A Certificateless-Based Authentication and Key Agreement Scheme for IIoT Cross-Domain

The Industrial Internet of Things (IIoT) improves productivity and intelligent manufacturing process through revolutionary technology. Due to the complexity of the manufacturing process, cross-domain access is inevitable. Recently, Meng et al. proposed a secure and efficient blockchain-assisted entity authentication mechanism BASA for IIoT cross-domain. In the BASA scheme, the authors utilized identity-based signature (IBS) to realize mutual authentication and the Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) exchange mechanism to negotiate the session key. Due to the inherent key escrow problem of identity-based cryptography (IBC), the key generation center (KGC) can obtain the session key negotiated between two entities distributed in different domains. When KGC is threatened, the security of the session key is worrying. Considering this security concern, based on the BASA scheme, in this article, we first show a secure and efficient certificateless public-key signature (CL-PKS) scheme with anonymity. Then, combined with the ECDHE key exchange mechanism, we give an efficient cross-domain authentication and key agreement scheme CL-BASA with the aid of consortium blockchain. After that, we make security verification by the formal analysis tool, Tamarin, which shows that our CL-BASA is secure. The evaluation demonstrates that our CL-BASA may have a slight disadvantage in storage overhead, but it has obvious advantages than competitor schemes in terms of communication overhead and computational overhead.