A Lightweight Mutual Authentication and Privacy-preservation Scheme for Intelligent Wearable Devices in Industrial-CPS

1. Introduction

The latest developments in Industry 5.0 have enabled the integration of Industrial Internet of Things (IIoT), Industrial Cyber-Physical Systems (I-CPS), big data technologies, Cloud Computing, and Artificial Intelligence (AI) [1]. It has resulted in collecting huge amounts of data from different industrial applications using intelligent IIoT devices. For example, in I-CPS enabled healthcare applications, wearable devices implanted on a patient body are capable to stream the real-time data to the cyberspace for computation, storage and Bigdata analytics [2]. I-CPS facilitate the healthcare entities with cyber computational capabilities for making quicker decisions. To deliver high-quality services at low cost, the healthcare practitioners need to adopt I-CPS based practices. In a healthcare ecosystem, the smart devices of IIoT are capable to gather, analyze, and broadcast a diverse range of data. These devices ensure the real-time monitoring of patients to save lives in an event of emergency, e.g. heart failure, severe pain, asthma, etc. The proliferation in mobile communication bridges the gap among these smart devices and the practitioners by providing seamless and reliable delivery of gathered data [3]. The patient-centric approach of I-CPS enables the remote monitoring of patients with shorter hospital stays and, in most cases, avoiding the hospital altogether. Using industrial techniques in I-CPS, we need to consider the patients’ willingness and feelings about these techniques.

The increasing use of industrial techniques in I-CPS brings new risks, vulnerabilities, and challenges for practitioners and their patients. Not only the IIoT devices and their data, but the complete healthcare ecosystem needs to be secured against the adversarial attacks [4]. The IIoT devices hosting the healthcare applications contain sensitive information, e.g. date of birth, prescriptions, medical histories and social security numbers of the patients. These devices act as gateways to the secured Internet. An adversary may compromise these devices to inject fabricated data, ransomwares and other malwares into the network [5]. In the traditional computing platforms, cybersecurity is a matured domain and can defend against most of these adversarial threats. The existing cybersecurity solutions include cryptographic techniques, secured protocols and privacy protections that require ample of network resources. However, the security requirements and system architecture of IIoT-based I-CPS are different and as such, these existing solutions are not directly applicable [6], [7]. In I-CPS, most of the devices are connected to the Internet for the first time. It is extremely difficult to predict the nature of adversarial threats posed by these devices, if compromised. To secure the I-CPS, data integrity, data confidentiality, data availability, authenticity, and non-repudiation need to be in place [8].

I-CPS enabled healthcare applications consist of resource-constrained sensor nodes and requires lightweight and low-cost protective measures. To deal with the aforementioned challenges, Datagram Transport Layer Security (DTLS) is proposed as a lightweight secured approach for these applications of I-CPS [9]. In literature, numerous DTLS-enabled authentication approaches exist for secured data transmission, and privacy of patients in healthcare applications [8], [10], [11], [12]. In [10], the authors proposed an end-to-end authentication scheme for a mobility-enabled healthcare application. A certificate-based DTLS handshake approach is used for the end-users authentication and authorization. The proposed scheme provides robust mobility using the interconnected smart gateways at the expense of computational overhead due to the use of certificate-based DTLS. In [11], a secured authentication approach was proposed using a Body Sensor Network (BSN). The use of crypto-primitives enable the proposed approach to achieve system efficiency and robustness, and at the same time, provides the transmission confidentiality and authentication among the wearables and a backend server. However, the use of an asymmetric algorithm, i.e., Elliptic-curve cryptography (ECC), incurs additional overhead for these intelligent wearables. In [12], the authors presented a lightweight DTLS-enabled authentication approach for wearables of a smart healthcare system. The proposed approach allows a user to authenticate his/her wearable device(s) and a mobile terminal, prior to establishing a session key among them. The use of bitwise exclusive-OR (XOR) and hash functions make the proposed scheme significantly lightweight for the resource-constrained wearables. The security analysis of DTLS via different techniques, such as the random oracle model [13] and the BurrowsAbadiNeedham (BAN) logic [14], showed that the use of DTLS for secured message exchanges leaves a handful of payload for most of healthcare applications. This remaining payload is not sufficient for these applications due to their larger packet sizes, e.g. healthcare streaming applications.

Besides authentication, the privacy of patients and their data needs to be dealt with utmost care in I-CPS. Different machine learning (ML) algorithms have been used in the literature for this purpose. An ML-based privacy-preserved healthcare framework was presented in [15]. This framework uses ML-based scoring service for the classification, and cryptographic algorithms for data protection. It is a cloud-based framework for privacy risk prediction in healthcare applications. In [16], the authors have provided general guidelines about privacy challenges in AI-based healthcare applications. The proposed work mainly focuses on policies for the usage of AI-based healthcare guidelines to preserve the privacy of patients. In [17], the authors have proposed a framework known as ModelChain. This framework uses ML and Blockchain for privacy preservation of patients in a decentralized environment. ModelChain embeds the intelligence in private Blockchains to preserve the privacy of patients and increases the interoperability between healthcare centers. In [18], the authors have discussed AI-based cyber-physical security and privacy for healthcare applications. They proposed a ciphertext-policy attribute-based encryption (CP-ABE) scheme. In the proposed scheme, complex computation tasks are offloaded to the third parties for reducing load on wearables while preserving their privacy at the same time. Most of these approaches use asymmetric encryption that require ample resources on part of the wearables to perform effectively.

In view of the resource-constrained nature of the healthcare devices, we propose a lightweight mutual authentication scheme for I-CPS. The proposed scheme uses symmetric encryption for the exchange of handshake messages that can be used as an alternative to the DTLS scheme. We perform its security analysis using BAN logic to determine whether the exchanged information is trustworthy and secured against eavesdropping attack, and predict the privacy leakage using a Hidden Markov Model (HMM). The hidden and observable states of HMM are used to measure the risk of data leakage by preserving the privacy of a patient and his/her connected devices. The major contributions of the proposed work are as follow.

1. An authentication scenario is proposed in which a client-server authentication takes place only if the clients, i.e., wearable patients, are within the coverage of their designated servers. Each server maintains a record of pre-shared keys for the clients in its proximity. For the aforementioned scenario, a set of theorems are proposed and their proofs are provided. Each theorem corresponds to a handshake message that takes into account the possibility and probability of an adversarial attack.

2. A privacy risk prediction model is proposed using HMM. The proposed model is used to predict the risk of privacy leakage of the patient identity and his/her data. If the privacy risk is predicted, the patients’ data is altered with a loss in utility. To the best of our knowledge, this is the first ever work on HMM for predicting the privacy leakage.

3. Security analysis of mutual authentication and session key exchange of our proposed scheme are performed using BAN logic. The security goals are set according to the exchanged messages and are proven using the postulates of BAN logic.

The rest of the paper is organized as follow. In Section 2, the network and threat model is briefly explained. In Section 3, our proposed lightweight mutual authentication and privacy-preservation scheme is presented. In Section 4, the security analysis of the proposed scheme is performed using BAN logic. In Section 5, we present the experimental results of our proposed scheme. Finally, the paper is concluded in Section 6.

2. Network and Threat Model

We have considered a healthcare facilitation center, i.e., a hospital within an industry, as a case study of our proposed I-CPS scheme. Various units such as critical care, chaplaincy, cardiology, radiology, wards, and discharge lounge, along with private rooms provide timely healthcare facilities to the patients. These units and rooms are connected to remote servers for storing the patients’ data and other credentials to provide on-demand and responsive services. In Fig. 1, the sensor-embedded wearables, i.e., clients, in various units and rooms are connected to servers via their proxies. Each server facilitates a number of clients within its coverage region. A client is static in the context of the server’s coverage region, i.e., a client remains within the coverage region of its associated server. For seamless and interoperable communication, these clients need to establish secured communication links to their concerned servers.

In healthcare applications, any adversarial attack can lead to the loss of precious lives and the associated medical data. An adversary may establish secured connections to the servers if its authentication requests are accepted. The smart healthcare environment of Fig. 1 is prone to various types of adversarial attacks. An adversary may infiltrate the network by seizing the identities of clients and servers to pose various threats. It is important to mention that in Fig. 1 the adversary uses a smartphone to launch the attacks. Moreover, it may clone itself for a large-scale adversarial effect on the overall system. To prevent such threats, we propose a lightweight mutual authentication approach for resource-starving intelligent wearables. Our authentication approach is resilient against the following threats.

1. Replay: An adversary may replay a stream of previously transmitted messages to the clients or servers.

2. Forward and Backward Secrecy: An adversary may launch this attack by seizing the session key to predict the outcome of previous or future sessions.

3. Client and Server Impersonation: An adversary may impersonate a legitimate client to the server by fabricating the pre-shared key of the given client. Moreover, it may impersonate a legitimate server to one or more clients by fabricating the session key of the given server.

4. Anonymity and Untraceability: An adversary may launch this attack by extracting the one-time nonces, and the identities of clients and servers from exchanged messages. In doing so, it may interlink various sessions to maliciously affect the clients and servers.

5. Eavesdropping: An adversary may launch active or passive eavesdropping by listening to the communication in transit. It may seize various messages, manipulate them, and may launch other types of attacks. The use of pseudo-random nonces in our approach restricts an adversary from launching this attack.

6. Denial of Service (DoS): An adversary may broadcast excessive requests to the clients or servers to authenticate itself. By doing so, it may deprive the legitimate clients from exchanging their data with the legitimate servers. The use of pre-shared keys restricts an adversary from launching a denial-of-service (DoS) attack in our approach.

3. A Lightweight Mutual Authentication and Privacy-preservation Scheme

In this section, we discuss our mutual authentication and privacy preservation scheme for the healthcare facilitation center of Fig. 1. Numerous wearables within the hospital communicate with their concerned servers for authentication, as shown in Fig. 2. In this figure, A is the set of attackers, C is the set of clients, and S is the set of servers, where C_i can communicate either directly with S_j or via a proxy (P). Our proposed scheme comprises of C_i clients and S_j servers, where i={1, 2, 3, …, I} and j={1, 2, 3, …, J}, such that i, j ∈ N, and i > j. Here, N is the total number of C_i and S_j in the network, i.e., N=C_i ∪ S_j. C_i are dynamic in nature and may change their positions quite frequently, whereas S_j are static in nature. Our proposed scheme initiates a four-way handshake between any C_i and S_j for mutual authentication. If the handshake is successful, S_j provides a session key to C_i for data transmission. The list of Symbol used in authentication is given in Table 1. We discuss mutual authentication in Section 3.1 and privacy risk prediction using HMM in Section 3.2.

4. Security Analysis

In this section, we analyze the mutual authentication and session key (μ) of our proposed scheme using BAN logic [22]. BAN logic describes the trust of two parties involved in the communication. The notations and rules used in BAN logic are given in Table 2.

1. The Postulates of BAN logic are given below,

   1. Postulate of Rule-1 is, ${\lambda }_i=\frac{{\text{S}}_j\text{believes}{\text{C}}_i\stackrel{{\lambda }_i}{\leftrightarrow }{\text{S}}_j, {\text{S}}_j\text{sees}{\left\{\text{X}\right\}}_{{\lambda }_i}}{ {\text{S}}_j\text{believes}{\text{C}}_i\text{said}\text{X}}$
   2. Postulate of Rule-2 is, $\frac{{\text{S}}_j\text{believes}\text{fresh}(\text{X}),{\text{S}}_j\text{believes}{\text{C}}_i\text{said}\text{X}}{{\text{S}}_j\text{believes}{\text{C}}_i\text{believes}\text{X}}$
   3. Postulate of Rule-3 is, $\frac{{\text{S}}_j\text{believes}{\text{C}}_i\text{controls}\text{X},{\text{S}}_j\text{believes}{\text{C}}_i\text{believes}\text{X}}{{\text{S}}_j\text{believes}\text{X}}$
   4. Postulate of Rule-4 is, $\frac{{\text{S}}_j\text{believes}\text{fresh}(\text{X})}{{\text{S}}_j\text{believes}\text{fresh}(\text{X},\text{Y})}$
2. The following security goals must be met by the proposed scheme,

   $${\text{G}}_1.{\text{S}}_j\mid \equiv {\text{C}}_i\Rightarrow {\mu }_j$$

   $${\text{G}}_2.{\text{C}}_i\mid \equiv {\text{S}}_j\Rightarrow {\mu }_j$$

   $${\text{G}}_3.{\text{S}}_j|\equiv {\text{C}}_i|\equiv {\text{S}}_j\stackrel{{\mu }_j}{\leftrightarrow }{\text{C}}_i$$

   $${\text{G}}_4.{\text{C}}_i|\equiv {\text{S}}_j|\equiv {\text{C}}_i\stackrel{{\mu }_j}{\leftrightarrow }{\text{S}}_j$$

3. The proposed scheme should be transformed into an idealized form as below,

   $${\text{Msg}}_1.{\text{C}}_i\to {\text{S}}_j:{\left({\lambda }_i\left({\text{ID}}_i\right)\right)}_{h()}$$

   $${\text{Msg}}_2.{\text{S}}_j\to {\text{C}}_i:{\left({\lambda }_i\left({\lambda }_i\oplus {\mu }_j\Vert {\eta }_{\mathit{\text{server}}}\right)\right)}_{h()}$$

   $${\text{Msg}}_3.{\text{C}}_i\to {\text{S}}_j:{\left({\mu }_j\left({\eta }_{\mathit{\text{server}}}\oplus {\lambda }_i\Vert {\eta }_{\mathit{\text{client}}}\right)\right)}_{h()}$$

   $${\text{Msg}}_4.{\text{S}}_j\to {\text{C}}_i:{\left({\lambda }_i\left({\eta }_{\mathit{\text{client}}}\Vert {\mu }_j\right)\right)}_{h()}$$

4. The following assumptions are mandatory for BAN logic.

   $${\text{A}}_1.{\text{C}}_i\mid \equiv {\text{S}}_j\stackrel{{\lambda }_i}{\leftrightarrow }{\text{C}}_i$$

   $${\text{A}}_2.{\text{S}}_j\mid \equiv {\text{C}}_i\stackrel{{\lambda }_i\left(I{D}_i\right)}{\leftrightarrow }{\text{S}}_j$$

   $${\text{A}}_3.{\text{C}}_i\mid \equiv {\text{S}}_j\stackrel{{\lambda }_i\left({\eta }_{\mathit{\text{server}}}\right)}{\leftrightarrow }{\text{C}}_i$$

   $${\text{A}}_4.{\text{S}}_j\mid \equiv {\text{C}}_i\stackrel{{\lambda }_i\left({\eta }_{\mathit{\text{client}}}\right)}{\leftrightarrow }{\text{S}}_j$$

   $${\text{A}}_5.{\text{C}}_i\mid \equiv \text{\#}\left({\lambda }_i\left({\eta }_{\mathit{\text{server }}}\right)\right)$$

   $${\text{A}}_6.{\text{S}}_j\mid \equiv \text{\#}\left({\lambda }_i\left({\eta }_{\mathit{\text{client }}}\right)\right)$$

   $${\text{A}}_7.{\text{S}}_j\mid \equiv {\text{C}}_i\Rightarrow {\text{S}}_j\stackrel{{\mu }_j}{\leftrightarrow }{\text{C}}_i$$

   $${\text{A}}_8.{\text{C}}_i\mid \equiv {\text{S}}_j\Rightarrow {\text{C}}_i\stackrel{{\mu }_j}{\leftrightarrow }{\text{S}}_j$$

5. We analyze security of the proposed scheme based on the idealized form,

   • s₁. From Msg₁, we obtain S_j◁ (λ_i(ID_i))_h()
   • s₂. Applying Rule-1 and A₂, we get S_j | ≡ C_i | ~ (λ_i(ID_i))_h()
   • s₃. Applying Rule-4 and A₆, we obtain S_j | ≡ #((λ_i(ID_i))_h())
   • Then, we apply Rule-2 to get S_j | ≡ C_i | ≡ #(λ_i(ID_i))_h()
   • s₄. From Msg₂, we obtain C_i◁ (λ_i(λ_i ⊕ μ_j∥η_server))_h()
   • s₅. Applying Rule-1 and A₁, we get C_i | ≡ S_j | ~ (λ_i(λ_i ⊕ μ_j∥η_server))_h()
   • s₆. Applying Rule-4 and A₅, we obtain C_i | ≡ #(λ_i(λ_i ⊕ μ_j∥η_server))_h()
   • Then, we apply Rule-2 to get C_i | ≡ S_j | ≡ (λ_i(λ_i ⊕ μ_j∥η_server))_h()
   • s₇. From Msg₃, we obtain S_j◁ (μ_j(η_server⊕λ_i∥η_client))_h()
   • s₈. Applying Rule-1 and A₂, we get S_j | ≡ C_i | ~ (μ_j(η_server ⊕ λ_i∥η_client))_h()
   • s₉. Applying Rule-4 and A₆, we obtain S_j | ≡ #(μ_j(η_server ⊕ λ_i∥η_client))_h()
   • Then, we apply Rule-2 to get S_j | ≡ C_i | ≡ (μ_j(η_server ⊕ λ_i∥η_client))_h()
   • s₁₀. From Msg₄, we obtain C_i◁ (λ_i(η_client∥μ_j))_h()
   • s₁₁. Applying Rule-1 and A₁, we get C_i | ≡ S_j | ~ (λ_i(η_client∥μ_j))_h()
   • s₁₂. Applying Rule-4 and A₅, we obtain C_i | ≡ #(λ_i(η_client∥μ_j))_h()
   • Then, we apply Rule-2 to get C_i | ≡ S_j | ≡ (μ_j(η_server ⊕ λ_i∥η_client))_h()
   • s₁₃. Applying the logic rule of BAN to s₁₂ and A₄, which split conjunctions that yields ${\text{C}}_i|\equiv {\text{S}}_j|\equiv {\text{C}}_i\stackrel{{\mu }_j}{\leftrightarrow }{\text{S}}_j$, (Goal 4)
   • s₁₄. Applying the logic rule of BAN to s₉ and A₃, which split conjunctions that yields ${\text{S}}_j|\equiv {\text{C}}_i|\equiv {\text{S}}_j\stackrel{{\mu }_j}{\leftrightarrow }{\text{C}}_i$, (Goal 3)
   • s₁₅. Applying Rule-3 to s₁₃ and A₈, which results in C_i | ≡ S_j ⇒ μ_j, (Goal 2)
   • s₁₆. Applying Rule-3 to s₁₄ and A₇, which results in S_j| ≡ C_i ⇒ μ_j, (Goal 1)

By performing the security analysis of our proposed scheme using BAN logic, the four security goals G₁, G₂, G₃, and G₄ are achieved. In the next section, we present the experimental results of our proposed scheme.

5. Experimental Results

In this section, we evaluate the performance of our approach against existing state of the art schemes. For authentication, we used Netduino Plus 2 boards as clients and Netduino 3 boards as servers. The Netduino 3 boards were interfaced with MATLAB ThingSpeak^™ server via the μPLibrary 1.8¹. This library abstracts the ThingSpeak API and works with these boards using .NET Micro Framework. For privacy-preservation, we relied on Matlab simulation at the ThingSpeak^™ server. We evaluate the performance of our approach in term of computational, communication, storage overheads, and its resilience against various adversarial threats. These boards are resource-constrained and as such, lightweight authentication approaches need to be designed. For this purpose, we tested our proposed authentication in terms of computation, communication and storage overhead incur by our authentication. For privacy preservation, we tested our approach through privacy risk prediction and privacy risk alleviation.

In Table 3, we provide a summary of the computational overhead analysis. We compare the execution time of our scheme against the existing schemes. In this table, T_h and T_XOR refer to the computational time needed to perform the hash and XOR operations. In our scheme, the encryption with λ_i and μ_j works similar to hashing. The proposed scheme requires only 2T_h+2T_XOR execution time at the C_i and S_j. The low computational overhead is contributed mainly to the lightweight mechanism adopted by λ_k(ID_k)_h(), γ_challenge, β_challenge, and γ_response of the proposed scheme.

In Table 4, we provide a summary of the communication overhead analysis of our scheme against the existing schemes. The proposed scheme requires four handshake messages for the authentication. In this scenario, λ_k(ID_k)_h() is 128 bits, and γ_challenge, β_challenge, and γ_response are 256 bits each. Hence, a total of 896 bit communication overhead is incurred by these messages. In comparison, the existing schemes have much higher communication overhead due to the complex cipher-suites and the involvement of resource-intensive operators.

In Table 5, we compare the storage overhead incurred by C_i and S_j of our proposed authentication scheme. In the proposed scheme, each C_i stores its ID_i and λ_i, respectively. On the other hand, each S_j stores ID_i and λ_i for n clients associated with it. In comparison, in [23] and [9], each C_i stores its ID_i and λ_i along with ID_G and λ_G of the gateway. In these schemes, each C_i is connected to its S_j via a gateway. Moreover, each S_j in these schemes incur excessive storage overhead as they need to store the security primitives of n clients and m gateways. As discussed earlier, λ_i is of 128 bit. Thus the cost incurred by S_j is n times higher than C_i for storing λ_i of n clients in [23] and it is m times higher than C_i for storing λ_G of m gateways. Similar to [23], the cost incurred by S_j is n times higher than C_i for storing λ_i of n clients, and it is m times higher than C_i for storing λ_G of m gateways.

In Table 6, the resilience of our scheme against various adversarial attacks is compared with the existing schemes. In our scheme, η_client and η_server are generated by a pseudo-random number R_i and appended to a timer T_i. This combination of T_i and R_i makes it extremely difficult for an adversary to replay messages. In our scheme, the use of one-time nonces η_client and η_server restrict the adversary from active eavesdropping. An A_k may compromise the μ_j, however, the latter does not reveal any information about the previous or future sessions. This is mainly because μ_j is a one-time session key generated every time. Hence, forward and backward secrecy is maintained by our scheme. An A_k may intercept the exchanged handshake messages 〈λ_i(ID_i)_h(), γ_challenge, β_challenge, γ_response〉 and may generate different message patterns such as $\langle {\lambda }_k{\left(I{D}_k\right)}_{h()},{\gamma }_{\mathit{\text{challenge}}}^k,{\beta }_{\mathit{\text{challenge}}}^k,{\gamma }_{\mathit{\text{response }}}^k\rangle$. The A_k may impersonate as C_i by transmitting λ_k(ID_k)_h(), and ${\beta }_{\mathit{\text{challenge}}}^k$ to S_j. Also, the same A_k impersonates as S_j by transmitting ${\gamma }_{\mathit{\text{challenge}}}^k$ and ${\gamma }_{\mathit{\text{response}}}^k$ to C_i. To impersonate as C_i or S_j, A_k would need λ_i. Because, A_k fabricates its own λ_k that does not exist either with C_i or S_j, i.e., λ_k ≠ λ_i, hence it is unable to launch client or server impersonation attack. Moreover, A_k would need to fabricate η_k, μ_k and ID_k as well to launch these attacks. These parameters are computationally inefficient to be calculated as each one would require 2¹²⁸ attempts. In our scheme, the identities of C_i and S_j are masked in the messages (λ_i(ID_i))_h(), γ_challenge, β_challenge, and γ_response. An A_k cannot interpret the identities of C_i and S_j from the aforementioned messages as they are protected upon encryption by λ_i and μ_j. As a result, the anonymity of C_i and S_j is preserved. Moreover, our proposed scheme uses fresh nonces, i.e., η_client and η_server for every new session, and a new timer T_i as well. Hence, all sessions are non-linkable and A_k is unable to trace any C_i and S_j from previous messages, thus providing untraceability feature. Finally, S_j restricts a C_i to only one connection at a given time. As a result, it is extremely difficult for an adversary to launch a DoS attack. In comparison to our scheme, all the existing schemes are susceptible to one or more such attacks and affect the privacy of C_i and S_j in one way or the other.

Our proposed scheme has used HMM to predict the privacy leakage of a client. In Fig. 4, we have shown the client’s privacy risk against the number of entries. The privacy risk is associated with the number of visits, i.e., entries, a client makes to a hospital server. As evident from this figure, the privacy of linkable clients is higher than unlinkable clients, where a linkable client is the one whose personal identification can be extracted from entries and search results on a particular topic. For example, when a client searched for a specialist practitioner and read his/her profile or read about a particular disease etc. When a client visits the hospital server for the first time, his/her privacy risk is relatively low and increases with each entry to the hospital server. If the personal identification of this new client is linkable, the privacy risk is higher in comparison to unlinkable client. Similarly, for old linkable clients, the privacy risk is highest and is moderate for unlinkable clients. The proposed scheme preserve the privacy of clients by predicting the privacy leakage using HMM. When the predicted privacy leakage crosses a specified threshold, the risk is altered, as shown in Fig. 5. The threshold is probabilistic and application-dependent that can be changed according to the application requirements. In this paper, the threshold probability is 0.52, and once privacy leakage crosses it, the client’s information is altered, and risk is alleviated, as shown in Fig. 5.

6. Conclusion

In this paper, we proposed a lightweight mutual authentication and key establishment scheme for IIoT wearable devices of I-CPS. The proposed scheme is based on client-server interaction model that uses symmetric encryption. It is extremely lightweight and is suitable for large-scale I-CPS infrastructures. It is feasible for clients having limited resources and requires low computational, communication and storage overhead while interacting with the servers for the exchange of session keys. After authentication, the privacy leakage of clients and their data is predicted using HMM. Upon privacy leakage detection, the data is altered through semantic similarity function with a loss in utility. The efficiency, correctness, and robustness of the security scheme is analyzed using BAN logic. The analysis shows that the proposed scheme is highly resilient against various adversarial attack. Moreover, it is efficient in terms of computation, communication, and storage overhead due to lightweight primitives, fewer number of exchanged messages and the absence of gateways, respectively. In the future, we aim to use Software-defined Network (SDN) for analyzing the exchanged data and the behavior of interacting entities of our scheme.

Biographies