SAKE*: A Symmetric Authenticated Key Exchange Protocol With Perfect Forward Secrecy for Industrial Internet of Things

Security in the Industrial Internet of Things (IIoT) is vital as there are some cases where IIoT devices collect sensory information for crucial social production and life. Thus, designing secure and efficient communication channels is always a research hotspot. However, end devices have memory, computation, and power-supplying capacities limitations. Moreover, perfect forward secrecy (PFS), which means that long-term key exposure still discloses previous session keys, is a critical security property for authentication and key exchange (AKE). This article proposes an AKE protocol named SAKE* for the IIoT environment, where two types of keys (i.e., a master key and an evolution key) guarantee PFS. In addition, the SAKE* protocol merely uses concatenation, XOR, and hash-function operations to achieve lightweight authentication, key exchange, and message integrity. We also compare the SAKE* protocol with seven current and IoT-related authentication protocols regarding security properties and performance. Comparison results indicate that the SAKE* protocol consumes the least computation resource and third-least communication cost among eight AKE protocols while equipping 12 security properties.