{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T05:20:47Z","timestamp":1766726447888,"version":"3.48.0"},"reference-count":35,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T00:00:00Z","timestamp":1766188800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"the Fundamental Research Funds for the Central Universities","award":["3282025042"],"award-info":[{"award-number":["3282025042"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>The integration of operational technology (OT) and information technology (IT) within the Industrial Internet of Things (IIoT) has posed prominent security challenges for resource-constrained devices. Existing authentication architectures often suffer from critical vulnerabilities: one is their reliance on centralized trusted third parties, which creates single points of failure; the other is their use of static credentials like biometrics, which pose severe privacy risks if compromised. To address these limitations, this paper proposes DLR-Auth, which combines chaotic synchronization of semiconductor superlattice physically unclonable functions (SSL-PUFs) with Shamir\u2019s secret sharing (SSS) to enable decentralized registration and revocable templates. Notably, DLR-Auth is a two-party authentication framework that removes the need for a separate online registration authority that operates directly between a user device (UDi) and a server (S). In our setting, the server S still acts as the central relying party and hardware authority embedding the matched SSL-PUF module. The protocol also includes an efficient multi-access mechanism optimized for high-frequency interactions. Formal security analysis with the Real-or-Random (ROR) model proves the semantic security of the session key, while performance evaluations demonstrate that DLR-Auth has significant advantages in computational and communication efficiency. DLR-Auth thus offers a robust, scalable, lightweight solution for next-generation secure IIoT systems.<\/jats:p>","DOI":"10.3390\/cryptography10010001","type":"journal-article","created":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T07:01:33Z","timestamp":1766386893000},"page":"1","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["DLR-Auth: A Decentralized Lightweight and Revocable Authentication Framework for the Industrial Internet of Things"],"prefix":"10.3390","volume":"10","author":[{"given":"Yijia","family":"Dai","sequence":"first","affiliation":[{"name":"Beijing Electronic Science and Technology Institute, Beijing 100070, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-4844-5860","authenticated-orcid":false,"given":"Yitong","family":"Li","sequence":"additional","affiliation":[{"name":"Beijing Electronic Science and Technology Institute, Beijing 100070, China"}]},{"given":"Ye","family":"Yuan","sequence":"additional","affiliation":[{"name":"Beijing Electronic Science and Technology Institute, Beijing 100070, China"}]},{"given":"Xianwei","family":"Gao","sequence":"additional","affiliation":[{"name":"Beijing Electronic Science and Technology Institute, Beijing 100070, China"}]},{"given":"Cong","family":"Bian","sequence":"additional","affiliation":[{"name":"Beijing Electronic Science and Technology Institute, Beijing 100070, China"}]},{"given":"Meici","family":"Liu","sequence":"additional","affiliation":[{"name":"Beijing Electronic Science and Technology Institute, Beijing 100070, China"}]}],"member":"1968","published-online":{"date-parts":[[2025,12,20]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.compind.2018.04.015","article-title":"The industrial internet of things (IIoT): An analysis framework","volume":"101","author":"Boyes","year":"2018","journal-title":"Comput. Ind."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Ryu, H., and Kim, H. (2021). Privacy-Preserving Authentication Protocol for Wireless Body Area Networks in Healthcare Applications. Healthcare, 9.","DOI":"10.3390\/healthcare9091114"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"El-Meniawy, N., Rizk, M.R., Ahmed, M.A., and Saleh, M. (2022). An Authentication Protocol for the Medical Internet of Things. Symmetry, 14.","DOI":"10.3390\/sym14071483"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Wang, S., Fan, Z., Su, Y., Zheng, B., Liu, Z., and Dai, Y. (2024). A Lightweight, Efficient, and Physically Secure Key Agreement Authentication Protocol for Vehicular Networks. Electronics, 13.","DOI":"10.3390\/electronics13081418"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Liu, Y., Li, C., Sun, Q., and Jiang, H. (2025). Security Authentication Scheme for Vehicle-to-Everything Task Offloading in Edge-Computing Based Autonomous Driving Systems. Sensors, 25.","DOI":"10.3390\/s25206428"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"437","DOI":"10.1016\/j.jmsy.2023.12.001","article-title":"IIoT System Canvas\u2014From architecture patterns towards an IIoT development framework","volume":"72","author":"May","year":"2024","journal-title":"J. Manuf. Syst."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"2907","DOI":"10.1007\/s40747-021-00467-x","article-title":"Chaos-guided neural key coordination for improving security of critical energy infrastructures","volume":"7","author":"Sarkar","year":"2021","journal-title":"Complex Intell. Syst."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Panchal, A.C., Khadse, V.M., and Mahalle, P.N. (2018, January 23\u201324). Security issues in IIoT: A comprehensive survey of attacks on IIoT and its countermeasures. Proceedings of the 2018 IEEE Global Conference on Wireless Computing and Networking (GCWCN), Lonavala, India.","DOI":"10.1109\/GCWCN.2018.8668630"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"R\u00fchrmair, U., Sehnke, F., S\u00f6lter, J., Dror, G., Devadas, S., and Schmidhuber, J. (2010, January 4\u20138). Modeling attacks on physical unclonable functions. Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago IL, USA.","DOI":"10.1145\/1866307.1866335"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Hazratifard, M., Gebali, F., and Mamun, M. (2022). Using Machine Learning for Dynamic Authentication in Telehealth Environments. Sensors, 22.","DOI":"10.3390\/s22197655"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Lee, H.J., Kook, S., Kim, K., Ryu, J., Lee, H., Lee, Y., and Won, D. (2025). Lightweight and Efficient Authentication and Key Distribution Scheme for Cloud-Assisted IoT for Telemedicine. Sensors, 25.","DOI":"10.3390\/s25092894"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Yuan, M., and Xiao, Y. (2025). PMAKA-IoV: A Physical Unclonable Function (PUF)-Based Multi-Factor Authentication and Key Agreement Protocol for Internet of Vehicles. Information, 16.","DOI":"10.3390\/info16050404"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Mbachu, U.M., Fatima, R., Sherif, A., Dockery, E., Mahmoud, M., Alsabaan, M., and Khalil, K. (2025). Hardware Acceleration-Based Privacy-Aware Authentication Scheme for Internet of Vehicles Using Physical Unclonable Function. Sensors, 25.","DOI":"10.3390\/s25051629"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1109\/TMSCS.2016.2553027","article-title":"A lockdown technique to prevent machine learning on PUFs for lightweight authentication","volume":"2","author":"Yu","year":"2016","journal-title":"IEEE Trans.-Multi-Scale Comput. Syst."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Plusquellic, J. (2022). Shift register, reconvergent-fanout (sirf) puf implementation on an fpga. Cryptography, 6.","DOI":"10.3390\/cryptography6040059"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"2299","DOI":"10.1109\/TVLSI.2025.3569587","article-title":"BF PUF: A Modeling Attack-Resistant Strong PUF Based on Bent Functions","volume":"33","author":"Huang","year":"2025","journal-title":"IEEE Trans. Very Large Scale Integr. (Vlsi) Syst."},{"key":"ref_17","first-page":"1104","article-title":"PUF-FSM: A controlled strong PUF","volume":"37","author":"Gao","year":"2017","journal-title":"IEEE Trans.-Comput.-Aided Des. Integr. Circuits Syst."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"424","DOI":"10.1109\/TDSC.2018.2832201","article-title":"Building PUF based authentication and key exchange protocol for IoT without explicit CRPs in verifier database","volume":"16","author":"Chatterjee","year":"2018","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"3299","DOI":"10.1109\/TDSC.2022.3193570","article-title":"PUF-based mutual authentication and key exchange protocol for peer-to-peer IoT applications","volume":"20","author":"Zheng","year":"2022","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1007\/s44443-025-00029-y","article-title":"SSL-FL: A lightweight authentication framework for secure federated learning","volume":"37","author":"Gao","year":"2025","journal-title":"J. King Saud Univ. Comput. Inf. Sci."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"8154","DOI":"10.1109\/JIOT.2021.3125190","article-title":"A blockchain-based shamir\u2019s threshold cryptography scheme for data protection in industrial internet of things settings","volume":"9","author":"Yu","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Banerjee, S., Das, A.K., Chattopadhyay, S., Jamal, S.S., Rodrigues, J.J., and Park, Y. (2021). Lightweight failover authentication mechanism for IoT-based fog computing environment. Electronics, 10.","DOI":"10.3390\/electronics10121417"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Minwalla, C., Plusquellic, J., and Tsiropoulou, E.E. (2024). Lightweight Mutually Authenticated Key Exchange with Physical Unclonable Functions. Cryptography, 8.","DOI":"10.3390\/cryptography8040046"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"102166","DOI":"10.1016\/j.jksuci.2024.102166","article-title":"An efficient authentication scheme syncretizing physical unclonable function and revocable biometrics in Industrial Internet of Things","volume":"36","author":"Yu","year":"2024","journal-title":"J. King Saud-Univ.-Comput. Inf. Sci."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Mousavi, A., and Baraniuk, R.G. (2017, January 5\u20139). Learning to invert: Signal recovery via deep convolutional networks. Proceedings of the 2017 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), New Orleans, LA, USA.","DOI":"10.1109\/ICASSP.2017.7952561"},{"key":"ref_26","first-page":"331","article-title":"A novel fast and provably secure (t, n)-threshold secret sharing construction for digital images","volume":"19","author":"Faraoun","year":"2014","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Kulkarni, K., Lohit, S., Turaga, P., Kerviche, R., and Ashok, A. (2016, January 27\u201330). Reconnet: Non-iterative reconstruction of images from compressively sensed measurements. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, NV, USA.","DOI":"10.1109\/CVPR.2016.55"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Canh, T.N., and Jeon, B. (2018, January 10\u201312). Multi-scale deep compressive sensing network. Proceedings of the 2018 IEEE Visual Communications and Image Processing (VCIP), Taichung, Taiwan.","DOI":"10.1109\/VCIP.2018.8698674"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Zhang, J., and Ghanem, B. (2018, January 18\u201323). ISTA-Net: Interpretable optimization-inspired deep network for image compressive sensing. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Salt Lake City, UT, USA.","DOI":"10.1109\/CVPR.2018.00196"},{"key":"ref_30","unstructured":"R\u00fchrmair, U., S\u00f6lter, J., and Sehnke, F. (2009). On the foundations of physical unclonable functions. IACR Cryptol. ePrint Arch., 277. Available online: https:\/\/eprint.iacr.org\/2009\/277."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Shi, W., Jiang, F., Liu, S., and Zhao, D. (2019, January 15\u201320). Scalable convolutional neural network for image compressed sensing. Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, Long Beach, CA, USA.","DOI":"10.1109\/CVPR.2019.01257"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Che, W., Martin, M., Pocklassery, G., Kajuluri, V.K., Saqib, F., and Plusquellic, J. (2016). A privacy-preserving, mutual PUF-based authentication protocol. Cryptography, 1.","DOI":"10.3390\/cryptography1010003"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Zhong, Y., Hovanes, J., and Guin, U. (2023, January 5\u20137). On-Demand Device Authentication using Zero-Knowledge Proofs for Smart Systems. Proceedings of the Great Lakes Symposium on VLSI 2023 (GLSVLSI \u201923), Knoxville, TN, USA.","DOI":"10.1145\/3583781.3590275"},{"key":"ref_34","first-page":"103787","article-title":"QS-Auth: A Quantum-secure mutual authentication protocol based on PUF and Post-Quantum Signature for Heterogeneous Delay-Tolerant Networks","volume":"83","author":"Mathews","year":"2024","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2818186","article-title":"A survey on lightweight entity authentication with strong PUFs","volume":"48","author":"Delvaux","year":"2015","journal-title":"ACM Comput. Surv. (CSUR)"}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/10\/1\/1\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T05:16:32Z","timestamp":1766726192000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/10\/1\/1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,20]]},"references-count":35,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,2]]}},"alternative-id":["cryptography10010001"],"URL":"https:\/\/doi.org\/10.3390\/cryptography10010001","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2025,12,20]]}}}