Sage Journals: Discover world-class research

Abstract

The application of numerical control machine tool in the Internet of things has attracted large number of attention. It is a complex network system that integrates sensor network, Internet, and mobile communication network. However, some security issues have not been solved by Internet security technology. In order to enhance the security of system, we, respectively, propose a lightweight authentication method for wireless sensor networks and an Internet data privacy protection strategy based on organizational characteristics of computerized numerical control machine tool and the numerical control information transmission mode in Internet of things. The two methods constitute a privacy protection mechanism for numerical control information in Internet of things. In order to show the effectiveness of the privacy protection mechanisms, series of analysis about safety is presented. Analysis results show that this mechanism can ensure the security of information and the privacy of the numerical control machine tool in Internet of things.

Keywords

Numerical control machine tool Internet of things privacy security wireless sensor network

Introduction

With the rapid application of wireless sensor technology in the numerical control machine tool, it is becoming more and more important that how to transmit these numerical control information over the network. In fact, the transmission will face a lot of security problems in Internet of things (IoT), such as false routing information, replay attacks, information disclosure, tampering, and denial of service. If the information is attacked, stolen, and tampered with, it will greatly hack a computerized numerical control (CNC) machine. Moreover, it will affect the proper operation of the digital machine tools and the product production. CNC machine is mainly concentrated in the digital interface technology of encoder, the network technology of wireless sensor, the synchronization technology between threads and communications, the prediction technology of fault, health management, and so on. However, there are some factors which will affect the system, such as network structure, terminal equipment, communication mode, and application scenario. Traditional security methods cannot effectively solve the privacy protection issues of the numerical control in the IoT because there are some special features during the numerical control information transmission. Therefore, it is necessary to propose a security transmission method and the privacy protection mechanism for numerical control information transmission in the IoT.

There are several security and the privacy protection problems for numerical control information in the IoT: (1) the transmission of numerical control information is distributed transmission and (2) the transmission usually goes through wireless sensor network, terminal equipment, and server. In this situation, the confidentiality and integrity of numerical control information are facing some safety problems. In addition, as the unrelated parties of numerical control information, it can also obtain the privacy information using false routing information and replay attack. In order to solve these problems, this article presents a numerical control information protection mechanism based on IoT. In this security protection mechanism, we, respectively, propose a lightweight authentication method for wireless sensor networks and an Internet data privacy protection strategy based on organizational characteristics of CNC machine tool and the numerical control information transmission mode in IoT.

This article is organized as follows: first, we discuss the related works. In section “Privacy protection of numerical control information,” a lightweight authentication method for wireless sensor networks is described, which is followed by an Internet data privacy protection strategy. Series of analysis about safety are done in section “Security analysis.” Finally, the conclusions are drawn in section “Conclusion and future works.”

Related works

With the rapid development of electronic information, IoT technology is considered as the commanding heights of the development of electronic information industry by many countries. A lot of research has been done and some achievements are obtained by people. The contributions and the achievements are described as follows.

Yang and Fang¹ proposed the security model of IoT and a frame of security technologies in IoT. They hope the security model and the frame can guide the research direction about the key technologies of IoT security. An intelligent fault prediction system is proposed based on IoT in order to ensure the safe operation of large equipment.² The system is used for key mechanical equipment groups and aims at improving the working efficiency and the intelligent level of fault prediction.

A business model framework specifically for IoT applications is presented.³ Through a literature survey, interviews, and a survey among practitioners, it identifies the building blocks that are relevant in an IoT business model, types of options that can be focused on within these building blocks, and the relative importance of these building blocks and types. A comprehensive approach is presented to privacy in this envisioned setting in order to address this critical factor and thus realize the cloud-based IoT for a variety of different application areas.⁴

A secure and lightweight authenticated key agreement scheme is presented for IoT.⁵ The presentation of the scheme is to combine strengthened Menezes-Qu-Vanstone with implicit certificates. Malina et al.⁶ presented a detailed assessment of the performance of the most used cryptographic algorithms on constrained devices that often appear in IoT networks. In this article, they evaluate the performance of symmetric primitives, such as block ciphers, hash functions, random number generators, and asymmetric primitives.

Mashal et al.⁷ first introduced the concept of service recommender systems in IoT by a formal model. Then, they proposed a hyper-graph model for IoT recommender system in which each hyper-edge connects users, objects, and services. Finally, they studied the usefulness of traditional recommendation schemes and their hybrid approaches on IoT service recommendation based on existing well-known metrics. A lightweight and cross-domain prototype of a distributed architecture is presented for IoT.⁸ In order to provide minimum data caching functionality and in-memory data processing, a number of supporting algorithms for the assessment of data quality and security are described.

PAgIoT is proposed, which is a privacy-preserving aggregation protocol.⁹ In PAgIoT, data are decomposed into a set of attributes which are aggregated separately. A central node (sink) queries for the value of certain attributes, and remainder nodes respond depending on whether they possess or not these attributes.

A heterogeneous sign and encryption scheme is proposed to control the access behavior of the users in IoT.¹⁰ The important characteristic of the scheme is to allow a user in a certificateless cryptography environment to send a message to a sensor node in an identity-based cryptography environment.

A knowledge-driven approach called context-aware sensor configuration model is proposed to simplify the process of configuring IoT middleware platforms.¹¹ To demonstrate the feasibility and the usability of the approach, a prototype implementation based on an IoT middleware called global sensor networks is shown. A lifetime balanced data aggregation scheme is proposed for the IoT under an application-specified end-to-end delay requirement.¹² The aims that they proposed the scheme are to prolong the IoT network lifetime under network heterogeneity and dynamics while ensuring the required data delivery delay.

A novel distributed secure data management with keyword search system is proposed for health IoT.¹³ The system uses lightweight data encryption, lightweight keyword trapdoor generation, and lightweight data recovery, which leaves very few computations to user’s terminal. An end-to-end security scheme is proposed for mobility enabled healthcare IoT.¹⁴ The scheme includes three parts. The first part is a secure and efficient end-user authentication and authorization architecture based on the certificate-based DTLS handshake. The second part is about secure end-to-end communication based on session resumption. The third part is about robust mobility based on interconnected smart gateways.

A novel real-time hybrid intrusion detection framework is proposed that consists of anomaly-based and specification-based intrusion detection modules for detecting two well-known routing attacks in IoT called sinkhole and selective-forwarding attacks.¹⁵ Nair et al.¹⁶ studied the use of co-operative relays for improving the performance of secure wireless communications in the presence of one or more eavesdroppers. In order to enhance the secrecy rate of physical layer via co-operative communication, two heuristic algorithms are used.

A secure publish/subscribe system is presented extending the message queue telemetry transport by means of a key management framework and a policy enforcement one.¹⁷ In the secure publish/subscribe system, a lightweight publish/subscribe messaging protocol is designed for working with constrained devices. Ouaddah et al. described some different access control solutions in IoT and analyzed the security and privacy requirements for the most dominant IoT application domains, first. Then, they proposed a qualitative and a quantitative evaluation of the most relevant IoT.¹⁸ Finally, they defined potential challenges and future research directions. A framework is proposed for IoT for building locally operating self-organizing and self-adaptive systems.¹⁹ The framework is based on multi-agent systems and machine learning techniques, such as neural networks and evolutionary algorithms.

Based on the above description, we can draw this conclusion that people have achieved a series of achievements in IoT. However, there are a lot of difficulty problems needed to be resolved, especially in the case of the privacy protection of numerical control information. The main reason generating this state is mobile characteristic of terminals in wireless sensor network of numerical control machine and the unlimited characteristic of the Internet network for users. Meanwhile, the existing security risks of the wireless sensor network of numerical control machine and the Internet can also cause harm to the IoT. In fact, the security protection of privacy of numerical control information is one of the most important aspects to guarantee the normal operation of CNC machine tools. Therefore, we present a numerical control information protection mechanism based on IoT.

Privacy protection of numerical control information

In the IoT, the whole architecture of CNC machine system includes a variety of different functions of wireless sensor nodes (namely sensor nodes), wireless sensor networks, sinks (namely base stations or central controllers), local numerical control monitoring centers (LNCMC), CNC machine tools, cloud server, and so on. The basic implementation process is that the wireless sensor node and the CNC machine tool collect different data and sent them to corresponding sink by the wireless sensor networks. The sink connects the wireless sensor networks to an existing infrastructure where the user can access the collected data. The LNCMC can also access the collected data and can send these data to corresponding distal cloud server. Moreover, The LNCMC can also send some commands to the corresponding CNC machine tool, the wireless sensor nodes, and the sinks. The distal cloud server can receive the collected data and send some commands to corresponding local numerical control monitoring. Therefore, the architecture of CNC machine in the IoT can be shown as Figure 1.

Figure 1.

The architecture of CNC machine in the IoT.

In the architecture, there are two types of networks. One is the CNC machine wireless sensor network and the other is the wired network. In the CNC machine wireless sensor network, there are a variety of different functions of wireless sensor nodes, sinks, and corresponding wireless ad hoc network. In the CNC machine wireless sensor network, the processing power of the chip of each sensor node is relatively weak which is not suitable for computing the complex encryption and decryption algorithm. This chip is only suitable for computing simple encryption and decryption algorithm in order to protect the security of the collected data. However, in the wired network, there are corresponding LNCMCs, CNC machine tool and cloud server, and so on. In the wired network, the processing power of the chip of CNC machine tool, the LNCMC, and the cloud server is relatively strong which is suitable for computing the complex encryption and decryption algorithm.

Based on the above analysis, we, respectively, propose a lightweight authentication method for CNC machine wireless sensor networks and an Internet data privacy protection strategy for wired network based on the organizational characteristics of CNC machine tool and the numerical control information transmission mode in IoT.

Lightweight authentication method

In the lightweight authentication method, we built a lightweight authentication protocol. The protocol includes five parts, namely, system setup phase, sensor node registration phase, user node registration phase, login phase, and authentication and session key agreement phases. We will describe these phases as follows, respectively. In order to describe the lightweight authentication method conveniently, all the notation and definitions used in the rest of this article are summarized in Table 1, respectively.

Table 1.

The notation and definitions used in this article.

Notation	Definition
$S_{i}$	The ith sensor node
$I D_{i}$	Identity of $S_{i}$
$U_{j}$	The jth user
$I D_{j}$	Identity of $U_{j}$
$S$	The sink
\|\|	The concatenation operation
$h ()$	A one-way hash function
⊕	The exclusive or operation
$BK ()$	A bio-hashing function
$P (W_{j})$	The password of $U_{j}$
$PR I_{j}$	The private information of $U_{j}$
$A ⊢ B$	A chooses (or selects or generates) B
$A ⊧ B$	A computes B
$A >> B$	A embeds into B
$A \to B$	A is sent to B
$A ▹ ◃ B$	A checks B
$A B$	A searches B
$A \leftarrow B$	A receives B

System setup phase

In this protocol, there is a LNCMC that is fully trusted. This phase is done by the LNCMC in terms of the following steps. The pseudo-code of these steps can be described as follows:

$LNCMC ⊢ {ID}_{i}, 1 \leq i \leq m$ ;

$LNCMC ⊢ X_{sink}, LNCMC ⊧ (X_{i} = h (I D_{i} | | X_{sink}))$ ;

$LNCMC ⊢ R, (I D_{i}, X_{i}, R) >> S_{i}, 1 \leq i \leq m$ .

The above steps can be described in detail as follows:

Step 1. The LNCMC chooses a unique identity $I D_{i}$ for each sensor node $S_{i}, 1 \leq i \leq m$ , where $m$ denotes the total number of the sensor node in corresponding CNC machine wireless sensor network.

Step 2. The LNCMC chooses a master key $X_{sink}$ for corresponding sink which is only known for the sink and the LNCMC. After that, LNCMC computes the secret key of sensor $(X_{i})$ from the master key of the sink as $X_{i} = h (I D_{i} | | X_{sink})$ . Thus, each sensor node has a unique secret key which is known for $S_{i}$ and the sink.

Step 3. The LNCMC selects a random number $R$ that is shared between the sink and sensor node $S_{i}, 1 \leq i \leq m$ . Moreover, the number is unique for each $S_{i}$ . The LNCMC embeds $(I D_{i}, X_{i}, R)$ into the tamper-proof memory of each sensor.

Sensor node registration phase

The pseudo-code of this phase can be described as follows:

$S_{i} ⊢ r_{0}$ , $S_{i} ⊧ (M_{1} = h (r_{0} | | R))$ , $(r_{0}, M_{1}, T_{1}) \to S$ , where $T_{1}$ is the fresh time stamp.

$S \leftarrow (r_{0}, M_{1}, T_{1})$ , $S ⊢ r_{1}$ , $S ⊧ (M_{2} = h (r_{0} | | r_{1} | | R | | T_{1}))$ , $(r_{1}, M_{2}) \to S_{i}$ .

$S_{i} \leftarrow (r_{1}, M_{2})$ , $S_{i} ⊧ (M_{2 *} = h (r_{0} | | r_{1} | | R | | T_{1}))$ , $S_{i} ▹ ◃ (M_{2 *} = M_{2})$ . If it is true, $S_{i} ⊧ (M_{3} = I D_{j} \oplus h (R | | T_{1}))$ , $S_{i} ⊧ (M_{4} = h (I D_{i} | | X_{i} | | R | | T_{1} | | r_{0} | | r_{1}))$ , $(M_{3}, M_{4}, T_{1}) \to S$ . Else, $S_{i}$ stops receiving $(r_{1}, M_{2})$ .

$S \leftarrow (M_{3}, M_{4}, T_{1})$ , $S ⊧ (I D_{i *} = M_{3} \oplus h (R | | T_{1})$ , $S ⊧ (X_{i *} = h (I D_{i *} | | X_{sink}))$ , $S ⊧ (M_{4 *} = h (I D_{i *} | | X_{i} | | R | | T_{1} | | r_{0} | | r_{1}))$ . $S ▹ ◃ (M_{4 *} = M_{4})$ . If it is true, a message $\to S_{i}$ . Else, $S_{i}$ is rejected.

$S_{i}$ deletes $R$ .

The above steps can be described in detail as follows:

Step 1. The sensor node $S_{i}$ first generates a random number $r_{0}$ . Then, it computes $M_{1} = h (r_{0} | | R)$ . Finally, it sends $(r_{0}, M_{1}, T_{1})$ to the sink through insecure channel, where $T_{1}$ is the fresh time stamp.

Step 2. Receiving the message $(r_{0}, M_{1}, T_{1})$ , the sink generates a random number $r_{1}$ . Then, it computes $M_{2} = h (r_{0} | | r_{1} | | R | | T_{1})$ and sends $(r_{1}, M_{2})$ to sensor node $S_{i}$ .

Step 3. Receiving the message $(r_{1}, M_{2})$ , the sensor node $S_{i}$ begins to compute $M_{2 *} = h (r_{0} | | r_{1} | | R | | T_{1})$ . Then, it checks whether $M_{2 *} = M_{2}$ . If it is true, the sensor node $S_{i}$ computes $M_{3} = I D_{j} \oplus h (R | | T_{1})$ , $M_{4} = h (I D_{i} | | X_{i} | | R | | T_{1} | | r_{0} | | r_{1})$ and sends $(M_{3}, M_{4}, T_{1})$ to the sink.

Step 4. Receiving the message $(M_{3}, M_{4}, T_{1})$ , the sink begins to compute $I D_{i *} = M_{3} \oplus h (R | | T_{1})$ , $X_{i *} = h (I D_{i *} | | X_{sink})$ , and $M_{4 *} = h ({ID}_{i}^{*} | | X_{i} | | R | | T_{1} | | r_{0} | | r_{1})$ . Then, it checks whether $M_{4 *} = M_{4}$ . If it is true, then it sends a confirmation message. Otherwise, it rejects the sensor node $S_{i}$ .

Step 5. Finally, the sensor node $S_{i}$ deletes $R$ form its memory.

User node registration phase

In this phase, if a user $U_{j}$ wants to register in the LNCMC as a legitimate user, he must do some things in term of the following steps. The pseudo-code of this phase can be described as follows. In fact, this phase is done between the user $U_{j}$ and the LNCMC:

$U_{j} ⊢ I D_{j}$ , $I D_{j}$ and his personal credential → LNCMC.

$LNCMC \leftarrow (I D_{j}$ , his personal credential), ${LNCMCID}_{j}$ . If the LNCMC cannot find $I D_{j}$ , $LNCMC ⊧ (R_{i} = h (U_{j} (N_{j}) | | X_{sink}))$ , the LNCMC saves ( $U_{j} (N_{j})$ , $R_{i}$ , $BK ()$ ) into the smartcard, the smartcard $\to U_{j}$ . Else, the LNCMC will request for a new ID.

$U_{j}$ inserts $I D_{j}$ , $P (W_{j})$ of $U_{j}$ and inputs $(PR I_{j})$ into the device. Then, the smartcard $⊧ (f_{j} = R_{j} \oplus h (P (W_{j}) | | I D_{j}))$ , the smartcard $⊧ (B_{j} = BK (H (PR I_{j})))$ , the smartcard $⊧ (e_{j} = h (I D_{j} | | P (W_{j}) | | B_{j}))$ . The smartcard deletes $R_{j}$ and saves $(e_{j}, f_{j}, U_{j} (N_{j}), BK (), B_{j})$ to the smartcard.

The above steps can be described in detail as follows:

Step 1. $U_{j}$ selects $I D_{j}$ and sends $I D_{j}$ and his personal credential to the LNCMC through secure channel.

Step 2. Receiving the message of $U_{j}$ , The LNCMC begins to search $I D_{j}$ in the database. If the LNCMC cannot find $I D_{j}$ in the database, it will compute $R_{i} = h (U_{j} (N_{j}) | | X_{sink})$ , where $U_{j} (N_{j})$ is a unique number for each $U_{j}$ and $X_{sink}$ is a master key of the sink. After that, it saves $(U_{j} (N_{j}), R_{i}, BK ())$ into the smartcard, where $BK ()$ can make a unique value from the fingerprint of the user $U_{j}$ . Finally, the LNCMC sends the smartcard to the user $U_{j}$ . Otherwise, it will request for a new ID.

Step 3. The user $U_{j}$ inserts $I D_{j}$ , the password $P (W_{j})$ of $U_{j}$ and inputs his private information $(PR I_{j})$ into the device. Then, the smartcard computes $f_{j} = R_{j} \oplus h (P (W_{j}) | | I D_{j})$ , $B_{j} = BK (H (PR I_{j}))$ , and $e_{j} = h (I D_{j} | | P (W_{j}) | | B_{j})$ . Finally, the smartcard deletes $R_{j}$ and saves $(e_{j}, f_{j}, U_{j} (N_{j}), BK (), B_{j})$ to the smartcard.

Login phase

In this phase, it is necessary that the user $U_{j}$ employs his $I D_{j}$ and the password $P (W_{j})$ in order to login. The pseudo-code of this phase can be described as follows:

$U_{j}$ inputs $PR I_{j}$ into the device.

The smartcard $⊧ (B_{j *} = BK (H (PR I_{j})))$ , The smartcard $▹ ◃ (B_{j *} = B_{j})$ . If it is true, the device asks the user $U_{j}$ inserts $(I D_{j}, P (W_{j}))$ . Else, it rejects the user $U_{j}$ . If $U_{j}$ inserts $(I D_{j}, P (W_{j}))$ to the device, The smartcard $⊧ (e_{j *} = h (I D_{j} | | P (W_{j}) | | B_{j}))$ , and the smartcard $▹ ◃ (e_{j *} = e_{j})$ . If it is true, $U_{j}$ is permitted to login. Else, $U_{j}$ is not permitted to login.

The above steps can be described in detail as follows:

Step 1. The user $U_{j}$ inputs his private information $PR I_{j}$ into the device.

Step 2. The smartcard computes $B_{j *} = BK (H (PR I_{j}))$ and checks whether $B_{j *} = B_{j}$ . If it is true, the device asks the user $U_{j}$ inserts $(I D_{j}, P (W_{j}))$ . Otherwise, it rejects the user $U_{j}$ . If the user $U_{j}$ inserts $(I D_{j}, P (W_{j}))$ to the device, the smartcard computes $e_{j *} = h (I D_{j} | | P (W_{j}) | | B_{j})$ and checks whether $e_{j *} = e_{j}$ . If it is true, the user $U_{j}$ is permitted to login. Otherwise, it is not permitted to login.

Authentication and session key agreement phase

In this phase, the user $U_{j}$ , the sensor node $S_{i}$ , and the sink should be authenticated for each other and a session key should be established between them. The pseudo-code of this phase can be described as follows:

$U_{j} ⊢ r_{1}$ , $MS G_{1} = (r_{1}, U_{j} (N_{j}), request) \to S$ .

$S \leftarrow MS G_{1}$ , $S ⊧ (R_{j} = h (U_{j} (N_{j}) | | X_{(} sink))$ , $S ⊢ r_{2}$ , $(MS G_{2} = (M_{0}, r_{2})) \to U_{j}$ .

$U_{j} \leftarrow MS G_{2}$ , $U_{j} ⊧ (M_{0 *} = h (r_{1} | | r_{2} | | R_{j}))$ , $U_{j} ▹ ◃ (M_{0 *} = M_{0})$ . If it is true, $S$ is authenticated for the user $U_{j}$ . Else, $S$ is not authenticated for the user $U_{j}$ .

$U_{j} ⊧ (R_{j} = f_{j} \oplus (P (W_{j}) | | I D_{j}))$ , $U_{j} ⊧ (M_{1} = R_{j} \oplus I D_{j})$ . $U_{j} ⊢ K_{j}$ , $U_{j} ⊢ I D_{i}$ , $U_{j} ⊧ (M_{2} = h (I D_{j} | | K_{j}) I D_{i}))$ , $U_{j} ⊧ (M_{3} = h (M_{1} | | M_{2} | | R_{j} | | U_{j} (N_{j}) | | T_{1} | | K_{j} | | r_{1} | | r_{2}))$ , $(MS G_{3} = (M_{3}, M_{2}, M_{1}, T_{1}, K_{j})) \to S)$ .

$S \leftarrow MS G_{3}$ , $S ⊧ (M_{3} = h (M_{1} | | M_{2} | | R_{j} | | U_{j} (N_{j}) | | T_{1} | | K_{j} | | r_{1} | | r_{2}))$ , $S ▹ ◃ (M_{3 *} = M_{3})$ . If it is incorrect, it will reject the session. Else, $U_{j}$ is authenticated by $S$ . On this condition, $S ⊧ (I D_{j} = M_{1} \oplus R_{j})$ , $S ⊧ (I D_{i} = M_{2} \oplus h (I D_{j} | | K_{j})))$ , $S ⊧ (X_{i} = h (I D_{i} | | X_{sink}))$ , $S ⊧ (M_{4} = h (X_{i} | | I D_{i} | | M_{2} | | T_{2}))$ and $S ⊧ (M_{5} = I D_{j} \oplus (X_{i} | | T_{2}))$ . $(MS G_{4} = (M_{4}, M_{5}, T_{2})) \to S_{i}$ .

$S_{i} \leftarrow MS G_{4}$ , $S_{i} ▹ ◃ (| T 3 - T 2 | \leq \nabla T)$ . If it is incorrect, $S_{i}$ aborts the session. Else, $S_{i} ⊧ (M_{4 *} = h (X_{i} | | I D_{i} | | M_{2} | | T_{2}))$ . $S_{i} ▹ ◃ (M_{4 *} \neq M_{4})$ , If it is true, $S_{i}$ rejects $S$ . Else, $S_{i} ⊧ (I D_{j} = M_{5} \oplus h (X_{i} | | T_{2}))$ , $S_{i} ⊢ K_{i}$ , $S_{i} ⊧ (SK = h (I D_{i} | | I D_{j} | | K_{i}))$ . $S_{i} ⊧ (M_{6} = SK \oplus h (X_{i} | | T_{3}))$ , $S_{i} ⊧ (M_{7} = K_{i} \oplus h (X_{i} | | T_{3}))$ , $(MS G_{5} = (M_{6}, M_{7}, T_{3})) \to S$ .

$S \leftarrow MS G_{5}$ , $S ▹ ◃ (| T_{4} - T_{3} | \leq \nabla T)$ . If it is true, $S ⊧ (K_{i} = M_{7} \oplus h (X_{i} | | T_{3}))$ , $S ⊧ (SK = h (I D_{i} | | I D_{j} | | K_{i}))$ , $S ⊧ (M_{6 *} = SK \oplus h (X_{i} | | T_{3}))$ . $S ▹ ◃ (M_{6 *} = M_{6})$ . If it is incorrect, $S$ rejects the session. Else, $S ⊧ (M_{8} = SK \oplus I D_{j})$ , $S ⊧ (M_{9} = K_{i} \oplus R_{j})$ . $(MS G_{6} = (M_{8}, M_{9}, T_{4})) \to U_{j}$ , where $T_{4}$ is a fresh time stamp.

$U_{j} \leftarrow MS G_{6}$ , $U_{j} ▹ ◃ (| T_{5} - T_{4} | \leq \nabla T)$ . If it is incorrect, $U_{j}$ rejects the session. Else, $U_{j} ⊧ (K_{i} = M_{9} \oplus R_{j})$ , $U_{j} ⊧ (SK = h (I D_{i} | | I D_{j} | | K_{i}))$ , $U_{j} ⊧ (I D_{j *} = M_{8} \oplus SK)$ . $U_{j} ▹ ◃ (I D_{j *} = I D_{j})$ . If it is incorrect, $U_{j}$ aborts the session. Else, $U_{j}$ accepts $S_{i}$ and $S$ as a legitimate entity, respectively.

The above steps can be described in detail as follows:

Step 1. The user $U_{j}$ first generates a random number $r_{1}$ . Then, it sends a request message $MS G_{1} = (r_{1}, U_{j} (N_{j}), request)$ to the sink through insecure channel.

Step 2. Receiving the request message of the user $U_{j}$ , the sink begins to compute $R_{j} = h (U_{j} (N_{j}) | | X_{(} sink)$ and generates a random number $r_{2}$ . Then, it sends a message $MS G_{2} = (M_{0}, r_{2})$ to the user $U_{j}$ .

Step 3. Receiving the message of the sink, the user $U_{j}$ begins to compute $M_{0 *} = h (r_{1} | | r_{2} | | R_{j})$ and checks whether $M_{0 *} = M_{0}$ . If it is true, the sink is authenticated for the user $U_{j}$ .

Step 4. The user $U_{j}$ begins to compute $R_{j} = f_{j} \oplus (P (W_{j}) | | I D_{j})$ , $M_{1} = R_{j} \oplus I D_{j}$ . it will generate a random number $K_{j}$ and choose a sensor node $(I D_{i})$ which hopes to communicate with $S_{i}$ and computes $M_{2} = h (I D_{j} | | K_{j}) I D_{i}$ and $M_{3} = h (M_{1} | | M_{2} | | R_{j} | | U_{j} (N_{j}) | | T_{1} | | K_{j} | | r_{1} | | r_{2})$ . After that, the user $U_{j}$ sends a message $MS G_{3} = (M_{3}, M_{2}, M_{1}, T_{1}, K_{j})$ to the sink.

Step 5. The sink first computes $M_{3 *} = h (M_{1} | | M_{2} | | R_{j} | | U_{j} (N_{j}) | | T_{1} | | K_{j} | | r_{1} | | r_{2})$ . Then, it checks whether $M_{3 *} = M_{3}$ . If it is incorrect, it will reject the session. Otherwise, the user $U_{j}$ is authenticated by the sink. On this condition, the sink will compute $I D_{j} = M_{1} \oplus R_{j}$ , $I D_{i} = M_{2} \oplus h (I D_{j} | | K_{j})$ , $X_{i} = h (I D_{i} | | X_{sink})$ , $M_{4} = h (X_{i} | | I D_{i} | | M_{2} | | T_{2})$ , and $M_{5} = I D_{j} \oplus (X_{i} | | T_{2})$ , where $T_{2}$ is the time stamp of the sink. After that, the sink will send a message $MS G_{4} = (M_{4}, M_{5}, T_{2})$ to the sensor node $S_{i}$ .

Step 6. When the sensor node $S_{i}$ receives the message $MS G_{4}$ , it will check whether $| T 3 - T 2 | \leq \nabla T$ . If it is incorrect, then the sensor node $S_{i}$ will abort the session. Otherwise, the sensor node $S_{i}$ will compute $M_{4 *} = h (X_{i} | | I D_{i} | | M_{2} | | T_{2})$ . After that, the sensor node $S_{i}$ will check whether $M_{4 *} \neq M_{4}$ . If it is true, the sensor node $S_{i}$ will reject the sink. Otherwise, it will compute $I D_{j} = M_{5} \oplus h (X_{i} | | T_{2})$ . Then, the sensor node $S_{i}$ will create a random number $K_{i}$ which is unique in each session and compute the session key as $SK = h (I D_{i} | | I D_{j} | | K_{i})$ . Finally, the sensor node $S_{i}$ will compute $M_{6} = SK \oplus h (X_{i} | | T_{3})$ , $M_{7} = K_{i} \oplus h (X_{i} | | T_{3})$ and send a message $MS G_{5} = (M_{6}, M_{7}, T_{3})$ to the sink.

Step 7. Upon receiving the message $MS G_{5}$ of the sensor node $S_{i}$ , the sink will check whether $| T_{4} - T_{3} | \leq \nabla T$ . If it is true, the sink will compute $K_{i} = M_{7} \oplus h (X_{i} | | T_{3})$ , $SK = h (I D_{i} | | I D_{j} | | K_{i})$ , $M_{6 *} = SK \oplus h (X_{i} | | T_{3})$ and check whether $M_{6 *} = M_{6}$ . If it is incorrect, the sink will reject the session. Otherwise, the sink will compute $M_{8} = SK \oplus I D_{j}$ , $M_{9} = K_{i} \oplus R_{j}$ and send a message $MS G_{6} = (M_{8}, M_{9}, T_{4})$ to the user $U_{j}$ , where $T_{4}$ is a fresh time stamp.

Step 8. Upon receiving the message $MS G_{6}$ of the sink, the user $U_{j}$ will check whether $| T_{5} - T_{4} | \leq \nabla T$ . If it is incorrect, the user $U_{j}$ will reject the session. Otherwise, the user $U_{j}$ will compute $K_{i} = M_{9} \oplus R_{j}$ , $SK = h (I D_{i} | | I D_{j} | | K_{i})$ , $I D_{j *} = M_{8} \oplus SK$ and check whether $I D_{j *} = I D_{j}$ . If it is incorrect, the user $U_{j}$ will abort the session. Otherwise, the user $U_{j}$ will accept the sensor node $S_{i}$ and the sink as a legitimate entity.

Internet data privacy protection strategy

During the Internet data privacy protection, it involves sink, CNC machine tool, LNCMC, cloud server, and user. In order to realize the privacy protection of data in wired network, we propose an Internet data privacy protection strategy. Using the protection strategy, we can determine whether the privacy of data obtain security protection. The whole protection processes of data privacy are shown in Figure 2.

Figure 2.

The whole protection processes of data privacy in wired network of IoT.

In the Internet data privacy protection strategy, we assume that the sink, the CNC machine tool, the LNCMC, the cloud server, and the user are loaded a public key in advance. During the whole processes that data are processed which include data upload, data storage, and data access, the system does not distribute the public key for them again. In the strategy, we propose two algorithms. One is the algorithm about the security storage of collected data and another is the algorithm about the security access of stored data in cloud server. The two algorithms are described as follows, respectively.

The algorithm about the security storage of collected data is as follows:

Step 1. The sink and the CNC machine tool first check the privacy of collected data. Then, the sink and the CNC machine tool register to the LNCMC. Moreover, the sink sends the data which are collected by corresponding sensor nodes to the LNCMC using our proposed lightweight authentication protocol. The CNC machine tool sends the collected data using the SSL technology. The transformation form of the collected data is $R I_{Do} \leftarrow E K_{PrDO} (E K_{PubLNCMC} (dataid, ownerid, accesscontrol, EK (data, K_{1})))$ , where $K_{1}$ denotes a symmetric key.

Step 2. The LNCMC authenticates the received data which are sent by the sink using our proposed lightweight authentication protocol and authenticate the received data which are sent by the CNC machine tool using the symmetric key. If the sink and the CNC machine tool are authenticated to be legal, the received data can be receipted. Otherwise, the received data will be rejected.

Step 3. The LNCMC decrypts the receipted data and stores them into itself storage spaces.

Step 4. The LNCMC registers to the cloud server and encrypts the stored data $β_{Do} \leftarrow E K_{PrDO} (E K_{PubCloud} (dataid, ownerid, EK (data, K_{1})))$ . Then, the LNCMC sends these encrypted data $β_{Do}$ to the cloud server using the SSL technology.

Step 5. The cloud server authenticates the received data which are sent by the LNCMC using the symmetric key. If the LNCMC is authenticated to be legal, the received data can be receipted by the cloud server. Otherwise, the received data will be rejected.

Step 6. The cloud server decrypts the receipted data. After that, it encrypts the decrypted data using the XOR encryption technology.

Step 7. The cloud server stores these encrypted data.

Step 8. Judgment whether the LNCMC and the cloud server receiving data is end or not. If it is end, then go to Step 9. Otherwise, go to Step 1.

Step 9. End

The algorithm about the security access of stored data in cloud server is as follows:

Step 1. The user sends an access application to the cloud server. Before the access application is sent, it is encrypted by the symmetric encryption method, namely $RE Q_{user} \leftarrow E K_{PrUser} (E K_{PubCloud} (Uid, access, control, required, EK (requset, K_{1})))$ .

Step 2. These encrypted data are sent to the cloud server using the SSL technology.

Step 3. The cloud server authenticates the received data which are sent by the user using the symmetric key. Then, it decrypts the encrypted data which are certified and get the source data, namely $Data \leftarrow (dataid, ownerid, EK (data, K_{1}))$ . On this basis, the cloud server checks the types of data needed by the user.

Step 4. Based on the application and the types of data needed by the user, the cloud server send a transmission application to itself storage spaces and the LNCMC, respectively.

Step 5. According to the application of user, the cloud server sends corresponding encrypted data to the user, namely $β_{cloud} \leftarrow E K_{PrCloud} (E K_{PubUser} (dataid, ownerid, EK (data, K_{1})))$ .

Step 6. After receiving the transmission application of user, the LNCMC verifies whether the user is legal or not. If it is legal, the LNCMC receives the encrypted data sent by the user, namely $R I_{user} \leftarrow E K_{PrUser} (E K_{PubLNCMC} (U_{id}, access, control, required, dataid, ownerid, EK (request, K_{1}))$ .

Step 7. After receiving the encrypted data sent by the user, the LNCMC checks whether there are the data which are needed by the user or not. If there are the data, the application of user is valid and the system goes to Step 8. Otherwise, the application of user is invalid and the system goes to Step 1.

Step 8. The LNCMC sends the encrypted data to the user according to the requirement of the user, namely, $β_{LNCMC} \leftarrow E K_{PrLNCMC} (E K_{PubUser} (dataid, ownerid, EK (data, K_{1})))$ .

Step 9. After receiving the encrypted data sent by the cloud server, the user decrypts these encrypted data using the public key of the cloud server and the private key of the user. On this basis, the user uses the symmetric key $K_{1}$ to decrypt the encrypted data $EK (data, K_{1})$ and get data $D_{1}$ .

Step 10. After receiving the encrypted data sent by the LNCMC, the user decrypts these encrypted data using the public key of the LNCMC and the private key of the user. On this basis, the user uses the symmetric key $K_{1}$ to decrypt the encrypted data $EK (data, K_{1})$ and get data $D_{2}$ .

Step 11. The user checks whether the data $D_{2}$ are equal to the data $D_{1}$ or not. If it is true, it shows that the receiving data of the user are integrated and credible. Thus, we can know that it is effective to protect the privacy of data in wired network. The user continues to send “transmission application” command to the cloud server. Then, the system goes to Step 3. Otherwise, it is ineffective to protect the privacy of data in wired network. Therefore, the user sends “Stop transmission” command to the cloud server. Then, the system goes to Step 12.

Step 12. End

Security analysis

In this section, we first analyze the security of our proposed lightweight authentication protocol. Then, we analyze the security of our proposed Internet data privacy protection strategy. The analysis process of the two parts is described as follows, respectively.

Lightweight authentication protocol

We will analyze the security of the proposed protocol when the CNC machine wireless sensor networks confronts different attacks in this section. The analyzing process is described as follows.

Resistance against replay attack

Let an adversary eavesdrop the message $MS G_{3}$ from the authentication and session key agreement phase through insecure channel. In the following time, if the adversary wants to use $MS G_{3}$ , the sink will reject because when the sink receives the message and computes $M_{3 *} = h (M_{1} | | M_{2} | | R_{j} | | U_{j} (N_{j}) | | T_{1} | | K_{j} | | r_{1} | | r_{2})$ , where $r_{1}$ and $r_{2}$ are unknown for the adversary and are unique for each session. Moreover, the protocol is resistant against replay attack in this phase. Suppose an adversary eavesdrops $(r_{0}, MS G_{1}, T_{1})$ from one session and sends it to the sink in another session. The sink will generate a random number $r_{1 *}$ which is different in each session. Thus, the number is unusable for the adversary. If the adversary eavesdrops the message $(M_{3}, M_{4}, T_{1})$ and sends this message to the sink, the adversary will be rejected because it does not have $r_{0}$ and $r_{1}$ .

Resistance against DoS attack

Let an adversary eavesdrop the message $MS G_{1}$ from the authentication and session key agreement phase through insecure channel and send it for several times. The sink only computes $R_{j} = h (U_{j} (N_{j}) | | X_{sink})$ and $M_{0} = h (R_{j} | | r_{1} | | r_{2})$ . After that, the sink sends $R_{j}$ and $M_{0}$ to the user $U_{j}$ who is an adversary. In fact, this computation is a very lightweight computation. So, the adversary cannot launch DoS attack.

Resistance against the sink impersonation attack

In this attack, an adversary wants to compute $X_{sink}$ which is used in $R_{j} = h (U_{j} (N_{j}) | | X_{sink})$ , $X_{i} = h (I D_{i} | | X_{sink})$ . In $R_{j} = h (U_{j} (N_{j}) | | X_{sink})$ , although $U_{j} (N_{j})$ is known, the adversary cannot compute $X_{sink}$ in polynomial time. $X_{i}$ and $I D_{j}$ are both unknown to the adversary. So, the adversary cannot impersonate the sink.

Resistance against sensor node impersonation attack

Even if an adversary eavesdrops $M_{2}$ in our proposed protocol, it cannot extract $I D_{i}$ from it. Moreover, even if the adversary eavesdrops $M_{6}$ , $M_{7}$ , it cannot compute $X_{i}$ or h $(X_{i} | | T_{3})$ because $K_{i}$ and $SK$ are unknown for the adversary. $X_{i}$ is the secret key of the sensor node $S_{i}$ and the adversary cannot compute $X_{i}$ because hash function is pre-image resistant.

Resistance against user impersonation attack

The adversary must compute $R_{j} = f_{j} \oplus h (P (W_{j}) | | I D_{j})$ in order to impersonate the user $U_{j}$ . This is unknown. Even if the adversary eavesdrops $(M_{1}, M_{2})$ , it cannot compute $I D_{j}$ . So, user impersonation is impossible.

Resistance against intractability attack

Let an adversary eavesdrops two messages from two different sessions and if they are the same, the adversary want to trace the user $U_{j}$ and the sensor node $S_{i}$ . In this attack, our proposed protocol is secure because the smartcard of the user $U_{j}$ will compute $M_{2} = h (I D_{j} | | K_{j}) \oplus I D_{i}$ , where $K_{j}$ is a random number and is unique in each session. So, the adversary cannot trace the user $U_{j}$ . Moreover, there is $SK = h (I D_{i} | | K_{i}))$ , where $K_{i}$ is a random number and is unique in each session. So, the session key is different each time and the adversary cannot trace the sensor node $S_{i}$ .

Internet data privacy protection strategy

The security analysis of the protection processes of this strategy is needed in order to illustrate the effectiveness of our proposed Internet data privacy protection strategy. Therefore, we will mainly analyze the security in terms of the confidentiality, authentication, integrity, and anti-hammering performance of our proposed strategy. The analysis processes can be described as follows.

Confidentiality analysis

Our proposed Internet data privacy protection strategy begins the collected data of the sink and the CNC machine tool. The protection processes involve the transmission of data, the storage of data, the application of data, the delivery of data, and so on. These processes are carried out under the condition of encryption. These processes can effectively defense some illegal users to steal the collected data. At the same time, in order to verify the validity of the collected data of the sink and the CNC machine tool, the LNCMC authenticates these collected data using our proposed lightweight authentication protocol and the symmetric key. This authentication can effectively prevent the invasion of illegal users. In order to prevent the information from being tampered in the storage process, the XOR encryption technique is used which can effectively prevent the loss and the tampered of the stored data. In order to verify the feasibility and effectiveness of the user receiving storage data, the user receives the storage data from the LNCMC and the cloud server, respectively. After that, the user decrypts and verifies corresponding received data, respectively. These steps can effectively protect the integrity and the credibility of data which are received by the user. Therefore, the protection strategy can effectively protect the confidentiality of data in wired network.

Identity authentication analysis

Before the collected data are sent by the sink to the LNCMC, the data are used by our proposed lightweight authentication protocol. At the same time, the encryption method and the SSL technology are used for their transmission before the collected data are sent by the CNC machine tool. These steps can ensure the legitimacy of the collected data, respectively. Moreover, the cloud server will authenticate the identity of user using SSL technology in order to ensure the legitimacy of the data transmission during the user apply for data source from the cloud server. In general, in whole IoT, identity authentication is used in various activities which include data collection, data transmission, user login, and data application. Therefore, the privacy protection strategy of data can effectively protect the legitimacy of the user’s identity.

Integrity analysis

In the algorithm about the security storage of collected data and the algorithm about the security access of storage data in cloud server, the LNCMC and the cloud server are used the encrypted method and the SSL technology which can authenticate the integrity of the collected data of the sink and the CNC machine tool and the integrity of the application message of the user. At the same time, the user also used the encrypted method and the SSL technology which can authenticate the integrity of the data of the LNCMC and the cloud server.

Anti-hammering performance analysis

In our proposed Internet data privacy protection strategy, the double encryption method is used which can effectively increase the length of key and prevent the key being brute force. Thus, it will be very difficult that any illegal user wants code-cracking. Moreover, the XOR encryption technology and the SSL technology are used in our proposed Internet data privacy protection strategy. The two technologies have two obvious characteristics: (1) The two technologies can effectively detect the invasion behavior of illegal users. Thus, all kinds of malicious activities can be effectively detected and analyzed. Based on the results of detection and analysis, the system can effectively prevent various attacks. (2) The two technologies can effectively prevent middle attack because they can detect whether the data are modified, whether the key is tampering, and so on. In addition, the encryption mode is used during the cloud server storage data which can effectively prevent the attack using internal channel.

Conclusion and future works

Aiming at the difficult question of the privacy protection for numerical control information in IoT, we propose a privacy protection mechanism. In this mechanism, we, respectively, propose a lightweight authentication method for wireless sensor networks and an Internet data privacy protection strategy based on the organizational characteristics of CNC tool and the numerical control information transmission mode in IoT. In the lightweight authentication method, we built a lightweight authentication protocol. The protocol includes five parts, namely, system setup phase, sensor node registration phase, user node registration phase, login phase, and authentication and session key agreement phases. In the Internet data privacy protection strategy, it involves sink, CNC machine tool, LNCMC, cloud server, and user. In order to prove the effectiveness of the protection mechanism, this article analyzes a series of its safety performance. Analysis results show that in the cloud computing, use this mechanism to ensure the security of data privacy.

Although this mechanism can effectively protect the security of data privacy, it also increases the length of key in the Internet data privacy protection strategy because it uses double encryption method. Thus, it also brings certain impact to data transmission and storage. Therefore, it is needed to consider the optimization scheme of the two algorithms in the future works. Moreover, we need to consider the specific influence on the bandwidth, memory, and transmission channel for the data privacy protection mechanism for numerical control information in IoT.

Footnotes

Academic Editor: Kim-Kwang R Choo

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work was supported by the National Natural Science Foundation of China (no. 61472112).

References

Yang

Fang

. Security model and key technologies for the Internet of things. J China Universities Posts Telecommun 2011; 18(Suppl. 2): 109–112.

Chen

Minami

. Intelligent fault prediction system based on Internet of things. Comput Math Appl 2012; 64: 833–839.

Dijkman

Sprenkels

Peeters

et al . Business models for the Internet of things. Int J Inform Manage 2015; 35(6): 672–678.

Henze

Hermerschmidt

Kerpen

et al . A comprehensive approach to privacy in the cloud-based Internet of things. Future Gener Comp Sy 2016; 56: 701–718.

Simplicio

Jr Silva

MVM

Alves

RCA

et al . Lightweight and escrow-less authenticated key agreement for the internet of things. Comput Commun 2016; 98: 43–51.

Malina

Hajny

Fujdiak

et al . On perspective of security and privacy-preserving solutions in the Internet of things. Comput Netw 2016; 102: 83–95.

Mashal

Alsaryrah

Chung

. Performance evaluation of recommendation algorithms on Internet of things services. Physica A 2016; 451: 646–656.

Sicari

Rizzardi

Miorandi

et al . A secure and quality-aware prototypical architecture for the Internet of things. Inform Syst 2016; 58: 43–55.

Gonzlez-Manzano

Fuentes

JMD

Pastrana

et al . PAgIoT: Privacy-preserving Aggregation protocol for Internet of things. J Netw Comput Appl 2016; 71: 59–71.

10.

Han

Jin

. Practical access control for sensor networks in the context of the Internet of things. Comput Commun 2016; 89–90: 154–164.

11.

Perera

Vasilakos

. A knowledge-based resource discovery for Internet of things. Knowl-Based Syst 2016; 109: 122–136.

12.

Zhang

Qiao

et al . Lifetime balanced data aggregation for the Internet of things. Comput Electr Eng 2016; 58: 244–264.

13.

Yang

Zheng

Tang

. Lightweight distributed secure data management system for health Internet of things. J Netw Comput Appl 2016; 89: 26–37.

14.

Moosavi

Gia

Nigussie

et al . End-to-end security scheme for mobility enabled healthcare Internet of things. Future Gener Comp Sy 2016; 64: 108–124.

15.

Bostani

Sheikhan

. Hybrid of anomaly-based and specification-based IDS for Internet of things using unsupervised OPF based on MapReduce approach. Comput Commun 2016; 98: 52–71.

16.

Nair

Asmi

Gopakumar

. Analysis of physical layer security via co-operative communication in Internet of things. Proc Tech 2016; 24: 896–903.

17.

Rizzardi

Sicari

Miorandi

et al . AUPS: an open source AUthenticated Publish/Subscribe system for the Internet of things. Inform Syst 2016; 62: 29–41.

18.

Ouaddah

Mousannif

Elkalam

et al . Access control in the Internet of things: big challenges and new opportunities. Comput Netw 2017; 112: 237–262.

19.

Nascimento

NMD

Lucena

CJPD

. FIoT: an agent-based framework for self-adaptive and self-organizing applications based on the Internet of things. Inform Sciences 2017; 378: 161–176.

A privacy protection mechanism for numerical control information in Internet of things

Abstract

Keywords

Introduction

Related works

Privacy protection of numerical control information

Lightweight authentication method

System setup phase

Sensor node registration phase

User node registration phase

Login phase

Authentication and session key agreement phase

Internet data privacy protection strategy

Security analysis

Lightweight authentication protocol

Resistance against replay attack

Resistance against DoS attack

Resistance against the sink impersonation attack

Resistance against sensor node impersonation attack

Resistance against user impersonation attack

Resistance against intractability attack

Internet data privacy protection strategy

Confidentiality analysis

Identity authentication analysis

Integrity analysis

Anti-hammering performance analysis

Conclusion and future works

Footnotes

Declaration of conflicting interests

Funding

References