Defending Industry 4.0: An Enhanced Authentication Scheme for IoT Devices
IEEE SYSTEMS JOURNAL(2022)
摘要
To address the security concerns of Industry 4.0, recently, Garg
et al.
proposed a lightweight authentication protocol, and Akram
et al.
showed some of its security drawbacks. We continue this line by exposing how Garg
et al.
’s protocol suffers from noninvasive and invasive attacks. First, we explain that a passive attacker can trace any two communicating nodes to compromise their location privacy. Next, we show that an active though noninvasive adversary can compromise the integrity of the exchanged messages without being detected and run a de-synchronization attack. Besides, the adversary can extract any shared session key from any pair of nodes in the protocol. We named this attack a pandemic session key disclosure attack, and its consequences are more harmful than the impersonation of a compromised node. Finally, we disclose how the proposed scheme does not guarantee the privacy protection for the keys when we assume an honest but curious server. To overcome those existing security flaws, we finally propose a revised protocol called
TARDIGRADE
. First, our informal analysis, and then, our formal security analysis using the real-or-random model shows that
TARDIGRADE
provides the desired security, and likewise, our performance analysis confirms a reasonable cost compared with Garg
et al.
’s protocol.
更多查看译文
关键词
Authentication,Industry 4.0,Internet of Things (IoT),noninvasive adversary,pandemic session key-disclosure attack,privacy,security,traceability
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要