IEEE Access (Jan 2021)
Two-Factor Device DNA-Based Fuzzy Vault for Industrial IoT Device Security
Abstract
The benefit of a smart manufacturing Industrial Internet of Things (IIoT) platform is that it can provide real-time monitoring, accurate analysis, and reporting for equipment by collecting data throughout the whole manufacturing facility. However, the increased internet connectivity of manufacturing machines or devices leads to various security vulnerabilities. In order to securely operate smart manufacturing IIoT systems in unmanned environments, it is necessary to establish a cryptographic key for protecting exchanged data between IIoT devices and stored data in the devices by using cryptographic algorithms. Especially, since the IIoT system is in an unmanned environment, the following two challenges must be solved: 1) The IIoT device must recover its own secret key without user interaction. 2) The IIoT device must prevent secret key recovery when anomaly situations such as unauthorized physical access occur. In this paper, we present a novel method to protect an IIoT device’s secret key in unmanned smart manufacturing environments, called Two-Factor Device DNA-based Fuzzy Vault scheme. To satisfy the two challenges, our proposed method generates a specific two-factor device DNA through the combination of the IIoT device’s intrinsic factor and its surrounding environments and then creates a vault set to conceal the secret key based on the two-factor device DNA. We also implement a prototype for ensuring the feasibility of our method by utilizing an EPUF and IEEE 802.15.4g receiver in a Raspberry Pi and a laptop, respectively, and then measure their performance. We then conduct experiments in an unmanned environment at the Smart Manufacturing Learning Center at Hanyang University by considering various normal and abnormal situations. Our experiment results show that the proposed method quickly extracts the secret key stored in the device in normal cases, but fails at key extraction in abnormal cases.
Keywords
