Multi-factor single-registration authentication and key exchange protocol for IIoT

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture Pub Date : 2025-08-28 DOI:10.1016/j.sysarc.2025.103542

Hao Xiao , Xiaomin Zhao , Qi Jiang , Zengwen Yu , Xindi Ma , Xinghua Li

{"title":"Multi-factor single-registration authentication and key exchange protocol for IIoT","authors":"Hao Xiao , Xiaomin Zhao , Qi Jiang , Zengwen Yu , Xindi Ma , Xinghua Li","doi":"10.1016/j.sysarc.2025.103542","DOIUrl":null,"url":null,"abstract":"<div><div>Industrial Internet of Things (IIoT), an integral part of smart society, delivers new and diverse services through interconnected platforms and devices. Authentication is a fundamental pillar to ensure trust of users and secure access to digital services in IIoT. In this paper, we propose a single registration authentication and key exchange (SRAKE) protocol based on SM9 identity-based signature (SM9-IBS) to simplify the authentication processes among service providers. In SRAKE, each user and service provider first acquires a private key for SM9-IBS generated by the key generation center (KGC). Then identity-based oblivious pseudorandom function (IBOPRF) is employed to protect storage and retrieval of private keys of users, in which a unique value is generated by associating user identity, password, and biometrics with the secret key of KGC. Therefore, users can only securely access legitimate service providers in a single registration by presenting both passwords and biometrics. The provable security analysis and performance comparison demonstrate that the protocol is provably secure and achieves more comprehensive security goals with an acceptable computational and communication performance. NS-3 simulation results further confirm that SRAKE is suitable for IIoT environments.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"168 ","pages":"Article 103542"},"PeriodicalIF":4.1000,"publicationDate":"2025-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762125002140","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Industrial Internet of Things (IIoT), an integral part of smart society, delivers new and diverse services through interconnected platforms and devices. Authentication is a fundamental pillar to ensure trust of users and secure access to digital services in IIoT. In this paper, we propose a single registration authentication and key exchange (SRAKE) protocol based on SM9 identity-based signature (SM9-IBS) to simplify the authentication processes among service providers. In SRAKE, each user and service provider first acquires a private key for SM9-IBS generated by the key generation center (KGC). Then identity-based oblivious pseudorandom function (IBOPRF) is employed to protect storage and retrieval of private keys of users, in which a unique value is generated by associating user identity, password, and biometrics with the secret key of KGC. Therefore, users can only securely access legitimate service providers in a single registration by presenting both passwords and biometrics. The provable security analysis and performance comparison demonstrate that the protocol is provably secure and achieves more comprehensive security goals with an acceptable computational and communication performance. NS-3 simulation results further confirm that SRAKE is suitable for IIoT environments.

查看原文本刊更多论文

工业物联网多因素单注册认证和密钥交换协议

工业物联网（IIoT）是智能社会的重要组成部分，通过互联平台和设备提供新的多样化服务。身份验证是确保用户信任和安全访问工业物联网数字服务的基本支柱。本文提出了一种基于SM9身份签名（SM9- ibs）的单注册认证和密钥交换（SRAKE）协议，以简化服务提供商之间的认证过程。在SRAKE中，每个用户和服务提供商首先为密钥生成中心（KGC）生成的SM9-IBS获取一个私钥。然后利用基于身份的遗忘伪随机函数（IBOPRF）保护用户私钥的存储和检索，将用户身份、密码和生物特征与KGC的私钥相关联，生成一个唯一的值。因此，用户只能通过提供密码和生物识别技术在一次注册中安全地访问合法的服务提供商。可证明的安全性分析和性能比较表明，该协议是可证明的安全协议，在可接受的计算性能和通信性能下实现了更全面的安全目标。NS-3仿真结果进一步证实了SRAKE适用于工业物联网环境。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Systems Architecture 工程技术-计算机：硬件

CiteScore

8.70

自引率

15.60%

发文量

226

审稿时长

46 days

期刊介绍： The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software. Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.