Dynamic User Authentication Protocol for Industrial IoT without Timestamping

Abstract

Internet of Things (IoT) technology has drawn the attention of the industry, where it has been able to, and still can, solve many industrial intractable issues. However, the emerging technology suffers from severe security shortcomings. Authentication is a cornerstone of IoT security, as it presents the measures of checking the legitimacy of communication entities. The Industrial IoT (IIoT) technology has special conditions, resulting from a lack of resources and a shortage of security skills. As far as we can tell, from the literature, IIoT user authentication has not been studied extensively. In 2017 Tai et al. presented an authenticated key agreement for IoT networks. Here we prove that Tai et al. scheme is susceptible to sever security weaknesses, such as; i. unknown key share attacks, ii. node capturing attacks, iii node information secrecy. In this research article, we offer an innovative IIoT user authentication protocol that can achieve secure remote user authentication without timestamping requiring precise synchronization, our protocol only needs Hashing and Xor-ing. We examine the efficiency of the presented protocol using Tmote Sky node over an MSP430 microcontroller using a COOJA simulator. we also show its correctness using the Scyther verification tool.