Skip to Main Content
Linking factory floors to the Internet, coupled with the rapid deployment of wireless access networks, is initiating a new paradigm for factory automation-a corporate employee with a handheld computing device can have anytime, anywhere access to the latest factory floor information. Authentication between a factory database and a remote user is crucial for such paradigm; however, existing authentication protocols are inadequate to defend against strong adversaries with break-in capabilities. In this paper, we design and implement the Energy-Efficient and Intrusion-Resilient Authentication (ERA) protocol. Through a novel combination of hash chain,pin, and message authentication code (MAC), ERA can achieve the security self-recovery when strong adversaries compromise either a user's handheld device or a factory authentication server to obtain the authentication secrets. The technique of mutual MAC is proposed to defend against online pin-guessing attacks launched by strong adversaries. Furthermore, an optimization of tuning hash chain iteration is introduced to reduce energy consumption of a handheld device. Analytical and experimental results show that ERA provides a better security guarantee and incurs much less computation and communication overhead than the existing authentication protocols.