Group key agreement protocol for edge computing in industrial internet

: Industrial internet security is a critical component of cyberspace safety. Furthermore, the encryption protocol is a critical component of cyberspace security. Due to the rapid development of industrial internet and edge computing, increasingly more devices are outsourcing their data to cloud servers to save costs. Edge devices should have a secure session key to reduce communication costs and share information. However, most key generation and storage are completed by a centralized third-party organization, which carries some security risks. In this context, this paper will propose a lightweight multi-dimensional virtual iteration of the group key agreement protocol. Group key agreement protocol allows for one-at-a-time encryption and timely key updates without the involvement of a trusted third party, and each device in the network can agreement a large number of keys. According to the analysis of this protocol, it has high security, rapid computation speed, and little storage space.


Introduction
With the rise of the Industrial Internet concept, intelligent transformation is happening in the industrial field. In the actual industrial scenario, numbers of devices will generate large industrial data sets [1][2][3]. The traditional cloud computing data model uses centralized processing, and massive amounts of data rely on remote cloud computing centers for computation and storage, putting tremendous pressure on the industrial Internet architecture based on the cloud computing model [4,5]. In addition, unscrupulous elements can easily steal data during long-distance transmission, so it cannot guarantee data of security. Compared with cloud computing, edge computing can store and share resources near mobile devices, providing users with low latency and high bandwidth access to information and computing resources [6,7].
In the edge computing architecture of the Industrial Internet, the cloud server is a trusted root that connects edge servers. An edge server is a domain administrator responsible for storing common data from edge devices and transferring complex data to the cloud server [8,9]. Edge devices collect data and then upload it to a local edge server. Edge devices can share information. These edge servers in the edge computing layer are effective solutions for enhancing cloud computing capabilities [10,11].
To reduce the communication consumption of edge devices and ensure the security of resource sharing among edge devices, only users of the group with the same key can decrypt this information. Edge devices in a group can negotiate a shared key and use the shared key to encrypt the data of members in the group. Most of the existing schemes are to store and manage the encryption and decryption keys of the data directly by a third-party authority (e.g., certificate authorities) [12][13][14][15][16][17]. Then we have to trust the third-party organization that the key management is safe and secure. This management scheme can threaten the entire system's security once the central institution is attacked. As a result, the research on reliable and secure group key protocols is still ongoing [18,19].
Naresh [20] proposed a cluster-based hybrid layered group key protocol, which supports mutual authentication among group members, but consumes a lot of communication costs and is difficult to guarantee forward and backward confidentiality. Braeken [21] proposed a public asymmetric group key protocol for unpaired authentication, which does not require the participation of the certificate authority, but consumes a lot of communication. Chen et al. [22] proposed a broadcast encryption scheme based on anonymous certificates. In combination with broadcast encryption, it uses a shared key to transmit messages. But the scheme uses bilinear pair operation, which makes it computationally more expensive. Literature [23] proposed a group key protocol supporting anonymity, which can ensure user privacy security in the cloud environment. Literature [24,25] proposed the use of an elliptic curve cryptography (ECC) to establish secure session keys between authorized users and devices. Edge devices cannot support ECC because of their limited computation and storage capabilities. Literature [26] proposed a key management scheme based on the permutation algorithm, which can effectively improve the computational efficiency compared to the public key encryption scheme. The scheme is based on polymorphic cryptography and has high-security performance. Lu et al. [27] proposed an anonymous authentication group key protocol based on an ECC with complete forward and backward confidentiality and higher security performance. Wang et al. [28] proposed polynomial public key encryption, which can effectively resist key disclosure attacks.
Research shows that numerous group key protocols use asymmetric encryption algorithms, such as elliptical curve cryptography, bilinear pair encryption, polynomial encryption, etc. These public key encryption cryptosystems have a high computational and storage cost, making them unsuitable for encrypting a significant amount of data. Therefore, this paper will propose a lightweight multidimensional virtual iteration of the group key agreement protocol, which can effectively solve the shortcomings of the public key encryption cryptosystem.
The research contributions of this paper are as follows: (1) We adopt group key agreement technology to construct an information sharing platform among edge devices. The scheme adopts hashing, multi-dimensional virtual iteration, and symmetric cryptography, which is suitable for edge devices with limited resources.
(2) Decentralization, with no trusted third parties. This scheme does not need certificate authority to generate and store keys and has higher security.
(3) Lightweight computing. This scheme adopts a symmetric encryption algorithm, key generation is faster and more efficient and has low computational complexity, so it is suitable for massive amounts of data encryption. This scheme can satisfy the lightweight computing of edge devices. (4) Safety evaluation. The multi-dimensional virtual iterative function V IF () proposed in this protocol is self-compiled, and an attacker will face multi-dimensional variation if it is cracked forcibly. Through the theoretical and performance analysis of the protocol, it is proved that the proposed scheme has the characteristics of an anti-eavesdropping attack and anti-man-in-the-middle attack, and has fast running speed, small storage space, low computational complexity, and high security performance.

Key distribution model of current Industrial Internet
Data collection is the foundation of edge computing. In Industrial Internet, edge devices collect data, then control network for monitoring, and finally stored in the cloud center for unified processing. In cloud storage services, users of edge devices lose direct control of their data and prevent servers from maliciously stealing information, users encrypt data and then upload it to the cloud center, where the data stored in the cloud center is ciphertext information.
The current industrial Internet data storage model uses a centralized key distribution mechanism. And the key is generated and stored by a trusted third-party authority, which is usually a certificate authority (CA). As shown in Figure 1, the model contains three entities: Edge Device, Cloud and User. An Edge Device with limited resources will choose a trusted certification authority to host the key and then get the key from the authority when sharing the data, as shown in steps 1-8. The data model with a centralized key distribution mechanism is vulnerable to threats. If someone maliciously attacks the certificate authority, the encrypted and decrypted session keys will also become insecure, resulting in data privacy leakage.

Group key agreement based on multi-dimensional virtual iteration
In order to ensure the security of data shared by edge devices, a group key agreement protocol based on multi-dimensional virtual iteration is proposed, as shown in Figure 2.
Cloud: The cloud computing center provides relevant services to edge devices with storage space and computing resources. The edge devices get the required services through the network according to their needs.
Edge Server: Store data commonly used by edge devices and provide relevant services to edge devices on time.
Edge Devices: Edge devices implement the generation and processing of source data. Edge Devices can establish secure communication channels and negotiate session keys for securing data transmission between devices. Provide the required services to devices.
After edge devices obtains the transmitted information from the database, the server completes and exits the key agreement. The edge devices store and manage the information. When the key agreement ends or before the next key agreement starts, the server is asked to update the data to be sent again. The server works only in the current step and does not participate in subsequent key agreements, nor can it get key information and the plaintext and ciphertext transmitted. During the group key agreement, each group of users can uniquely determine the key array on a single dimension. After m devices interact with their respective key arrays K i [n] through the token ring, the self-compiling of the function is triggered and a multi-dimensional virtual iteration space is constructed. The multi-dimensional virtual iteration space contains m × n security subsystems and is uniformly distributed. The group users permute and iterate over a number of security subsystems to get encryption keys. Repeatedly performing the permutation step, users get a lot of different secure encryption methods.
When the number of users is large enough, it is impossible to achieve a one-to-one correspondence between the number of security subsystems and the number of subspaces. So a Sha-256 cryptographic hash function needs to be defined to achieve a one-to-many mapping relationship between the number of subspaces and the security subsystems. The arbitrary length of the input, after a hash function encryption processing, can output the fixed-length information, make it uniformly distribute the fixed security subsystem to more than one way, then the multi-dimensional permutation space is a virtual fully populated state. From the user's point of view, it is a fully populated state. If this protocol wants to implement a group key agreement, it must meet the following conditions.
(1) Multi-party devices have the same multi-dimensional virtual iteration space S mn , m × n security subsystems.
(2) The device D i holds the private key k i and the private key array k , i , which cannot be used directly. The private key and the private key array need to be processed by a function to form the key control array K i [n] , V IF () which is used to construct a multi-dimensional iterative function .
(3) The devices have the same multi-dimensional virtual iteration function V IF (). It generates a unique and shared multi-dimensional virtual permutation space for the m devices.
(4) The multi-dimensional virtual iterative function V IF () is self-compiling. If an attacker forces a hack on the function, he will face a multi-dimensional variant of the function. Table 1 lists the basic symbols used in this article and their definitions.

Construct the four dimensional permutation network
This model comprises four users, where X-axis, Y-axis, Z-axis and color axis are the fourdimensional concrete coordinate axes. Four users provide a single-dimensional key control sequence to control a single-dimensional coordinate axis in the four-dimensional virtual permutation space. Achieving a distribution of four users that collaboratively control the safety subsystem and are in the model space. At last, x security subsystems are determined in the four-dimensional virtual iterative model space constructed by the function coordinates provided by the four users, as shown in Figure 3.
In this protocol, the initial key array K i [1] , K i [2] , · · · , K i [n] held by device D i is used as the i-th coordinate parameter. Each dimension represents a key array controlled by the device, where the color axis represents the fourth dimension. Assuming that the number of keys in each key array is 4, there are 4 4 = 256 security subsystems in the key space constructed by four devices. When the devices determines a set of coordinates, the probability of replacing a security subsystem immediately is 1 256 .  Due to the permutation network contains 4 n candidate security subsystems, the function of the key array K i [1] , K i [2] , · · · , K i [n] is to realize the polymorphism overloading principle in the virtual function. The key array arguments determine the security subsystem to be called and executed with equal probability, and finally, make the permutation network obtain a unique internal permutation array.

Protocol process
As shown in Figure 4, the steps of multi-dimensional virtual iterative group key agreement are as follows: (1) Initialization step: Device D i holds the private key k i , ur i represents the network upload speed intercepted by device D i , dr i represents the network download speed intercepted by device D i , ut i represents the total number of network packet upload intercepted by device D i , and dt i represents the total number of network packet download intercepted by device D i . At this point, device D i converts the contained information into binary form and stores it in m i = (ur i ||dr i ||ut i ||dt i ). Each user also includes a unique virtual iterator function V IF (). At the same time, Each device monitors the token ring and waits for the key protocol.
(2) Preparation step: Each device D i uses the pseudo-random function Rand () to pseudo-randomly generate the existing key sequence k , i = [k i1 , k i2 , · · · , k in ,] from the existing m i , the group user D i takes the private key k i and the private key array k , i , device D i uses the private key k i and the hashed private key array k , i XOR to generate the real key array K i [n], as shown in Eq (2). The user waits for instructions from the token ring in sequence.
Device D i has a key array K i [n], device D m has a key array K m [n]. And the system contains m × n security subsystems. When D i get the token, device D i secretly put K i [n] into V IF () for subsequent virtual iteration space distribution.
(3) Construction step: The device starts a data sharing request, first obtains the token ring, uploads its own key array K i [n] to the multi-dimensional virtual iteration function IV IF (i), and upon successful upload gets an incomplete virtual iteration function V IF () except for the missing own key array only, as shown in Eq (3).
After that, the device substitutes the key array K i [n] held by itself into IV IF (i) to obtain the complete multi-dimensional virtual iteration function V IF (). The multi-dimensional virtual iteration function triggers the self-compilation function and maps onto a multi-dimensional permutation network, which contains m × n secure subsystems in the system. This space is a filled state, and m devices share this key space. K denotes the shared multi-dimensional permutation network, as show in Eq (4).
(4) Iterative step Step 1: In the four-dimensional permutation network, the i-th coordinate selected by the four devices is a security subsystem in the permutation network, represented as ϕ i . Each user randomly selects x initial keys. Then rapidly iterate x security subsystems, denoted as ϕ 1 , ϕ 2 , · · · , ϕ x in order.
Step 2: Generate an iterative function system IFS x is generated by iterating x security subsystems obtained in Step 1 in a certain order through the self-compiler. Here, x is denoted as Eq (4), as shown in Eq (5).
S K → IFS 4 = (ϕ 4 (ϕ 3 (ϕ 2 (ϕ 1 )))) (5) At last, the result of iteration can be used as the unique secure encryption key S K to provide the key array of a long period for various symmetric encryption algorithms to complete the key negotiation. Members encrypt their own information about the session key S K and send it to other users. Since the session key S K is unique, all members can decrypt the cipher text to get the information transmitted by other users.
Step 3: When each member negotiates the key again, cyclic Steps 1 and 2 can quickly replace the corresponding virtual iteration function only to generate a large number of secure keys.

Safety analysis
(1) Resist playback attack: According to the description of this protocol, the virtual iteration function needs to be updated every time multiple users share information. If an attacker steals the n-th shared key, the replay of the n-th key during the (n + 1)-th information sharing fails. At this point, the virtual iteration function has changed, and the attacker will not steal the information interaction of the n+1, so it can resist replay attacks.
(2) Resist eavesdropping attack: Each user's key array can only control one dimension of the virtual iteration function, so eavesdropping on a single or multiple users cannot get a complete virtual iteration function; Similarly, the coordinate of the iteration function is determined by each user, so the eavesdropper can't get the correct virtual iteration function. Therefore, it can resist eavesdropping attacks.
(3) Decentralization: This protocol does not require any third-party organization. Each device negotiates the key together and stores its information data independently. Even if a device is compromised by an attacker resulting in data leakage, the attacker cannot analyze the shared keys from the information obtained. Then it is not possible to get the information of others, so it will not affect the next data share of the device.
(4) Prevent man-in-the-middle attack: During the period of information sharing, an attacker might get k i , k , i , k i [n] in the transmission channel, but the virtual iteration function and key space build all need security subsystem S mn , S mn does not exchange information in the transmission channel, and the attacker can obtain safety subsystems, also will not participate in the iteration phase to get the key SK. Even if the attacker gets V IF (k 1 [n] , · · · , k i−1 [n] , 0, k i+1 [n] , · · · , k m [n]), because V IF () is selfcompiled and unreadable, if the attacker forces V IF (), with each crack, the attacker will end up facing the multidimensional variance function V IF ().
(5) Mutual Authentication: In constructing the key space, all users participate in the spaces construction. An attacker cant get the key by participating in the token ring as an illegal user. Therefore, the resulting key space is identical and unique. If the key space generated by a user is different from that of another user, the user is invalid. The multi-dimensional virtual permutation mechanism contains the unique permutation network generated by all users' security subsystems with equal probability, which is equivalent to the user's signature information. So it achieves mutual authentication between users.

Performance evaluation
Computational complexity and time overhead are the main performance indicators of protocol optimization. This section summarizes several encryption methods with four representative references [18,[29][30][31]. We used the advantage of the Crypto ++Library to measure the elapsed time of the cryptographic operations. The computer used for this test was an Ubuntu 11.10 operating system with an Intel Core Duo 1.86 GHz and 2 gigabytes of RAM. It showed the symbols and data used in the performance analysis in Table 2. Table 3 compares the time cost of the research protocol in this paper with the references and calculates the theoretical test time.
Cheng et al. [29] proposed an authentication group key protocol based on Diffie-Hellman. In this protocol, the user's static private key and temporary key are bound to provide bidirectional authentication and resist temporary key leakage attack. However, extensive bilinear pairing, elliptic curve scalar multiplication and elliptic curve scalar addition are adopted. Therefore, the calculation time cost is relatively high.
Vinoth et al. [18] proposed to use secret sharing technology to construct a group key negotiation. Using only hashing function, XOR, and symmetric cryptography in the scheme can have lower communication overhead. Compared to Cheng, the computational overhead is lower.
Islam et al. [30] proposed an unpaired authentication group key protocol based on elliptic curve cryptography. It eliminates public key certificates and reduces computing costs. But in practice, a lot of circular curve scalar multiplication and elliptic curve scalar addition operations are still used.
Wang et al. [31] proposed a group key agreement based on device-to-device. The public key encryption method is used in the protocol, which has high security performance but requires a lot of calculation. Communication is too expensive compared to our protocol. Figure 5 simulates the time required for the key agreement of our proposed protocol and other schemes. The number of key agreement users ranges from 1 to 50. With the increase of users, we can conclude that Cheng's scheme takes the longest time, while our scheme consumes less calculation and has better performance.
Compared to these protocols, our scheme has a shorter computation time. And has a stronger defense capability. In the construction phase of the multi-dimensional iterative space, with the increase of the number of devices, although it will relatively increase a small amount of storage overhead, the multi-dimensional replacement space and virtual iteration function constructed in the negotiation phase to achieve "one key at a time", close to the random state, can ensure the security problem. In addition, this protocol uses a symmetric encryption algorithm, which can quickly iterate through a large number of keys and encrypt data, greatly reducing the time overhead.

Conclusions
In building industrial internet, it is necessary to pay attention to the security of shared keys of edge devices. Compared with the previous centralized key protocol, this protocol can better protect security and reduce data transmission time without resorting to any third party.
This paper proposes a multi-dimensional virtual iterative key protocol without certificates. Com-pared with the asymmetric protocol in references [18,[29][30][31], it features short computation time, small storage space, and large encrypted plaintext data, which can quickly replace a large number of secure keys. Meanwhile, the multi-dimensional virtual iterative key space proposed by this protocol has good security against man-in-the-middle attacks and replay attacks. In the edge environment of industrial Internet, there are problems of large data volume and low security. This protocol has good practicality and application space for such platforms, also does not need to bear a large amount of computational consumption.
As the number of participating users increases, the storage cost will increase accordingly. Reducing storage consumption and increasing user identity authentication will also be the focus of future research.