Towards Secure and Usable Certificate-Based Authentication System Using a Secondary Device for an Industrial Internet of Things

• Main Authors: Jusop Choi, Junsung Cho, Hyoungshick Kim, Sangwon Hyun
• Format: Article
• Language: English
• Published: MDPI AG 2020-03-01
• Series: Applied Sciences
• Subjects: industrial controller; key management; key protection; user authentication
• Online Access: https://www.mdpi.com/2076-3417/10/6/1962

As the number of controllers and devices increases in Industrial Internet of Things (IIoT) applications, it is essential to provide a secure and usable user authentication system for human operators who have to manage tens or hundreds of controllers and devices with his/her password. In this paper, we propose a <i>formally verified</i> certificate-based authentication system using a secondary network device for such IIoT applications. In the proposed system, a user&#8217;s sign key is encrypted with a secret key that can be computed with his/her password and a secret parameter in a secondary device to securely protect the sign key. To demonstrate the feasibility of the proposed system, we implemented a prototype with standard cryptographic algorithms (AES-256, RSA-3072, and ECDSA-256). The experiment results demonstrated that the execution time overhead of the sign key recovery process was 0.039 and 0.073 s, respectively, for RSA-3072 and ECDSA-256, which was marginal compared with the total execution time (0.383 s for RSA-3072 and 0.319 s for ECDSA-256) of the conventional system. We also verified the security of the proposed protocol using a formal verification tool called ProVerif.