A secure lightweight mutual authentication scheme in Social Industrial IoT environment

The Social Industrial Internet of Things (SIIoT) is a new paradigm that integrates social networking features into the Industrial IoT (IIoT) environment to enforce efficient and effective service discovery and collaboration between smart IoT objects in a friendly and scalable way. Therefore, in such environment, the establishment of secure and trust communication scheme is a crucial need between peer IoT devices having similar social profiles. In addition, the limited resource-constrained IoT devices are unable to deal with huge computational overheads. To address these issues, we propose a novel solution offering secure fog-based Social Industrial IoT (Fog-SIIoT) scheme. Fog-SIIoT guarantees mutual authentication, anonymity and secure communication through a trust key agreement between social smart things. The proposed scheme is suitable for the social resource-constrained IIoT as it only uses hash function, bitwise XOR operation and symmetric cryptography. Compared to correlative schemes, our solution presents many advantages in terms of security aspects, efficiency, social awareness and reduced computation overheads. Besides, the security analysis indicates that our scheme can withstand many known attacks and we proved it with the help of the formal security analysis using the BAN logic and the formal security verification using AVISPA tool.


Introduction
Fog computing is an extension of the cloud to the edge of the network. It is a technology that aims to bridge the gap between Internet of Things (IoT) devices and remote data centers. Fog computing minimizes the latency in.decision making by extending the cloud closer to end devices and offloading the computations from the resource-constrained end devices to preserve their battery life [1][2][3].
Industrial Internet of Things (IIoT) is based on IoT technologies where smart objects are capable to monitor, collect, analyze and make intelligent choices without human intervention in an industrial environment.
The Social Internet of Things (SIoT) is a paradigm that integrates social networking principles into the IoT system in order to enforce efficient and effective service discovery and collaboration between IoT objects in a friendly and scalable way. However, maintaining privacy is inevitably the most critical concern for the IIoT environment to reach its full potential. Therefore, a lightweight and secure authentication algorithm is needed.
In most literature revue, the integration of collaborative IoT devices is not well developed: either the integration is not used in the industry, or the integration is not secured. For example, the authors of [4,5] proposed the use of fog as a middleware in the IIoT between the industrial devices and the cloud to promote distributed controlling of network traffic. However, security measures to protect the data exchanged within the system are not studied in depth. Therefore, various kinds of security threats and attacks are susceptible to happen. Other researchers have suggested secure communication between resource-constrained IIoT devices. In [6,7], the authors propose authentication schemes to achieve lightweight mutual authentication between various users and/or devices within the IIoT systems. Moreover, blockchain-based secure mutual authentication with fine-grained access control system for IIoT is presented in [8]. Furthermore, Huang et al. [9] propose a blockchain system with credit-based proof-of-work mechanism for IIoT devices to protect data confidentiality. These existing works fail to provide adequate security and privacy and in return incur high computation and storage overheads. Furthermore, decentralizing the network traffic by offloading computation to the edge must be more investigated.
A bulk of research work [10][11][12][13][14][15][16][17] had been proposing for mutual authentication in different scenarios for IoT systems (node-to-node or node-to-server) which used basic cryptographic tools such as hash function, symmetric/asymmetric encryption and Elliptic Curve Cryptography (ECC). However, these solutions are hardly applied to IoT constrained devices due to the heavy computation execution time.
In the context of the social industrial environment, the resource-constraint nodes introduce problems when collaborating using the social profile to ensure trust. On the other hand, peer entities always need to interact with each other, which may lead to privacy leakage, manipulation and impersonation attack.

3
Researchers have suggested the integration of social network in IoT system. In [18], Narang et al. proposed a hybrid trust management framework for SIoT networks using combination of human intelligence and device intelligence to generate a Hybrid Multi-service Social Tie-graph (HMST). Although the authors present a trust social collaboration between IoT devices, their framework did not ensure secure communication. In [19], the authors integrate the fog device (FD) to calculate the recommendation trust between different nodes. FD feeds back the result of service request using the trust value of this service. The devices of fog computing are collecting trust feedback information from social sensor nodes, but the security of communicated nodes is not taken in consideration. In [20], the authors categorize social phenomena in fog computing network into two main groups: The first is based on social relationship between the end-users and fog nodes and the second is group-based social nodes behavior. This study evokes the impact of social phenomena on fog computing networks in terms of network performance and resource allocations and remains the secure authentication and key management as challenging issues. Many solutions [21][22][23][24][25][26] take into consideration either authentication protocol, or key agreement, or exchange data or profile matching in Social IoT context. However, these solutions present a heavy computation execution time which made them hardly applied to IoT constrained devices. Our scheme aims at enhancing the previous solutions by proposing a lightweight secure mutual authentication algorithm based on IIoT system. From the above discussions, the social collaboration between contributor things as well as preserving the security and flexibility of the IIoT system has been less investigated. Furthermore, integrating fog in IIoT network traffic to reduce computation to the edge while ensuring security is another concern.

Motivation
The concept of predictive maintenance is the way to monitor the maintenance needs of devices. This concept allows smart connected equipment to trigger repair before parts break. In the context of Fog-SIIoT, this emergency problem can be resolved using collaboration between smart equipment having same profile.
(1) In case of drop-down session/connection between the communicated SEs or the node SE 2 does no longer exist in the fog zone area, SE 1 requests the fog server to continue getting the service from another friend node as shown in Fig. 1.
(2) For this purpose, based on the processing profile of smart equipment and the workload of the solicited service, the fog server selects an adequate node. The workload in our case defines the resources required to execute the remaining task of the service (ex-CPU capacity). The fog server adopts a profile matching strategy to select the corresponding node.
(3) Once selection is made, a secure social collaboration between trust peers is established.
In our solution, SIIoT and the fog computing technologies are combined by using complementary features of Social Fog IoT (SoFT) paradigm [27].
When designing Fog-SIIoT architecture, entities must collaborate with trust peers having similar profiles. This requires social profile verification and entities profile matching considering the secure authentication service.
The remainder of the paper is organized as follows: In Sect. 2, we describe our proposed Fog-SIIoT scheme. In Sect. 3, the reliability of our solution is proved, and the majority of security requirements are fulfilled. In Sect. 4, we validate the formal security analysis of our mutual authentication phase using BAN method and AVISPA tool. Section 5 illustrates the security performance of our solution. We end our paper by a conclusion.

Proposed secure fog-based Social Industrial IoT (Fog-SIIoT) scheme
In this paper, we enhance communication process that figured in [21] where peer IoT devices having similar social profiles are communicating through the fog server. In the previous solution, the solicited IoT device is preselected from the beginning. This can cause a problem when emergency is produced because the device cannot deduce which node is available for assistance. The proposed scheme provides secure communication between trust IIoT devices based on their social profiles. We are interested in defining the security requirements for flexible critical IIoT applications through guaranteeing the mutual authentication between entities. Moreover, we aim to reduce algorithm computation cost.
Our scheme is composed of three entities: (i) The cloud server authority (CSA): it is a trust authority, which contains a Private Key Generator (PKG) server. The latter holds a database containing all real identities (IDs) and the hash format of the identity h(ID) of SEs and fog servers. (ii) The fog server (FS): a server located at the fog layer of the network which will appear as an intermediate node in a fog zone where SEs are disposed. The fog ensures the social profile matching and authentication procedure between SEs. (iii) The smart equipment (SE): entities located at the edge of the network; they can be smart equipments, smart industrial robots, sensors, surveillance cameras, etc.
In our scheme, each entity is assigned a Virtual Identity (VID) generated using PRNG (pseudorandom number generators) to conceal its real identity (ID) in future communications.
Each entity selects services to be included in its social profile. The social profile (SP) lists the main interests, services and resources needed in tasks execution that the entity offers or requires (Table 1).

3
A secure lightweight mutual authentication scheme in Social…

Phase I: setup
In what follows, the setup phase is described in detail. During this phase, we ensure the mutual authentication between SEs and CSA in order to prepare the list FL to be sent to the FS in a secure way. CSA chooses its parameters, which are indicated in Table 2.
The proposed algorithm is composed of two phases: • The first describes the setup phase of the network. • In the second, mutual authentication algorithm is performed which considers the social profile matching and key agreement establishment between SEs via the FS.
We maintain the exchanging messages of our previous solution [28] during the registration phase.
Each SE joining the network should send a request message M0 to the CSA to obtain the public parameters (P, E and K pub ).
Once receiving M0 from SE, CSA gets T1, checks ΔT and verifies whether h(IDi) is well registered in the database. Then, it computes h(ID i ∥ T1). If the calculated value corresponds the received one, CSA generates Ku = h(ID i )||K pub ) and sends message M1 to SE as follows: If it is equal with the received value, SE generates its VID, a random r, the shared key K u and Ak i with the server Then, as shown in Fig. 2, each smart equipment i sends an encrypted message M2 which contains its VID, r and SP i .
Hence, the CSA server decrypts M2 using the shared key and computes AK' i , and B i then prepares the fog list Finally, the cloud sends the FLs encrypted with the shared key Kf to the FS operating in the same area of the specific SEs.

Phase II: mutual authentication and key establishment
We highlight the steps to ensure the mutual authentication between collaborated SEs and the establishment of the shared key through the FS (see Fig. 3).
Whenever a smart equipment SE i wants to collaborate with another SE j interested in the same services within its vicinity, it must follow the following steps.

SE i → Fog
SE i chooses a nonce n, calculates h(h(ID i )||B i ||T3) and then sends a request message M3 to get the requested service

Fog→SE j
Once receiving M3, the fog checks the existence of VID i , extracts h(ID i ) and verifies h(h(ID i )||B i ||T3). If it is the case, the fog verifies parameters of info service and calculates the workload corresponding to this service to resolve the service capacity request using algorithm1.
The FS adopts a context-aware algorithm to select the corresponding node.

3
A secure lightweight mutual authentication scheme in Social…

SE j →SE i
The corresponding SE j verifies parameters X and calculates Y = h(Ak j ||h(ID j )||T4). Then computes parameters S i and Z are two parameters to be used to authenticate SE j by SE i . The session key "Key" is calculated and kept secret in the SE j side SE j sends M5 to the service requester SE i

SE i authenticates SE j .
Once the message M5 is received, SE i calculates C and Z' = h(h(AK i ||C)||VID j ||VID i ) and then verifies Z and Z'. If they are equal, SE i generates the key Key = h(h(AK i ||C)||VID j ||T5). When "Key" is well established, the two nodes are successfully authenticated and can start a secure and trust communication.
In Fog-SIIoT domains, retaining the same VID for nodes in the network can lead to a severe attack on the system. The CSA can randomly choose a timer T for all intervening nodes in the fog zone to update their VIDi.
Then, the CSA will update its database of virtual identities with this new value VID' i which will be sent to fog servers using the shared key.

Security analysis
Our proposed solution fulfills the main security challenges in Industrial IoT environment. In this section, we performed comparison of security performance of our scheme with different existing schemes as shown in Table 3 which prove that our solution surpasses existing authentication schemes by providing main security properties such as (A) mutual authentication, (B) social profile matching, (C) anonymity and (D) forward Secrecy. Moreover, it gives resistance against other known attacks such as (E) user impersonation attack and (F) server impersonation attack, (G) Sybil attack, (H) man in the middle (MITM) and forgery attacks.

Mutual authentication
The scheme ensures mutual authentication between each two communicated entities. This regard is discussed in the next subsections.

Authentication Fog-SE/SE-Fog
The FS authenticates SE i by computing the value of h(h(ID i )||B i ||T3). Similarly, SE j verifies that it communicates with a valid FS through the X parameter forwarded in M4.
Only legitimate SE/FS can communicate each other since h(ID i/j ) and B i/j are stored in the fog database through the encrypted list FL sent by the CSA.

Authentication SE i -SE j
Each SE i authenticates its collaborator SE j by checking Z' = h(h(AK i ||C)||VID j ||VID i )).
In our proposed solution, h(AK i ||C) parameter can only be known by a legitimate fog so we can undoubtedly deny that the SE j is a trusted node.
For SE j , it is mentioned above that the authentication is well proved through the trusted fog. Therefore, the two communicating nodes can authenticate each other successfully. In this way, our proposed architecture satisfies the mutual authentication property.

Social profile matching
In our system, the authentication contribution is performed depending on the social profile of SE and the correspondence of their interest, status and used services. The FS can ensure social profile matching by using the profile-aware selection as it was described in Algorithm 1. So, only nodes that shared the same profile can pursue the authentication procedure.

Device anonymity
Our scheme provides anonymity of each entity during the communication; because each one is assigned by a VID to conceal its real identity ID. The intruder cannot retrieve the device's ID and the freshness of VID enhance this property. So, we can say that the proposed scheme ensures the device anonymity property.

Forward secrecy
In our scheme, an intruder will not be able to generate secrete keys "K u " and "key" because that intruder needs to overcome many phases which is explained in the next two subsections.

Secrecy of session key Ku
In our solution, it is hard to disclose the shared session key K u = h(ID i ||K pub ) for the following reasons: Each node gets the public parameter K pub from the legal CSA to construct a valid session key. Moreover, there is no exchange of information ID i before establishing the key. So, the attacker cannot guess nodes of the current communication.
K u is hashed with one-way hash function. Therefore, no information can be eavesdropped from the session key.
Our proposed scheme meets the known key secrecy property.

Secrecy of session key "key"
In the proposed scheme, a session key "key" can be deployed only after mutual authentication between SE i and SE j . In fact, an adversary must successfully communicate with a legitimate node in the network through the fog. To overcome this process, an attacker must have allowable ID i , a secret variable r and a validated authenticated key AK i . Without possessing these parameters, the attacker cannot construct a valid session key since each node generates these parameters secretly on its side. In addition, the attacker needs to pass through the semi-trusted fog server while executing the algorithm. So, the session key is secured, and it is too hard to steal it.

User impersonation attack
Suppose an adversary A tries to impersonate as a legitimate user Ui (SE i

Sybil attack
In such an attack, an adversary A can estimate or guess the ID of a device from the messages that are being transmitted over the network. However, in our scheme, the attacker cannot do this, because all transmitted messages do not contain the real ID of devices and they do not include information regarding identity of transmitting device. In our solution, it is not easy for an attacker to generate legitimate identities which are accepted by the FS or CSA. The smart equipment (SE) uses the VID for its authentication, and in the setup phase, each SE needs to be already registered in the CSA, so when it sends h(IDi ∥ T1) in the first messages, the CSA will accept only the SE with the correct IDi. In this case, the Sybil attacks will be like the impersonation attack, since attacker want to create many legitimate identities accepted by the system without having a list of all the real ID. And we recall here that we have already mentioned how our solution is secure against impersonation attack in subsection 3.5.

Resistance to man in the middle (MITM) and forgery attacks
Whenever a rogue FS/SE tries a MITM attack by sniffing exchanged messages between nodes, he/she is unable to guess the secret parameters ID i , r, C, B i and AK i which are kept secret and only their hashed format is exchanged. Moreover, all messages include the time stamps. Since the maximum transmission delay ΔT is very short, an adversary cannot repeat the messages. Therefore, our proposed algorithm resists the MITM attack.

Formal security analysis using BAN logic
We use the BAN logic [28] to proof the validity of authentication between two legal smart equipment SE i /SE j through the fog server FS. Applying the BAN logic between SE i /SE j allows to determine whether the exchanged information is secure and trustworthy against eavesdropping. It includes checking the origin of the message, the message freshness and the origin's trustworthiness.
To well describe the BAN logic in formal terms, we use the following rules: The message meaning rule for the shared secret keys is given by P believes that Q once said X, if P believes that K is shared with Q and sees X is encrypted under K.
Rule 2 The nonce verification rule is given by P believes that Q believes X, if P believes that X has been uttered recently (freshness) and P believes that Q once said X.
Rule 3 The jurisdiction rule is as follows: P believes X, if P believes that Q has jurisdiction over X, and P believes that Q believes a message X.

Rule 4 The freshness rule is given by
If one part of the message is known to be fresh, then the entire message must be fresh.

Validation results of mutual authentication phase (phase II)
In our proposed scheme, SE i asks the fog about a legal SE j to get the requested service. For this purpose, authentication is required between the involved entities.

Lemma 1
The fog verifies the correctness of the legitimacy of SE i .
The fog receives T3, verifies whether h(ID i ) is well registered and computes h(h(ID i )||B i ||T3).
The generic form of the sent message from SE i to fog is as follows Subsequently, we translate the message into its idealized forms as follows: Assumptions

Goals
The fog verifies the correctness of M3 as follows. P1: According to the M3, A2, A4, we get directly.
P2: According to A5 and rule 4, P3: According to P1, P2 and rule 2: Finally, the session key "KEY" is established in secure way. The output shows that the proposed algorithm is safe, and no attacks were found. The security goals of our formal validation are achieved. Based on on-the-fly model checker (OFMC), the security evaluation results, presented in Fig. 4, reveal that our implemented scheme is safe (no attacks were found) and that the security goals of our formal validation are attained.

Security Performance
In the remainder of this section, we will evaluate the time performance to establish the shared session key for the proposed solution.
In what follows, all the measures are real measures from the implementation realized using a computer with Intel Core (TM) 2 Duo CPU @ 2.4 GHz in the server side and a Raspberry Pi 3 Model B ARM Cortex-A53 CPU 1.2 GHz 64-Bit Quad-Core 1 GB RAM running Ubuntu 16.04 IOS in the node side.
We choose SHA-256 which takes an arbitrary length message in blocks of 512 bits as input and produces a SHA-256 output of 256 bits. Moreover, we also utilize AES-128 as enc(.) and dec(.). We calculated the time cost for different operations in the protocol.
Suppose Thmac, Tp, Tmul, Tenc, Tdec and TH denote, respectively, time cost for one MAC operation, one pairing operation, one-point multiplication, one encryption operation, one decryption operation and one hash function operation, which are as mentioned in Table 4.

Computation complexity
Until this work is proposed, there is no contribution that involved the social profile in the smart IoT industrial context.
For the overhead, we compare our scheme with others in the aspects of setup/ mutual authentication, key generation, renewing of VID phases. In Table 5, we only compare the time cost in the registration and mutual authentication phase between SE and the fog. In the setup phase, we need two hash operations, as shown in M0, to submit necessary information and one hash operation to receive security parameters such as E, P and public key of server (M1:{E,P, K pub , h(ID i ||K pub ||T2), T2}). The generation of session key Ku between SE and cloud server needs only one hash operation.
In the authentication phase, only one hash operation is needed to authenticate SE i by the fog, the fog by SE j and SE j by SE i .
The FS can receive many requests from different SEs. In our scheme, the fog has nearly unlimited computation resources which make the computation consumption affordable.
In the proposed solution, we do not need exhaustive previous exchanged message to create the shared session key between two SEs n each one calculates "key" in its side. Our scheme invokes social profile matching to fulfill conditional authentication with a simple algorithm. Also, we considered the update of the VID of nodes. This process requires only one hash operation.

Computation time and comparison with closely related work
By analyzing our scheme, the smart IoT equipment performs light computation.

Conclusion
With the rising popularity of Industrial Internet of Things IIoT, several limitations both in terms of security/privacy and network architecture have emerged. In fact, the low-end smart IIoT devices are unable to deal with huge computational overheads. To overcome these problems, we proposed a secure fog-based Social Industrial IoT (Fog-SIIoT) scheme. Our scheme is the only solution considering the invocation of social profile when establishing secure communication between different entities collaborating in the IIoT environment. This scheme fulfills the most security requirements needed such as nodes' anonymity, mutual authentication between trust communicating entities, renewing VIDs, confidentiality and resist against several attacks like MITM, Sybil and impersonation attack.
Our proposed algorithm is formally validated by using BAN logic method and AVISPA tool. The performance analysis indicates that our scheme has less computational costs in contrast to other correlative schemes. The results of the system's evaluation using MIRACL library, Raspberry cards, show that the execution time is adequate to the resource limited IIoT devices. This work can be expanded using Artificial Intelligence AI in the fog server side when selecting appropriate node for further communication.
Author's contributions ABA designed the model and carried out the implementation. SJ peformed the computational framework. ABA and SJ performed the analysis and wrote the manuscript. MA and AM were in charge of overall direction and planning.

Funding Not applicable.
Data and materials availability Not applicable.

Conflict of interests Not applicable.
Ethical approval Not applicable.