Internet of Things brings convenience to the social life, at the same time, putting forward higher requirements for the security of data transmission and storage. Security incidents based on industrial Internet of Things have occurred frequently recently, which should be given full consideration. The identity-based authenticated key agreement protocol can solve these security threats to a certain extent. Recently, a lightweight identity-based authenticated key agreement protocol for Industrial Internet of Things, called ID-2PAKA protocol, was claimed to achieve secure authentication and meet security properties. In this paper, we show that the ID-2PAKA protocol is insecure in identity authentication and cannot resisting ephemeral key compromise impersonation attack.

中文翻译：

---

IIoT环境中基于轻量级身份的两方身份验证密钥协商协议的安全性分析

物联网为社会生活带来了便利，同时对数据传输和存储的安全性提出了更高的要求。最近，基于工业物联网的安全事件频繁发生，应予以充分考虑。基于身份的认证密钥协商协议可以在一定程度上解决这些安全威胁。最近，一种称为ID-2PAKA协议的用于工业物联网的轻量级基于身份的已认证密钥协商协议被宣称可以实现安全认证并满足安全性要求。在本文中，我们表明ID-2PAKA协议在身份验证中不安全，并且无法抵抗临时密钥泄露模拟攻击。