Pardeep Kumar and Gurjot Singh Gaba
Abstract
Information and operational technologies are being used together and making the industrial Internet of Things (IIoT) happen in the Industry 4.0 paradigm. In this paradigm, smart devices (i.e. sensors) will be offered services and shared data to the user and so the cloud. As these devices will communicate with the users through the open network (i.e. Internet), user authentication is one of the most important security features to protect IIoT data access from unauthorized users. However, there exist traditional security techniques but these require heavy computational complexities. Therefore, such traditional schemes cannot be deployed directly to the smart devices in IIoT applications. This chapter proposes a biometric‐based robust access control model (i.e. user authentication) that would perform a robust authentication and establish a session key between the user and smart devices. The effectiveness of the proposed scheme is demonstrated in terms of computation cost in the IIoT environment.
Keywords: industrial internet of things; security; access control; biometric
The connection between industry and the advancement in computing, analytics, low‐cost sensing and seamless connectivity of internet is full of promise [1]. The degree of transformation is emerging and there is reference to a “breakthrough” in terms of production and operational speed and efficiency. The new innovative constructs are all around the “data,” which can now be gathered from plants, equipment, electrical and mechanical machines, thanks to low‐cost smart sensors and other smart devices. These smart devices are equipped with processing and communication capabilities. Therefore, new and innovative technologies, concepts and platforms are significantly on the increase in the setting up of the industrial automation: industrial Internet, Industry 4.0, and IIoT [2]. In [3], the authors reported that the IIoT revolution will impact economic sectors that currently account for nearly two‐thirds of global gross domestic product, changing the basis of competition and redrawing industry' boundaries.
In the smart factories or industries (i.e. manufacturing, assembly, etc.), IIoT makes best use of production and assembly processes producing more fine‐grained data by integrating seamless connectivity and computing to various machines, assembly lines and tools. More precisely, during the working process, smart factories generate an enormous amount of data through “smart devices,” i.e. devices with microprocessors onboard [2]. This data is transmitted to the users, control centers and other machines via a wireless communication network to maintain smooth and accurate operations in the factories. As smart devices are resource‐constrained devices, the potential deployment of smart devices (i.e. sensors) for the real‐world IIoT applications must deal with many challenges, including system architecture, availability, quality‐of‐services, etc.
Among these challenges, security is also one of the big concerns as the smart devices exchange data with other devices via insecure networks (e.g. Internet) [4]. Exploiting insecure networks, an attacker can trace and collect the data via eavesdropping and can redraw the profile of the process (i.e. production status) or other useful information of personal interest in a factory use‐case. Moreover, in various applications, smart devices provide services to users directly or a user can directly access the smart devices via their own hand‐held device. However, it is necessary to control who is accessing the smart device data as shown in Figure 7.1. Therefore, security services, i.e. access control (and/or authentication) is one of the core requirements for IIoT to protect the data access from unauthorized parties [4].
Recently, several authentication schemes have been proposed which focus on IIoT applications. For instance, in [5], Ma et al. proposed a new certificateless searchable public key encryption method with multiple keywords (SCF‐MCLPEKS) for the IIoT environment. The authors demonstrated that their proposed scheme is secure against two types of adversaries, e.g. Type 1 and Type 2. However, SCFMCLPEKS exploits the concept of a network‐wide master, therefore, a leak of master key may lead to several attacks. In addition, the SCFMCLPEKS utilized the traditional public key primitives, such as scalar multiplication and bilinear pairing, therefore, it needs more energy for the smart devices attached with IIoT.
Gope et al. proposed a lightweight and physically secure anonymous mutual authentication protocol for real‐time data access in an industrial wireless sensor network (WSN) [6]. The authors discussed three different application scenarios, environmental sensing, condition monitoring in body‐area network, and process monitoring. The scheme makes use of the physically unclonable function and bitwise XOR operation. However, Katzenbeisser et al. [7] claimed that the main drawback of Physical Unclonable Function (PUF) is limited reproducibility and openness. In addition, raw PUF data is rarely available for subsequent research, which greatly hinders a fair comparison.
In [8], Das et al. proposed a new biometrics‐based privacy‐preserving user authentication scheme (BP2UA) for cloud‐based IIoT deployment. BP2UA uses the user's smart card and biometric as two factors for authentication purpose. The scheme proposed in [8] uses bitwise Exclusive‐OR and cryptographic hash operations at the smart devices's side, whereas the fuzzy extractor method is applied for biometric verification at the user side. The authors claimed that their proposed scheme is secure against many attacks, e.g. impersonation, man‐in‐the‐middle, replay, insider, denial‐of‐service attacks, etc. The scheme does indeed cover many security properties; however, the scheme may be vulnerable to masquerade attack. In addition, the overall communication cost is still expensive as the packet length is high compared to other schemes mentioned by the authors. In [9], Bilal‐Kang designed an authentication protocol in the future sensor network setting in which IoT can be embedded with WSN. In this scheme, a sensor node (a legitimate user) can establish multiple concurrent secure data sessions. They may be vulnerable to a parallel‐session attack that can lead to other issues.
As shown above, several secure services and attacks have been addressed in the literature [5,9]. However, several papers revealed that the most likely threat to information security is not the typical hacker, virus, or worm, but rather the malicious insider user [10]. In existing literature, the security‐related all parameters (e.g. passwords, biometrics, plain identities, etc.) are stored onto corresponding smartcards. Therefore, security related parameters (especially row information) from the smartcards, are easy to retrieve via the power analysis tools [8] and that may lead to high risks of security breaches.
To address the above issues, this chapter proposes a biometric‐based robust access control model for IIoT applications. The proposed scheme utilizes the biometric to perform robust authentication – because biometric identifiers are known to unique to individual's and more reliable in verifying identity than those of the sole password‐based methods. The proposed model provides a robust mutual authentication and establishes a session key between the user and smart devices. To attain a low‐computational overhead, we utilize elliptic curve cryptography (ECC), symmetric cryptosystem, and hash operation. Security analysis shows that the proposed model can defend popular attacks and also achieve efficiency.
The rest of the chapter is structured as follows: Section 7.2 discusses the network model, threat model, security requirements for the proposed model. Section 7.3 proposes our model in detail. Section 7.4 discusses the security analysis, efficiency evaluation and comparison with existing schemes for WSNs. Section 7.5's conclusions are drawn for the proposed access control model.
Assume an IIoT network, consists of several low‐cost smart sensor devices, which are deployed in the industrial environment. These sensors sense the environmental information and transmit them to the users for analysis. In a real‐world IIoT, the sensory data is not only accessed through a gateway, but a user can also access it directly using a hand‐held device (e.g. personal digital assistant (PDA)/smart‐phone) over wireless communication. The basic network architecture is shown in Figure 7.1, where a user directly sends a data request to the smart sensor node. Upon receiving the data request, a sensor node first verifies user authenticity through the gateway node and then the user can access sensory data from the IIoT applications.
We consider the Dolev‐Yao attack model [10], where an attacker can eavesdrop on the traffic, inject new messages, replay and change messages, or spoof other identities. In addition, the attacker may come from inside or outside the network. However, the unauthorized user's goals might be to obtain illegitimate data access, to control the smart devices, and to perform service degradation or denial of service (DoF) to disrupt the IIoT application.
In the IIoT network, a secure scheme should consider transparent security goals, as follows.
To provide strong security to IIoT applications, this section presents a biometric‐based robust access control model. In the proposed scheme, each user should perform a biometric‐based registration with the gateway in a secure manner so that the sensory data in IIoT applications can be accessed only by the registered users in a secure way, as shown in Figure 7.2. After user registration, the gateway node issues the security tokens for every registered user. Then, a user can submit his/her query in an authentic way and request the sensor data at any time within an administratively configurable period. The proposed scheme consists of two phases: system setup, and mutual authentication and key establishment.
Assumptions: Before starting the system, we assume that the gateway is a trustworthy entity. It is also assumed that the clocks of the user's mobile device, gateway, and smart sensor are synchronized in IIoT application [11]. Consider the elliptic curve discrete logarithm problem (ECDLP), to find an integer r, given an elliptic curve E defined over Fq, a point P ∈ E(Fq) of order n, and a point Q = r P where 0 ≤ r ≤ n − 1, as shown in [12]. The notations and descriptions are shown in Table 7.1.
Table 7.1 Symbols and descriptions.
Symbol | Description |
idU, idGW, and idSD | Identities of a user (U), Gateway (GW), and smart device (SD) |
PWu | Password of user U. |
HD | A hand‐held device, e.g. mobile phone |
Fq | A finite field |
E | Elliptic curve defined on finite field Fq with prime order n |
G | Group of elliptic curve points on E |
P | A point on elliptic curve points on E |
EK[M] | M is encrypted (E) with symmetric Key K |
DK[M] | M is decrypted (E) with symmetric Key K |
KGWSD | A shared key between the GW and SD |
h() | One‐way hash function |
MAC{M} | Message authentication code on message M |
||, | Concatenation operation |
⊕ | Ex‐or operation |
To start the system setup, the user (Ui) and the GW need to perform the following steps to finish the system setup:
This phase invokes when the user wants to access the IIoT data locally. For this, user inputs idU, pwU and BU and then the HD performs following steps:
We analyze the security of the proposed scheme under the Dolev‐Yao attack model [10]. An adversary may intercept, modify, and insert any message over the public communication channels. The advantages of our scheme are explained as follows:
In this attempt, an attacker can eavesdrop on all the packet exchanges between the involved entities. Then he/she can resend these eavesdropped packets to make the other entities trust that they are rightfully exchanging information with each other. By doing so, an attacker can take over the whole communication and degrade the performance of IIoT. In the proposed scheme, it not easy for an ill‐intentioned attacker to mount such a type of attack, successfully, since the adversary requires knowledge of the user's biometric (BU) and needs the secret value α. Without knowing all the secure parameters, the attacker would not be able to decrypt messages β2 (= Eα[v||f||idSD ||idGW ||t2||t3]) and β3 (=EKGWSD[β2||v||SKey||idU||idGW||t3]) to compute the session key. Therefore, the proposed scheme is resistant to the man‐in‐the‐middle (MITM) attack.
In the proposed protocol, the proxy key pair of the SIM card of HD and the database of GW do not require synchronous updates. Therefore, even if the attacker interferes with the transmitted authentic messages among HD, SD, and GW, they still cannot mount the DoS attack successfully.
An attacker can collect messages {A, Φ, μ, idSD, tag, t1}, {β1, idGW,idSD, tag, t2}, {β3, idGW, idSD, t3}, and (β2, idSD, and t4), which are sent among HD, GW, and SD. The attacker might replay these captured messages later to respective recipient. However, as can be seen, each message recipient checks the validity of the timestamp at first place as follows (t2–t1) ≥ ΔT (at SD); (t3–t2) ≥ ΔT (at GW); (t4–t3) ≥ ΔT (at SD) and (t5‐t4) ≥ ΔT) (at HD). Therefore, the proposed scheme is safe against message replay attacks.
Table 7.2 lists the selected security features and makes a comparison between the proposed scheme and others, e.g. Ma et al. [4] and Das et al. [7].
We evaluate the performance of our proposed scheme and the scheme of Ma et al. [5], in terms of computation and communication costs.
The computational cost of the proposed model is analyzed. Let Th by the time of performing a one‐way hash h (.), TE and TD by the time for performing a symmetric encryption and decryption, respectively, TPM by the time for performing an ECC point multiplication operation, TMAC by the time for performing a Message authentication code (MAC) operation, TSM by the time for a scalar multiplication, TBP by the time for performing a bilinear pairing operation, TH by the time for a Hash‐to‐point operation, and TPA by the time for performing a point addition operation. At HD device requires 6Th + 3TPM + 1TD + 1TMAC; the SD requires 4Th + 2TPM + 1TE+1TD; and the GW incurs 1Th + 2TE+ 1TD + 1TMAC. Whereas Ma et al. scheme requires 2TH + 4TSM for KeyGen, 3TH + Th + 4TSM + 3TBP + TPA for certificateless public key encryption scheme, TH + TSM + TPA for a Trapdoor, and 2TH + Th + TSM + 2TPA + TBP for the test verification. Table 7.3 summarizes the overall computation cost between the proposed scheme and Ma et al.'s [4] scheme. Note that we did not compare the computation cost of the proposed scheme with the Das et al.'s Scheme [8], as their scheme is based on the sole hashing and XoRing operations. Overall, the scheme from Das et al. requires an excessive hashing operation, e.g. 30 Th (approx.).
Table 7.3 Comparison of computation costs.
Ma et al. [4] | Proposed scheme | |
Overall computation cost | 6TH + 2Th + 10TSM + 4TBP + 5TPA | 11Th + 5TPM + 3TE+3TD + 2TMAC |
We evaluate and compare communication costs in terms of the number of message exchanges for the proposed scheme, and Ma et al. [5] and Das et al.'s [8] schemes. To execute the whole scheme, Ma et al.'s scheme requires four rounds of message exchanges, Das et al.'s scheme takes three rounds of message exchanges and the proposed scheme requires four rounds of message exchanges, as shown in Figure 7.3. However, considering the security features (refer to Table 7.2), the proposed requires one more round of message exchanges than Das et al.'s scheme but provides more security features. Therefore, the proposed scheme can be a practical solution for such real‐world IIoT applications.
IIoT is an emerging paradigm in the Industry 4.0 where smart devices (i.e. sensors) will play an important role and offer services and share data to the user. However, providing security to such time‐critical applications is challenging. This chapter proposed a biometric‐based robust access control model (i.e. user authentication) that would perform a robust authentication and establish a session key between the user and smart devices. The effectiveness of the proposed scheme has been demonstrated in terms of computation and communication costs in the IIoT environment.
18.219.215.178