IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO.
8, AUGUST 2018 3567
Cryptographic Solutions for Industrial
Internet-of-Things: Research Challenges
and Opportunities
Kim-Kwang Raymond Choo , Senior Member, IEEE, Stefanos Gritzalis, and Jong Hyuk Park
Abstract—Industrial Internet of Things (IIoT) is an emerg- opportunities along with new risks to our society. For example,
ing trend, including in nontraditional technological sector due to the global reach of IIoT and the capability to directly
(e.g., oil and gas industry). There are, however, a number influence and/or control the physical world (e.g., devices, fac-
of research challenges such using cryptography and other
techniques to ensure security and privacy in IIoT applica- tories, and infrastructures), IIoT is, and will continued to be,
tions and services. In this special issue, we present exist- targeted by malicious threat actors.
ing state-of-the-art advances reported by the 21 accepted Encryption and other cryptographic techniques are often con-
papers. We then conclude the special issue with a number sidered as a silver bullet to ensure security in IIoT applications
of potential research agenda.
and systems. However, cryptographic techniques by themselves
Index Terms—Data encryption, Industrial Internet of may only ensure certain properties to be achieved (e.g., data
things (IIoT) security, industrial Internet of things privacy. confidentiality), and vulnerabilities may be introduced due to
poor implementation within a system. In addition, there may be
I. INTRODUCTION
competing properties such as the balancing the need to preserve
NTERNET of things (IoT) has broad applications, including
I in industry sectors that are not normally Internet connected
such as dams, food and agriculture, and water and wastewater
the privacy of data computations and efficiency, the latter a par-
ticularly important feature in resource-constrained IIoT devices.
Therefore, in the following sections, we will describe the
systems (three of 16 critical infrastructure sectors in USA), as advances presented in the papers accepted in this special issue,
well as adversarial settings such as battlefields (ie.g., Internet of designed to mitigate some of the security and privacy concerns.
battlefield things and Internet of Military things [1], [2]). IoT
also has applications in surveillance, as noted by Muhammad
II. SECURITY
et al. [3] in this special issue. Specifically, the authors proposed a
probabilistic algorithm to encrypt keyframes before transmitting Cryptographic techniques are often considered solutions to
the data, in order to minimize memory and processing require- securing IIoT (and other technologies). For example, one of
ments of IoT devices. IoT also has applications in an industrial the many challenges in outsourcing encrypted data, such as
context (also referred to as Industrial Internet of Things – IIoT those sourced from IIoT devices, to a centralized server or the
in the literature). cloud is the inability to perform arithmetic operations over the
IIoT has the potential to contribute to economic growth and encrypted data. Hence, there has been interest in designing fully
global competitiveness, in terms of improving productivity, ef- homomorphic encryption (FHE) and related solutions. In this
ficiency, and so on. In other words, IIoT can have far-reaching special issue, Gai and Qiu [4] extended their prior tensor-based
impact on the operation of industries around the world. This lat- FHE approach to support blend arithmetic operations over real
est wave of technological changes will generate unprecedented numbers. Three other related works were also presented by
He et al. [5], Xu et al. [6] and Zhou et al. [7] to support secure
Manuscript received May 18, 2018; accepted May 18, 2018. Date data searching.
of publication May 28, 2018; date of current version August 1, 2018. Ensuring a secure communication channel between IIoT de-
The work of K.-K. R. Choo was supported by the Cloud Technology
Endowed Professorship. The work of J. H. Park was supported by the vices and other systems is crucial, and one potential solution
National Research Foundation of Korea grant funded by the South Korea is an authentication scheme. Li et al., [8] proposed a privacy-
Government under Grant 2016R1A2B4011069. Paper no. TII-18-1248. preserving biometric-based authentication scheme, and proved
(Corresponding author: Kim-Kwang Raymond Choo.)
K.-K.R. Choo is with the Department of Information Systems and Cy- its security in the random oracle model. Karati et al. [9] pro-
ber Security, University of Texas at San Antonio, San Antonio, TX 78249- posed a lightweight certificateless signature scheme to ensure
0631 USA (e-mail: [email protected]). data authenticity in IIoT systems. However, unlike the approach
S. Gritzalis is with the Department of Information and Communica-
tion Systems Engineering, University of the Aegean, Lesbos 811 00, in [8], the proposed scheme is not proven secure in the random
Greece (e-mail: [email protected]). oracle model, rather it is demonstrated to be “secure against
J. H. Park is with the Department of Computer Science and Engineer- both the Type-I and Type-II adversaries under the hardness of
ing, Seoul National University of Science and Technology, Seoul 232
South Korea (e-mail: [email protected]). extended bilinear strong Diffie–Hellman (BSDH) and BSDH as-
Digital Object Identifier 10.1109/TII.2018.2841049 sumptions”. In [10], the authors proposed a (t, n) secret sharing-
1551-3203 © 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Universitas Indonesia. Downloaded on March 05,2023 at 07:02:34 UTC from IEEE Xplore. Restrictions apply.
�3568 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 8, AUGUST 2018
based scheme to facilitate secure information transmission be- University of Technology, Dalian, China, Iowa State University,
tween IIoT devices. Ames, IA, USA, and VIT University, Vellore, India, proposed a
There are also times where anonymous authentication is re- synchronization scheme, which is designed to minimize energy
quired, and there are schemes designed to provide such a func- consumption and improve accuracy during synchronization of
tionality such as the server-aided attribute-based signature with IIoT devices [21]. There have also been attempts to optimize the
revocation scheme proposed in [11] and the privacy-preserving performance of cryptographic operations on IIoT devices, such
authentication and key agreement protocols for group commu- as the proposed approach of Bakiri et al. [22] in this special
nication in [12]. issue.
While strictly following the access policy is crucial in most Similar to the smart grid focus of Lyu et al. [18], Lai, Chen
applications, there might be times where previously unautho- and Hwang proposed an architecture to obtain data pertaining
rized users need to be access encrypted data. For example, to the power from smart meters to facilitate efficient device load
Yang et al. [13] proposed a lightweight break-glass access con- recognition [23]. Still on the topic of load balancing in smart
trol system that supports the typical attribute-based access and grids, Lopez et al. [24] demonstrated how cloud resources can
the more unusual break-glass access. Specifically, in the lat- be leveraged to predict electricity consumption using time-series
ter, a break-glass access mechanism allows one, say a medical forecasting, and uniformly distribute the demand over a set of
practitioner at an overseas emergency department, to bypass available generators for load balancing.
the access policy to gain access to the patient’s data stored in Performance, as noted by Hu et al. [25], can be improved by
his/her home country healthcare system in order to formulate making network protocols more flexible. In this special issue,
immediate treatment plan. Hu et al. [25] integrated “a randomized broadcast impulsive
Blockchain is another trending research agenda, and in the coupling scheme” with the protocol design and demonstrated
context of the scope of this special issue, there has also been the utility of such an approach using simulations.
an attempts to integrate or leverage blockchains in ensuring IoT
or IIoT security [14], [15]. In this Special Issue, Li et al. [16] V. FUTURE WORK
explained how a consortium blockchain can be used for secure
energy trading in IIoT, and specifically in their approach an While the research presented in this special issue contributed
optimal pricing strategy based on Stackelberg game is proposed. to addressing several of the security, privacy, and performance-
related issues pertaining to IIoT, there are plenty more research
challenges and opportunities, partly due to the constant evolu-
III. PRIVACY
tion of the technologies underpinning IIoT and our cyber threat
Given the capability for IIoT devices and systems to capture landscape. Potential research agenda include the following.
location-related information, there is a risk of the leakage of 1) Lightweight encryption scheme for IIoT systems.
such information. Hence, in this special issue, Yin et al. [17] 2) Lightweight cryptographic primitives for IIoT systems.
proposed a mechanism satisfies differential privacy constraint 3) Practical attacks against IIoT systems.
to ensure location data privacy, as well as maximizing the utility 4) System IIoT architectures and software management.
of data and algorithm. 5) Architecture and protocol designs for IIoT.
Smart grid is another area where IIoT devices (e.g., smart 6) Data integrity and access control for IIoT.
meters) and systems (the latter is also known as industrial control 7) Secure middleware and cyber physical system for IIoT.
systems) are commonly found. The need to ensure the privacy 8) Failure detection, prediction and recovery for IIoT
of data collected, and the analysis and aggregation of such data, systems.
has been raised in the literature. 9) Experimental prototypes, performance evaluation and
There have, unsurprisingly, been attempts to design privacy validation in secure and trusted IIoT systems.
preserving data aggregation for smart grid applications such One observation we made in this special issue is that the pro-
as the fog-enabled scheme proposed by Lyu et al. [18] in this posed schemes presented in the accepted papers generally used
special issue. The approach of Lyu et al. [18] also has two simulations to evaluate the performance of the schemes. Similar
layers of encryption scheme, where one time password is applied observations were noted in other research studies, such as in
at the first layer “to encrypt individual noisy measurement to [14]. We posit the importance of bridging research and practice,
achieve aggregator obliviousness” and public-key cryptography such as designing secure yet real-world efficient cryptographic
is applied at the second level for authentication. and security solutions. Therefore, it is important for researchers
Zhao et al. [19] proposed a high-order clustering algorithm to collaborate with the relevant industry stakeholders to collab-
design to perform fast search and location of density peaks oratively design and evaluate future solutions.
for uncovering latent data structures in IIoT big data, without
compromising user privacy. REFERENCES
[1] A. Castiglione, K.-K. R. Choo, M. Nappi, and S. Ricciardi, “Context aware
IV. PERFORMANCE ubiquitous biometrics in edge of military things,” IEEE Cloud Comput.,
vol. 4, no. 6, pp. 16–20, Nov./Dec. 2018.
In addition to security and privacy issues, there are a number [2] A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, “Robust malware
of operational challenges that need to be addressed in an IIoT ap- detection for internet of (Battlefield) things devices using deep eigenspace
plication [20]. For example, a group of researchers from Dalian learning,” IEEE Trans. Sustain. Comput., to be published.
Authorized licensed use limited to: Universitas Indonesia. Downloaded on March 05,2023 at 07:02:34 UTC from IEEE Xplore. Restrictions apply.
�CHOO et al.: CRYPTOGRAPHIC SOLUTIONS FOR INDUSTRIAL INTERNET-OF-THINGS: RESEARCH CHALLENGES AND OPPORTUNITIES 3569
[3] K.n Muhammad, R. Hamza, J. Ahmad, J. Lloret, H. Wang, and S. W. [24] J. Lopez, J. E. Rubio, and C. Alcaraz, “A resilient architecture for the
Baik, “Secure surveillance framework for IoT systems using probabilistic smart grid,” IEEE Trans. Ind. Informat., 2018.
image encryption,” IEEE Trans. Sustainable Comput., 2018. [25] B. Hu, Z.-H. Guan, N. Xiong, and H.-C. Chao, “Intelligent impulsive
[4] K. Gai and M. Qiu, “Blend arithmetic operations on tensor-based fully synchronization of nonlinear interconnected neural networks for image
homomorphic encryption over real numbers,” IEEE Trans. Ind. Informat., protection,” IEEE Trans. Ind. Informat., 2018.
2018.
[5] D. He, M. Ma, S. Zeadally, N. Kumar, and K. Liang, “Certificateless
public key authenticated encryption with keyword search for industrial
internet of things,” IEEE Trans. Ind. Informat., 2018.
[6] P. Xu, S. He, W. Wang, W. Susilo, and H. Jin, “Lightweight searchable Kim-Kwang Raymond Choo (SM’15) received
the Ph.D. degree in Information security from
public-key encryption for cloud-assisted wireless sensor networks,” IEEE
Queensland University of Technology, Brisbane,
Trans. Ind. Informat., 2018.
Australia, in 2006.
[7] R. Zhou, X. Zhang, X. Du, X. Wang, G. Yang, and M. Guizani, “File-
centric multi-key aggregate keyword searchable encryption for industrial He currently holds the Cloud Technology En-
dowed Professorship at The University of Texas
internet of things,” IEEE Trans. Ind. Informat., 2018.
at San Antonio (UTSA). In 2016, he was named
[8] X. Li, J. Niu, M. Z. A. Bhuiyan, F. Wu, M. Karuppiah, and S. Kumari, “A
the Cybersecurity Educator of the Year - APAC,
robust ECC-based provable secure authentication protocol with privacy
preserving for industrial internet of things,” IEEE Trans. Ind. Informat., and in 2015 he and his team won the Digi-
tal Forensics Research Challenge organized by
2018.
Germany’s University of Erlangen-Nuremberg.
[9] A. Karati, S. K. H. Islam, and M. Karuppiah, “Provably secure and
He is the recipient of the 2018 UTSA College of Business Col. Jean
lightweight certificateless signature scheme for IIoT environments,” IEEE
Piccione and Lt. Col. Philip Piccione Endowed Research Award for
Trans. Ind. Informat., 2018.
Tenured Faculty, ESORICS 2015 Best Paper Award, 2014 Highly Com-
[10] J. Shen, T. Zhou, X. Liu, and Y.-C. Chang, “A novel latin-square-based
mended Award by the Australia New Zealand Policing Advisory Agency,
secret sharing for M2M communications,” IEEE Trans. Ind. Informat.,
2018. Fulbright Scholarship in 2009, 2008 Australia Day Achievement Medal-
lion, and British Computer Society’s Wilkes Award in 2008. He is also a
[11] H. Cui, R. H. Deng, J. K. Liu, X. Yi, and Y. Li, “Server-aided attribute-
Fellow of the Australian Computer Society.
based signature with revocation for resource-constrained industrial-
internet-of-things devices,” IEEE Trans. Ind. Informat., 2018.
[12] M. Wang and Z. Yan, “Privacy-preserving authentication and key agree-
ment protocols for D2D group communications,” IEEE Trans. Ind. Infor- Stefanos Gritzalis is a Professor with the De-
mat., 2018. partment of Information and Communication
[13] Y. Yang, X. Liu, and R. H. Deng, “Lightweight break-glass access con- Systems Engineering, School of Engineering,
trol system for healthcare internet-of-things,” IEEE Trans. Ind. Informat., University of the Aegean, Lesbos, Greece. He
2018. has authored and coauthored more than 40
[14] M. Banerjee, J. Lee, and K.-K. R. Choo, “A blockchain future to Internet books or book chapters, and 300 papers in refer-
of Things security: A position paper,” Digital Commun. Netw., 2018. eed journals and international conferences and
[15] C. Esposito, A. D. Santis, G. Tortora, H. Chang, and K.-K. R. Choo, workshops. The focus of his publications is on
“Blockchain: A panacea for healthcare cloud-based data security and pri- Information and Communications Security and
vacy?” IEEE Cloud Comput., vol. 5, no. 1, pp. 31–37, Jan./Feb. 2018. Privacy.
[16] Z. Li, J. Kang, R. Yu, D. Ye, Q. Deng, and Y. Zhang, “Consortium Dr. Stefanos has acted as Guest Editor in 35
blockchain for secure energy trading in industrial internet of things,” IEEE journal special issues, as General Chair or PC Chair in more than 40
Trans. Ind. Informat., 2018. international conferences and workshops, and as a PC member of more
[17] C. Yin, J. Xi, R. Sun, and J. Wang, “Location privacy protection based on than 500 international conferences and workshops. He acts as a Re-
differential privacy strategy for big data in industrial internet of things,” search Area Editor for the IEEE Communications Surveys and Tutorials
IEEE Trans. Ind. Informat., 2018. journal. He is the Editor-in-Chief or Editorial Board member in 35 jour-
[18] L. Lyu, K. Nandakumar, B. Rubinstein, J. Jin, J. Bedo, and M. nals and a Reviewer in more than 70 journals. He has acted as external
Palaniswami, “PPFA: Privacy preserving fog-enabled aggregation in smart reviewer for research proposals submitted to several national and inter-
grid,” IEEE Trans. Ind. Informat., 2018. national research organizations.
[19] Y. Zhao, L. T. Yang, and J. Sun, “A secure high-order CFS algorithm on
clouds for industrial internet of things,” IEEE Trans. Ind. Informat., 2018.
[20] C. Esposito, A. Castiglione, F. Palmieri, A. D. Santis, “Integrity for an
event notification within the industrial internet of things by using group Jong Hyuk Park received the Ph.D. degree in
signatures,” IEEE Trans. Ind. Informat., 2018. engineering from the Graduate School of Infor-
[21] T. Qiu, Y. Zhang, D. Qiao, X. Zhang, M. L. Wymore, and A. K. Sangaiah, mation Security, Korea University, South Korea
“A robust time synchronization scheme for industrial internet of things,” and Ph.D. degree in science from the Graduate
IEEE Trans. Ind. Informat., 2018. School of Human Sciences, Waseda University,
[22] M. Bakiri, C. Guyeux, J.-F. Couchot, L. Marangio, and S. Galatolo, “A Tokyo, Japan.
hardware and secure pseudorandom generator for constrained devices,” He is currently a Professor with the Depart-
IEEE Trans. Ind. Informat., 2018. ment of Computer Science and Engineering,
[23] C.-F. Lai, S.-Y. Chen, and R.-H. Hwang, “A resilient power fingerprint- Seoul National University of Science and Tech-
ing selection mechanism of device load recognition for trusted industrial nology, Seoul, South Korea. He has authored
internet of things,” IEEE Trans. Ind. Informat., 2018. and coauthored more than 300 research papers.
Authorized licensed use limited to: Universitas Indonesia. Downloaded on March 05,2023 at 07:02:34 UTC from IEEE Xplore. Restrictions apply.
