Three-Factor Anonymous Authentication and Key Agreement Based on Fuzzy Biological Extraction for Industrial Internet of Things

With the increasing popularity and wide application of the Internet, the users (such as managers and data consumers) in the Industrial Internet of Things (IIoT) can remotely analyze and control real-time data collected by various smart sensor devices. However, there are many security and privacy issues in the process of transmitting collected data through public channels in IIoT environment. In order to against the illegal access by opponents, a novel anonymous user authentication and key agreement scheme based on hash and elliptic curve encryption is proposed in this article, which not only uses a pseudonym tuple database in control nodes to realize the functions of user dynamic joining and anonymity protection, but also resists key loss and device capture attacks through fuzzy biometric extraction technology. In addition, the formal secure analysis of the proposed scheme is carried out using the BAN logic model and ROR model, which proves the security of the proposed scheme. Meanwhile, we also prove the scheme can against the described existing attacks and meet the design goals by a detailed informal security discussion. Compared with the latest similar IIoT authentication proposals, our solution has a very obvious advantage in communication efficiency and realizes more functions. Hence, our scheme is more suitable for the IIoT environment, and can also generate greater benefits.