A continuous authentication scheme for zero-trust architecture in industrial internet of things

Abstract

Industrial Internet of Things (IIoT) allows users to access industrial devices and their data, but it also poses certain challenges to industrial data security. Authentication protocols are highly effective security techniques for protecting industrial data. This paper establishes a zero-trust architecture in the IIoT and proposes an authentication protocol suitable for zero-trust IIoT. The proposed scheme utilizes physical unclonable functions (PUF) for device authentication. Initial device authentication employs PUF to verify identity and establish session keys before session initiation, while continuous authentication verifies device location during the session to ensure that authenticated devices remain unaltered. Meanwhile, the scheme integrates three-factor authentication for user verification, ensuring secure user access. The proposed scheme establishes secure session key for users, gateways and IIoT devices, effectively guaranteeing the security of subsequent communications. Formal security analysis proves the security. Additionally, detailed informal security discussions demonstrate that the scheme can withstand known attacks and meet design objectives. Furthermore, performance evaluation reveals that the proposed scheme incurs low costs while providing enhanced security.