Abstract
Security in Industrial Internet of Things (IIoT) is of vital importance as there are some cases where IIoT devices collect sensory information for crucial social production and life. Thus, designing secure and efficient communication channels is always a research hotspot. However, end devices have limitations in memory, computation, and power-supplying capacities. Moreover, perfect forward secrecy (PFS), which means that long-term key exposure cannot disclose previous session keys, is a critical security property for authentication and key exchange (AKE). In this paper, we propose an AKE protocol named SAKE* for the IIoT environment, where PFS is provided by two types of keys (i.e., a master key and an evolution key). In addition, the SAKE* protocol merely uses concatenation, XOR, and hash function operations to achieve lightweight authentication, key exchange, and message integrity. We also compare the SAKE* protocol with seven recent and IoT-related authentication protocols in terms of security properties and performance. Comparison results indicate that the SAKE* protocol consumes the least computation resource and third least communication cost among eight AKE protocols while equipping with twelve security properties.