Skip to main content
SpringerLink
Log in

Security and Privacy Techniques for the Industrial Internet of Things

  • Chapter
  • First Online:
Security and Privacy Trends in the Industrial Internet of Things

Abstract

The wide employment of Internet of Things (IoT) across industrial sectors creates the Industrial Internet of Things (IIoT). In practical applications, however, the IIoT has many attack surfaces. As a result, the IIoT is vulnerable to kinds of attacks, including physical attacks (such as the invasive hardware attacks, side-channel attacks and reverse-engineering attacks), malicious code (such as Trojans, viruses and runtime attacks), and other attacks (such as phishing and sabotage). To ensure the security and privacy of the IIoT, many countermeasures have been proposed, a non-exhaustive list includes authentication techniques, secure routing techniques, intrusion detection techniques, signature techniques, and key establishment techniques. As a fundamental countermeasure, key establishment has been extensively and intensively studied. In this chapter, we will present a survey and taxonomy of the key establishment protocols. Specifically, we will review the conventional key establishment protocols which are designed at higher layers and the physical layer. By reviewing the conventional key establishment protocols, we aim to illustrate the necessity of designing cross-layer key establishment protocols for the IIoT. Then, we will provide the detailed review of cross-layer key establishment protocols. The review illustrates that, the cross-layer design enables the IIoT devices to establish communication keys without the trusted entity and the secret sharing assumption. At the end of this chapter, we will provide a conclusion and point out some future research trends of the IIoT.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 159.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Here \(|\mathbb {D}|\) is the size of the password dictionary \(\mathbb {D}\). Recall that physical layer key extraction algorithms extract secrets bits using the channel’s randomness, and the algorithms are designed without assuming the computationally-bounded adversary. Namely, the physical layer key extraction algorithms achieve information-theoretical secrecy. Thus, in [70], the extracted passwords are independently and uniformly distributed in the password dictionary \(\mathbb {D}\). Furthermore, \(|\mathbb {D}|\ll q\), i.e., \(\mathbb {D}\subset \mathbb {Z}_{q}^{*}\).

  2. 2.

    In practice, at the end of the time slot ST 1, device V  has phase offset ϕ UV = ϕ 1 + ϕ UV and amplitude deviation A UV = A + A UV. Both ϕ UV and A UV can be used to extract secrets. In [70], only the phase offsets are used to extract secrets in order to simplify the descriptions.

References

  1. Abdalla M, Pointcheval D (2006) A scalable password-based group key exchange protocol in the standard model. In: Advances in Cryptology – ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, 3–7 Dec 2006, Proceedings, pp 332–347

    Google Scholar 

  2. Abdalla M, Bresson E, Chevassut O, Pointcheval D (2006) Password-based group key exchange in a constant number of rounds. In: Public Key Cryptography – PKC 2006, 9th International Conference on Theory and Practice of Public-Key Cryptography, New York, 24–26 Apr 2006, Proceedings, pp 427–442

    Google Scholar 

  3. Abdalla M, Bohli J, Vasco MIG, Steinwandt R (2007) (Password) authenticated key establishment: from 2-party to group. In: Theory of Cryptography, 4th Theory of Cryptography Conference, TCC 2007, Amsterdam, 21–24 Feb 2007, Proceedings, pp 499–514

    Google Scholar 

  4. Abdalla M, Chevalier C, Granboulan L, Pointcheval D (2011) Contributory password-authenticated group key exchange with join capability. In: Topics in Cryptology – CT-RSA 2011 – The Cryptographers’ Track at the RSA Conference 2011, San Francisco, 14–18 Feb 2011. Proceedings, pp 142–160

    Google Scholar 

  5. Abdalla M, Benhamouda F, MacKenzie P (2015) Security of the J-PAKE password-authenticated key exchange protocol. In: 2015 IEEE Symposium on Security and Privacy (SP), pp 571–587

    Google Scholar 

  6. Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. In: Advances in Cryptology – EUROCRYPT 2000, International Conference on the Theory and Application of Cryptographic Techniques, Bruges, 14–18 May 2000, Proceeding, pp 139–155

    Chapter  Google Scholar 

  7. Blom R (1984) An optimal class of symmetric key generation systems. In: Advances in Cryptology: Proceedings of EUROCRYPT 84, A Workshop on the Theory and Application of Cryptographic Techniques, Paris, 9–11 Apr 1984, Proceedings, pp 335–338

    Google Scholar 

  8. Burmester M, Desmedt Y (1994) A secure and efficient conference key distribution system (extended abstract). In: Advances in Cryptology – EUROCRYPT’94, Workshop on the Theory and Application of Cryptographic Techniques, Perugia, 9–12 May 1994, Proceedings, pp 275–286

    Google Scholar 

  9. Çamtepe SA, Yener B (2007) Combinatorial design of key distribution mechanisms for wireless sensor networks. IEEE/ACM Trans Netw 15(2):346–358

    Article  Google Scholar 

  10. Cao X, Xu L, Zhang Y, Wu W (2012) Identity-based proxy signature for cloud service in saas. In: 2012 Fourth International Conference on Intelligent Networking and Collaborative Systems, INCoS 2012, Bucharest, 19–21 Sept 2012, pp 594–599

    Google Scholar 

  11. Castelluccia C, Mutaf P (2005) Shake them up! a movement-based pairing protocol for CPU-constrained devices. In: Proceedings of the 3rd International Conference on Mobile Systems, Applications, and Services, MobiSys 2005, Seattle, 6–8 June 2005, pp 51–64

    Google Scholar 

  12. Chan H, Perrig A, Song DX (2003) Random key predistribution schemes for sensor networks. In: 2003 IEEE Symposium on Security and Privacy (S&P 2003), 11–14 May 2003, Berkeley, p 197

    Google Scholar 

  13. Du W, Deng J, Han YS, Varshney PK (2003) A pairwise key pre-distribution scheme for wireless sensor networks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, Washington, 27–30 Oct 2003, pp 42–51

    Google Scholar 

  14. Du W, Deng J, Han YS, Chen S, Varshney PK (2004) A key management scheme for wireless sensor networks using deployment knowledge. In: Proceedings IEEE INFOCOM 2004, The 23rd Annual Joint Conference of the IEEE Computer and Communications Societies, Hong Kong, 7–11 Mar 2004

    Google Scholar 

  15. Du W, Deng J, Han YS, Varshney PK (2006) A key predistribution scheme for sensor networks using deployment knowledge. IEEE Trans Dependable Secure Comput 3(1):62–77

    Article  Google Scholar 

  16. Du H, Li J, Zhang Y, Li T, Zhang Y (2012) Certificate-based key-insulated signature. In: Data and Knowledge Engineering – Third International Conference, ICDKE 2012, Wuyishan, 21–23 Nov 2012. Proceedings, pp 206–220

    Chapter  Google Scholar 

  17. Eschenauer L, Gligor VD (2002) A key-management scheme for distributed sensor networks. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, Washington, 18–22 Nov 2002, pp 41–47

    Google Scholar 

  18. Groce A, Katz J (2010) A new framework for efficient password-based authenticated key exchange. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, 4–8 Oct 2010, pp 516–525

    Google Scholar 

  19. Huang X, Susilo W, Mu Y, Zhang F (2005) On the security of certificateless signature schemes from asiacrypt 2003. In: Cryptology and Network Security, 4th International Conference, CANS 2005, Xiamen, 14–16 Dec 2005, Proceedings, pp 13–25

    Chapter  Google Scholar 

  20. Huang X, Mu Y, Susilo W, Wong DS, Wu W (2007) Certificateless signature revisited. In: Information Security and Privacy, 12th Australasian Conference, ACISP 2007, Townsville, 2–4 July 2007, Proceedings, pp 308–322

    Google Scholar 

  21. Jana S, Premnath SN, Clark M, Kasera SK, Patwari N, Krishnamurthy SV (2009) On the effectiveness of secret key extraction from wireless signal strength in real environments. In: Proceedings of the 15th Annual International Conference on Mobile Computing and Networking, MOBICOM 2009, Beijing, 20–25 Sept 2009, pp 321–332

    Google Scholar 

  22. Jiang S, Gong G (2004) Password based key exchange with mutual authentication. In: Selected Areas in Cryptography, 11th International Workshop, SAC 2004, Waterloo, 9–10 Aug 2004, Revised Selected Papers, pp 267–279

    Chapter  Google Scholar 

  23. Katz J, Vaikuntanathan V (2013) Round-optimal password-based authenticated key exchange. J Cryptol 26(4):714–743

    Article  MathSciNet  Google Scholar 

  24. Katz J, Ostrovsky R, Yung M (2001) Efficient password-authenticated key exchange using human-memorable passwords. In: Advances in Cryptology – EUROCRYPT 2001, International Conference on the Theory and Application of Cryptographic Techniques, Innsbruck, 6–10 May 2001, Proceeding, pp 475–494

    Google Scholar 

  25. Lai B, Kim S, Verbauwhede I (2002) Scalable session key construction protocol for wireless sensor networks. In: IEEE Workshop on Large Scale RealTime and Embedded Systems (LARTES), p 7

    Google Scholar 

  26. Li J, Du H, Zhang Y, Li T, Zhang Y (2014) Provably secure certificate-based key-insulated signature scheme. Concurr Comput Pract Exp 26(8):1546–1560

    Article  Google Scholar 

  27. Liu D, Ning P (2003) Establishing pairwise keys in distributed sensor networks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, Washington, 27–30 Oct 2003, pp 52–61

    Google Scholar 

  28. Mathur S, Trappe W, Mandayam NB, Ye C, Reznik A (2008) Radio-telepathy: extracting a secret key from an unauthenticated wireless channel. In: Proceedings of the 14th Annual International Conference on Mobile Computing and Networking, MOBICOM 2008, San Francisco, 14–19 Sept 2008, pp 128–139

    Google Scholar 

  29. Peng K, Zhang Y (2012) A secure mix network with an efficient validity verification mechanism. In: Internet and Distributed Computing Systems – 5th International Conference, IDCS 2012, Wuyishan, Fujian, 21–23 Nov 2012. Proceedings, pp 85–96

    Google Scholar 

  30. Peng J, Choo KR, Ashman H (2016) User profiling in intrusion detection: a review. J Netw Comput Appl 72:14–27

    Article  Google Scholar 

  31. Peng Y, Wang P, Xiang W, Li Y (2017) Secret key generation based on estimated channel state information for TDD-OFDM systems over fading channels. IEEE Trans Wirel Commun 16(8):5176–5186

    Article  Google Scholar 

  32. Perrig A, Szewczyk R, Wen V, Culler DE, Tygar JD (2001) SPINS: security protocols for sensor netowrks. In: MOBICOM 2001, Proceedings of the Seventh Annual International Conference on Mobile Computing and Networking, Rome, 16–21 July 2001, pp 189–199

    Google Scholar 

  33. Pietro RD, Oligeri G (2013) COKE crypto-less over-the-air key establishment. IEEE IEEE Trans Inf Forensics Secur 8(1):163–173

    Article  Google Scholar 

  34. Premnath SN, Jana S, Croft J, Gowda PL, Clark M, Kasera SK, Patwari N, Krishnamurthy SV (2013) Secret key extraction from wireless signal strength in real environments. IEEE Trans Mob Comput 12(5):917–930

    Article  Google Scholar 

  35. Ruj S, Nayak A, Stojmenovic I (2013) Pairwise and triple key distribution in wireless sensor networks with applications. IEEE Trans Comput 62(11):2224–2237

    Article  MathSciNet  Google Scholar 

  36. Sadeghi A, Wachsmann C, Waidner M (2015) Security and privacy challenges in industrial Internet of Things. In: Proceedings of the 52nd Annual Design Automation Conference, San Francisco, 7–11 June 2015, pp 54:1–54:6

    Google Scholar 

  37. Shen J, Moh S, Chung I (2012) Identity-based key agreement protocol employing a symmetric balanced incomplete block design. J Commun Netw 14(6):682–691

    Article  Google Scholar 

  38. Shen J, Wang A, Wang C, Hung PCK, Lai C (2017) An efficient centroid-based routing protocol for energy management in WSN-assisted IoT. IEEE Access 5:18469–18479

    Article  Google Scholar 

  39. Shen J, Zhou T, He D, Zhang Y, Sun X, Xiang Y (2017, to be appear) Block design-based key agreement for group data sharing in cloud computing. IEEE Trans Dependable Secure Comput

    Google Scholar 

  40. Shen J, Zhou T, Lai CF, Li J, Li X (2017) Hierarchical trust level evaluation for pervasive social networking. IEEE Access 5:1178–1187

    Article  Google Scholar 

  41. Shen J, Zhou T, Wei F, Sun X, Xiang Y (2018) Privacy-preserving and lightweight key agreement protocol for v2g in the social internet of things. IEEE Internet Things J 5(4):2526–2536

    Article  Google Scholar 

  42. Shen J, Zhou T, Chen X, Li J, Susilo W (2018) Anonymous and traceable group data sharing in cloud computing. IEEE Trans Inf Forensics Secur 13(4):912–925

    Article  Google Scholar 

  43. Shimizu T, Iwai H, Sasaoka H (2011) Physical-layer secret key agreement in two-way wireless relaying systems. IEEE Trans Inf Forensics Secur 6(3–1):650–660

    Article  Google Scholar 

  44. Tang Q, Choo KR (2006) Secure password-based authenticated group key agreement for data-sharing peer-to-peer networks. In: Applied Cryptography and Network Security, 4th International Conference, ACNS 2006, Singapore, 6–9 June 2006, Proceedings, pp 162–177

    Chapter  Google Scholar 

  45. Wallner D, Harder E, Agee R (1999) Key management for multicast: issues and architectures. No. RFC 2627

    Google Scholar 

  46. Wan Z, Deng RH, Bao F, Preneel B (2007) nPAKE+: a hierarchical group password-authenticated key exchange protocol using different passwords. In: Information and Communications Security, 9th International Conference, ICICS 2007, Zhengzhou, 12–15 Dec 2007, Proceedings, pp 31–43

    Google Scholar 

  47. Wang D, Zhang Z, Wang P, Yan J, Huang X (2016) Targeted online password guessing: an underestimated threat. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, 24–28 Oct 2016, pp 1242–1254

    Google Scholar 

  48. Wang D, Cheng H, Wang P, Huang X, Jian G (2017) Zipf’s law in passwords. IEEE Trans Inf Forensics Secur 12(11):2776–2791

    Article  Google Scholar 

  49. Wang D, Cheng H, He D, Wang P (2018) On the challenges in designing identity-based privacy-preserving authentication schemes for mobile devices. IEEE Syst J 12(1):916–925

    Article  Google Scholar 

  50. Wang D, Li W, Wang P (2018) Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks. IEEE Trans Ind Inf 14(9):4081–4092

    Article  Google Scholar 

  51. Wang M, Zhang Y, Ma J, Wu W (2018, to appear) A universal designated multi verifiers content extraction signature scheme. Int J Comput Sci Eng

    Google Scholar 

  52. Xi W, Qian C, Han J, Zhao K, Zhong S, Li X, Zhao J (2016) Instant and robust authentication and key agreement among mobile devices. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, 24–28 Oct 2016, pp 616–627

    Google Scholar 

  53. Xu L, Zhang Y (2014) Matrix-based pairwise key establishment for wireless mesh networks. Futur Gener Comput Syst 30:140–145

    Article  Google Scholar 

  54. Xu S, Mu Y, Susilo W, Chen X, Huang X, Zhang F (2006) Online/offline signatures and multisignatures for AODV and DSR routing security. IACR Cryptol ePrint Archive 2006, 236

    Google Scholar 

  55. Xu L, Cao X, Zhang Y, Wu W (2013) Software service signature (S3) for authentication in cloud computing. Clust Comput 16(4):905–914

    Article  Google Scholar 

  56. Yang X, Zhang Y, Liu JK, Zeng Y (2016) A trust and privacy preserving handover authentication protocol for wireless networks. In: 2016 IEEE Trustcom/BigDataSE/ISPA, Tianjin, 23–26 Aug 2016, pp 138–143

    Google Scholar 

  57. Ye A, Zheng Y, Xu L, Zhang Y (2017) A road-network based privacy-preserving approach in trajectory publishing. J Internet Technol 18(4):867–876

    Google Scholar 

  58. Zan B, Gruteser M, Hu F (2013) Key agreement algorithms for vehicular communication networks based on reciprocity and diversity theorems. IEEE Trans Veh Technol 62(8):4020–4027

    Article  Google Scholar 

  59. Zeng K, Wu D, Chan AJ, Mohapatra P (2010) Exploiting multiple-antenna diversity for shared secret key generation in wireless networks. In: INFOCOM 2010. 29th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, 15–19 Mar 2010, San Diego, pp 1837–1845

    Google Scholar 

  60. Zhang Y, Xu L, Huang X (2012) Polynomial based key predistribution scheme in wireless mesh networks. J Comput Inf Syst 8(6):2539–2549

    Google Scholar 

  61. Zhang Y, Xu L, Huang X, Li J (2013) Matrix-based pairwise key establishment with pre and post deployment knowledge for wireless mesh networks. In: Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2013, Taichung, 3–5 July 2013, pp 153–158

    Google Scholar 

  62. Zhang Y, Xu L, Xiang Y, Huang X (2013) Matrix-based pairwise key establishment in wireless mesh networks using deployment knowledge. In: Proceedings of IEEE International Conference on Communications, ICC 2013, Budapest, 9–13 June 2013, pp 1604–1608

    Google Scholar 

  63. Zhang Y, Xu L, Xiang Y, Huang X (2013) A matrix-based pairwise key establishment scheme for wireless mesh networks using pre deployment knowledge. IEEE Trans Emerg Top Comput 1(2):331–340

    Article  Google Scholar 

  64. Zhang Y, Xiang Y, Huang X, Xu L (2014) A cross-layer key establishment scheme in wireless mesh networks. In: Computer Security – ESORICS 2014 – 19th European Symposium on Research in Computer Security, Wroclaw, 7–11 Sept 2014. Proceedings, Part I, pp 526–541

    Google Scholar 

  65. Zhang Y, Xu L, Huang X, Li J (2015) Matrix-based key pre-distribution schemes in WMNS using pre and post deployment knowledge. Int J Ad Hoc Ubiquitous Comput 20(4):262–273

    Article  Google Scholar 

  66. Zhang Y, Xiang Y, Huang X (2016) Password-authenticated group key exchange: a cross-layer design. ACM Trans Internet Technol 16(4):24:1–24:20

    Article  Google Scholar 

  67. Zhang Y, Xiang Y, Huang X (2017) A cross-layer key establishment model for wireless devices in cyber-physical systems. In: Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, CPSS@AsiaCCS 2017, Abu Dhabi, 2 Apr 2017, pp 43–53

    Google Scholar 

  68. Zhang Y, Xiang Y, Huang X, Chen X, Alelaiwi A (2018) A matrix-based cross-layer key establishment protocol for smart homes. Inf Sci 429:390–405

    Article  Google Scholar 

  69. Zhang Y, Xiang Y, Wang T, Wu W, Shen J (2018) An over-the-air key establishment protocol using keyless cryptography. Futur Gener Comput Syst 79:284–294

    Article  Google Scholar 

  70. Zhang Y, Xiang Y, Wu W, Alelaiwi A (2018) A variant of password authenticated key exchange protocol. Futur Gener Comput Syst 78:699–711

    Article  Google Scholar 

  71. Zhu S, Setia S, Jajodia S (2003) LEAP: efficient security mechanisms for large-scale distributed sensor networks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, Washington, DC, 27–30 Oct 2003, pp 62–72

    Google Scholar 

  72. Zhu F, Zhang Y, Lin C, Wu W, Meng R (2017) A universal designated multi-verifier transitive signature scheme. In: Information Security and Cryptology – 13th International Conference, Inscrypt 2017, Xi’an, 3–5 Nov 2017, Revised Selected Papers, pp 180–195

    Google Scholar 

  73. Zhu X, Xu F, Novak E, Tan CC, Li Q, Chen G (2017) Using wireless link dynamics to extract a secret key in vehicular scenarios. IEEE Trans Mob Comput 16(7):2065–2078

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an, China

    Yuexin Zhang

  2. School of Software and Electrical Engineering, Swinburne University of Technology, Hawthorn, VIC, Australia

    Yuexin Zhang

  3. Fujian Provincial Key Laboratory of Network Security and Cryptology, College of Mathematics and Informatics, Fujian Normal University, Fuzhou, China

    Xinyi Huang

Authors
  1. Yuexin Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xinyi Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xinyi Huang .

Editor information

Editors and Affiliations

  1. Computer Science Department, University of Malaga, Malaga, Spain

    Cristina Alcaraz

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Zhang, Y., Huang, X. (2019). Security and Privacy Techniques for the Industrial Internet of Things. In: Alcaraz, C. (eds) Security and Privacy Trends in the Industrial Internet of Things. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-12330-7_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-12330-7_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-12329-1

  • Online ISBN: 978-3-030-12330-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation