Efficient kerberos authentication scheme for cross-domain systems in industrial internet of things using ECC

The advent of Industry 4.0 has propelled the Industrial Internet of Things (IIoT) as one of the essential enabling technologies for its successful adoption and implementation. IIoT links devices and enables connection and access to the Internet, providing various manufacturing and industrial practic...

Full description

Saved in:
Bibliographic Details
Main Author: Ismail, Haqi Khalid
Format: Thesis
Language:English
Published: 2021
Subjects:
Online Access:http://psasir.upm.edu.my/id/eprint/104037/1/HAQI%20KHALID%20ISMAIL%20-%20IR.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-upm-ir.104037
record_format uketd_dc
institution Universiti Putra Malaysia
collection PSAS Institutional Repository
language English
advisor Hashim, Shaiful Jahari
topic Computer networks - Security measures
Computer networks - Access control
Computer security
spellingShingle Computer networks - Security measures
Computer networks - Access control
Computer security
Ismail, Haqi Khalid
Efficient kerberos authentication scheme for cross-domain systems in industrial internet of things using ECC
description The advent of Industry 4.0 has propelled the Industrial Internet of Things (IIoT) as one of the essential enabling technologies for its successful adoption and implementation. IIoT links devices and enables connection and access to the Internet, providing various manufacturing and industrial practices services. These services are usually supplied with network and Internet security inside a cloud-based environment. Inter-connectivity capabilities make it possible for devices to work collaboratively to significantly improve efficiency and productivity with the assistance of automation. However, machines from different domains collaborate on the same data and task, raising security and privacy concerns about cross-domain communications. Many existing schemes have been proposed trying to meet the security and functionality of the cross-domain systems. These existing schemes, however, rely on different types of cryptographic methods that usually have high computation complexity. In addition, the communication between each participant via the public channel must be comprehensively secured against eavesdropping, altering, tampering, and impersonation attacks. Cybercriminals can take advantage of insecure communication to perform attacks that lead to compromises and intrusions. These cyberattacks against industrial entities, for common attacks examples, Trojan Horses, replay and man-in-the-middle, can lead to security compromises including espionage, sabotage, and ransomware. Solutions for these cyber security problems and threats are still not satisfactory. Furthermore, most of the current authentication schemes designed for IIoT connected devices rely on reliable and continuous network connectivity. The users of the IIoT connected devices should be able to authenticate and communicate even when the Internet connections are intermittent and not available. A new multi-factor authentication scheme is designed using the AES-ECC algorithm based on Kerberos workflow to establish secure, efficient, and lightweight communication between the user and the targeted IIoT devices to avoid the issues. ECC encrypts and transfers the private keys as AES private keys in the proposed scheme, while AES encrypts the plain text (communication data). The design combined symmetric key encryption (AES) for the message encryption with the asymmetric key encryption (ECC). This combination provides a secure key management mechanism and data hiding to provide strong encryption and decryption standards. The multi-factor credentials are proposed for secure identification and authentication based on the combination of username/password (something you know), smartcard (something you have), and fingerprint (biometric which you possess). To prove that the proposed design is suitable for IIoT, a new scheme is proposed namely a secure, efficient, and lightweight multi-factor authentication scheme for cross-domain IIoT systems (SELAMAT). In addition, a proof of concept is constructed to validate the proposed multi-factor Kerberos authentication using Java programming language. As an extension to the scheme for enabling users to authenticate to the IIoT connected devices while Internet access is unavailable, a new offline multi-factor authentication scheme for the automotive industry is proposed. The offline scheme utilizes a Time-based One-Time Password (TOTP) algorithm to allow users to authenticate to the vehicle without needing an Internet connection once they have registered online when Internet access is available. Furthermore, the proposed scheme's performance and complexity are evaluated using the JPBC cryptographic library. The proposed schemes have been validated using informal and formal security verification to compare the achieved security features against various attacks. The formal verification is performed using BAN logic to prove the security and mutual authentications. The evaluation of the security of the proposed scheme is based on SVO logic to verify the security of the informal method. Likewise, the widely used standard verification simulation tool AVISPA is used to verify that the scheme is secure against passive and active attacks. Finally, the performance and functionality of the proposed schemes are evaluated in terms of computation and communication cost. The results show that the proposed schemes outperform the previous cross-domain authentication schemes by 53% of computation cost and 65% of communication cost.
format Thesis
qualification_level Doctorate
author Ismail, Haqi Khalid
author_facet Ismail, Haqi Khalid
author_sort Ismail, Haqi Khalid
title Efficient kerberos authentication scheme for cross-domain systems in industrial internet of things using ECC
title_short Efficient kerberos authentication scheme for cross-domain systems in industrial internet of things using ECC
title_full Efficient kerberos authentication scheme for cross-domain systems in industrial internet of things using ECC
title_fullStr Efficient kerberos authentication scheme for cross-domain systems in industrial internet of things using ECC
title_full_unstemmed Efficient kerberos authentication scheme for cross-domain systems in industrial internet of things using ECC
title_sort efficient kerberos authentication scheme for cross-domain systems in industrial internet of things using ecc
granting_institution Universiti Putra Malaysia
publishDate 2021
url http://psasir.upm.edu.my/id/eprint/104037/1/HAQI%20KHALID%20ISMAIL%20-%20IR.pdf
_version_ 1776100398795325440
spelling my-upm-ir.1040372023-07-07T01:19:12Z Efficient kerberos authentication scheme for cross-domain systems in industrial internet of things using ECC 2021-12 Ismail, Haqi Khalid The advent of Industry 4.0 has propelled the Industrial Internet of Things (IIoT) as one of the essential enabling technologies for its successful adoption and implementation. IIoT links devices and enables connection and access to the Internet, providing various manufacturing and industrial practices services. These services are usually supplied with network and Internet security inside a cloud-based environment. Inter-connectivity capabilities make it possible for devices to work collaboratively to significantly improve efficiency and productivity with the assistance of automation. However, machines from different domains collaborate on the same data and task, raising security and privacy concerns about cross-domain communications. Many existing schemes have been proposed trying to meet the security and functionality of the cross-domain systems. These existing schemes, however, rely on different types of cryptographic methods that usually have high computation complexity. In addition, the communication between each participant via the public channel must be comprehensively secured against eavesdropping, altering, tampering, and impersonation attacks. Cybercriminals can take advantage of insecure communication to perform attacks that lead to compromises and intrusions. These cyberattacks against industrial entities, for common attacks examples, Trojan Horses, replay and man-in-the-middle, can lead to security compromises including espionage, sabotage, and ransomware. Solutions for these cyber security problems and threats are still not satisfactory. Furthermore, most of the current authentication schemes designed for IIoT connected devices rely on reliable and continuous network connectivity. The users of the IIoT connected devices should be able to authenticate and communicate even when the Internet connections are intermittent and not available. A new multi-factor authentication scheme is designed using the AES-ECC algorithm based on Kerberos workflow to establish secure, efficient, and lightweight communication between the user and the targeted IIoT devices to avoid the issues. ECC encrypts and transfers the private keys as AES private keys in the proposed scheme, while AES encrypts the plain text (communication data). The design combined symmetric key encryption (AES) for the message encryption with the asymmetric key encryption (ECC). This combination provides a secure key management mechanism and data hiding to provide strong encryption and decryption standards. The multi-factor credentials are proposed for secure identification and authentication based on the combination of username/password (something you know), smartcard (something you have), and fingerprint (biometric which you possess). To prove that the proposed design is suitable for IIoT, a new scheme is proposed namely a secure, efficient, and lightweight multi-factor authentication scheme for cross-domain IIoT systems (SELAMAT). In addition, a proof of concept is constructed to validate the proposed multi-factor Kerberos authentication using Java programming language. As an extension to the scheme for enabling users to authenticate to the IIoT connected devices while Internet access is unavailable, a new offline multi-factor authentication scheme for the automotive industry is proposed. The offline scheme utilizes a Time-based One-Time Password (TOTP) algorithm to allow users to authenticate to the vehicle without needing an Internet connection once they have registered online when Internet access is available. Furthermore, the proposed scheme's performance and complexity are evaluated using the JPBC cryptographic library. The proposed schemes have been validated using informal and formal security verification to compare the achieved security features against various attacks. The formal verification is performed using BAN logic to prove the security and mutual authentications. The evaluation of the security of the proposed scheme is based on SVO logic to verify the security of the informal method. Likewise, the widely used standard verification simulation tool AVISPA is used to verify that the scheme is secure against passive and active attacks. Finally, the performance and functionality of the proposed schemes are evaluated in terms of computation and communication cost. The results show that the proposed schemes outperform the previous cross-domain authentication schemes by 53% of computation cost and 65% of communication cost. Computer networks - Security measures Computer networks - Access control Computer security 2021-12 Thesis http://psasir.upm.edu.my/id/eprint/104037/ http://psasir.upm.edu.my/id/eprint/104037/1/HAQI%20KHALID%20ISMAIL%20-%20IR.pdf text en public doctoral Universiti Putra Malaysia Computer networks - Security measures Computer networks - Access control Computer security Hashim, Shaiful Jahari