The Industrial Internet of Things (IIoT) consists of sensors, networks, and services to connect and control production systems. Its benefits include supply chain monitoring and machine failure detection. However, it has many vulnerabilities, such as industrial espionage and sabotage. Furthermore, many IIoT devices are resource-constrained, which impedes the use of traditional security services for them. Authentication allows devices to be confident of each other's identity, preventing some security attacks. Many authentication protocols have been proposed for IIoT; however, they have high computing requirements not viable to resource-constrained devices, or they have been found insecure. In this paper, an authentication protocol for resource-constrained IIoT devices is proposed. It is based on the lightweight operations xor, addition, and subtraction, and a hash function. Also, only four messages are exchanged between the principals to authenticate. It has a low execution-time and communication-cost. Its security was successfully assessed with the formal methods Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and Burrows-Abadi-Needham (BAN) logic, together with an informal analysis of its resistance to known attacks. Its performance and security were compared with state-of-the-art protocols, resulting in a good performance for resource-constrained IIoT devices, and higher security similar to computational expensive schemes.
Keywords: AVISPA; BAN; Industrial Internet of Things; Internet of Things; M2M; authentication; lightweight.