Privacy-Aware Authentication in Cyber-Physical Industrial Systems

Abstract

Industrial control environments—spanning manufacturing floors, power grids, and critical infrastructure—now operate as complex cyber‑physical industrial systems (CPIS) that integrate programmable logic controllers (PLCs), sensors, actuators, and supervisory networks. As CPIS increasingly interconnect with enterprise IT and cloud services, they face heightened risks of unauthorized access and privacy breaches. Traditional authentication schemes, often repurposed from IT networks, either impose excessive computational load on resource‑constrained devices or fail to conceal sensitive metadata that can reveal operational characteristics. To address these challenges, we propose a novel privacy‑aware authentication protocol optimized for CPIS. Leveraging elliptic‑curve cryptography (ECC) for lightweight public‑key operations and Schnorr‑style zero‑knowledge proofs (ZKPs) to obfuscate device identities, our scheme achieves mutual authentication in just two communication rounds. We implement the protocol on common industrial controllers (Siemens S7‑1200, Allen‑Bradley CompactLogix, WAGO PFC200) using the TinyCrypt ECC library and Java‑Bouncy Castle on the server side. Over 200 trials, our solution attains an average end‑to‑end latency of 150 ms (±20 ms), a privacy leakage score of 0.15 on a normalized entropy scale (0–1), a false acceptance rate of 0.5%, and a false rejection rate of 1.2%. Compared to representative ECC‑only and ECC+ZKP schemes, we reduce authentication latency by up to 25% and diminish metadata leakage by 40%, while preserving reliability under induced network jitter. We conclude by discussing deployment guidelines—such as hardware‑accelerated cryptographic modules—and outline future research directions toward mesh‑network scalability and post‑quantum resilience.