Privacy-Preserving and Control-Compliant Authenticated Access for the AI-Enabled Industrial Internet of Things

Artificial intelligence (AI) revolutionizes the productivity model and efficiency of the Industrial Internet of Things (IIoT). As a derivative of the AI era, AI-enabled IIoT drives frequent data access and intelligent industrial productivity. However, the rise of intelligence brings more sophisticated and hard-to-defend attacks against IIoT systems, such as deep identity forgery and malicious access, posing a major threat to intelligent development. Password-based Authenticated Key Agreement (AKA) is an effective cryptographic method for access security in IIoT, but current AKA schemes cannot address balancing between security, functionality and efficiency in the smart setting. To fill this gap, we propose a new password-based AKA scheme, where oblivious pseudorandom function, hash function and encryption are utilized to realize anonymous identity authentication. Considering malicious data access, we design a new token-tag mechanism with identity information to realize malicious identity tracing. In addition, our scheme supports a fast login function, helping the authorized party access data without repeating key agreements. Furthermore, formal security proofs and heuristic analyses demonstrate that our scheme is secure under multiple attacks. Finally, we compare the proposed scheme with the related schemes, and the results show that our scheme achieves the balance between safety, function and efficiency.