Toward Secure and Provable Authentication for Internet of Things: Realizing Industry 4.0

The Internet of Things (IoT) has many applications, including Industry 4.0. There are a number of challenges when deploying IoT devices in the Industry 4.0 setting, partly due to the low-cost IoT devices/nodes with limited capacity to run/support security solutions. Hence, there is a need for a lightweight and efficient security solution to protect the environment. Thus, in this article, we present a robust, lightweight, and provably secure authentication and key agreement protocol specifically for the IoT environment based on a hierarchical approach. The proposed protocol relies on lightweight operations, such as elliptic curve cryptography, physically unclonable functions, hash functions, concatenation, and XOR operations. We then evaluate the security of the designed protocol, including the widely used automated validation of Internet security protocols and applications (AVISPA), and demonstrate that it supports mutual authentication between IoT nodes and server, and is resilient against a number of common security attacks [denial of service (DoS), replay, spoofing, etc.]. The computational and communication overhead analysis shows that the proposed protocol is comparatively less expensive than three other recently published, competing protocols.