Cryptanalysis of Irsad et al’s Scheme “SUSIC: A Secure User Access Control Mechanism for SDN-Enabled IIoT and Cyber–Physical Systems”
摘要
The combination of Information and Communications Technology (ICT) and Cyber Physical Systems (CPS) has led to various inventive applications, including smart public safety logistics, healthcare, grids, and transportation. Software Defined Networks (SDN) technology, in conjunction with CPS, has facilitated optimized communication among Industrial Internet of Things (IIoT) and CPS entities. However, communication over public channels among entities within an SDN-enabled environment faces security risks due to insecure wireless channels, such as unauthorized access, eavesdropping, data interception, and man-in-the-middle attacks, which become plausible threats. To address these challenges, we perform a thorough analysis of the Irshad et al. protocol, which cannot defend against sensor node impersonation attempts by attackers. We also found that an adversary can compromise the session key of the sensor and user nodes by exploiting a known session-specific temporary information attack. Furthermore, the protocol suffers from a clock synchronization issue and fails to support biometric and password update phases when needed. As a result, real-time data in the IIoT environment may become accessible to malicious users.