A Domain Isolated Tripartite Authenticated Key Agreement Protocol With Dynamic Revocation and Online Public Identity Updating for IIoT

Authenticated Key agreement (AKA) protocol is one of the essential components for reliable secure communication in Industrial Internet of Things (IIoT) communication model. Recently, Srinivas et al. proposed a three-factor elliptic curve cryptosystem (ECC)-based AKA protocol called UAP-BCIoT for wireless sensor network-based intelligent transportation system(ITS). In this article, we first find out that their protocol has a security weak point inherently called master secret disclose and key forgery defect which makes their protocol susceptible to variant impersonation attacks. To overcome the deficiency of their protocol, we construct an improved ECC-based three-factors(credential, password and biometric) tripartite AKA (TAKA)protocol among managers U-i, domain gateway DG and IIoT nodes INj with identity dynamic revocation and online updating(IDR-OU-TAKA) for secure communication in IIoT. Unlike the vast majority of previous GWN-assisted MAKA protocols that only negotiate the session key between Ui and INj, our IDR-OU-TAKA protocol can selectively achieve U-i <-> DG <-> INj tripartite key negotiation according to U-i's IPv6 addresses, meaning that any two parties can use the session key to establish a secure channel which can achieve isolation security within the IIoT domain. Besides, in our proposed IDR-OU-TAKA, the overdue or corrupted manager can be immediately revoked by dynamically maintaining the revocation list and the identity of manager can be securely updated online through an open channel. We give rigorous security proof based on real-or-random (ROR)model and the nonmathematical (informal) security analysis to our proposed IDR-OU-TAKA protocol. Finally, we conduct a comprehensive comparison and evaluation to our proposed IDR-OU-TAKA protocol with other state-of-art MAKA protocols in terms of security and functionality features, communication, and computation costs which clearly indicate that our protocol is more practical and suitable for IIoT.