authors
- Bagheri, Nasour
- Kumari, Saru
- CAMARA NUĂ‘EZ, MARIA CARMEN
- PERIS LOPEZ, PEDRO
Defending Industry 4.0: An Enhanced Authentication Scheme for IoT Devices
Articles
Overview
published in
- IEEE Systems Journal Journal
publication date
- September 2022
start page
- 4501
end page
- 4512
issue
- 3
volume
- 16
Digital Object Identifier (DOI)
International Standard Serial Number (ISSN)
- 1932-8184
Electronic International Standard Serial Number (EISSN)
- 1937-9234
abstract
- To address the security concerns of Industry 4.0, recently, Garg et al. proposed a lightweight authentication protocol, and Akram et al. showed some of its security drawbacks. We continue this line by exposing how Garg et al. 's protocol suffers from noninvasive and invasive attacks. First, we explain that a passive attacker can trace any two communicating nodes to compromise their location privacy. Next, we show that an active though noninvasive adversary can compromise the integrity of the exchanged messages without being detected and run a de-synchronization attack. Besides, the adversary can extract any shared session key from any pair of nodes in the protocol. We named this attack a pandemic session key disclosure attack, and its consequences are more harmful than the impersonation of a compromised node. Finally, we disclose how the proposed scheme does not guarantee the privacy protection for the keys when we assume an honest but curious server. To overcome those existing security flaws, we finally propose a revised protocol called TARDIGRADE . First, our informal analysis, and then, our formal security analysis using the real-or-random model shows that TARDIGRADE provides the desired security, and likewise, our performance analysis confirms a reasonable cost compared with Garg et al. 's protocol.
Classification
subjects
- Computer Science
keywords
- authentication; industry 4.0; internet of things (iot); noninvasive adversary; pandemic session key-disclosure attack; privacy; security; traceability