轻量级批量认证和密钥协议方案的IIoT网关

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture Pub Date : 2025-02-15 DOI:10.1016/j.sysarc.2025.103368

Xiaohui Ding , Jian Wang , Yongxuan Zhao , Zhiqiang Zhang

{"title":"轻量级批量认证和密钥协议方案的IIoT网关","authors":"Xiaohui Ding , Jian Wang , Yongxuan Zhao , Zhiqiang Zhang","doi":"10.1016/j.sysarc.2025.103368","DOIUrl":null,"url":null,"abstract":"<div><div>Existing authentication and key agreement (AKA) schemes face two primary challenges in IIoT, where users dynamically communicate with multiple industrial devices. The first is significant computational and communication overhead, along with security vulnerabilities. Another is inability to achieve gateway lightweight solutions. To address these issues, this paper proposes a gateway lightweight batch AKA scheme based on elliptic curve cryptography for IIoT. When users access multiple industrial devices, they only need to send a batch authentication request to the gateway. Based on this request, the gateway generates a time-limited token combining Chinese Remainder Theorem (CRT), enabling users to efficiently complete AKA with multiple devices in batch manner. Furthermore, the application of the CRT allows the gateway to efficiently update the time-limited token when the user’s accessed devices change. Finally, due to the use of the time-limited token, the entire scheme process requires only one round of interaction between the gateway and the user, ensuring a lightweight nature of the gateway. The security of the proposed scheme is proved through formal security proofs, heuristic analysis, and scyther tools. Performance analysis shows that, compared to the compared schemes, the proposed scheme meets all listed security requirements with the lower computational and communication overheads.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"160 ","pages":"Article 103368"},"PeriodicalIF":3.7000,"publicationDate":"2025-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Lightweight batch authentication and key agreement scheme for IIoT gateways\",\"authors\":\"Xiaohui Ding , Jian Wang , Yongxuan Zhao , Zhiqiang Zhang\",\"doi\":\"10.1016/j.sysarc.2025.103368\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Existing authentication and key agreement (AKA) schemes face two primary challenges in IIoT, where users dynamically communicate with multiple industrial devices. The first is significant computational and communication overhead, along with security vulnerabilities. Another is inability to achieve gateway lightweight solutions. To address these issues, this paper proposes a gateway lightweight batch AKA scheme based on elliptic curve cryptography for IIoT. When users access multiple industrial devices, they only need to send a batch authentication request to the gateway. Based on this request, the gateway generates a time-limited token combining Chinese Remainder Theorem (CRT), enabling users to efficiently complete AKA with multiple devices in batch manner. Furthermore, the application of the CRT allows the gateway to efficiently update the time-limited token when the user’s accessed devices change. Finally, due to the use of the time-limited token, the entire scheme process requires only one round of interaction between the gateway and the user, ensuring a lightweight nature of the gateway. The security of the proposed scheme is proved through formal security proofs, heuristic analysis, and scyther tools. Performance analysis shows that, compared to the compared schemes, the proposed scheme meets all listed security requirements with the lower computational and communication overheads.</div></div>\",\"PeriodicalId\":50027,\"journal\":{\"name\":\"Journal of Systems Architecture\",\"volume\":\"160 \",\"pages\":\"Article 103368\"},\"PeriodicalIF\":3.7000,\"publicationDate\":\"2025-02-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Systems Architecture\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1383762125000402\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762125000402","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

现有的身份验证和密钥协议（AKA）方案在IIoT中面临两个主要挑战，其中用户动态地与多个工业设备通信。首先是巨大的计算和通信开销，以及安全漏洞。另一个问题是无法实现网关轻量级解决方案。为了解决这些问题，本文提出了一种基于椭圆曲线加密的工业物联网网关轻量级批量AKA方案。当用户接入多台工业设备时，只需向网关批量发送认证请求即可。根据此请求，网关结合中国剩余定理（CRT）生成限时令牌，使用户能够以多设备批量高效完成AKA。此外，CRT的应用允许网关在用户访问的设备发生变化时有效地更新限时令牌。最后，由于使用了限时令牌，整个方案过程只需要网关和用户之间的一轮交互，从而确保网关的轻量级性质。通过形式安全证明、启发式分析和scyther工具证明了该方案的安全性。性能分析表明，与所比较的方案相比，所提出的方案满足所列出的所有安全要求，并且具有较低的计算开销和通信开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Lightweight batch authentication and key agreement scheme for IIoT gateways

Existing authentication and key agreement (AKA) schemes face two primary challenges in IIoT, where users dynamically communicate with multiple industrial devices. The first is significant computational and communication overhead, along with security vulnerabilities. Another is inability to achieve gateway lightweight solutions. To address these issues, this paper proposes a gateway lightweight batch AKA scheme based on elliptic curve cryptography for IIoT. When users access multiple industrial devices, they only need to send a batch authentication request to the gateway. Based on this request, the gateway generates a time-limited token combining Chinese Remainder Theorem (CRT), enabling users to efficiently complete AKA with multiple devices in batch manner. Furthermore, the application of the CRT allows the gateway to efficiently update the time-limited token when the user’s accessed devices change. Finally, due to the use of the time-limited token, the entire scheme process requires only one round of interaction between the gateway and the user, ensuring a lightweight nature of the gateway. The security of the proposed scheme is proved through formal security proofs, heuristic analysis, and scyther tools. Performance analysis shows that, compared to the compared schemes, the proposed scheme meets all listed security requirements with the lower computational and communication overheads.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Systems Architecture 工程技术-计算机：硬件

CiteScore

8.70

自引率

15.60%

发文量

226

审稿时长

46 days

期刊介绍： The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software. Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.