Abstract
The wide employment of Internet of Things (IoT) across industrial sectors creates the Industrial Internet of Things (IIoT). In practical applications, however, the IIoT has many attack surfaces. As a result, the IIoT is vulnerable to kinds of attacks, including physical attacks (such as the invasive hardware attacks, side-channel attacks and reverse-engineering attacks), malicious code (such as Trojans, viruses and runtime attacks), and other attacks (such as phishing and sabotage). To ensure the security and privacy of the IIoT, many countermeasures have been proposed, a non-exhaustive list includes authentication techniques, secure routing techniques, intrusion detection techniques, signature techniques, and key establishment techniques. As a fundamental countermeasure, key establishment has been extensively and intensively studied. In this chapter, we will present a survey and taxonomy of the key establishment protocols. Specifically, we will review the conventional key establishment protocols which are designed at higher layers and the physical layer. By reviewing the conventional key establishment protocols, we aim to illustrate the necessity of designing cross-layer key establishment protocols for the IIoT. Then, we will provide the detailed review of cross-layer key establishment protocols. The review illustrates that, the cross-layer design enables the IIoT devices to establish communication keys without the trusted entity and the secret sharing assumption. At the end of this chapter, we will provide a conclusion and point out some future research trends of the IIoT.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Here \(|\mathbb {D}|\) is the size of the password dictionary \(\mathbb {D}\). Recall that physical layer key extraction algorithms extract secrets bits using the channel’s randomness, and the algorithms are designed without assuming the computationally-bounded adversary. Namely, the physical layer key extraction algorithms achieve information-theoretical secrecy. Thus, in [70], the extracted passwords are independently and uniformly distributed in the password dictionary \(\mathbb {D}\). Furthermore, \(|\mathbb {D}|\ll q\), i.e., \(\mathbb {D}\subset \mathbb {Z}_{q}^{*}\).
- 2.
In practice, at the end of the time slot ST 1, device V has phase offset ϕ U→V = ϕ 1 + ϕ UV and amplitude deviation A U→V = A + A UV. Both ϕ U→V and A U→V can be used to extract secrets. In [70], only the phase offsets are used to extract secrets in order to simplify the descriptions.
References
Abdalla M, Pointcheval D (2006) A scalable password-based group key exchange protocol in the standard model. In: Advances in Cryptology – ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, 3–7 Dec 2006, Proceedings, pp 332–347
Abdalla M, Bresson E, Chevassut O, Pointcheval D (2006) Password-based group key exchange in a constant number of rounds. In: Public Key Cryptography – PKC 2006, 9th International Conference on Theory and Practice of Public-Key Cryptography, New York, 24–26 Apr 2006, Proceedings, pp 427–442
Abdalla M, Bohli J, Vasco MIG, Steinwandt R (2007) (Password) authenticated key establishment: from 2-party to group. In: Theory of Cryptography, 4th Theory of Cryptography Conference, TCC 2007, Amsterdam, 21–24 Feb 2007, Proceedings, pp 499–514
Abdalla M, Chevalier C, Granboulan L, Pointcheval D (2011) Contributory password-authenticated group key exchange with join capability. In: Topics in Cryptology – CT-RSA 2011 – The Cryptographers’ Track at the RSA Conference 2011, San Francisco, 14–18 Feb 2011. Proceedings, pp 142–160
Abdalla M, Benhamouda F, MacKenzie P (2015) Security of the J-PAKE password-authenticated key exchange protocol. In: 2015 IEEE Symposium on Security and Privacy (SP), pp 571–587
Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. In: Advances in Cryptology – EUROCRYPT 2000, International Conference on the Theory and Application of Cryptographic Techniques, Bruges, 14–18 May 2000, Proceeding, pp 139–155
Blom R (1984) An optimal class of symmetric key generation systems. In: Advances in Cryptology: Proceedings of EUROCRYPT 84, A Workshop on the Theory and Application of Cryptographic Techniques, Paris, 9–11 Apr 1984, Proceedings, pp 335–338
Burmester M, Desmedt Y (1994) A secure and efficient conference key distribution system (extended abstract). In: Advances in Cryptology – EUROCRYPT’94, Workshop on the Theory and Application of Cryptographic Techniques, Perugia, 9–12 May 1994, Proceedings, pp 275–286
Çamtepe SA, Yener B (2007) Combinatorial design of key distribution mechanisms for wireless sensor networks. IEEE/ACM Trans Netw 15(2):346–358
Cao X, Xu L, Zhang Y, Wu W (2012) Identity-based proxy signature for cloud service in saas. In: 2012 Fourth International Conference on Intelligent Networking and Collaborative Systems, INCoS 2012, Bucharest, 19–21 Sept 2012, pp 594–599
Castelluccia C, Mutaf P (2005) Shake them up! a movement-based pairing protocol for CPU-constrained devices. In: Proceedings of the 3rd International Conference on Mobile Systems, Applications, and Services, MobiSys 2005, Seattle, 6–8 June 2005, pp 51–64
Chan H, Perrig A, Song DX (2003) Random key predistribution schemes for sensor networks. In: 2003 IEEE Symposium on Security and Privacy (S&P 2003), 11–14 May 2003, Berkeley, p 197
Du W, Deng J, Han YS, Varshney PK (2003) A pairwise key pre-distribution scheme for wireless sensor networks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, Washington, 27–30 Oct 2003, pp 42–51
Du W, Deng J, Han YS, Chen S, Varshney PK (2004) A key management scheme for wireless sensor networks using deployment knowledge. In: Proceedings IEEE INFOCOM 2004, The 23rd Annual Joint Conference of the IEEE Computer and Communications Societies, Hong Kong, 7–11 Mar 2004
Du W, Deng J, Han YS, Varshney PK (2006) A key predistribution scheme for sensor networks using deployment knowledge. IEEE Trans Dependable Secure Comput 3(1):62–77
Du H, Li J, Zhang Y, Li T, Zhang Y (2012) Certificate-based key-insulated signature. In: Data and Knowledge Engineering – Third International Conference, ICDKE 2012, Wuyishan, 21–23 Nov 2012. Proceedings, pp 206–220
Eschenauer L, Gligor VD (2002) A key-management scheme for distributed sensor networks. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, Washington, 18–22 Nov 2002, pp 41–47
Groce A, Katz J (2010) A new framework for efficient password-based authenticated key exchange. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, 4–8 Oct 2010, pp 516–525
Huang X, Susilo W, Mu Y, Zhang F (2005) On the security of certificateless signature schemes from asiacrypt 2003. In: Cryptology and Network Security, 4th International Conference, CANS 2005, Xiamen, 14–16 Dec 2005, Proceedings, pp 13–25
Huang X, Mu Y, Susilo W, Wong DS, Wu W (2007) Certificateless signature revisited. In: Information Security and Privacy, 12th Australasian Conference, ACISP 2007, Townsville, 2–4 July 2007, Proceedings, pp 308–322
Jana S, Premnath SN, Clark M, Kasera SK, Patwari N, Krishnamurthy SV (2009) On the effectiveness of secret key extraction from wireless signal strength in real environments. In: Proceedings of the 15th Annual International Conference on Mobile Computing and Networking, MOBICOM 2009, Beijing, 20–25 Sept 2009, pp 321–332
Jiang S, Gong G (2004) Password based key exchange with mutual authentication. In: Selected Areas in Cryptography, 11th International Workshop, SAC 2004, Waterloo, 9–10 Aug 2004, Revised Selected Papers, pp 267–279
Katz J, Vaikuntanathan V (2013) Round-optimal password-based authenticated key exchange. J Cryptol 26(4):714–743
Katz J, Ostrovsky R, Yung M (2001) Efficient password-authenticated key exchange using human-memorable passwords. In: Advances in Cryptology – EUROCRYPT 2001, International Conference on the Theory and Application of Cryptographic Techniques, Innsbruck, 6–10 May 2001, Proceeding, pp 475–494
Lai B, Kim S, Verbauwhede I (2002) Scalable session key construction protocol for wireless sensor networks. In: IEEE Workshop on Large Scale RealTime and Embedded Systems (LARTES), p 7
Li J, Du H, Zhang Y, Li T, Zhang Y (2014) Provably secure certificate-based key-insulated signature scheme. Concurr Comput Pract Exp 26(8):1546–1560
Liu D, Ning P (2003) Establishing pairwise keys in distributed sensor networks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, Washington, 27–30 Oct 2003, pp 52–61
Mathur S, Trappe W, Mandayam NB, Ye C, Reznik A (2008) Radio-telepathy: extracting a secret key from an unauthenticated wireless channel. In: Proceedings of the 14th Annual International Conference on Mobile Computing and Networking, MOBICOM 2008, San Francisco, 14–19 Sept 2008, pp 128–139
Peng K, Zhang Y (2012) A secure mix network with an efficient validity verification mechanism. In: Internet and Distributed Computing Systems – 5th International Conference, IDCS 2012, Wuyishan, Fujian, 21–23 Nov 2012. Proceedings, pp 85–96
Peng J, Choo KR, Ashman H (2016) User profiling in intrusion detection: a review. J Netw Comput Appl 72:14–27
Peng Y, Wang P, Xiang W, Li Y (2017) Secret key generation based on estimated channel state information for TDD-OFDM systems over fading channels. IEEE Trans Wirel Commun 16(8):5176–5186
Perrig A, Szewczyk R, Wen V, Culler DE, Tygar JD (2001) SPINS: security protocols for sensor netowrks. In: MOBICOM 2001, Proceedings of the Seventh Annual International Conference on Mobile Computing and Networking, Rome, 16–21 July 2001, pp 189–199
Pietro RD, Oligeri G (2013) COKE crypto-less over-the-air key establishment. IEEE IEEE Trans Inf Forensics Secur 8(1):163–173
Premnath SN, Jana S, Croft J, Gowda PL, Clark M, Kasera SK, Patwari N, Krishnamurthy SV (2013) Secret key extraction from wireless signal strength in real environments. IEEE Trans Mob Comput 12(5):917–930
Ruj S, Nayak A, Stojmenovic I (2013) Pairwise and triple key distribution in wireless sensor networks with applications. IEEE Trans Comput 62(11):2224–2237
Sadeghi A, Wachsmann C, Waidner M (2015) Security and privacy challenges in industrial Internet of Things. In: Proceedings of the 52nd Annual Design Automation Conference, San Francisco, 7–11 June 2015, pp 54:1–54:6
Shen J, Moh S, Chung I (2012) Identity-based key agreement protocol employing a symmetric balanced incomplete block design. J Commun Netw 14(6):682–691
Shen J, Wang A, Wang C, Hung PCK, Lai C (2017) An efficient centroid-based routing protocol for energy management in WSN-assisted IoT. IEEE Access 5:18469–18479
Shen J, Zhou T, He D, Zhang Y, Sun X, Xiang Y (2017, to be appear) Block design-based key agreement for group data sharing in cloud computing. IEEE Trans Dependable Secure Comput
Shen J, Zhou T, Lai CF, Li J, Li X (2017) Hierarchical trust level evaluation for pervasive social networking. IEEE Access 5:1178–1187
Shen J, Zhou T, Wei F, Sun X, Xiang Y (2018) Privacy-preserving and lightweight key agreement protocol for v2g in the social internet of things. IEEE Internet Things J 5(4):2526–2536
Shen J, Zhou T, Chen X, Li J, Susilo W (2018) Anonymous and traceable group data sharing in cloud computing. IEEE Trans Inf Forensics Secur 13(4):912–925
Shimizu T, Iwai H, Sasaoka H (2011) Physical-layer secret key agreement in two-way wireless relaying systems. IEEE Trans Inf Forensics Secur 6(3–1):650–660
Tang Q, Choo KR (2006) Secure password-based authenticated group key agreement for data-sharing peer-to-peer networks. In: Applied Cryptography and Network Security, 4th International Conference, ACNS 2006, Singapore, 6–9 June 2006, Proceedings, pp 162–177
Wallner D, Harder E, Agee R (1999) Key management for multicast: issues and architectures. No. RFC 2627
Wan Z, Deng RH, Bao F, Preneel B (2007) nPAKE+: a hierarchical group password-authenticated key exchange protocol using different passwords. In: Information and Communications Security, 9th International Conference, ICICS 2007, Zhengzhou, 12–15 Dec 2007, Proceedings, pp 31–43
Wang D, Zhang Z, Wang P, Yan J, Huang X (2016) Targeted online password guessing: an underestimated threat. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, 24–28 Oct 2016, pp 1242–1254
Wang D, Cheng H, Wang P, Huang X, Jian G (2017) Zipf’s law in passwords. IEEE Trans Inf Forensics Secur 12(11):2776–2791
Wang D, Cheng H, He D, Wang P (2018) On the challenges in designing identity-based privacy-preserving authentication schemes for mobile devices. IEEE Syst J 12(1):916–925
Wang D, Li W, Wang P (2018) Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks. IEEE Trans Ind Inf 14(9):4081–4092
Wang M, Zhang Y, Ma J, Wu W (2018, to appear) A universal designated multi verifiers content extraction signature scheme. Int J Comput Sci Eng
Xi W, Qian C, Han J, Zhao K, Zhong S, Li X, Zhao J (2016) Instant and robust authentication and key agreement among mobile devices. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, 24–28 Oct 2016, pp 616–627
Xu L, Zhang Y (2014) Matrix-based pairwise key establishment for wireless mesh networks. Futur Gener Comput Syst 30:140–145
Xu S, Mu Y, Susilo W, Chen X, Huang X, Zhang F (2006) Online/offline signatures and multisignatures for AODV and DSR routing security. IACR Cryptol ePrint Archive 2006, 236
Xu L, Cao X, Zhang Y, Wu W (2013) Software service signature (S3) for authentication in cloud computing. Clust Comput 16(4):905–914
Yang X, Zhang Y, Liu JK, Zeng Y (2016) A trust and privacy preserving handover authentication protocol for wireless networks. In: 2016 IEEE Trustcom/BigDataSE/ISPA, Tianjin, 23–26 Aug 2016, pp 138–143
Ye A, Zheng Y, Xu L, Zhang Y (2017) A road-network based privacy-preserving approach in trajectory publishing. J Internet Technol 18(4):867–876
Zan B, Gruteser M, Hu F (2013) Key agreement algorithms for vehicular communication networks based on reciprocity and diversity theorems. IEEE Trans Veh Technol 62(8):4020–4027
Zeng K, Wu D, Chan AJ, Mohapatra P (2010) Exploiting multiple-antenna diversity for shared secret key generation in wireless networks. In: INFOCOM 2010. 29th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, 15–19 Mar 2010, San Diego, pp 1837–1845
Zhang Y, Xu L, Huang X (2012) Polynomial based key predistribution scheme in wireless mesh networks. J Comput Inf Syst 8(6):2539–2549
Zhang Y, Xu L, Huang X, Li J (2013) Matrix-based pairwise key establishment with pre and post deployment knowledge for wireless mesh networks. In: Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2013, Taichung, 3–5 July 2013, pp 153–158
Zhang Y, Xu L, Xiang Y, Huang X (2013) Matrix-based pairwise key establishment in wireless mesh networks using deployment knowledge. In: Proceedings of IEEE International Conference on Communications, ICC 2013, Budapest, 9–13 June 2013, pp 1604–1608
Zhang Y, Xu L, Xiang Y, Huang X (2013) A matrix-based pairwise key establishment scheme for wireless mesh networks using pre deployment knowledge. IEEE Trans Emerg Top Comput 1(2):331–340
Zhang Y, Xiang Y, Huang X, Xu L (2014) A cross-layer key establishment scheme in wireless mesh networks. In: Computer Security – ESORICS 2014 – 19th European Symposium on Research in Computer Security, Wroclaw, 7–11 Sept 2014. Proceedings, Part I, pp 526–541
Zhang Y, Xu L, Huang X, Li J (2015) Matrix-based key pre-distribution schemes in WMNS using pre and post deployment knowledge. Int J Ad Hoc Ubiquitous Comput 20(4):262–273
Zhang Y, Xiang Y, Huang X (2016) Password-authenticated group key exchange: a cross-layer design. ACM Trans Internet Technol 16(4):24:1–24:20
Zhang Y, Xiang Y, Huang X (2017) A cross-layer key establishment model for wireless devices in cyber-physical systems. In: Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, CPSS@AsiaCCS 2017, Abu Dhabi, 2 Apr 2017, pp 43–53
Zhang Y, Xiang Y, Huang X, Chen X, Alelaiwi A (2018) A matrix-based cross-layer key establishment protocol for smart homes. Inf Sci 429:390–405
Zhang Y, Xiang Y, Wang T, Wu W, Shen J (2018) An over-the-air key establishment protocol using keyless cryptography. Futur Gener Comput Syst 79:284–294
Zhang Y, Xiang Y, Wu W, Alelaiwi A (2018) A variant of password authenticated key exchange protocol. Futur Gener Comput Syst 78:699–711
Zhu S, Setia S, Jajodia S (2003) LEAP: efficient security mechanisms for large-scale distributed sensor networks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, Washington, DC, 27–30 Oct 2003, pp 62–72
Zhu F, Zhang Y, Lin C, Wu W, Meng R (2017) A universal designated multi-verifier transitive signature scheme. In: Information Security and Cryptology – 13th International Conference, Inscrypt 2017, Xi’an, 3–5 Nov 2017, Revised Selected Papers, pp 180–195
Zhu X, Xu F, Novak E, Tan CC, Li Q, Chen G (2017) Using wireless link dynamics to extract a secret key in vehicular scenarios. IEEE Trans Mob Comput 16(7):2065–2078
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Zhang, Y., Huang, X. (2019). Security and Privacy Techniques for the Industrial Internet of Things. In: Alcaraz, C. (eds) Security and Privacy Trends in the Industrial Internet of Things. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-12330-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-12330-7_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12329-1
Online ISBN: 978-3-030-12330-7
eBook Packages: Computer ScienceComputer Science (R0)