• <tr id="yyy80"></tr>
  • <sup id="yyy80"></sup>
  • <tfoot id="yyy80"><noscript id="yyy80"></noscript></tfoot>
  • 99热精品在线国产_美女午夜性视频免费_国产精品国产高清国产av_av欧美777_自拍偷自拍亚洲精品老妇_亚洲熟女精品中文字幕_www日本黄色视频网_国产精品野战在线观看 ?

    Hyper Elliptic Curve Based Certificateless Signcryption Scheme for Secure IIoT Communications

    2022-08-24 03:27:04UsmanAliMohdYamaniIdnaIdrisJaroslavFrndaMohamadNizamBinAyubRoobaeaAlroobaeaFahadAlmansourNuraModiShagariInsafUllahandIhsanAli
    Computers Materials&Continua 2022年5期

    Usman Ali,Mohd Yamani Idna Idris,Jaroslav Frnda,Mohamad Nizam Bin Ayub,Roobaea Alroobaea,F(xiàn)ahad Almansour,Nura Modi Shagari,Insaf Ullah and Ihsan Ali

    1Department of Computer System and Technology,F(xiàn)aculty of Computer Science and Information Technology,University of Malaya,Kuala Lumpur,50603,Malaysia

    2Department of Computer Science,University of Swat,Saidu Sharif,19130,Pakistan

    3Center for Research in Mobile Cloud Computing,University of Malaya,Kuala Lumpur,50603,Malaysia

    4Department of Quantitative Methods and Economic Informatics,F(xiàn)aculty of Operation and Economics of Transport and Communications,University of Zilina,010 26 Zilina,Slovakia

    5Department of Computer Science,College of Computers and Information Technology,Taif University,Taif,21944,Saudi Arabia

    6Department of Computer Science,College of Sciences and Arts in Rass,Qassim University,Buraydah,51452,Saudi Arabia

    7Department of Computer Science,Hamdard Institute of Engineering and Technology,Islamabad,44000,Pakistan

    Abstract:Industrial internet of things(IIoT)is the usage of internet of things(IoT) devices and applications for the purpose of sensing, processing and communicating real-time events in the industrial system to reduce the unnecessary operational cost and enhance manufacturing and other industrial-related processes to attain more profits.However, such IoT based smart industries need internet connectivity and interoperability which makes them susceptible to numerous cyber-attacks due to the scarcity of computational resources of IoT devices and communication over insecure wireless channels.Therefore, this necessitates the design of an efficient security mechanism for IIoT environment.In this paper, we propose a hyperelliptic curve cryptography(HECC)based IIoT Certificateless Signcryption(IIoT-CS) scheme, with the aim of improving security while lowering computational and communication overhead in IIoT environment.HECC with 80-bit smaller key and parameters sizes offers similar security as elliptic curve cryptography(ECC)with 160-bit long key and parameters sizes.We assessed the IIoT-CS scheme security by applying formal and informal security evaluation techniques.We used Real or Random(RoR)model and the widely used automated validation of internet security protocols and applications(AVISPA) simulation tool for formal security analysis and proved that the IIoT-CS scheme provides resistance to various attacks.Our proposed IIoT-CS scheme is relatively less expensive compared to the current state-of-the-art in terms of computational cost and communication overhead.Furthermore, the IIoT-CS scheme is 31.25% and 51.31% more efficient in computational cost and communication overhead,respectively,compared to the most recent protocol.

    Keywords: IoT security; authentication protocols; hyperelliptic curve cryptography; certificateless public key cryptography

    1 Introduction

    The Internet of Things (IoT) is a rapidly evolving infrastructure which allows traditional systems to connect with one another by incorporating new devices such as sensors, actuators, and other smart devices.The integration of IoT and wireless sensor networks (WSN) has boosted the usage of IoT in our everyday lives, such as health tracking, smart houses, smart cities, and smart transportation [1].The widespread use of IoT can also be seen in an industrial environment known as Industrial IoT (IIoT) or Industry 4.0, including industrial automation, aviation, smart retail, smart farming, and power systems [2–4].The IIoT refers to the use of well-connected IoT devices for collecting and communicating real-time events in industrial systems to reduce human effort and operational costs and to enhance manufacturing and industrial processes.However,these interconnected smart devices and networks have been used to enable a variety of cyberattacks due to the inadequate computational resources and communication over insecure wireless channels.Therefore, this necessitates the design of an efficient and secure mechanisms for IIoT environment.The limited battery life of smart devices is one of the main obstacles in the design of security solutions for IIoT applications.As a result, a current research focus is on developing a secure and efficient solutions for resource-constrained IoT devices.The security requirements for IIoT data, such as confidentiality, integrity, authenticity, and non-repudiation must always be ensured due to the resource-constrained IoT devices and communications over an insecure network.A signature-then-encryption mechanism is one solution to ensure such security requirements, however, this approach is not appropriate for low computing IoT devices as it produces the message’s signature and encryption in two separate steps.To enhance the performance, Zheng [5]introduced Signcryption techniques, which incorporates signature and encryption in a single logical step.However, Zheng approach is based on public key cryptography (PKC).In PKC based schemes, the public key of a participating entity contains a random number belonging to some group that does not offer authenticity to the participating entity as the group elements provide no identity to the participating entities [6].To address the flaws in PKC based schemes, the notion of public key infrastructure (PKI) was introduced in which a certificate authority (CA) is used that binds the public key with certificates [7].However, this mechanism suffers from certificate storage, distribution, and manufacturing difficulties [8].To overcome these shortcomings, the idea of identity-based cryptography (IBC) was suggested in [9].IBC enables the participating entities to produce public keys directly from their identities, such as e-mail and phone numbers, without the need for CA, and the private key for each participating entity is generated by the trusted server which acts as the key generation center (KGC).The principle Signcryption was implemented to merge the features of signature and encryption into a single step [10].However, IBC based schemes suffer from the key escrow problem in which the KGC has the complete knowledge of the private keys of all participants.To address this problem, the idea of Certificateless Public Key Infrastructure (CPKI) was suggested in [11].In CPKI, a participant’s private key is made up of two parts:one part is the private key provided by the KGC, and the second part is a secret value generated by the participant itself.The concept of Certificateless Signcryption (CS)was introduced, in which the principle of Signcryption was implemented to merge the features of signature and encryption into a single step [12].

    Normally, the above-mentioned Signcryption schemes’security and efficiency depend on some computationally difficult problems, for instance, RSA, bilinear pairing (BP), and elliptic curve cryptography (ECC).The RSA [13,14] scheme is not appropriate for resource constraint devices because it contains large factorization and uses a 1024-bit large key size [15].Furthermore, BP is 14.31 times worse than RSA [16].ECC has been introduced to address the shortcomings of RSA and BP [17].In comparison to BP and RSA, ECC uses less parameter size, public key, and private key sizes.Furthermore, the efficiency and security of the ECC is based on 160-bit key size [18].However, ECC based schemes are still inefficient for resource constraint IoT devices.To enhance the efficiency of ECC based schemes, the idea of hyper elliptic curve cryptography (HECC) was introduced [19].The HECC offers the similar level of security as ECC by utilizing 80-bit small key sizes [20–22].Thus, HECC is considered a better choice for resource constraint IoT devices.In this paper, we proposed HECC based IIoT certificateless Signcryption (IIoT-CS) scheme for secure communication in IIoT environment.

    1.1 Motivation and Contributions

    Recently, Garg et al.[23] Proposed authentication scheme for IIoT environment.We found that their scheme is based on a hierarchical approach in which two participating IoT nodes cannot perform mutual authentication directly without an active server.In their scheme, the intended IoT nodes need to perform an authentication process with the server before they start communication,which increases the communication overhead for each IoT node.Furthermore, the efficiency and security of their scheme is based on ECC which suffer from high computational overhead due to the large parameters and key sizes compared to HECC.Their scheme’s verification is not proved using formal security verification tools such as RoR.To address these shortcomings, we propose HECC based IIoT-CS scheme for secure IIoT communications.As we mentioned in the introduction, the HECC offers a similar level of security as ECC, RSA, and bilinear pairing by using a smaller key size, which reduces the computational and communication overhead.We verified the security of IIoT-CS scheme using the RoR model and AVISPA simulation tool.We also performed the informal security analysis of the proposed scheme.Furthermore, the results proved the efficiency of IIoT-CS scheme.

    1.2 Outline of the Paper

    The remainder of the paper is presented as follows.Section 2 contains related work; Section 3 shows the system model and threat models; Section 4 presents the proposed scheme; Section 5 demonstrates the proof of correctness; Section 6 presents the security evaluation; Section 7 presents the comparative analysis; Section 8 discusses the conclusion and finally Section 9 shows future work.

    2 Related Work

    Information security is important to protect critical information in modern communication systems where the communication is held through an insecure public networks.The research community is also echoing the significance of such a topic [24–26].Hassija et al.[27] addressing the evolving security issues in IoT environments, emphasizing the significance of maintaining secure communication among IoT nodes.To safeguard sensitive data/information, it must be concealed from unauthorized access (confidentiality), identify who sent the message (authentication),be protected from alteration (integrity), and be available to a legitimate user [28].Therefore,encryption techniques are used to ensure confidentiality, whereas digital signatures are applied to guarantee integrity and authenticity.In the conventional encryption mechanism known as signature-then-encryption in which the sender has to first sign and then encrypt the data.However,this approach has some drawbacks, such as requiring more machine cycles and energy, which reduces the performance.To address these shortcomings, the concept of Signcryption was introduced in [5].However, this approach is based on PKC in which the public key of a participating entity contains a random number belonging to some group that does not offer authenticity to the participating entity as the group elements provide no identity to the participating entities [6].To address Signcryption flaws in [5], IBS scheme were suggested in [10].However, it turned out that IBS scheme suffer from the key escrow problem.To address this issue, CS scheme was introduced in [12].Following this scheme, another CS scheme based on random oracle model (ROM) was proposed [29].Wahid et al.[30] proposed EC-based CS efficient scheme.Zhou et al.[31] proposed a new SM based CS scheme.They used the modified decisional bilinear Diffie Hellman problem and square computational Diffie Hellman problem to prove their scheme’s security requirements.Rastegari et al.[32] proposed SM based CS scheme.Yu et al.[33] proposed a new CS scheme and demonstrated their scheme’s security by using ROM.Lin et al.[34] presented the cryptanalysis of the of scheme in [33] and found that since the requirements of confidentiality and unforgeability are not fulfilled, their scheme may be completely thwarted.Zhou [35] suggested a new BP based CS scheme using SM for security proof.

    3 System and Threat Model

    This section shows the details of the system model and threat model considered for the proposed IIoT-CS scheme.

    3.1 System Model

    Primarily, an IIoT environment consists of multiple IoT domains made up of IoT devices called nodes such as sensors, actuators, and other devices as shown in Fig.1.These IoT devices routinely collect information and transmit it to other devices in the network.The focus of this article is to design an authentication schemes to secure the communication among IoT nodes.The IoT nodes have minimal computing resources, while the KGC is a trusted server which has ample resources.We further assume that certain cryptographic elements are preloaded into the memory of all participating nodes and the nodes have to transmit their public keys and identities to KGC and other nodes to which they want to communicate.

    Figure 1:System model of the proposed scheme

    3.2 Threat Model

    In the proposed scheme, we considered a powerful threat model called Dolev-Yao (DY)threat model [36], which allows an adversary to execute passive and active attacks.According to DY threat model, the adversary has access to the communication network and can listen in to all communications between participating entities.Furthermore, the adversary has complete knowledge of all public parameters of participants in the system, however the adversary has no access to the participant’s private data.Furthermore, the adversary can impersonate any device in the system by replaying messages previously eavesdropped from the communication channel.

    4 Proposed Scheme

    The proposed IIoT-CS scheme is based on HEC certificateless Signcryption and involves two phases, namely:pre-deployment phase and authentication phase, as shown in Fig.2.The notations used in the proposed IIoT-CS scheme are shown in Tab.1.

    Figure 2:Flow of interaction in the proposed IIoT-CS scheme

    4.1 Pre-Deployment Phase

    The predeployment phase is performed by the system administrator before the effective deployment of the system.In this phase, the IoT nodes are equipped with the basic cryptographic parameters necessary to establish secret session keys.This process is divided into two parts,namely, the system initialization stage and the registration stage.

    Table 1:Notations used in the proposed IIoT-CS scheme

    4.1.1 System Initialization Phase

    This process is carried out by the KGC, during which the following cryptographic information are initialized and made public.

    i) The hyperelliptic curveE/Fqover a prime finite fieldFq.

    ii) The algebraic closuref*ofFq.

    iii) The Divisor groupDof the curveE.

    iv) Hashing functionH:{0, 1} →, where, = {1, 2,..., q - 1}

    In addition, the KGC generates its master private keyVs∈Rand master public keyUs=Vs.D.Finally, it makes the public parametersparams= {Fq,f*,q,x,y,D,Us,H}, publicly available to all participants.

    4.1.2 Registration Phase

    During the registration stage, the system’s IoT nodes communicate with the KGC across a secure network in order to obtain dedicated cryptographic components.During the registration stage, the IoT nodes participating in the system communicate with the KGC through a secure communication channel to register their self and receive dedicated cryptographic information from the KGC.The flow of interaction of IoT nodes with the KGC is described below and shown in Fig.2.

    Step 1:The intended IoT node (sayith-node), that requires to be registered with the KGC,generates its identityIDiand private key as Vi∈R.Next, the node computes the first part of its public key asUi=Vi.D.The node then, computes a stringWi=(IDi||Ui), and transmits it to the KGC using a secure channel.

    Step 2:Upon receiving {Wi}, the KGC performs the following operations to compute the corresponding second part of the private and public keys on behalf ofith-node.

    i) The KGC selects a random value ri∈R, compute Yi=ri.D and sets it as the second part of the public key of theith-node.

    ii) The KGC computes hi=H(Wi||Yi) and Xi=((ri+hi.Vs) mod q) and sets Xias the second part of the private key of theith-node.The KGC delivers Xiand Yito theith-nodeusing a secure channel.

    Step 3:Upon receiving the second part of its private and public keys from KGC, theith-nodecan verify the authenticity of these keys by using the equation Xi.D=Yi+hi.Us.If this equation is validated, then the keys could be deemed valid and correctly generated by the KGC.Thus, theith-nodecan set its full private key as (Vi, Xi) and full public key as (Ui, Yi).

    4.2 Authentication Phase

    The authentication process is initiated by an IoT node (sayith-node) with the intention of communicating with the other IoT nodes (sayjth-node) as depicted in Fig.2.As described in the predeployment phase, each IoT node is preloaded with certain cryptographic information.Furthermore, to begin the authentication process, theith-nodegenerate a messageM1=〈Wi, Yi〉and transmit it to thejth-node.On receivingM1 thejth-nodereplies with a new messageM2=〈Wj, Yj〉.On receivingM2 from thejth-node, theith-nodegenerates a fresh session key, ciphertext,and signature by using the certificateless Signcryption operation as described below.

    i) Generate a timestamp Ti, select a fresh nonce ni∈{1,2,3,...,q-1}and a random secret valueb∈{1,2,3,...,q-1}and computeZ=b.D.

    ii) Computeα=Yj+US.H(Wj||Yj)

    iii) Compute a secret session keySK=b(Uj+α)

    iv) Compute cipher text C=ESK(IDi,m,ni), where m is plaintext.

    v) Computes the digital signatureS=(Xi+H(IDi||m||ni)(Vi+b)) mod q

    vi) Theith-nodesendsM3=〈Ti,C,S,Z〉to thejth-nodeusing insecure channel.

    On receiving M3, thejth-nodecheck the validity of Tiand if it is found to be valid, then proceed with the authentication procedure, otherwise terminate the session.Thejth-nodevalidates the digital signature and decrypt the ciphertext by using certificateless Un-Signcryption operation as described below.

    i) Computes the secret session keySK′=Z(Vj+Xj)

    ii) Perform decryption operation DSK′ (C)= (IDi,m,ni)

    iii) computeβ=Yi+US.H(Wi||Yi)

    iv) if S.D=β+H (IDi||m||ni). (Z+Ui) is hold, thenith-nodeis authenticated successfully.

    Thejth-nodeComputeKij=Vj.Uiand compute the messageAuth=H(Wi⊕Wj⊕ni⊕Kij).

    Finally, thejth-nodegenerate time stamp Tjand send the messageM4=〈Tj,Auth〉 to theith-node.Theith-nodeafter receiving M4 from thejth-node, first validate Tjand if it is found to be valid, then proceed with the authentication procedure, otherwise terminate the session.

    Theith-nodecomputeKji=Vi.UjandAuth′=H(Wi⊕Wj⊕ni⊕Kji).

    IfAuth=Auth′, then thejth-nodeis authenticated successfully.

    5 Proof of Correctness

    This section presents the proof of the correctness of the secret session key and signature verification.

    5.1 Proof of Secret Session Key SK′=SK

    SK′=Z(Vj+Xj),where Z=b.D and Xj=rj+Vs.H(Wj||Yj)

    ?b.D(Vj+rj+Vs.H(Wj||Yj))

    ?b.Vj.D+b.rj.D+b.Vs.D.H(Wj||Yj)

    ?b(Vj.D+rj.D+Vs.D.H(Wj||Yj)), whereUj=Vj.D,Yj=rj.D, andUs=Vs.D

    ?b(Uj+Yj+Us.H(Wj||Yj)), whereα=Yj+Us.H(Wj||Yj)

    ?b(Uj+α)=SKhence proof of correctness is verified.

    5.2 Proof of Signature Verification

    β+(Z+Ui)H(IDi||m||ni)=S.D

    β+ (Z+Ui).H(IDi||m||ni), whereβ=Yi+Us.H(Wi||Yi)

    ?Yi+Us.H(Wi||Yi)+ (Z+Ui).H(IDi||m||ni)

    ?Yi+Us.H(Wi||Yi)+Z.H(IDi||m||ni)+Ui.H(IDi||m||ni), where Yi=ri.D,Us=Vs.D,Z=b.Dand Ui=Vi.D

    ?ri.D+Vs.D.H(Wi||Yi)+b.D.H(IDi||m||ni)+Vi.D.H(IDi||m||ni)

    ? (ri+Vs.H(Wi||Yi)+(b+Vi).H(IDi||m||ni))D, where Xi=ri+Vs.H(Wi||Yi)

    ? (Xi+(b+Vi).H(IDi||m||ni))D, whereS=Xi+(b+Vi).H(IDi||m||ni)

    ?S.D, hence correctness of digital signature is verified.

    6 Security Evaluation

    We conducted both formal and informal security assessments to illustrate the potential of the IIoT-CS scheme against various attacks.The two computational problems that are useful in performing the formal security analysis are described below.

    Definition 1:Collision-Resistant One-Way Hash Function (H (.):{0,1}*→{0,1}n)

    It is a “deterministic mathematical function that accepts a variable-length input string and produces a n-bit fixed-length output string”.

    Definition 2:(Hyper Elliptic Curve Discrete Logarithm Problem (HECDLP))

    According to HECDLP, it is infeasible for an attacker to extract a value j from the relationL=j.D, whereas j ∈is the random number from= {1, 2,..., q - 1}.

    6.1 Formal Security Analysis Using RoR Model

    We used ROR model [37] in which an adversary simulates real attacks to target the communication between IoT nodes.In the proposed IIoT-CS scheme, an adversary is represented byAdand the participating nodes are represented byith-nodeandjth-node.Further, we assume the instances ofith-nodeandjth-nodeare represented byΦ= {Φi andΦj}.Adinitiates the following queries to interact withΦ.

    i)Execute query:Adeavesdrops on the communication channel and intercepts all communication betweenΦ.

    ii)Send query:Adtransmits a message toΦand obtains a reply from it consequently.

    iii)Reveal query:Adattempts to recover the session key betweenΦi andΦj.

    iv)Test query:AdrequestsΦfor session key and it responds with a random bit c.

    Moreover, H(.) is modeled as a random oracle which is available to all participants and adversaryAd.In the proposed IIoT-CS scheme, we demonstrated the existence of session key security (semantic security) by using Theorem 1 as stated below.

    Theorem 1:AssumeAdruns in a polynomial timeptand attempts to break the session key security betweenΦi and nodeΦj thenAd’s advantage in breaching the session key security can be written as follows:

    where the variables |Hash|,, and(pt) represent the range space of H(.), the number of hash queries, and the non-negligible winning advantage of breaking HECDLP respectively.

    Proof of Theorem 1:To prove Theorem 1, we used three GamesGi(i=1,2,3).Within each gameGi,Adattempts to guess the bitcby applying the test query.If, is an event whereAdaccurately guessesc, soAd’s advantage is as follows:

    Game G1:This game is similar like the real scheme that runs in RoR model.We obtain the following result in this game.

    Game G2:InG2, Ad intercepts all messages exchanged betweenΦi andΦj, these messages arem1={Wi, Yi}, m2={Wj, Yj}, m3={C, R, S, Z}andm4={Auth}.Next,Ademploys the Execute query to retrieve the session key, then employs the Reveal and Test queries to examine if the obtained session key is original or randomly generated.In the proposed IIoT-CS scheme, the session key can be produced asSK=b(Uj+α)=SK′=Z(Vj+Xj).To obtain this key correctly,Adneeds the secret valuesb,VjandXj.It implies that just eavesdropping of m1, m2, m3, and m4 would not improveAd’s winning probability.Hence, G1 and G2 are indistinguishable as shown in the following equation.

    Game 3:This game makes use of the Send and Hash queries.InG2, we know that eavesdropping onm1,m2,m3, andm4betweenΦi andΦj, would not result in hash collision as these messages are safeguarded by HECDLP and hash function.HECDLP protects the variablesb,Vs, Vi, andVjused withinZ, Us, UiandUjrespectively, while the hash function protects the variable S and the encryption algorithm protects the variablesC, and Auth.Moreover,G2andG3are indistinguishable except G3 solves HECDLP and performs the Hash and Send queries.The advantage of solving HECDLP byAis(pt), and, as per the birthday paradox, using such a hash oracle query has a probability.Overall, the following result is obtained.

    NowAdexecutes all queries and guessing the bitc, the following result is obtained

    From Eqs.(3) and (4), we obtain the following result.

    From Eqs.(6) and (7), we obtain the following result.

    Similarly, from Eqs.(5) and (8), we obtain the following result.

    Now multiplying Eq.(9) by “2” we obtain the following result.

    6.2 Formal Security Verification Using AVISPA

    We used AVISPA tool [38] to verify the proposed IIoT-CS scheme security towards known attacks.AVISPA gives the results by using the keywords SAFE, or UNSAFE, which denotes whether the protocol is secure or not secure against various attacks.We applied two backends of AVISPA simulation tool, namely:OFMC and CL-ATSe to verify the security of our scheme.The result show that the IIoT-CS scheme is secure against various attacks under the DY threat model as shown in Fig.3.

    6.3 Informal Security Analysis

    The following assumptions were taken into account for the informal security analysis.The secret values (b, Vs, Vi and Vj) are only known to the corresponding participating entity (KGC and IoT nodes) and the adversary has no knowledge about it.The encryption algorithm (ESK) is secure enough that an attacker cannot not decryptCand {Auth}.

    Figure 3:AVISPA simulation results for the proposed IIoT-CS scheme

    6.3.1 Confidentiality

    Confidentiality refers to the assurance that private information will be kept secret during transmission.In the start, theith-nodeandjth-nodeshare their public keys and identities in the form of plain text with each other because they are not required to be kept secret.Theith-node,then transmit the message {Ti, C, S, Z} to thejth-node.The time stampTiwhich discloses no information.The adversary cannot interpret the ciphertextCas it requires the secret session key SK which depends on the private random numberb.According to HECDLP, an adversary is unable to computebgivenZandD.Similarly,Adis unable to extract any knowledge from S because it depends on the private values (Viandb) ofith-node.The messages {Tj,Auth} sent by thejth-nodeto theith-nodealso reveals no information.Tjis the time stamp andAuthis a hash message in which an adversary cannot extract any information.As a result, the existing protocol successfully provides confidentiality features.

    6.3.2 Authentication

    To ensure secure communication between IoT nodes, they must authenticate each other at the start within each session and vice versa.

    ith-nodeauthentication:Thejth-nodecalculates the session key SK after obtaining the message{C, S, Z} fromith-node.Thejth-nodeverify the signatureS= Xi+(b+Vi).H(IDi||m||ni)of theith-nodeby using the equationS.D=β+ (Z+Ui)H(IDi||m||ni).If this equation hold then theith-nodeis successfully authenticated by thejth-node.Suppose an adversary imitates to be a legitimate node, in that scenario, it would need to generate a valid S.However,Sis based on the private values ofith-nodewhich are only known to theith-nodeso any adversary would not be able to produce the right value of S.

    jth-nodeauthentication:After receiving{Auth} from thejth-node, theith-nodecomputes{Auth′}.Theith-nodecheck ifAuth=Auth′, thenjth-nodeis successfully authenticated by theith-node.If an adversary pretends itself as a legitimate node, it must send the right message {Auth}.However,{Auth} is hashed message which is based on private key ofjth-node, making it difficult for an adversary to transmit the right message {Auth}.

    6.3.3 Non-Repudiation

    The value ofStransferred to thejth-nodeby theith-nodeis based on the private key ofithnode.Similarly, the message {Auth} sent by thejth-nodeto theith-nodeis based on the private key of thejth-node.If thejth-nodeverifiedith-nodesignature i.e., ifS.D=β+ (Z+Ui)H(IDi||m||ni)is hold, theith-nodewill not deny that it sent the message to thejth-node, and ifAuth=Auth′,thejth-nodewill not deny that it delivered the message to theith-node.

    6.3.4 Integrity

    The proposed scheme can verify that whether a cipher textCwas changed or not during the communication, by using the equationS.D=β+ (Z+Ui)H(IDi||m||ni).If an adversary modifiesC, then this equation will not hold, otherwise this equation will hold.Similarly, if an adversary modifies the message {Auth}, it can be quickly detected because it would not be the same as {Auth′}.In both cases, the authentication would not succeed, and the session would be terminated.Thus, integrity is ensured in the proposed scheme.

    6.3.5 Unforgeability

    In the proposed IIoT-CS scheme, ifAdtries to produce a legitimate signature, thenAdmust compute the equationS=Xi+(b+Vi).H(IDi||m||ni).For this,Adwould need the private key pair (Vi, Xi) of theith-node.To compute the private keys,Admust solve HECDP which is infeasible.Hence, the proposed IIoT-CS schemes provides security against unforgeability.

    6.3.6 Forward Secrecy

    In the proposed IIoT-CS scheme, the secret session key is renewed after every session completion process.The secret session key depends on the private valuesb,VjandXjof participating nodes, and it is infeasible for an adversary to find these private values due to HECDLP.Thus,the adversaryAdis not able to read and use the previous messages later.Hence, the proposed scheme ensures forward secrecy.

    6.3.7 Security from Replay Attack

    An adversary can obtain the previous messages {Wi, Yi}, {Wj, Yj}, {Ti, C, S, Z}, and {Tj,Auth} eavesdropping on the communication channel betweenith-nodeandjth-node.The adversary replays such messages to produce an invalid effect.In the proposed IIoT-CS scheme, the value of C depends on fresh nonce ni, the valueSdepends on the fresh private random numbers b andVi, the value ofZdepends on b, and the value ofAuthdepends on ni and private keyVj.This means that for every session the values ofC,S,Z, andAuthare updated.Therefore, the adversary in the next communication session is incapable to utilize the past messages.Thus, the proposed IIoT-CS scheme ensures security against replay attack.

    6.3.8 Security from Eavesdropping Attacks

    In the proposed IIoT-CS scheme, the messages are transmitted in plain text, hashed and cipher text format.The plain text messages contain no confidential information and provide no advantage to the adversary.Furthermore, all messages containing confidential information are always protected by using HECDLP, one-way hash function and encryption algorithm, rendering the retrieval of the confidential information computationally infeasible for an adversary.Therefore,the proposed IIoT-CS scheme prevents eavesdropping attacks.

    6.3.9 Security from Denial of Service(DoS)Attack

    In the proposed IIoT-CS scheme, the participating nodes first check the validity of the received timestamps.If the timestamps are not valid, then the messages are rejected.Furthermore,the information transmitted are complemented by an integrity checks in the form of signature and the encrypted message always contain the latest timestamp.Thus, the proposed scheme can identify incorrect messages and avoid DoS attacks by essentially terminating the session.

    6.3.10 Security Against Impersonation Attack

    In node impersonation attack, an adversary mimics the behavior of legitimate IoT nodes by eavesdropping on the communication channel.In the proposed IIoT-CS scheme, if theAdmimics the behavior of a valid sender node (ith-node).In doing so,Adproduces a message {Wa,Ya} and sends it to a valid receiver node (jth-node).Thejth-nodereplies the adversary with a message {Wj,Yj}.The adversaryA, when receiving {Wj, Yj}, generate the message {C′,S′,Z′} and send it to thejth-node.As the adversary is incapable to compute the private keys of a valid sender node,the message {C′,S′,Z′} transmitted by the adversary is incorrect.Thejth-node, upon obtaining this inaccurate message {C′,S′,Z′}, decryptC′to validate the signature, but sinceS′.D≠β+ (Z′+Ui).H(IDi||m||ni), thus the authentication fails.Furthermore, the adversaryAdis unable to mimics the behavior of the valid receiver (jth-node) because it is not feasible forAdto compute the private keyVjofjth-node, and thus is unable to correctly produce the message {Auth}, as a result the nodes finish the session.Thus, the proposed scheme ensures security against impersonation attack.

    6.3.11 Security from Man in the Middle(Mitm)Attack

    In MitM attack, an adversary attempts to modify the messages fromith-nodeto thejthnodeand vice versa.The adversary pretends itself as a valid participating entity and passes the updated messages to either node.The proposed scheme performs the mutual authentication using the messages {C,S,Z} and {Auth}.Adcan only spoof a valid participant if it can produce any of these messages correctly.However, according to HECDLP the retrieval of the private key is computationally not feasible.Thus, the proposed scheme can easily withstand MitM attacks.

    6.3.12 Security from Key Compromise Attack

    The private keyVjand secret valuebare used to obtain the secret session keySK, the adversary is incapable to get the private values due to HECDLP, as a result the adversary can’t generate the secret session key and hence, the proposed IIoT-CS scheme can ensure security against key compromise attack.

    7 Comparative Analysis

    This section presents the comparative analysis of computational cost, communication overhead and security features.

    7.1 Computational Cost

    The computational overhead depends on the execution time of different cryptographic operations involved in an authentication scheme.Garg et al.[23] show that the time required to execute elliptic curve scalar multiplication (ECSM) and hash-to-point (HtP) operations is 0.986 and 14.293 ms, respectively, using MIRACL [39].The execution time of Hyperelliptic Curve Divisor Multiplication (HECDM) is considered as 0.48 ms [40].The time consumption of cryptographic operations is very small compared to the time consumption of ECSM and HECDM and therefore can be ignored.In the proposed scheme, each sender node (ith-node) and the receiver node (jthnode) performs 3 HECDM operations.Therefore, the time consumed by the sender and receiver node together is 6 × 0.48 = 2.88 ms.The KGC performs 3 HECDM operations for at least 2 IoT nodes in the system to authenticate each other.Therefore, the time consumed by the KGC is 3× 0.48 = 1.44 ms.The total time consumed by the KGC and nodes to for mutual authentication is 2.88 ms + 1.44 ms = 4.32 ms.The comparison of the computational cost of IIoT-CS scheme with the existing schemes [15,23,41] is shown in Tab.2 and Fig.4a.It is clear from the results that IIoT-CS scheme is less expensive in computational cost as compared to the existing schemes.

    Figure 4:Comparative analysis of (a) computational cost and (b) communication overhead

    Table 2:Computational cost analysis

    7.2 Communication Overhead

    Communication overhead can be determined from the number of bits sent and received by the participating IoT nodes in the authentication phase.We assumed SHA-256 as our hash function, which generates 256-bits output and 128-bit AES as our encryption algorithm which generates 128-bits ciphertext.In the proposed IIoT-CS scheme, an IoT node is required to send two messages {Wi,Yi} and {Ti,C,S,Z} and receive two messages {Wj,Yj} and {Tj,Auth}.The communication overhead of an IoT node to send the message {Wi,Yi} and {Ti,C,S,Z} is 160+ 80 + 80 + 128 + 256 + 80 = 784 bits.Whereas the communication overhead of an IoT node to receive the messages{Wj,Yj} and {Tj,Auth} is 160 + 80 + 80 + 128 = 448 bits.The overall communication overhead of an IoT node is 784 + 448 = 1232 bits.The comparison of the communication overhead of IIoT-CS scheme with the existing schemes [15,23,41] is shown in Tab.3 and Fig.4b.It is clear from the results that IIoT-CS scheme incurs the lowest communication overhead as compared to the existing schemes.

    Table 3:Communication overhead analysis

    7.3 Comparison of Security Attributes

    We compare the proposed scheme’s security functionality with existing state-of-the-art [15,23,41].The proposed scheme offers mutual authentication, non-repudiation, unforgeability, forward secrecy, resist, replay, eavesdropping, DoS, impersonation, MitM, and key compromise attacks as shown in the Tab.4.It is obvious that the proposed IIoT-CS scheme is by far the most secure scheme amongst the existing protocols.

    Table 4:Comparison of the security features

    8 Conclusion

    In this study, we used HEC based CS scheme in the developing of an efficient and secure authentication mechanism for IIoT environment.The proposed scheme uses 80-bit HEC rather than 160-bit ECC for security and performance.We apply both formal and informal security analysis to evaluate the proposed scheme’s security.We performed the formal security analysis by using AVISPA tool and RoR model, which affirms the security of the proposed scheme.It has been shown in the analysis that the proposed scheme offers confidentiality, mutual authentication,integrity, and non-repudiation and is also robust to a range of security attacks such as replay,eavesdropping, impersonation, MitM, DoS, and key compromise attacks etc.Our proposed scheme is relatively less expensive compared to the current state-of-the-art.Our proposed scheme is 31.25% and 51.31% more efficient in computational cost and communication overhead, respectively, compared to the most recent protocol.Thus, our proposed scheme is a viable option for IoT devices with inadequate resources.

    9 Future Work

    We want to incorporate and evaluate the proposed IIoT-CS scheme in a real-world IIoT environment in the future.This will make more improvements to the proposed scheme and will encourage us to evaluate its security and efficiency more accurately.

    Funding Statement:This work is supported by the University of Malaya IIRG Grant (IIRG008A-19IISSN), Ministry of Education FRGS Grant (FP055-2019A).This work was also supported by Grant System of University of Zilina No.1/2020.(Project No.7962) and partially supported by the Slovak Grant Agency for Science (VEGA) under Grant Number 1/0157/21.The authors are grateful to the Taif University Researchers Supporting Project (Number TURSP-2020/36), Taif University, Taif, Saudi Arabia.

    Conflicts of Interest:The authors declare that they have no conflicts of interest to report regarding the present study.

    亚洲色图 男人天堂 中文字幕| 午夜激情av网站| 午夜91福利影院| 国产精品欧美亚洲77777| 99国产精品免费福利视频| 黄色 视频免费看| 曰老女人黄片| 我的亚洲天堂| 大陆偷拍与自拍| 高清视频免费观看一区二区| 国产主播在线观看一区二区| 午夜福利一区二区在线看| 久久久欧美国产精品| 午夜福利一区二区在线看| 亚洲精品美女久久久久99蜜臀| 国产欧美日韩精品亚洲av| 欧美激情极品国产一区二区三区| 国产精品av久久久久免费| 99国产精品一区二区蜜桃av | 国产精品自产拍在线观看55亚洲 | 18禁美女被吸乳视频| 亚洲av日韩精品久久久久久密| 日韩视频一区二区在线观看| 香蕉丝袜av| 免费看十八禁软件| 黄片大片在线免费观看| 亚洲人成电影免费在线| 国产精品亚洲av一区麻豆| 久久久精品94久久精品| 一级毛片女人18水好多| 国产亚洲精品一区二区www | 天堂俺去俺来也www色官网| 三上悠亚av全集在线观看| 精品亚洲成国产av| 搡老岳熟女国产| 美女午夜性视频免费| 国产精品久久久人人做人人爽| 国产有黄有色有爽视频| 成人三级做爰电影| 国产精品免费视频内射| a级片在线免费高清观看视频| 久久亚洲真实| 两个人看的免费小视频| 成人av一区二区三区在线看| 国产午夜精品久久久久久| 免费观看a级毛片全部| 50天的宝宝边吃奶边哭怎么回事| 老汉色∧v一级毛片| 亚洲成av片中文字幕在线观看| 高清毛片免费观看视频网站 | 黄片大片在线免费观看| 日日摸夜夜添夜夜添小说| 老司机靠b影院| 国产精品二区激情视频| 久9热在线精品视频| 日本av手机在线免费观看| 久久久精品区二区三区| 在线天堂中文资源库| 亚洲一卡2卡3卡4卡5卡精品中文| 丁香六月欧美| 亚洲欧美色中文字幕在线| 久久中文字幕人妻熟女| 99久久精品国产亚洲精品| av电影中文网址| 在线观看人妻少妇| 国产福利在线免费观看视频| 国产精品免费大片| 精品一区二区三区视频在线观看免费 | 欧美日韩视频精品一区| 久久人妻av系列| 亚洲精品在线美女| videosex国产| 老司机午夜福利在线观看视频 | 色94色欧美一区二区| 精品国产一区二区久久| 成人永久免费在线观看视频 | 正在播放国产对白刺激| 12—13女人毛片做爰片一| 捣出白浆h1v1| 十分钟在线观看高清视频www| av电影中文网址| 在线观看一区二区三区激情| 这个男人来自地球电影免费观看| 啦啦啦中文免费视频观看日本| 动漫黄色视频在线观看| 一个人免费在线观看的高清视频| 日本vs欧美在线观看视频| 精品国产国语对白av| 一本一本久久a久久精品综合妖精| 亚洲人成电影观看| 久久 成人 亚洲| 嫩草影视91久久| 日韩熟女老妇一区二区性免费视频| 日韩有码中文字幕| 99九九在线精品视频| 新久久久久国产一级毛片| 国产有黄有色有爽视频| 国产成人啪精品午夜网站| 老熟妇乱子伦视频在线观看| 男女床上黄色一级片免费看| 国产一区二区在线观看av| 美国免费a级毛片| 少妇精品久久久久久久| 又大又爽又粗| 一区二区三区国产精品乱码| 久久精品熟女亚洲av麻豆精品| av超薄肉色丝袜交足视频| 久久ye,这里只有精品| 欧美日韩黄片免| 国产午夜精品久久久久久| 精品久久久久久电影网| 黄色成人免费大全| 国产精品九九99| 极品人妻少妇av视频| 日韩免费高清中文字幕av| 国产日韩欧美在线精品| 中国美女看黄片| 精品第一国产精品| 新久久久久国产一级毛片| 亚洲国产精品一区二区三区在线| 人人澡人人妻人| 亚洲全国av大片| 中文字幕另类日韩欧美亚洲嫩草| 制服人妻中文乱码| 午夜免费成人在线视频| 久久久久久久精品吃奶| 国产在线精品亚洲第一网站| videos熟女内射| 亚洲一码二码三码区别大吗| 丰满迷人的少妇在线观看| 亚洲国产欧美日韩在线播放| 免费高清在线观看日韩| √禁漫天堂资源中文www| 亚洲中文字幕日韩| 亚洲性夜色夜夜综合| 老司机午夜福利在线观看视频 | 久久人妻熟女aⅴ| 欧美中文综合在线视频| 精品一区二区三区视频在线观看免费 | 国产av国产精品国产| 大型黄色视频在线免费观看| 亚洲黑人精品在线| 制服人妻中文乱码| 999久久久国产精品视频| 国产av精品麻豆| 大片电影免费在线观看免费| 黄色 视频免费看| 99国产综合亚洲精品| 免费久久久久久久精品成人欧美视频| 国产一区二区三区视频了| 人人妻人人澡人人爽人人夜夜| 久久久久视频综合| 亚洲熟女毛片儿| 大香蕉久久网| 国产精品欧美亚洲77777| 婷婷成人精品国产| 满18在线观看网站| 丁香六月欧美| 久久久精品免费免费高清| 欧美精品一区二区免费开放| 久久精品亚洲精品国产色婷小说| 日韩欧美三级三区| 99久久精品国产亚洲精品| 午夜激情av网站| 亚洲熟妇熟女久久| 国产激情久久老熟女| 国产精品久久久久久精品古装| 老司机影院毛片| 久久久国产一区二区| 黄网站色视频无遮挡免费观看| 性高湖久久久久久久久免费观看| 成年女人毛片免费观看观看9 | 黑人巨大精品欧美一区二区蜜桃| 色精品久久人妻99蜜桃| 在线观看舔阴道视频| 一区福利在线观看| 99香蕉大伊视频| 中文字幕精品免费在线观看视频| 亚洲成av片中文字幕在线观看| 两人在一起打扑克的视频| 欧美国产精品va在线观看不卡| 91麻豆精品激情在线观看国产 | 日本av免费视频播放| 久久精品国产综合久久久| avwww免费| 久久精品国产综合久久久| 一区福利在线观看| 无人区码免费观看不卡 | 欧美成狂野欧美在线观看| 99九九在线精品视频| 国产免费av片在线观看野外av| 操出白浆在线播放| av免费在线观看网站| 日韩三级视频一区二区三区| svipshipincom国产片| 悠悠久久av| 免费女性裸体啪啪无遮挡网站| 国产人伦9x9x在线观看| av线在线观看网站| 久久久久国内视频| 99九九在线精品视频| 久久久欧美国产精品| 极品人妻少妇av视频| 精品少妇一区二区三区视频日本电影| 性高湖久久久久久久久免费观看| www.精华液| 18禁观看日本| 又大又爽又粗| 国产精品国产高清国产av | 女警被强在线播放| 变态另类成人亚洲欧美熟女 | 欧美日韩av久久| 啦啦啦 在线观看视频| 久久久国产一区二区| 女人被躁到高潮嗷嗷叫费观| 交换朋友夫妻互换小说| 亚洲精品av麻豆狂野| 久久国产精品男人的天堂亚洲| 亚洲天堂av无毛| 在线十欧美十亚洲十日本专区| 欧美黑人欧美精品刺激| 男女高潮啪啪啪动态图| 国产在线观看jvid| av福利片在线| 久久久久久免费高清国产稀缺| 一夜夜www| 黄色a级毛片大全视频| 波多野结衣av一区二区av| 欧美精品一区二区免费开放| 日韩欧美国产一区二区入口| 亚洲人成电影观看| 亚洲色图av天堂| 99在线人妻在线中文字幕 | 久久国产精品影院| 国产男女超爽视频在线观看| 怎么达到女性高潮| 18禁国产床啪视频网站| 午夜激情久久久久久久| 男人舔女人的私密视频| 制服诱惑二区| 亚洲五月色婷婷综合| 黄色视频,在线免费观看| 欧美大码av| 亚洲国产毛片av蜜桃av| 热99re8久久精品国产| 黑人巨大精品欧美一区二区mp4| 国产一区二区三区在线臀色熟女 | 亚洲avbb在线观看| 18禁观看日本| 亚洲人成电影观看| 一二三四在线观看免费中文在| 99精品欧美一区二区三区四区| 少妇的丰满在线观看| 免费在线观看影片大全网站| 国产福利在线免费观看视频| 高清欧美精品videossex| 精品少妇黑人巨大在线播放| 久久久久精品国产欧美久久久| 新久久久久国产一级毛片| 欧美日韩视频精品一区| 国产精品亚洲一级av第二区| 国产精品 国内视频| 国产亚洲精品一区二区www | a在线观看视频网站| 久久99热这里只频精品6学生| 久久婷婷成人综合色麻豆| 亚洲精品粉嫩美女一区| 国产成人免费观看mmmm| 欧美 日韩 精品 国产| 国产精品久久久久久人妻精品电影 | 午夜福利视频在线观看免费| 日韩一卡2卡3卡4卡2021年| 日韩中文字幕欧美一区二区| 国产福利在线免费观看视频| av不卡在线播放| 性高湖久久久久久久久免费观看| 我的亚洲天堂| 国产精品久久久人人做人人爽| 桃花免费在线播放| 999久久久国产精品视频| 一区二区三区精品91| 国产精品国产高清国产av | 国产成人欧美在线观看 | 国产一区二区三区在线臀色熟女 | 91大片在线观看| 日本欧美视频一区| 日韩一卡2卡3卡4卡2021年| 欧美亚洲日本最大视频资源| 91国产中文字幕| 色老头精品视频在线观看| 极品教师在线免费播放| 精品卡一卡二卡四卡免费| 99re6热这里在线精品视频| 国产成人啪精品午夜网站| 波多野结衣av一区二区av| 午夜老司机福利片| 日韩制服丝袜自拍偷拍| 操出白浆在线播放| 日韩免费av在线播放| 十八禁人妻一区二区| 手机成人av网站| 亚洲九九香蕉| 欧美日韩国产mv在线观看视频| 捣出白浆h1v1| av国产精品久久久久影院| 亚洲成人国产一区在线观看| 最近最新中文字幕大全电影3 | 色94色欧美一区二区| 黄色怎么调成土黄色| 久久天堂一区二区三区四区| 国产高清videossex| 欧美在线黄色| 成人国语在线视频| videos熟女内射| 亚洲国产av新网站| 久久人人97超碰香蕉20202| 如日韩欧美国产精品一区二区三区| 一级黄色大片毛片| 午夜福利在线观看吧| 五月天丁香电影| 中文字幕人妻丝袜制服| 无限看片的www在线观看| 免费高清在线观看日韩| 久久国产亚洲av麻豆专区| 国产在线视频一区二区| 亚洲色图综合在线观看| 黄色视频不卡| 免费一级毛片在线播放高清视频 | 亚洲专区字幕在线| 亚洲av日韩精品久久久久久密| 精品国产乱子伦一区二区三区| 一进一出好大好爽视频| 国产人伦9x9x在线观看| 国产伦理片在线播放av一区| 精品第一国产精品| 日本精品一区二区三区蜜桃| 免费在线观看日本一区| 黄色视频不卡| 亚洲成人手机| 国产精品一区二区在线观看99| 免费在线观看日本一区| 美女高潮到喷水免费观看| 啦啦啦中文免费视频观看日本| 深夜精品福利| 看免费av毛片| 女性生殖器流出的白浆| 中文字幕高清在线视频| 午夜福利免费观看在线| netflix在线观看网站| 国产在线免费精品| 国产成人精品久久二区二区免费| 国产一区二区三区在线臀色熟女 | 国产99久久九九免费精品| 亚洲男人天堂网一区| 久久影院123| 国产一卡二卡三卡精品| 国产精品一区二区免费欧美| 欧美日本中文国产一区发布| 一级毛片精品| 午夜福利免费观看在线| av电影中文网址| 精品国产一区二区三区久久久樱花| 色综合婷婷激情| 国产成人精品在线电影| 日韩免费高清中文字幕av| 国产精品av久久久久免费| 女人爽到高潮嗷嗷叫在线视频| 久久国产精品大桥未久av| 亚洲午夜理论影院| 久久人妻熟女aⅴ| 国产精品熟女久久久久浪| 男女之事视频高清在线观看| 老司机亚洲免费影院| 久久人妻熟女aⅴ| 欧美 亚洲 国产 日韩一| 18禁美女被吸乳视频| 欧美性长视频在线观看| 国产精品久久久久久人妻精品电影 | 午夜福利,免费看| 9色porny在线观看| 啦啦啦 在线观看视频| 丁香六月欧美| 国产精品av久久久久免费| 久久精品亚洲精品国产色婷小说| 国产免费福利视频在线观看| 9热在线视频观看99| av超薄肉色丝袜交足视频| 少妇 在线观看| 亚洲人成电影观看| 飞空精品影院首页| 极品人妻少妇av视频| 涩涩av久久男人的天堂| 精品久久蜜臀av无| 两个人免费观看高清视频| 国产精品 欧美亚洲| 人妻 亚洲 视频| 国产人伦9x9x在线观看| 欧美 日韩 精品 国产| 别揉我奶头~嗯~啊~动态视频| 老司机靠b影院| 国产极品粉嫩免费观看在线| 精品亚洲成a人片在线观看| 两人在一起打扑克的视频| 波多野结衣av一区二区av| 久久久久国产一级毛片高清牌| 亚洲国产看品久久| 国产精品一区二区在线不卡| 亚洲精品美女久久久久99蜜臀| 丰满迷人的少妇在线观看| 99精品欧美一区二区三区四区| 脱女人内裤的视频| 天天添夜夜摸| a级毛片黄视频| 亚洲国产欧美一区二区综合| 亚洲熟女毛片儿| 国产av又大| 老熟妇仑乱视频hdxx| 热99re8久久精品国产| 新久久久久国产一级毛片| 成年女人毛片免费观看观看9 | 日本黄色日本黄色录像| 色综合婷婷激情| 狠狠婷婷综合久久久久久88av| 久久精品亚洲熟妇少妇任你| 久久精品成人免费网站| 成人特级黄色片久久久久久久 | 少妇 在线观看| 国产黄频视频在线观看| 成人国产一区最新在线观看| 亚洲精品乱久久久久久| 国产精品久久久人人做人人爽| 黑人欧美特级aaaaaa片| 国产亚洲欧美在线一区二区| 亚洲自偷自拍图片 自拍| 久久人妻熟女aⅴ| 777久久人妻少妇嫩草av网站| 亚洲精品自拍成人| 999久久久精品免费观看国产| 成人黄色视频免费在线看| 国产欧美日韩一区二区三区在线| 一本色道久久久久久精品综合| h视频一区二区三区| av又黄又爽大尺度在线免费看| 国产在线一区二区三区精| 国产精品久久久人人做人人爽| 午夜精品国产一区二区电影| 亚洲av成人一区二区三| 欧美黄色片欧美黄色片| 成人18禁在线播放| av在线播放免费不卡| 亚洲成国产人片在线观看| 好男人电影高清在线观看| 成年人黄色毛片网站| 黑人巨大精品欧美一区二区mp4| 最近最新中文字幕大全免费视频| 久久精品国产综合久久久| 欧美激情极品国产一区二区三区| 欧美大码av| 午夜福利乱码中文字幕| 成人国语在线视频| 午夜免费成人在线视频| 国产极品粉嫩免费观看在线| 亚洲精品国产区一区二| 亚洲国产av新网站| 久久亚洲精品不卡| 久久久久久久久免费视频了| 大陆偷拍与自拍| 成年版毛片免费区| 69精品国产乱码久久久| 91成人精品电影| 亚洲avbb在线观看| 国产一区二区三区综合在线观看| 日韩免费高清中文字幕av| 老鸭窝网址在线观看| 亚洲精品国产区一区二| 国产精品亚洲av一区麻豆| 在线永久观看黄色视频| 亚洲精品av麻豆狂野| 久久人妻熟女aⅴ| 国产日韩欧美视频二区| 菩萨蛮人人尽说江南好唐韦庄| 精品国产一区二区三区四区第35| 国产日韩一区二区三区精品不卡| 国产一区二区三区在线臀色熟女 | 国产精品1区2区在线观看. | 精品久久蜜臀av无| 黄片小视频在线播放| 欧美久久黑人一区二区| 老司机影院毛片| 国产精品99久久99久久久不卡| 一区二区三区精品91| 亚洲伊人色综图| 国产男女内射视频| 老汉色av国产亚洲站长工具| 我要看黄色一级片免费的| 午夜福利在线观看吧| 天天躁夜夜躁狠狠躁躁| 777米奇影视久久| 高清视频免费观看一区二区| 日韩免费高清中文字幕av| 午夜福利在线观看吧| 亚洲专区中文字幕在线| www.精华液| 岛国毛片在线播放| 国产精品久久久久久精品电影小说| 青草久久国产| 欧美av亚洲av综合av国产av| 人人澡人人妻人| 精品国产乱码久久久久久男人| 在线观看免费视频日本深夜| 99久久人妻综合| 精品久久蜜臀av无| 99国产精品免费福利视频| 国产成+人综合+亚洲专区| 亚洲一区二区三区欧美精品| 亚洲精品在线观看二区| 国产人伦9x9x在线观看| 国产av精品麻豆| 中文亚洲av片在线观看爽 | 99九九在线精品视频| 色精品久久人妻99蜜桃| 99久久人妻综合| www.熟女人妻精品国产| www.999成人在线观看| 丝袜美足系列| 纵有疾风起免费观看全集完整版| 不卡一级毛片| 精品午夜福利视频在线观看一区 | www.精华液| 五月开心婷婷网| 777久久人妻少妇嫩草av网站| 免费在线观看黄色视频的| 午夜福利欧美成人| 免费一级毛片在线播放高清视频 | 三上悠亚av全集在线观看| 一级片'在线观看视频| 日本黄色日本黄色录像| 国产精品久久久久久精品电影小说| 两性夫妻黄色片| 亚洲成人免费av在线播放| 中文字幕最新亚洲高清| 大陆偷拍与自拍| 黄网站色视频无遮挡免费观看| 久久久久久亚洲精品国产蜜桃av| 亚洲精品一二三| 久久精品国产综合久久久| 欧美日韩成人在线一区二区| 无遮挡黄片免费观看| 50天的宝宝边吃奶边哭怎么回事| 精品免费久久久久久久清纯 | 国产精品二区激情视频| 一本综合久久免费| 后天国语完整版免费观看| 伊人久久大香线蕉亚洲五| 黑人猛操日本美女一级片| 人人妻人人澡人人爽人人夜夜| 国产精品98久久久久久宅男小说| 精品久久久久久电影网| 免费在线观看完整版高清| 欧美 亚洲 国产 日韩一| 波多野结衣一区麻豆| 久久精品熟女亚洲av麻豆精品| 99精品在免费线老司机午夜| 亚洲国产欧美一区二区综合| 成人国产一区最新在线观看| www.熟女人妻精品国产| 成在线人永久免费视频| 欧美成人午夜精品| 十分钟在线观看高清视频www| 亚洲久久久国产精品| 国产成+人综合+亚洲专区| 高清毛片免费观看视频网站 | 国产精品熟女久久久久浪| 中文字幕人妻熟女乱码| 久久亚洲精品不卡| 亚洲av成人一区二区三| 嫁个100分男人电影在线观看| 国产男靠女视频免费网站| 丰满迷人的少妇在线观看| 国产免费福利视频在线观看| 狠狠精品人妻久久久久久综合| √禁漫天堂资源中文www| 黄色视频,在线免费观看| 超碰97精品在线观看| 大片电影免费在线观看免费| 人人妻人人澡人人爽人人夜夜| 黄网站色视频无遮挡免费观看| 777米奇影视久久| 女性生殖器流出的白浆| 亚洲三区欧美一区| 人妻久久中文字幕网| 91成年电影在线观看| 人人妻人人添人人爽欧美一区卜| 日本a在线网址| 天天躁夜夜躁狠狠躁躁| 91大片在线观看| 在线看a的网站| av线在线观看网站| 50天的宝宝边吃奶边哭怎么回事| 夜夜爽天天搞| 男女午夜视频在线观看| 91老司机精品| av网站免费在线观看视频| 精品亚洲乱码少妇综合久久| 久久久久久久久免费视频了| 交换朋友夫妻互换小说| 免费看a级黄色片| 精品国产乱子伦一区二区三区| 国产精品 国内视频| 午夜福利视频在线观看免费| 啦啦啦在线免费观看视频4| 麻豆av在线久日| 天天影视国产精品| 精品少妇内射三级| 91国产中文字幕|