Article Preview
Top1. Introduction
The rapid development of Industrial Internet and Industrial Internet of Things (IIoT) has promoted and accelerated the digitalization and intelligent transformation and upgrading of manufacturing industry (Rakas et al., 2021). With the extremely rapid expansion of industrial equipment and industrial scale, cross-regional, cross-platform, cross-infrastructure security access and communication interaction of industrial equipment will be more frequent, and the industrial Internet, as the key information infrastructure for intelligent manufacturing, is facing the dual challenges of internal risks and external threats while improving the productivity of advanced manufacturing and providing the facilitation of the whole elements of the industrial chain value chain and the whole lifecycle of network communication (Serror et al., 2020;Wollschlaeger et al., 2017). Devices and services in different domains of the Industrial Internet need to be able to trust each other and communicate and interact within a secure channel. Cross-domain authentication is a necessary condition and a key approach to ensure interoperability and mutual trust, which aims to verify each other's identities for devices and systems from different domains and to ensure the secure transmission of data and information, thus realizing device interoperability, device security and industrial network security. Industrial equipment in the local network domain and cross-domain access to identity authentication and security verification, has become the primary equipment for safe and reliable access to the “barrier”, without the authentication of authorized industrial equipment, will be controlled by malicious attackers and pretend to be a legitimate device to access the industrial network, access to sensitive industrial control systems and equipment data, manipulate and interfere with normal production processes and procedures, breaking the normal industrial ecosystem.
Currently, most of the industrial equipment identity authentication solutions establish a distributed trust mechanism across network domains through blockchain technology, weakening the dependence on trusted third party(TTP) platforms and the complexity of management, while effectively avoiding the security risks brought by centralized storage, Ensures the security, trust and traceability of users and devices in industrial Internet scenarios, and provides a distributed storage, computing and security infrastructure platform for realizing secure and trustworthy device authentication. However, the existing industrial Internet and IIoT identity authentication scheme based on blockchain technology does not fully consider the real-time nature of industrial equipment security brought about by complex and changeable industrial application scenarios, and lacks the ability to perceive the security elements of industrial equipment and computing platforms, while ignoring the integrity measure and verification of equipment during the device authentication of the two sides of the communication to ensure secure and trustworthy access to the equipment. Trusted computing, as a high-security enhancement mechanism, realizes the identity authentication and integrity measure of the device platforms of the two communicating parties through the trusted platform module (TPM), ensures the identity security of the devices and the integrity of the platforms by using the platform configuration registers (PCR) and the remote attestation (RA) technology, effectively prevents unauthorized devices from accessing the network, and improves the overall security of the communication system's message interactions and interoperability. To this end, this paper proposes a layered framework for industrial Internet device authentication and trusted access as well as an industrial state security perception mechanism, and designs a cross-domain authentication scheme for devices on this basis. The main contributions of this paper are as follows: