Research On Lightweight Anonymous Authentication Protocol For Industrial Control Systems

Industrial Control System(ICS)can control and manage various automation components and devices in real time,and collect and monitor production data.With the development of Internet of Things technology,industrial control systems are transforming into intelligent industries,forming an Industrial Internet of Things(IIOT)model,which can significantly improve production efficiency.However,widely used communication technology provides attackers with more opportunities to attack.Security issues faced by ICS networks must be addressed,otherwise the future development of the industry will be constrained.The primary concern for ICS network security is communication confidentiality and integrity.Authentication protocols are the first line of defense for industrial control system network security.They can authenticate and verify the legitimacy of users and device nodes participating in the network,and negotiate temporary session keys between them.Traditional authentication methods cannot guarantee security due to the unique rigid requirements of industrial control systems,such as high reliability,sustainability,and low latency,combined with limited on-site equipment resources and vulnerability to node capture attacks.This thesis constructs two lightweight authentication protocols using simple cryptographic primitives and the physical characteristics of PUF chips,which are suitable for actual operating scenarios of industrial control systems.The main innovative points and research results are summarized as follows:(1)Machine-to-Machine(M2M)authentication is an important part of secure communication within industrial control systems.The real location and parameter information of machine-deployed sensors may involve industry secrets,and adversaries may attempt to illegally collect this sensitive data for their benefit.Anonymous authentication with unlikability is an effective method for solving machine location privacy,but existing sensor anonymous authentication protocols cannot be directly applied to the M2 M environment of industrial control systems due to the limited communication,storage,and computing resources of sensor nodes,as well as the threats of node capture attacks.To solve these problems,this thesis designs a lightweight anonymous authentication protocol for unmanned industrial control systems based on Physical Unclonable Function(PUF).This solution constructs anonymous authentication schemes using only hash functions and XOR operations,with security features such as anonymity,unlikability,mutual authentication,and resistance to various existing attacks such as forgery and man-in-the-middle attacks.Finally,formal proof based on BAN logic and verification results of the Pro Verif tool demonstrate the authentication and confidentiality of this solution.Compared with existing related solutions,this solution has better security and practicality.(2)Lightweight authentication protocol is the core module for remote user access to industrial control devices in resource-limited industrial control systems.Forward security,user anonymity,and anti-asynchronous attacks are essential security properties for lightweight authentication protocols for industrial control systems.However,it is extremely challenging to achieve all three security properties using only lightweight cryptographic primitives such as hash functions and block cipher algorithms.Therefore,this thesis first combines dynamic pseudonym technology and the advantages of Physical Unclonable Function to design a lightweight anonymous authentication protocol with forward security.To prevent asynchronous attacks,this solution adopts the dual dynamic pseudonym technology,adapting to dynamic pseudonym and shared key when communication is maliciously interrupted.Formal proof based on BAN logic and automatic verification tool Pro Verif prove that this protocol can achieve mutual authentication and session key security properties.Informal analysis shows that the proposed protocol can resist various known attacks such as physical node capture attacks,forgery attacks,and man-in-the-middle attacks,as well as achieve forward security,antiasynchronous attacks,and user anonymity security goals.Compared with other related solutions,this solution has better computational and communication overheads.