Next Article in Journal
Linear Characteristics of the Differences in Phase Tangents of Triple-Coil Electromagnetic Sensors and Their Application in Nonmagnetic Metal Classification
Next Article in Special Issue
Cybersecurity Risk Management Framework for Blockchain Identity Management Systems in Health IoT
Previous Article in Journal
Design and Shape Optimization of Strain Gauge Load Cell for Axial Force Measurement for Test Benches
Previous Article in Special Issue
Towards Robustifying Image Classifiers against the Perils of Adversarial Attacks on Artificial Intelligence Systems
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Sensors
Volume 22
Issue 19
10.3390/s22197510
Review Report
sensors-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Practical Three-Factor Authentication Protocol Based on Elliptic Curve Cryptography for Industrial Internet of Things

Sensors 2022, 22(19), 7510; https://doi.org/10.3390/s22197510
by Xingwen Zhao 1,2, Dexin Li 1,2,* and Hui Li 1,2
Reviewer 1: Anonymous
Reviewer 2:
Eniye Tebekaemi
Reviewer 3:
Insaf Ullah
Sensors 2022, 22(19), 7510; https://doi.org/10.3390/s22197510
Submission received: 26 August 2022 / Revised: 27 September 2022 / Accepted: 29 September 2022 / Published: 3 October 2022
(This article belongs to the Special Issue Cybersecurity in the Internet of Things)

Round 1

Reviewer 1 Report

It is needed to check again the English and typos in the text. For example, on line 33, it appears "intrustral central", but on Fig. 1. below appears "industrial central". Pay attention to the acronyms used in the text, for example, "AES" on line 67 is not described. 

The mathematical model is hard to check and validate and I suggest inserting some diagrams in the text to make it understandable for readers (besides Figures 2-7 that I do not consider to be named as figures - maybe they can be redesigned as logical schemes).

The Conclusions section can be improved and the authors can describe in detail how their protocols can achieve many security attributes at a reasonable computation cost.

 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

  1. This paper proposes a protocol for authentication and session key management in IIoT environments. The solution proposed by the Authors is essentially a key management algorithm similar to the likes of Kerberos. The difference between this solution and Kerberos is the use of asymmetric cryptography at HGWN instead of symmetric.

     

    Comments:

    1. This paper is hard to read. The variables used were not properly defined, and readers will have a hard time understanding what they mean.
    2. No explanation about how this solution will work in a multi-gateway environment.
    3. It is not clear how the session keys will be generated after U and SN have been authenticated by HGWN.
    4. For the communication between HGWN and SN, how long will the session last? What will be the procedure for rekeying?
    5. What is the benefit of having 3-factor authentication over 2-factor authentication in an environment that emphasizes extremely low latency?

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

In this paper Practical Three-Factor Authentication Protocol Based on Elliptic Curve Cryptography for Industrial Internet of Things is proposed by authors which is very interesting, however for further improvement the authors need to utilised the following points.

1. The authors need to add some more explanations about elliptic curve cryptography.

2.  The authors need to add some more explanations into the introduction section because it seems too short.

3. Network model is missing here, it is a need to include a network model with suggested wireless communications technology and IIoT protocols.

4. Threat model is missing here, it is a need to include a threat model with  wireless communications technology channel capacity, type of channel, and attacker with his attack capabilities.

5. The authors need to explain that they have choose which type of hash functions and how much bits it would be consumed.

6.  The "Performance and Security Comparison" is too short, the authors needs to add the experimental setup like the scheme major operations is tested in which hardware and software resources.

 

 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

The manuscript has been sufficiently improved.

Reviewer 3 Report

All my previous comments are utilized very well. i recommend to publish this paper in current for.

Back to TopTop