Figure 1 shows a smart factory where IoT devices monitor and control production facilities . Authentication and key negotiation are required to provide information quickly and securely. When data is sent to the Manufacturing Execution System (MES), authentication and key agreement must go through end-to-end communication via a gateway (GW). However, existing PKI-based authentication (public key infrastructure) is too slow in real-time environments. Although we are slower than Scheme 1, we offer an effective cl-PKC-based key authentication and agreement system that allows explicit verification of public keys (Scheme 2). This section presents the general information and related work. First, we are looking at the type of authentication and key agreement (AKA) used in the current IoT environment. In addition, we analyze AKA schematics using key public certificates and review the implied ECQV certificate. We also analyze AK-un certificate schemes (CL-AKA) with the PKC without a certificate. Finally, we analyze existing patterns. Most existing systems use ECDH for key agreements.
The attacker participates in the communication about the certificate and the value of any value that is transferred from a sender to a recipient. Repeated and spoof attacks are possible. Existing systems aim to participate in communication by making up, as legitimate users, by stealing keys, repeating and exchanging public keys. Therefore, if a security threat appears in existing patterns, it becomes a cause of masquerade attacks. In our diagrams, the keys are generated by adding A and B identifiers. These are not available to people who want to attack with user-generated rA, rB and KDS. In Diagram 1, calculation of PUA (the public key to A; The equation (5)) can be executed by an attacker. However, the equation (6), which calculates the secret DS value for calculating the session key, can only be executed with B`s private key.
An attacker looking for the session key SK-H (KDS) is facing serious difficulties, equivalent to those encountered when solving the elliptical logarithmus (ECDLP) problem. PRA-P. PUA-PRB. In the certificate-based AKA, an implied certificate is received after a user has been registered by a certification body in the form of a certificate. In the ECQV-based AKA, authentication is done by checking the public key of the implied certificate. However, ownership of the public key remains unknown. The ECQV does not verify the integrity of a signature from the digital signature of the public key such as the PKI, but by authenticating by calculating the public key of the implied certificate, it is possible to replace public keys and man-in-the-middle attacks. This problem is the same for CL-AKA. The implied ECQV certificate is small and effective, but some problems are obvious.