基于边缘服务器的工业物联网高安全批量消息认证协议

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-05-08 DOI:10.1016/j.jisa.2025.104075

Han Yu , Jianhong Zhou , Maode Ma

{"title":"基于边缘服务器的工业物联网高安全批量消息认证协议","authors":"Han Yu , Jianhong Zhou , Maode Ma","doi":"10.1016/j.jisa.2025.104075","DOIUrl":null,"url":null,"abstract":"<div><div>As the number of smart devices increases dramatically in industrial IoT (IIoT) systems, a large amount of privacy-sensitive data could be generated in manufacturing operations, and more message authentication operations need to be performed. Meanwhile, the processing of such data has to meet stringent requirements on communication latency, reliability, and security. However, the resource constraint in the IIoT systems prevents legacy resource-intensive security measures from being used directly in the systems. To address the massive data security issue with the consideration of the limitations of resource-constrained devices, we propose a new batch message authentication protocol supported by edge computing. Specifically, we propose to offload message authentication operations to the edge servers to reduce the authentication burden on the devices. Meanwhile, the protocol uses certificateless aggregate signatures to verify the legitimacy of messages in large batches, significantly reducing signaling overhead and avoiding key escrow. The proposed protocol has been formally verified by using Scyther tool, which demonstrates its capacity against major typical malicious attacks. Furthermore, the performance evaluation results show that the proposed protocol is efficient in terms of computational and communication costs.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"92 ","pages":"Article 104075"},"PeriodicalIF":3.8000,"publicationDate":"2025-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A high-security batch message authentication protocol assisted by edge servers in industrial Internet of Things\",\"authors\":\"Han Yu , Jianhong Zhou , Maode Ma\",\"doi\":\"10.1016/j.jisa.2025.104075\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>As the number of smart devices increases dramatically in industrial IoT (IIoT) systems, a large amount of privacy-sensitive data could be generated in manufacturing operations, and more message authentication operations need to be performed. Meanwhile, the processing of such data has to meet stringent requirements on communication latency, reliability, and security. However, the resource constraint in the IIoT systems prevents legacy resource-intensive security measures from being used directly in the systems. To address the massive data security issue with the consideration of the limitations of resource-constrained devices, we propose a new batch message authentication protocol supported by edge computing. Specifically, we propose to offload message authentication operations to the edge servers to reduce the authentication burden on the devices. Meanwhile, the protocol uses certificateless aggregate signatures to verify the legitimacy of messages in large batches, significantly reducing signaling overhead and avoiding key escrow. The proposed protocol has been formally verified by using Scyther tool, which demonstrates its capacity against major typical malicious attacks. Furthermore, the performance evaluation results show that the proposed protocol is efficient in terms of computational and communication costs.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"92 \",\"pages\":\"Article 104075\"},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2025-05-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212625001127\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625001127","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

随着工业物联网（IIoT）系统中智能设备数量的急剧增加，制造操作中可能会产生大量隐私敏感数据，需要执行更多的消息认证操作。同时，这些数据的处理必须满足严格的通信延迟、可靠性和安全性要求。然而，工业物联网系统中的资源限制阻止了在系统中直接使用传统的资源密集型安全措施。为了解决海量数据安全问题，同时考虑到资源受限设备的局限性，我们提出了一种新的基于边缘计算的批量消息认证协议。具体来说，我们建议将消息身份验证操作卸载到边缘服务器，以减轻设备的身份验证负担。同时，该协议使用无证书聚合签名来大批量验证消息的合法性，大大减少了信令开销，避免了密钥托管。采用Scyther工具对所提出的协议进行了正式验证，证明了其抵御主要典型恶意攻击的能力。此外，性能评估结果表明，该协议在计算和通信成本方面是有效的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A high-security batch message authentication protocol assisted by edge servers in industrial Internet of Things

As the number of smart devices increases dramatically in industrial IoT (IIoT) systems, a large amount of privacy-sensitive data could be generated in manufacturing operations, and more message authentication operations need to be performed. Meanwhile, the processing of such data has to meet stringent requirements on communication latency, reliability, and security. However, the resource constraint in the IIoT systems prevents legacy resource-intensive security measures from being used directly in the systems. To address the massive data security issue with the consideration of the limitations of resource-constrained devices, we propose a new batch message authentication protocol supported by edge computing. Specifically, we propose to offload message authentication operations to the edge servers to reduce the authentication burden on the devices. Meanwhile, the protocol uses certificateless aggregate signatures to verify the legitimacy of messages in large batches, significantly reducing signaling overhead and avoiding key escrow. The proposed protocol has been formally verified by using Scyther tool, which demonstrates its capacity against major typical malicious attacks. Furthermore, the performance evaluation results show that the proposed protocol is efficient in terms of computational and communication costs.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.