AK, Wazid M, Kumar N, Vasilakos AV, Rodrigues JJ. Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial Internet of Things deployment. IEEE Internet Things J. 2018 Oct 24;5(6):4900–13.
- View Article
- Google Scholar
20. Hu H, Liao L, Zhao J. Secure authentication and key agreement protocol for cloud-assisted industrial internet of things. Electronics. 2022 May 22;11(10):1652.
- View Article
- Google Scholar
21. Fan Q, Chen J, Shojafar M, Kumari S, He D. Sake: a symmetric authenticated key exchange protocol with perfect forward secrecy for industrial Internet of Things. IEEE Trans Ind Inform. 2022 Jan 25;18(9):6424–34.
- View Article
- Google Scholar
22. Hasan M, Weichen Z, Safie N, Ahmed F, Ghazal T. A survey on key agreement and authentication protocol for Internet of Things application. IEEE Access. 2024 .
- View Article
- Google Scholar
23. Li X, Niu J, Bhuiyan M, Wu F, Karuppiah M, Kumari S. A robust ECC-based provable secure authentication protocol with privacy preserving for industrial Internet of Things. IEEE Trans Ind Inform. 2017 Nov 15;14(8):3599–609.
- View Article
- Google Scholar
24. Li X, Peng J, Niu J, Wu F, Liao J, Choo KK. A robust and energy efficient authentication protocol for industrial internet of things. IEEE Internet Things J. 2017;5(3):1606–15.
- View Article
- Google Scholar
25. Li W, Wang P. Two-factor authentication in industrial Internet-of-Things: attacks, evaluation and new construction. Fut Gen Comput Syst. 2019 Dec 1;101: 694–708.
- View Article
- Google Scholar
26. Karati A, Islam SH, Karuppiah M. Provably secure and lightweight certificateless signature scheme for IIoT environments. IEEE Trans Ind Inf. 2018 Jan 18;14(8):3701–11.
- View Article
- Google Scholar
27. Zhang B, Zhu T, Hu C, Zhao C. Cryptanalysis of a lightweight certificateless signature scheme for IIOT environments. IEEE Access. 2018 Nov 27;6:73885–94.
- View Article
- Google Scholar
28. Zhang Y, Deng RH, Zheng D, Li J, Wu P, Cao J. Efficient and Robust certificateless signature for data crowdsensing in cloud-assisted industrial IoT. IEEE Trans Ind Inf. 2019 Jan 18;15(9):5099–108.
- View Article
- Google Scholar
29. Xiong H, Mei Q, Zhao Y. Efficient and provably secure certificateless parallel key-insulated signature without pairing for IIoT environments. IEEE Syst J. 2019 Jan 10;14(1):310–20.
- View Article
- Google Scholar
30. Rezaeibagha F, Mu Y, Huang X, Yang W, Huang K. Fully secure lightweight certificateless signature scheme for IIoT. IEEE Access. 2019 Sep 30;7:144433–43.
- View Article
- Google Scholar
31. Muhammad A, Amin N, Ullah I, Alsanad A, Hussain S, Al-Hadhrami S, et al. An efficient scheme for industrial internet of things using certificateless signature. Math Probl Eng. 2021;2021(1):9960264.
- View Article
- Google Scholar
32. Verma GK, Singh BB, Kumar N, Chamola V. CB-CAS: certificate-based efficient signature scheme with compact aggregation for industrial Internet of Things environment. IEEE Internet Things J. 2019 Oct 1;7(4):2563–72.
- View Article
- Google Scholar
33. Hou Y, Xiong H, Huang X, Kumari S. Certificate-based parallel key-insulated aggregate signature against fully chosen key attacks for industrial Internet of Things. IEEE Internet Things J. 2021 Feb 2;8(11):8935–48.
- View Article
- Google Scholar
34. Hwang YW, Lee Y. A Lightweight certificate-based aggregate signature scheme providing key insulation. computers, Mater Contin. 2021 Nov 1;69(2).
- View Article
- Google Scholar
35. Zhou C, Zhao Z, Zhou W, Mei Y. Certificateless key‐insulated generalized signcryption scheme without bilinear pairings. Sec Commun Netw. 2017;2017(1):8405879.
- View Article
- Google Scholar
36. Tanveer M, Chelloug SA, Ahmad M, Abd El-Latif AA. LEAF-IIoT: lightweight and efficient authentication framework for the industrial internet of things. IEEE Access. 2024 Jan 22.
- View Article
- Google Scholar
37. Zhao M, Shi C, Yuan Y. Blockchain-based lightweight authentication mechanisms for industrial internet of things and information systems. Int J Semantic Web Inform Syst (IJSWIS). 2024 Jan 1;20(1):1–30.
- View Article
- Google Scholar
38. Han Y, Guo H, Liu J, Ehui BB, Wu Y, Li S. An enhanced multi-factor authentication and key agreement protocol in Industrial Internet of Things. IEEE Internet Things J. 2024 Feb 12.
- View Article
- Google Scholar
39. Meng R, Xu X, Sun H, Zhao H, Wang B, Han S, et al. Multiuser physical-layer authentication based on latent perturbed neural networks for industrial internet of things. IEEE Internet Things J. 2022 Sep 1;10(1):637–52.
- View Article
- Google Scholar
40. Zhang Q, Wu J, Zhong H, He D, Cui J. Efficient anonymous authentication based on physically unclonable function in industrial Internet of Things. IEEE Trans Inform Foren Sec. 2022 Oct 31;18:233–47.
- View Article
- Google Scholar
41. Xu H, Hsu C, Harn L, Cui J, Zhao Z, Zhang Z. Three-Factor anonymous authentication and key agreement based on fuzzy biological extraction for industrial internet of things. IEEE Trans Serv Comput. 2023 Mar 16;16(4):3000–13.
- View Article
- Google Scholar
42. Mahmood K, Saleem M, Ghaffar Z, Shamshad S, Das A, Alenazi M. Robust and efficient three-factor authentication solution for WSN-based industrial IoT deployment. Internet of Things. 2024 Dec 1;28:101372.
- View Article
- Google Scholar
43. Zhong H, Gu C, Zhang Q, Cui J, Gu C, He D. Conditional privacy-preserving message authentication scheme for cross-domain Industrial Internet of Things. Ad Hoc Networks. 2023;144:103137.
- View Article
- Google Scholar
44. Sharma PC, Mahmood MR, Raja H, Yadav NS, Gupta BB, Arya V. Secure authentication and privacy-preserving blockchain for industrial internet of things. Comput Electrl Eng. 2023 May 1;108:108703.
- View Article
- Google Scholar
45. Tanveer M, Shah H, Alkhayyat A, Chaudhry SA, Ahmad M. ARAP-SG: anonymous and reliable authentication protocol for smart grids. IEEE Access. 2021 Oct 18;9:143366–77.
- View Article
- Google Scholar
46. Tanveer M, Nguyen TN, Ahmad M, Abd El-Latif AA. Towards a secure and computational framework for internet of drones enabled aerial computing. IEEE Trans Netw Sci Eng. 2022 Feb 15;10(5):3058–70.
- View Article
- Google Scholar
47. Tanveer M, Ahmad M, Nguyen TN, Abd El-Latif AA. Resource-efficient authenticated data sharing mechanism for smart wearable systems. IEEE Trans Netw Sci Eng. 2022 Sep 5;10(5):2525–36.
- View Article
- Google Scholar
48. Tanveer M, Ahmad M, Khalifa HS, Alkhayyat A, El-Latif AAA. A new anonymous authentication framework for secure smart grids applications. J Inform Sec Appl. 2022 Dec 1;71:103336.
- View Article
- Google Scholar
49. Bolignano D. An approach to the formal verification of cryptographic protocols. In: Proceedings of the 3rd ACM Conference on Computer and Communications Security. 1996 Jan 1, pp. 106–18.
50. Avalle M, Pironti A, Sisto R. Formal verification of security protocol implementations: a survey. Form Asp Comput. 2014 Jan;26(1):99–123.
- View Article
- Google Scholar
51. Vigano L. Automated security protocol analysis with the AVISPA tool. Electron Notes Theor Comput Sci. 2006 May 12;155:61–86.
- View Article
- Google Scholar
52. Blanchet B, Smyth B, Cheval V, Sylvestre M. ProVerif 2.00: automatic cryptographic protocol verifier, user manual and tutorial. 2018 May 16.
53. Debbabi M, Mejri M. Towards the correctness of security protocols. Electron Notes Theorl Comput Sci. 2003;83:55–98.
- View Article
- Google Scholar
54. Paulson LC. Proving properties of security protocols by induction. In: Proceedings of the 10th Computer Security Foundations Workshop, IEEE. 1997 Jun 10, pp.70–83.
55. Kilinc HH, Yanik T. A survey of SIP authentication and key agreement schemes. IEEE Commun Surv Tutor. 2013 Oct 23;16(2):1005–23.
- View Article
- Google Scholar
56. Challa S, Wazid M, Das AK, Kumar N, Reddy AG, Yoon EJ, Yoo KY. Secure signature-based authenticated key establishment scheme for future IoT applications. IEEE Access. 2017;1;5:3028–43.
- View Article
- Google Scholar
57. Rangwani D, Sadhukhan D, Ray S, Khan MK, Dasgupta M. A robust provable-secure privacy-preserving authentication protocol for Industrial Internet of Things. Peer-to-Peer Netw Appl. 2021 May;14(3):1548–71.
- View Article
- Google Scholar
58. Zhao X, Li D, Li H. Practical three-factor authentication protocol based on elliptic curve cryptography for industrial internet of things. Sensors. 2022 Oct 3;22(19):7510.
- View Article
- Google Scholar
59. Guo Y, Guo Y, Xiong P, Yang F, Zhang C. A provably secure and practical end-to-end authentication scheme for tactile Industrial Internet of Things. Pervasive Mobile Comput. 2024 Feb 1;98:101877.
- View Article
- Google Scholar
60. Tanveer M, Badshah A, Alasmary H, Chaudhry SA. CMAF-IIoT: Chaotic map-based authentication framework for Industrial Internet of Things. Internet Things. 2023;23:100902.
- View Article
- Google Scholar
61. Xu H, Hsu C, Harn L, Cui J, Zhao Z, Zhang Z. Three-factor anonymous authentication and key agreement based on fuzzy biological extraction for industrial internet of things. IEEE Trans Serv Comput. 2023 ;16(4):3000–13.
- View Article
- Google Scholar
62. Sutrala AK, Obaidat MS, Saha S, Das AK, Alazab M, Park Y. Authenticated key agreement scheme with user anonymity and untraceability for 5G-enabled softwarized industrial cyber-physical systems. IEEE Trans Intellt Transp Syst. 2021;23(3):2316–30.
- View Article
- Google Scholar

[ref1] 1. Nalbant KG, Almutairi S, Alshehri AH, Kemal H, Alsuhibany SA, Choi BJ. An efficient algorithm for data transmission certainty in IIoT sensing network: a priority-based approach. PLoS One. 2024;19(7):e0305092. pmid:39018273
View Article
PubMed/NCBI
Google Scholar

[2] View Article

[3] PubMed/NCBI

[4] Google Scholar

[ref2] 2. Zhou X, Qian L, Aziz H, White M. A model study of teaching method reform of computer laboratory course integrating internet of things technology. PLoS One. 2024;19(4):e0298534. pmid:38635843
View Article
PubMed/NCBI
Google Scholar

[6] View Article

[7] PubMed/NCBI

[8] Google Scholar

[ref3] 3. Feng Y. Inducement factor of talent agglomeration in the manufacturing industrial sector: a survey on the readiness of Industry 4.0 adoption. PLoS One. 2023;18(10):e0263783. pmid:37796815
View Article
PubMed/NCBI
Google Scholar

[10] View Article

[11] PubMed/NCBI

[12] Google Scholar

[ref4] 4. Umran SM, Lu S, Abduljabbar ZA, Zhu J, Wu J. Secure data of industrial internet of things in a cement factory based on a blockchain technology. Appl Sci. 2021 Jul 9;11(14):6376.
View Article
Google Scholar

[14] View Article

[15] Google Scholar

[ref5] 5. Al-Hawawreh M, Hossain MS. Digital twin-driven secured edge-private cloud industrial Internet of Things (IIoT) framework. J Netw Comput Appl. 2024 Jun 1;226:103888.
View Article
Google Scholar

[17] View Article

[18] Google Scholar

[ref6] 6. Ullah I, Khan MA, Alsharif MH, Nordin R. An anonymous certificateless signcryption scheme for secure and efficient deployment of internet of vehicles. Sustainability. 2021 Sep 30;13(19):10891.
View Article
Google Scholar

[20] View Article

[21] Google Scholar

[ref7] 7. Nagarajan SM, Devarajan GG, Mohammed AS, Ramana TV, Ghosh U. Intelligent task scheduling approach for IoT integrated healthcare cyber physical systems. IEEE Trans Netw Sci Eng. 2022 Nov 25;10(5):2429–38.
View Article
Google Scholar

[23] View Article

[24] Google Scholar

[ref8] 8. Qiao D, Li M, Guo S, Zhao J, Xiao B. Resources-efficient adaptive federated learning for digital twin-enabled IIoT. IEEE Trans Netw Sci Eng. 2024 Apr 3.
View Article
Google Scholar

[26] View Article

[27] Google Scholar

[ref9] 9. Ming Y, Yu X, Shen X. Efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare internet of things. IEEE Access. 2020 Aug 21;8:153561–76.
View Article
Google Scholar

[29] View Article

[30] Google Scholar

[ref10] 10. Wang C, Zhou T, Ma M, Xiong Y, Zhang X, Liu C. An efficient certificateless blockchain-enabled authentication scheme to secure producer mobility in named data networks. J Netw Comput Appl. 2024 Dec 1;232:104007.
View Article
Google Scholar

[32] View Article

[33] Google Scholar

[ref11] 11. Bos JW, Halderman JA, Heninger N, Moore J, Naehrig M, Wustrow E. Elliptic curve cryptography in practice. In: Financial Cryptography and Data Security: 18th International Conference, FC 2014, Christ Church, Barbados, March 3–7, 2014, Revised Selected Papers 18. Springer Berlin Heidelberg. 2014, pp. 157–75.

[ref12] 12. Milanov E. The RSA algorithm. RSA laboratories. 2009 Jun 3, p. 1–1.

[ref13] 13. Dolev D, Yao A. On the security of public key protocols. IEEE Trans Inform Theory. 1983 Mar;29(2):198–208.
View Article
Google Scholar

[37] View Article

[38] Google Scholar

[ref14] 14. Jan SU, Qayum F, Khan HU. Design and analysis of lightweight authentication protocol for securing IoD. IEEE Access. 2021 Apr 29;9:69287–306.
View Article
Google Scholar

[40] View Article

[41] Google Scholar

[ref15] 15. Garg S, Kaur K, Kaddoum G, Choo KK. Toward secure and provable authentication for Internet of Things: realizing industry 4.0. IEEE Internet Things J. 2019 Sep 18;7(5):4598–606.
View Article
Google Scholar

[43] View Article

[44] Google Scholar

[ref16] 16. Dahlmanns M, Wehrle K. Protocol Security in the Industrial Internet of Things. In: NOMS 2024-2024 IEEE Network Operations and Management Symposium. 2024 May 6. IEEE, pp. 1–4.

[ref17] 17. Zhou X, He D, Ning J, Luo M, Huang X. Single-server public-key authenticated encryption with keyword search and its application in IIoT. IEEE Trans Netw Sci Eng. 2023.
View Article
Google Scholar

[47] View Article

[48] Google Scholar

[ref18] 18. Singh J, Gimekar A, Venkatesan S. An efficient lightweight authentication scheme for human‐centered industrial Internet of Things. Int J Commun Syst. 2023 Aug;36(12):e4189.
View Article
Google Scholar

[50] View Article

[51] Google Scholar

[ref19] 19. Das AK, Wazid M, Kumar N, Vasilakos AV, Rodrigues JJ. Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial Internet of Things deployment. IEEE Internet Things J. 2018 Oct 24;5(6):4900–13.
View Article
Google Scholar

[53] View Article

[54] Google Scholar

[ref20] 20. Hu H, Liao L, Zhao J. Secure authentication and key agreement protocol for cloud-assisted industrial internet of things. Electronics. 2022 May 22;11(10):1652.
View Article
Google Scholar

[56] View Article

[57] Google Scholar

[ref21] 21. Fan Q, Chen J, Shojafar M, Kumari S, He D. Sake: a symmetric authenticated key exchange protocol with perfect forward secrecy for industrial Internet of Things. IEEE Trans Ind Inform. 2022 Jan 25;18(9):6424–34.
View Article
Google Scholar

[59] View Article

[60] Google Scholar

[ref22] 22. Hasan M, Weichen Z, Safie N, Ahmed F, Ghazal T. A survey on key agreement and authentication protocol for Internet of Things application. IEEE Access. 2024 .
View Article
Google Scholar

[62] View Article

[63] Google Scholar

[ref23] 23. Li X, Niu J, Bhuiyan M, Wu F, Karuppiah M, Kumari S. A robust ECC-based provable secure authentication protocol with privacy preserving for industrial Internet of Things. IEEE Trans Ind Inform. 2017 Nov 15;14(8):3599–609.
View Article
Google Scholar

[65] View Article

[66] Google Scholar

[ref24] 24. Li X, Peng J, Niu J, Wu F, Liao J, Choo KK. A robust and energy efficient authentication protocol for industrial internet of things. IEEE Internet Things J. 2017;5(3):1606–15.
View Article
Google Scholar

[68] View Article

[69] Google Scholar

[ref25] 25. Li W, Wang P. Two-factor authentication in industrial Internet-of-Things: attacks, evaluation and new construction. Fut Gen Comput Syst. 2019 Dec 1;101: 694–708.
View Article
Google Scholar

[71] View Article

[72] Google Scholar

[ref26] 26. Karati A, Islam SH, Karuppiah M. Provably secure and lightweight certificateless signature scheme for IIoT environments. IEEE Trans Ind Inf. 2018 Jan 18;14(8):3701–11.
View Article
Google Scholar

[74] View Article

[75] Google Scholar

[ref27] 27. Zhang B, Zhu T, Hu C, Zhao C. Cryptanalysis of a lightweight certificateless signature scheme for IIOT environments. IEEE Access. 2018 Nov 27;6:73885–94.
View Article
Google Scholar

[77] View Article

[78] Google Scholar

[ref28] 28. Zhang Y, Deng RH, Zheng D, Li J, Wu P, Cao J. Efficient and Robust certificateless signature for data crowdsensing in cloud-assisted industrial IoT. IEEE Trans Ind Inf. 2019 Jan 18;15(9):5099–108.
View Article
Google Scholar

[80] View Article

[81] Google Scholar

[ref29] 29. Xiong H, Mei Q, Zhao Y. Efficient and provably secure certificateless parallel key-insulated signature without pairing for IIoT environments. IEEE Syst J. 2019 Jan 10;14(1):310–20.
View Article
Google Scholar

[83] View Article

[84] Google Scholar

[ref30] 30. Rezaeibagha F, Mu Y, Huang X, Yang W, Huang K. Fully secure lightweight certificateless signature scheme for IIoT. IEEE Access. 2019 Sep 30;7:144433–43.
View Article
Google Scholar

[86] View Article

[87] Google Scholar

[ref31] 31. Muhammad A, Amin N, Ullah I, Alsanad A, Hussain S, Al-Hadhrami S, et al. An efficient scheme for industrial internet of things using certificateless signature. Math Probl Eng. 2021;2021(1):9960264.
View Article
Google Scholar

[89] View Article

[90] Google Scholar

[ref32] 32. Verma GK, Singh BB, Kumar N, Chamola V. CB-CAS: certificate-based efficient signature scheme with compact aggregation for industrial Internet of Things environment. IEEE Internet Things J. 2019 Oct 1;7(4):2563–72.
View Article
Google Scholar

[92] View Article

[93] Google Scholar

[ref33] 33. Hou Y, Xiong H, Huang X, Kumari S. Certificate-based parallel key-insulated aggregate signature against fully chosen key attacks for industrial Internet of Things. IEEE Internet Things J. 2021 Feb 2;8(11):8935–48.
View Article
Google Scholar

[95] View Article

[96] Google Scholar

[ref34] 34. Hwang YW, Lee Y. A Lightweight certificate-based aggregate signature scheme providing key insulation. computers, Mater Contin. 2021 Nov 1;69(2).
View Article
Google Scholar

[98] View Article

[99] Google Scholar

[ref35] 35. Zhou C, Zhao Z, Zhou W, Mei Y. Certificateless key‐insulated generalized signcryption scheme without bilinear pairings. Sec Commun Netw. 2017;2017(1):8405879.
View Article
Google Scholar

[101] View Article

[102] Google Scholar

[ref36] 36. Tanveer M, Chelloug SA, Ahmad M, Abd El-Latif AA. LEAF-IIoT: lightweight and efficient authentication framework for the industrial internet of things. IEEE Access. 2024 Jan 22.
View Article
Google Scholar

[104] View Article

[105] Google Scholar

[ref37] 37. Zhao M, Shi C, Yuan Y. Blockchain-based lightweight authentication mechanisms for industrial internet of things and information systems. Int J Semantic Web Inform Syst (IJSWIS). 2024 Jan 1;20(1):1–30.
View Article
Google Scholar

[107] View Article

[108] Google Scholar

[ref38] 38. Han Y, Guo H, Liu J, Ehui BB, Wu Y, Li S. An enhanced multi-factor authentication and key agreement protocol in Industrial Internet of Things. IEEE Internet Things J. 2024 Feb 12.
View Article
Google Scholar

[110] View Article

[111] Google Scholar

[ref39] 39. Meng R, Xu X, Sun H, Zhao H, Wang B, Han S, et al. Multiuser physical-layer authentication based on latent perturbed neural networks for industrial internet of things. IEEE Internet Things J. 2022 Sep 1;10(1):637–52.
View Article
Google Scholar

[113] View Article

[114] Google Scholar

[ref40] 40. Zhang Q, Wu J, Zhong H, He D, Cui J. Efficient anonymous authentication based on physically unclonable function in industrial Internet of Things. IEEE Trans Inform Foren Sec. 2022 Oct 31;18:233–47.
View Article
Google Scholar

[116] View Article

[117] Google Scholar

[ref41] 41. Xu H, Hsu C, Harn L, Cui J, Zhao Z, Zhang Z. Three-Factor anonymous authentication and key agreement based on fuzzy biological extraction for industrial internet of things. IEEE Trans Serv Comput. 2023 Mar 16;16(4):3000–13.
View Article
Google Scholar

[119] View Article

[120] Google Scholar

[ref42] 42. Mahmood K, Saleem M, Ghaffar Z, Shamshad S, Das A, Alenazi M. Robust and efficient three-factor authentication solution for WSN-based industrial IoT deployment. Internet of Things. 2024 Dec 1;28:101372.
View Article
Google Scholar

[122] View Article

[123] Google Scholar

[ref43] 43. Zhong H, Gu C, Zhang Q, Cui J, Gu C, He D. Conditional privacy-preserving message authentication scheme for cross-domain Industrial Internet of Things. Ad Hoc Networks. 2023;144:103137.
View Article
Google Scholar

[125] View Article

[126] Google Scholar

[ref44] 44. Sharma PC, Mahmood MR, Raja H, Yadav NS, Gupta BB, Arya V. Secure authentication and privacy-preserving blockchain for industrial internet of things. Comput Electrl Eng. 2023 May 1;108:108703.
View Article
Google Scholar

[128] View Article

[129] Google Scholar

[ref45] 45. Tanveer M, Shah H, Alkhayyat A, Chaudhry SA, Ahmad M. ARAP-SG: anonymous and reliable authentication protocol for smart grids. IEEE Access. 2021 Oct 18;9:143366–77.
View Article
Google Scholar

[131] View Article

[132] Google Scholar

[ref46] 46. Tanveer M, Nguyen TN, Ahmad M, Abd El-Latif AA. Towards a secure and computational framework for internet of drones enabled aerial computing. IEEE Trans Netw Sci Eng. 2022 Feb 15;10(5):3058–70.
View Article
Google Scholar

[134] View Article

[135] Google Scholar

[ref47] 47. Tanveer M, Ahmad M, Nguyen TN, Abd El-Latif AA. Resource-efficient authenticated data sharing mechanism for smart wearable systems. IEEE Trans Netw Sci Eng. 2022 Sep 5;10(5):2525–36.
View Article
Google Scholar

[137] View Article

[138] Google Scholar

[ref48] 48. Tanveer M, Ahmad M, Khalifa HS, Alkhayyat A, El-Latif AAA. A new anonymous authentication framework for secure smart grids applications. J Inform Sec Appl. 2022 Dec 1;71:103336.
View Article
Google Scholar

[140] View Article

[141] Google Scholar

[ref49] 49. Bolignano D. An approach to the formal verification of cryptographic protocols. In: Proceedings of the 3rd ACM Conference on Computer and Communications Security. 1996 Jan 1, pp. 106–18.

[ref50] 50. Avalle M, Pironti A, Sisto R. Formal verification of security protocol implementations: a survey. Form Asp Comput. 2014 Jan;26(1):99–123.
View Article
Google Scholar

[144] View Article

[145] Google Scholar

[ref51] 51. Vigano L. Automated security protocol analysis with the AVISPA tool. Electron Notes Theor Comput Sci. 2006 May 12;155:61–86.
View Article
Google Scholar

[147] View Article

[148] Google Scholar

[ref52] 52. Blanchet B, Smyth B, Cheval V, Sylvestre M. ProVerif 2.00: automatic cryptographic protocol verifier, user manual and tutorial. 2018 May 16.

[ref53] 53. Debbabi M, Mejri M. Towards the correctness of security protocols. Electron Notes Theorl Comput Sci. 2003;83:55–98.
View Article
Google Scholar

[151] View Article

[152] Google Scholar

[ref54] 54. Paulson LC. Proving properties of security protocols by induction. In: Proceedings of the 10th Computer Security Foundations Workshop, IEEE. 1997 Jun 10, pp.70–83.

[ref55] 55. Kilinc HH, Yanik T. A survey of SIP authentication and key agreement schemes. IEEE Commun Surv Tutor. 2013 Oct 23;16(2):1005–23.
View Article
Google Scholar

[155] View Article

[156] Google Scholar

[ref56] 56. Challa S, Wazid M, Das AK, Kumar N, Reddy AG, Yoon EJ, Yoo KY. Secure signature-based authenticated key establishment scheme for future IoT applications. IEEE Access. 2017;1;5:3028–43.
View Article
Google Scholar

[158] View Article

[159] Google Scholar

[ref57] 57. Rangwani D, Sadhukhan D, Ray S, Khan MK, Dasgupta M. A robust provable-secure privacy-preserving authentication protocol for Industrial Internet of Things. Peer-to-Peer Netw Appl. 2021 May;14(3):1548–71.
View Article
Google Scholar

[161] View Article

[162] Google Scholar

[ref58] 58. Zhao X, Li D, Li H. Practical three-factor authentication protocol based on elliptic curve cryptography for industrial internet of things. Sensors. 2022 Oct 3;22(19):7510.
View Article
Google Scholar

[164] View Article

[165] Google Scholar

[ref59] 59. Guo Y, Guo Y, Xiong P, Yang F, Zhang C. A provably secure and practical end-to-end authentication scheme for tactile Industrial Internet of Things. Pervasive Mobile Comput. 2024 Feb 1;98:101877.
View Article
Google Scholar

[167] View Article

[168] Google Scholar

[ref60] 60. Tanveer M, Badshah A, Alasmary H, Chaudhry SA. CMAF-IIoT: Chaotic map-based authentication framework for Industrial Internet of Things. Internet Things. 2023;23:100902.
View Article
Google Scholar

[170] View Article

[171] Google Scholar

[ref61] 61. Xu H, Hsu C, Harn L, Cui J, Zhao Z, Zhang Z. Three-factor anonymous authentication and key agreement based on fuzzy biological extraction for industrial internet of things. IEEE Trans Serv Comput. 2023 ;16(4):3000–13.
View Article
Google Scholar

[173] View Article

[174] Google Scholar

[ref62] 62. Sutrala AK, Obaidat MS, Saha S, Das AK, Alazab M, Park Y. Authenticated key agreement scheme with user anonymity and untraceability for 5G-enabled softwarized industrial cyber-physical systems. IEEE Trans Intellt Transp Syst. 2021;23(3):2316–30.
View Article
Google Scholar

[176] View Article

[177] Google Scholar

Figures

Abstract

Introduction

Motivation

Contributions

Preliminaries & backgrounds

Elliptic curve cryptography (ECC)

Security principles

Confidentiality

Integrity

Availability

Design objectives/goals

Network model

User (U)

Industrial Internet-of-Things (IIoT)

Gateway (GW)

Threat model

False data injection threat

Privacy threat

Traffic analysis threat

Access control threat

Identity spoofing threat

Reply attack

Desynchronization threat

Man-in-the-middle (MITM) attack

Stolen-verifier attack

Password-guessing attack

Related works

Proposed protocol

User registration phase

Sensing/IIoT device registration phase

Authentication phase

Security analysis

Informal security analysis

Unforgeability against

Unforgeability against

Mutual authentication

Integrity

Non-repudiations

Insider threat

Man-in-the-middle attack

DoS (denial-of-servic) attack

Formal validation through AVISAP

ProVerif simulation

Performance evaluation

Computational cost

Communication cost

Storage overheads

Comparative analysis

Performance comparison

Security comparison

Round trip time (RTT)

Conclusion

Supporting Information

S1 File 1. AVISPA Simulation Code.

S2 File 2. ProVerif Simulation Code.

Acknowledgment

References