{"title":"Lightweight batch authentication and key agreement scheme for IIoT gateways","authors":"Xiaohui Ding , Jian Wang , Yongxuan Zhao , Zhiqiang Zhang","doi":"10.1016/j.sysarc.2025.103368","DOIUrl":null,"url":null,"abstract":"<div><div>Existing authentication and key agreement (AKA) schemes face two primary challenges in IIoT, where users dynamically communicate with multiple industrial devices. The first is significant computational and communication overhead, along with security vulnerabilities. Another is inability to achieve gateway lightweight solutions. To address these issues, this paper proposes a gateway lightweight batch AKA scheme based on elliptic curve cryptography for IIoT. When users access multiple industrial devices, they only need to send a batch authentication request to the gateway. Based on this request, the gateway generates a time-limited token combining Chinese Remainder Theorem (CRT), enabling users to efficiently complete AKA with multiple devices in batch manner. Furthermore, the application of the CRT allows the gateway to efficiently update the time-limited token when the user’s accessed devices change. Finally, due to the use of the time-limited token, the entire scheme process requires only one round of interaction between the gateway and the user, ensuring a lightweight nature of the gateway. The security of the proposed scheme is proved through formal security proofs, heuristic analysis, and scyther tools. Performance analysis shows that, compared to the compared schemes, the proposed scheme meets all listed security requirements with the lower computational and communication overheads.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"160 ","pages":"Article 103368"},"PeriodicalIF":3.7000,"publicationDate":"2025-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762125000402","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
Abstract
Existing authentication and key agreement (AKA) schemes face two primary challenges in IIoT, where users dynamically communicate with multiple industrial devices. The first is significant computational and communication overhead, along with security vulnerabilities. Another is inability to achieve gateway lightweight solutions. To address these issues, this paper proposes a gateway lightweight batch AKA scheme based on elliptic curve cryptography for IIoT. When users access multiple industrial devices, they only need to send a batch authentication request to the gateway. Based on this request, the gateway generates a time-limited token combining Chinese Remainder Theorem (CRT), enabling users to efficiently complete AKA with multiple devices in batch manner. Furthermore, the application of the CRT allows the gateway to efficiently update the time-limited token when the user’s accessed devices change. Finally, due to the use of the time-limited token, the entire scheme process requires only one round of interaction between the gateway and the user, ensuring a lightweight nature of the gateway. The security of the proposed scheme is proved through formal security proofs, heuristic analysis, and scyther tools. Performance analysis shows that, compared to the compared schemes, the proposed scheme meets all listed security requirements with the lower computational and communication overheads.
期刊介绍:
The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software.
Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
