Industry 4.0, which combines information technology, network and industrial production, is expected to have a tremendous impact on our daily lives. In such a complex and security-critical system with resource-constrained sensor nodes, the design of a secure user authentication scheme for preventing real-time data from unauthorized access is full of challenges, and the main crux lies in how to realize the important property of forward secrecy. Existing schemes either fail to achieve forward secrecy or achieve forward secrecy with high computation cost on sensor nodes. Besides, they often fail to conform to the development trend of industry 4.0 systems where a cloud center is necessary to help intelligent decision-making and alleviate computation and storage pressure. Therefore, in this paper, we propose an efficient privacy-preserving user authentication scheme with forward secrecy for industry 4.0, and formally prove its security in the random oracle model. Compared with previous schemes, it has three advantages: (1) all eleven state-of-the-art criteria are achieved; (2) its computation cost on sensor nodes is comparable to those insecure schemes that employ only symmetric cryptographic algorithms, and is superior to those that also use asymmetric cryptographic algorithms; (3) it takes the advantage of the computation and storage capabilities of the cloud center to achieve user anonymity and the resistance to offline dictionary attack without performing any asymmetric cryptographic algorithms on gateways. Our computation cost on gateways is the smallest among all state-of-the-art relevant schemes for comparison.

结合信息技术、网络和工业生产的工业4.0，预计将对我们的日常生活产生巨大影响。在这样一个传感器节点资源受限的复杂且安全关键的系统中，设计一种用于防止实时数据未经授权访问的安全用户认证方案充满挑战，主要关键在于如何实现重要属性的前向保密。现有方案要么无法实现前向保密，要么在传感器节点上以高计算成本实现前向保密。此外，它们往往不符合工业4.0系统的发展趋势，需要一个云中心来帮助智能决策，缓解计算和存储压力。因此，在本文中，我们为工业 4.0 提出了一种具有前向保密性的高效隐私保护用户认证方案，并在随机预言机模型中正式证明了其安全性。与以前的方案相比，它具有三个优点：(1) 达到了所有 11 个最先进的标准；(2) 其在传感器节点上的计算成本与仅采用对称密码算法的不安全方案相当，优于同时采用非对称密码算法的方案；(3) 利用云中心的计算和存储能力，无需在网关上执行任何非对称密码算法，即可实现用户匿名和抵抗离线字典攻击。我们在网关上的计算成本是所有最先进的相关方案中最小的进行比较。