• <tr id="yyy80"></tr>
  • <sup id="yyy80"></sup>
  • <tfoot id="yyy80"><noscript id="yyy80"></noscript></tfoot>
  • 99热精品在线国产_美女午夜性视频免费_国产精品国产高清国产av_av欧美777_自拍偷自拍亚洲精品老妇_亚洲熟女精品中文字幕_www日本黄色视频网_国产精品野战在线观看 ?

    Hyper Elliptic Curve Based Certificateless Signcryption Scheme for Secure IIoT Communications

    2022-08-24 03:27:04UsmanAliMohdYamaniIdnaIdrisJaroslavFrndaMohamadNizamBinAyubRoobaeaAlroobaeaFahadAlmansourNuraModiShagariInsafUllahandIhsanAli
    Computers Materials&Continua 2022年5期

    Usman Ali,Mohd Yamani Idna Idris,Jaroslav Frnda,Mohamad Nizam Bin Ayub,Roobaea Alroobaea,F(xiàn)ahad Almansour,Nura Modi Shagari,Insaf Ullah and Ihsan Ali

    1Department of Computer System and Technology,F(xiàn)aculty of Computer Science and Information Technology,University of Malaya,Kuala Lumpur,50603,Malaysia

    2Department of Computer Science,University of Swat,Saidu Sharif,19130,Pakistan

    3Center for Research in Mobile Cloud Computing,University of Malaya,Kuala Lumpur,50603,Malaysia

    4Department of Quantitative Methods and Economic Informatics,F(xiàn)aculty of Operation and Economics of Transport and Communications,University of Zilina,010 26 Zilina,Slovakia

    5Department of Computer Science,College of Computers and Information Technology,Taif University,Taif,21944,Saudi Arabia

    6Department of Computer Science,College of Sciences and Arts in Rass,Qassim University,Buraydah,51452,Saudi Arabia

    7Department of Computer Science,Hamdard Institute of Engineering and Technology,Islamabad,44000,Pakistan

    Abstract:Industrial internet of things(IIoT)is the usage of internet of things(IoT) devices and applications for the purpose of sensing, processing and communicating real-time events in the industrial system to reduce the unnecessary operational cost and enhance manufacturing and other industrial-related processes to attain more profits.However, such IoT based smart industries need internet connectivity and interoperability which makes them susceptible to numerous cyber-attacks due to the scarcity of computational resources of IoT devices and communication over insecure wireless channels.Therefore, this necessitates the design of an efficient security mechanism for IIoT environment.In this paper, we propose a hyperelliptic curve cryptography(HECC)based IIoT Certificateless Signcryption(IIoT-CS) scheme, with the aim of improving security while lowering computational and communication overhead in IIoT environment.HECC with 80-bit smaller key and parameters sizes offers similar security as elliptic curve cryptography(ECC)with 160-bit long key and parameters sizes.We assessed the IIoT-CS scheme security by applying formal and informal security evaluation techniques.We used Real or Random(RoR)model and the widely used automated validation of internet security protocols and applications(AVISPA) simulation tool for formal security analysis and proved that the IIoT-CS scheme provides resistance to various attacks.Our proposed IIoT-CS scheme is relatively less expensive compared to the current state-of-the-art in terms of computational cost and communication overhead.Furthermore, the IIoT-CS scheme is 31.25% and 51.31% more efficient in computational cost and communication overhead,respectively,compared to the most recent protocol.

    Keywords: IoT security; authentication protocols; hyperelliptic curve cryptography; certificateless public key cryptography

    1 Introduction

    The Internet of Things (IoT) is a rapidly evolving infrastructure which allows traditional systems to connect with one another by incorporating new devices such as sensors, actuators, and other smart devices.The integration of IoT and wireless sensor networks (WSN) has boosted the usage of IoT in our everyday lives, such as health tracking, smart houses, smart cities, and smart transportation [1].The widespread use of IoT can also be seen in an industrial environment known as Industrial IoT (IIoT) or Industry 4.0, including industrial automation, aviation, smart retail, smart farming, and power systems [2–4].The IIoT refers to the use of well-connected IoT devices for collecting and communicating real-time events in industrial systems to reduce human effort and operational costs and to enhance manufacturing and industrial processes.However,these interconnected smart devices and networks have been used to enable a variety of cyberattacks due to the inadequate computational resources and communication over insecure wireless channels.Therefore, this necessitates the design of an efficient and secure mechanisms for IIoT environment.The limited battery life of smart devices is one of the main obstacles in the design of security solutions for IIoT applications.As a result, a current research focus is on developing a secure and efficient solutions for resource-constrained IoT devices.The security requirements for IIoT data, such as confidentiality, integrity, authenticity, and non-repudiation must always be ensured due to the resource-constrained IoT devices and communications over an insecure network.A signature-then-encryption mechanism is one solution to ensure such security requirements, however, this approach is not appropriate for low computing IoT devices as it produces the message’s signature and encryption in two separate steps.To enhance the performance, Zheng [5]introduced Signcryption techniques, which incorporates signature and encryption in a single logical step.However, Zheng approach is based on public key cryptography (PKC).In PKC based schemes, the public key of a participating entity contains a random number belonging to some group that does not offer authenticity to the participating entity as the group elements provide no identity to the participating entities [6].To address the flaws in PKC based schemes, the notion of public key infrastructure (PKI) was introduced in which a certificate authority (CA) is used that binds the public key with certificates [7].However, this mechanism suffers from certificate storage, distribution, and manufacturing difficulties [8].To overcome these shortcomings, the idea of identity-based cryptography (IBC) was suggested in [9].IBC enables the participating entities to produce public keys directly from their identities, such as e-mail and phone numbers, without the need for CA, and the private key for each participating entity is generated by the trusted server which acts as the key generation center (KGC).The principle Signcryption was implemented to merge the features of signature and encryption into a single step [10].However, IBC based schemes suffer from the key escrow problem in which the KGC has the complete knowledge of the private keys of all participants.To address this problem, the idea of Certificateless Public Key Infrastructure (CPKI) was suggested in [11].In CPKI, a participant’s private key is made up of two parts:one part is the private key provided by the KGC, and the second part is a secret value generated by the participant itself.The concept of Certificateless Signcryption (CS)was introduced, in which the principle of Signcryption was implemented to merge the features of signature and encryption into a single step [12].

    Normally, the above-mentioned Signcryption schemes’security and efficiency depend on some computationally difficult problems, for instance, RSA, bilinear pairing (BP), and elliptic curve cryptography (ECC).The RSA [13,14] scheme is not appropriate for resource constraint devices because it contains large factorization and uses a 1024-bit large key size [15].Furthermore, BP is 14.31 times worse than RSA [16].ECC has been introduced to address the shortcomings of RSA and BP [17].In comparison to BP and RSA, ECC uses less parameter size, public key, and private key sizes.Furthermore, the efficiency and security of the ECC is based on 160-bit key size [18].However, ECC based schemes are still inefficient for resource constraint IoT devices.To enhance the efficiency of ECC based schemes, the idea of hyper elliptic curve cryptography (HECC) was introduced [19].The HECC offers the similar level of security as ECC by utilizing 80-bit small key sizes [20–22].Thus, HECC is considered a better choice for resource constraint IoT devices.In this paper, we proposed HECC based IIoT certificateless Signcryption (IIoT-CS) scheme for secure communication in IIoT environment.

    1.1 Motivation and Contributions

    Recently, Garg et al.[23] Proposed authentication scheme for IIoT environment.We found that their scheme is based on a hierarchical approach in which two participating IoT nodes cannot perform mutual authentication directly without an active server.In their scheme, the intended IoT nodes need to perform an authentication process with the server before they start communication,which increases the communication overhead for each IoT node.Furthermore, the efficiency and security of their scheme is based on ECC which suffer from high computational overhead due to the large parameters and key sizes compared to HECC.Their scheme’s verification is not proved using formal security verification tools such as RoR.To address these shortcomings, we propose HECC based IIoT-CS scheme for secure IIoT communications.As we mentioned in the introduction, the HECC offers a similar level of security as ECC, RSA, and bilinear pairing by using a smaller key size, which reduces the computational and communication overhead.We verified the security of IIoT-CS scheme using the RoR model and AVISPA simulation tool.We also performed the informal security analysis of the proposed scheme.Furthermore, the results proved the efficiency of IIoT-CS scheme.

    1.2 Outline of the Paper

    The remainder of the paper is presented as follows.Section 2 contains related work; Section 3 shows the system model and threat models; Section 4 presents the proposed scheme; Section 5 demonstrates the proof of correctness; Section 6 presents the security evaluation; Section 7 presents the comparative analysis; Section 8 discusses the conclusion and finally Section 9 shows future work.

    2 Related Work

    Information security is important to protect critical information in modern communication systems where the communication is held through an insecure public networks.The research community is also echoing the significance of such a topic [24–26].Hassija et al.[27] addressing the evolving security issues in IoT environments, emphasizing the significance of maintaining secure communication among IoT nodes.To safeguard sensitive data/information, it must be concealed from unauthorized access (confidentiality), identify who sent the message (authentication),be protected from alteration (integrity), and be available to a legitimate user [28].Therefore,encryption techniques are used to ensure confidentiality, whereas digital signatures are applied to guarantee integrity and authenticity.In the conventional encryption mechanism known as signature-then-encryption in which the sender has to first sign and then encrypt the data.However,this approach has some drawbacks, such as requiring more machine cycles and energy, which reduces the performance.To address these shortcomings, the concept of Signcryption was introduced in [5].However, this approach is based on PKC in which the public key of a participating entity contains a random number belonging to some group that does not offer authenticity to the participating entity as the group elements provide no identity to the participating entities [6].To address Signcryption flaws in [5], IBS scheme were suggested in [10].However, it turned out that IBS scheme suffer from the key escrow problem.To address this issue, CS scheme was introduced in [12].Following this scheme, another CS scheme based on random oracle model (ROM) was proposed [29].Wahid et al.[30] proposed EC-based CS efficient scheme.Zhou et al.[31] proposed a new SM based CS scheme.They used the modified decisional bilinear Diffie Hellman problem and square computational Diffie Hellman problem to prove their scheme’s security requirements.Rastegari et al.[32] proposed SM based CS scheme.Yu et al.[33] proposed a new CS scheme and demonstrated their scheme’s security by using ROM.Lin et al.[34] presented the cryptanalysis of the of scheme in [33] and found that since the requirements of confidentiality and unforgeability are not fulfilled, their scheme may be completely thwarted.Zhou [35] suggested a new BP based CS scheme using SM for security proof.

    3 System and Threat Model

    This section shows the details of the system model and threat model considered for the proposed IIoT-CS scheme.

    3.1 System Model

    Primarily, an IIoT environment consists of multiple IoT domains made up of IoT devices called nodes such as sensors, actuators, and other devices as shown in Fig.1.These IoT devices routinely collect information and transmit it to other devices in the network.The focus of this article is to design an authentication schemes to secure the communication among IoT nodes.The IoT nodes have minimal computing resources, while the KGC is a trusted server which has ample resources.We further assume that certain cryptographic elements are preloaded into the memory of all participating nodes and the nodes have to transmit their public keys and identities to KGC and other nodes to which they want to communicate.

    Figure 1:System model of the proposed scheme

    3.2 Threat Model

    In the proposed scheme, we considered a powerful threat model called Dolev-Yao (DY)threat model [36], which allows an adversary to execute passive and active attacks.According to DY threat model, the adversary has access to the communication network and can listen in to all communications between participating entities.Furthermore, the adversary has complete knowledge of all public parameters of participants in the system, however the adversary has no access to the participant’s private data.Furthermore, the adversary can impersonate any device in the system by replaying messages previously eavesdropped from the communication channel.

    4 Proposed Scheme

    The proposed IIoT-CS scheme is based on HEC certificateless Signcryption and involves two phases, namely:pre-deployment phase and authentication phase, as shown in Fig.2.The notations used in the proposed IIoT-CS scheme are shown in Tab.1.

    Figure 2:Flow of interaction in the proposed IIoT-CS scheme

    4.1 Pre-Deployment Phase

    The predeployment phase is performed by the system administrator before the effective deployment of the system.In this phase, the IoT nodes are equipped with the basic cryptographic parameters necessary to establish secret session keys.This process is divided into two parts,namely, the system initialization stage and the registration stage.

    Table 1:Notations used in the proposed IIoT-CS scheme

    4.1.1 System Initialization Phase

    This process is carried out by the KGC, during which the following cryptographic information are initialized and made public.

    i) The hyperelliptic curveE/Fqover a prime finite fieldFq.

    ii) The algebraic closuref*ofFq.

    iii) The Divisor groupDof the curveE.

    iv) Hashing functionH:{0, 1} →, where, = {1, 2,..., q - 1}

    In addition, the KGC generates its master private keyVs∈Rand master public keyUs=Vs.D.Finally, it makes the public parametersparams= {Fq,f*,q,x,y,D,Us,H}, publicly available to all participants.

    4.1.2 Registration Phase

    During the registration stage, the system’s IoT nodes communicate with the KGC across a secure network in order to obtain dedicated cryptographic components.During the registration stage, the IoT nodes participating in the system communicate with the KGC through a secure communication channel to register their self and receive dedicated cryptographic information from the KGC.The flow of interaction of IoT nodes with the KGC is described below and shown in Fig.2.

    Step 1:The intended IoT node (sayith-node), that requires to be registered with the KGC,generates its identityIDiand private key as Vi∈R.Next, the node computes the first part of its public key asUi=Vi.D.The node then, computes a stringWi=(IDi||Ui), and transmits it to the KGC using a secure channel.

    Step 2:Upon receiving {Wi}, the KGC performs the following operations to compute the corresponding second part of the private and public keys on behalf ofith-node.

    i) The KGC selects a random value ri∈R, compute Yi=ri.D and sets it as the second part of the public key of theith-node.

    ii) The KGC computes hi=H(Wi||Yi) and Xi=((ri+hi.Vs) mod q) and sets Xias the second part of the private key of theith-node.The KGC delivers Xiand Yito theith-nodeusing a secure channel.

    Step 3:Upon receiving the second part of its private and public keys from KGC, theith-nodecan verify the authenticity of these keys by using the equation Xi.D=Yi+hi.Us.If this equation is validated, then the keys could be deemed valid and correctly generated by the KGC.Thus, theith-nodecan set its full private key as (Vi, Xi) and full public key as (Ui, Yi).

    4.2 Authentication Phase

    The authentication process is initiated by an IoT node (sayith-node) with the intention of communicating with the other IoT nodes (sayjth-node) as depicted in Fig.2.As described in the predeployment phase, each IoT node is preloaded with certain cryptographic information.Furthermore, to begin the authentication process, theith-nodegenerate a messageM1=〈Wi, Yi〉and transmit it to thejth-node.On receivingM1 thejth-nodereplies with a new messageM2=〈Wj, Yj〉.On receivingM2 from thejth-node, theith-nodegenerates a fresh session key, ciphertext,and signature by using the certificateless Signcryption operation as described below.

    i) Generate a timestamp Ti, select a fresh nonce ni∈{1,2,3,...,q-1}and a random secret valueb∈{1,2,3,...,q-1}and computeZ=b.D.

    ii) Computeα=Yj+US.H(Wj||Yj)

    iii) Compute a secret session keySK=b(Uj+α)

    iv) Compute cipher text C=ESK(IDi,m,ni), where m is plaintext.

    v) Computes the digital signatureS=(Xi+H(IDi||m||ni)(Vi+b)) mod q

    vi) Theith-nodesendsM3=〈Ti,C,S,Z〉to thejth-nodeusing insecure channel.

    On receiving M3, thejth-nodecheck the validity of Tiand if it is found to be valid, then proceed with the authentication procedure, otherwise terminate the session.Thejth-nodevalidates the digital signature and decrypt the ciphertext by using certificateless Un-Signcryption operation as described below.

    i) Computes the secret session keySK′=Z(Vj+Xj)

    ii) Perform decryption operation DSK′ (C)= (IDi,m,ni)

    iii) computeβ=Yi+US.H(Wi||Yi)

    iv) if S.D=β+H (IDi||m||ni). (Z+Ui) is hold, thenith-nodeis authenticated successfully.

    Thejth-nodeComputeKij=Vj.Uiand compute the messageAuth=H(Wi⊕Wj⊕ni⊕Kij).

    Finally, thejth-nodegenerate time stamp Tjand send the messageM4=〈Tj,Auth〉 to theith-node.Theith-nodeafter receiving M4 from thejth-node, first validate Tjand if it is found to be valid, then proceed with the authentication procedure, otherwise terminate the session.

    Theith-nodecomputeKji=Vi.UjandAuth′=H(Wi⊕Wj⊕ni⊕Kji).

    IfAuth=Auth′, then thejth-nodeis authenticated successfully.

    5 Proof of Correctness

    This section presents the proof of the correctness of the secret session key and signature verification.

    5.1 Proof of Secret Session Key SK′=SK

    SK′=Z(Vj+Xj),where Z=b.D and Xj=rj+Vs.H(Wj||Yj)

    ?b.D(Vj+rj+Vs.H(Wj||Yj))

    ?b.Vj.D+b.rj.D+b.Vs.D.H(Wj||Yj)

    ?b(Vj.D+rj.D+Vs.D.H(Wj||Yj)), whereUj=Vj.D,Yj=rj.D, andUs=Vs.D

    ?b(Uj+Yj+Us.H(Wj||Yj)), whereα=Yj+Us.H(Wj||Yj)

    ?b(Uj+α)=SKhence proof of correctness is verified.

    5.2 Proof of Signature Verification

    β+(Z+Ui)H(IDi||m||ni)=S.D

    β+ (Z+Ui).H(IDi||m||ni), whereβ=Yi+Us.H(Wi||Yi)

    ?Yi+Us.H(Wi||Yi)+ (Z+Ui).H(IDi||m||ni)

    ?Yi+Us.H(Wi||Yi)+Z.H(IDi||m||ni)+Ui.H(IDi||m||ni), where Yi=ri.D,Us=Vs.D,Z=b.Dand Ui=Vi.D

    ?ri.D+Vs.D.H(Wi||Yi)+b.D.H(IDi||m||ni)+Vi.D.H(IDi||m||ni)

    ? (ri+Vs.H(Wi||Yi)+(b+Vi).H(IDi||m||ni))D, where Xi=ri+Vs.H(Wi||Yi)

    ? (Xi+(b+Vi).H(IDi||m||ni))D, whereS=Xi+(b+Vi).H(IDi||m||ni)

    ?S.D, hence correctness of digital signature is verified.

    6 Security Evaluation

    We conducted both formal and informal security assessments to illustrate the potential of the IIoT-CS scheme against various attacks.The two computational problems that are useful in performing the formal security analysis are described below.

    Definition 1:Collision-Resistant One-Way Hash Function (H (.):{0,1}*→{0,1}n)

    It is a “deterministic mathematical function that accepts a variable-length input string and produces a n-bit fixed-length output string”.

    Definition 2:(Hyper Elliptic Curve Discrete Logarithm Problem (HECDLP))

    According to HECDLP, it is infeasible for an attacker to extract a value j from the relationL=j.D, whereas j ∈is the random number from= {1, 2,..., q - 1}.

    6.1 Formal Security Analysis Using RoR Model

    We used ROR model [37] in which an adversary simulates real attacks to target the communication between IoT nodes.In the proposed IIoT-CS scheme, an adversary is represented byAdand the participating nodes are represented byith-nodeandjth-node.Further, we assume the instances ofith-nodeandjth-nodeare represented byΦ= {Φi andΦj}.Adinitiates the following queries to interact withΦ.

    i)Execute query:Adeavesdrops on the communication channel and intercepts all communication betweenΦ.

    ii)Send query:Adtransmits a message toΦand obtains a reply from it consequently.

    iii)Reveal query:Adattempts to recover the session key betweenΦi andΦj.

    iv)Test query:AdrequestsΦfor session key and it responds with a random bit c.

    Moreover, H(.) is modeled as a random oracle which is available to all participants and adversaryAd.In the proposed IIoT-CS scheme, we demonstrated the existence of session key security (semantic security) by using Theorem 1 as stated below.

    Theorem 1:AssumeAdruns in a polynomial timeptand attempts to break the session key security betweenΦi and nodeΦj thenAd’s advantage in breaching the session key security can be written as follows:

    where the variables |Hash|,, and(pt) represent the range space of H(.), the number of hash queries, and the non-negligible winning advantage of breaking HECDLP respectively.

    Proof of Theorem 1:To prove Theorem 1, we used three GamesGi(i=1,2,3).Within each gameGi,Adattempts to guess the bitcby applying the test query.If, is an event whereAdaccurately guessesc, soAd’s advantage is as follows:

    Game G1:This game is similar like the real scheme that runs in RoR model.We obtain the following result in this game.

    Game G2:InG2, Ad intercepts all messages exchanged betweenΦi andΦj, these messages arem1={Wi, Yi}, m2={Wj, Yj}, m3={C, R, S, Z}andm4={Auth}.Next,Ademploys the Execute query to retrieve the session key, then employs the Reveal and Test queries to examine if the obtained session key is original or randomly generated.In the proposed IIoT-CS scheme, the session key can be produced asSK=b(Uj+α)=SK′=Z(Vj+Xj).To obtain this key correctly,Adneeds the secret valuesb,VjandXj.It implies that just eavesdropping of m1, m2, m3, and m4 would not improveAd’s winning probability.Hence, G1 and G2 are indistinguishable as shown in the following equation.

    Game 3:This game makes use of the Send and Hash queries.InG2, we know that eavesdropping onm1,m2,m3, andm4betweenΦi andΦj, would not result in hash collision as these messages are safeguarded by HECDLP and hash function.HECDLP protects the variablesb,Vs, Vi, andVjused withinZ, Us, UiandUjrespectively, while the hash function protects the variable S and the encryption algorithm protects the variablesC, and Auth.Moreover,G2andG3are indistinguishable except G3 solves HECDLP and performs the Hash and Send queries.The advantage of solving HECDLP byAis(pt), and, as per the birthday paradox, using such a hash oracle query has a probability.Overall, the following result is obtained.

    NowAdexecutes all queries and guessing the bitc, the following result is obtained

    From Eqs.(3) and (4), we obtain the following result.

    From Eqs.(6) and (7), we obtain the following result.

    Similarly, from Eqs.(5) and (8), we obtain the following result.

    Now multiplying Eq.(9) by “2” we obtain the following result.

    6.2 Formal Security Verification Using AVISPA

    We used AVISPA tool [38] to verify the proposed IIoT-CS scheme security towards known attacks.AVISPA gives the results by using the keywords SAFE, or UNSAFE, which denotes whether the protocol is secure or not secure against various attacks.We applied two backends of AVISPA simulation tool, namely:OFMC and CL-ATSe to verify the security of our scheme.The result show that the IIoT-CS scheme is secure against various attacks under the DY threat model as shown in Fig.3.

    6.3 Informal Security Analysis

    The following assumptions were taken into account for the informal security analysis.The secret values (b, Vs, Vi and Vj) are only known to the corresponding participating entity (KGC and IoT nodes) and the adversary has no knowledge about it.The encryption algorithm (ESK) is secure enough that an attacker cannot not decryptCand {Auth}.

    Figure 3:AVISPA simulation results for the proposed IIoT-CS scheme

    6.3.1 Confidentiality

    Confidentiality refers to the assurance that private information will be kept secret during transmission.In the start, theith-nodeandjth-nodeshare their public keys and identities in the form of plain text with each other because they are not required to be kept secret.Theith-node,then transmit the message {Ti, C, S, Z} to thejth-node.The time stampTiwhich discloses no information.The adversary cannot interpret the ciphertextCas it requires the secret session key SK which depends on the private random numberb.According to HECDLP, an adversary is unable to computebgivenZandD.Similarly,Adis unable to extract any knowledge from S because it depends on the private values (Viandb) ofith-node.The messages {Tj,Auth} sent by thejth-nodeto theith-nodealso reveals no information.Tjis the time stamp andAuthis a hash message in which an adversary cannot extract any information.As a result, the existing protocol successfully provides confidentiality features.

    6.3.2 Authentication

    To ensure secure communication between IoT nodes, they must authenticate each other at the start within each session and vice versa.

    ith-nodeauthentication:Thejth-nodecalculates the session key SK after obtaining the message{C, S, Z} fromith-node.Thejth-nodeverify the signatureS= Xi+(b+Vi).H(IDi||m||ni)of theith-nodeby using the equationS.D=β+ (Z+Ui)H(IDi||m||ni).If this equation hold then theith-nodeis successfully authenticated by thejth-node.Suppose an adversary imitates to be a legitimate node, in that scenario, it would need to generate a valid S.However,Sis based on the private values ofith-nodewhich are only known to theith-nodeso any adversary would not be able to produce the right value of S.

    jth-nodeauthentication:After receiving{Auth} from thejth-node, theith-nodecomputes{Auth′}.Theith-nodecheck ifAuth=Auth′, thenjth-nodeis successfully authenticated by theith-node.If an adversary pretends itself as a legitimate node, it must send the right message {Auth}.However,{Auth} is hashed message which is based on private key ofjth-node, making it difficult for an adversary to transmit the right message {Auth}.

    6.3.3 Non-Repudiation

    The value ofStransferred to thejth-nodeby theith-nodeis based on the private key ofithnode.Similarly, the message {Auth} sent by thejth-nodeto theith-nodeis based on the private key of thejth-node.If thejth-nodeverifiedith-nodesignature i.e., ifS.D=β+ (Z+Ui)H(IDi||m||ni)is hold, theith-nodewill not deny that it sent the message to thejth-node, and ifAuth=Auth′,thejth-nodewill not deny that it delivered the message to theith-node.

    6.3.4 Integrity

    The proposed scheme can verify that whether a cipher textCwas changed or not during the communication, by using the equationS.D=β+ (Z+Ui)H(IDi||m||ni).If an adversary modifiesC, then this equation will not hold, otherwise this equation will hold.Similarly, if an adversary modifies the message {Auth}, it can be quickly detected because it would not be the same as {Auth′}.In both cases, the authentication would not succeed, and the session would be terminated.Thus, integrity is ensured in the proposed scheme.

    6.3.5 Unforgeability

    In the proposed IIoT-CS scheme, ifAdtries to produce a legitimate signature, thenAdmust compute the equationS=Xi+(b+Vi).H(IDi||m||ni).For this,Adwould need the private key pair (Vi, Xi) of theith-node.To compute the private keys,Admust solve HECDP which is infeasible.Hence, the proposed IIoT-CS schemes provides security against unforgeability.

    6.3.6 Forward Secrecy

    In the proposed IIoT-CS scheme, the secret session key is renewed after every session completion process.The secret session key depends on the private valuesb,VjandXjof participating nodes, and it is infeasible for an adversary to find these private values due to HECDLP.Thus,the adversaryAdis not able to read and use the previous messages later.Hence, the proposed scheme ensures forward secrecy.

    6.3.7 Security from Replay Attack

    An adversary can obtain the previous messages {Wi, Yi}, {Wj, Yj}, {Ti, C, S, Z}, and {Tj,Auth} eavesdropping on the communication channel betweenith-nodeandjth-node.The adversary replays such messages to produce an invalid effect.In the proposed IIoT-CS scheme, the value of C depends on fresh nonce ni, the valueSdepends on the fresh private random numbers b andVi, the value ofZdepends on b, and the value ofAuthdepends on ni and private keyVj.This means that for every session the values ofC,S,Z, andAuthare updated.Therefore, the adversary in the next communication session is incapable to utilize the past messages.Thus, the proposed IIoT-CS scheme ensures security against replay attack.

    6.3.8 Security from Eavesdropping Attacks

    In the proposed IIoT-CS scheme, the messages are transmitted in plain text, hashed and cipher text format.The plain text messages contain no confidential information and provide no advantage to the adversary.Furthermore, all messages containing confidential information are always protected by using HECDLP, one-way hash function and encryption algorithm, rendering the retrieval of the confidential information computationally infeasible for an adversary.Therefore,the proposed IIoT-CS scheme prevents eavesdropping attacks.

    6.3.9 Security from Denial of Service(DoS)Attack

    In the proposed IIoT-CS scheme, the participating nodes first check the validity of the received timestamps.If the timestamps are not valid, then the messages are rejected.Furthermore,the information transmitted are complemented by an integrity checks in the form of signature and the encrypted message always contain the latest timestamp.Thus, the proposed scheme can identify incorrect messages and avoid DoS attacks by essentially terminating the session.

    6.3.10 Security Against Impersonation Attack

    In node impersonation attack, an adversary mimics the behavior of legitimate IoT nodes by eavesdropping on the communication channel.In the proposed IIoT-CS scheme, if theAdmimics the behavior of a valid sender node (ith-node).In doing so,Adproduces a message {Wa,Ya} and sends it to a valid receiver node (jth-node).Thejth-nodereplies the adversary with a message {Wj,Yj}.The adversaryA, when receiving {Wj, Yj}, generate the message {C′,S′,Z′} and send it to thejth-node.As the adversary is incapable to compute the private keys of a valid sender node,the message {C′,S′,Z′} transmitted by the adversary is incorrect.Thejth-node, upon obtaining this inaccurate message {C′,S′,Z′}, decryptC′to validate the signature, but sinceS′.D≠β+ (Z′+Ui).H(IDi||m||ni), thus the authentication fails.Furthermore, the adversaryAdis unable to mimics the behavior of the valid receiver (jth-node) because it is not feasible forAdto compute the private keyVjofjth-node, and thus is unable to correctly produce the message {Auth}, as a result the nodes finish the session.Thus, the proposed scheme ensures security against impersonation attack.

    6.3.11 Security from Man in the Middle(Mitm)Attack

    In MitM attack, an adversary attempts to modify the messages fromith-nodeto thejthnodeand vice versa.The adversary pretends itself as a valid participating entity and passes the updated messages to either node.The proposed scheme performs the mutual authentication using the messages {C,S,Z} and {Auth}.Adcan only spoof a valid participant if it can produce any of these messages correctly.However, according to HECDLP the retrieval of the private key is computationally not feasible.Thus, the proposed scheme can easily withstand MitM attacks.

    6.3.12 Security from Key Compromise Attack

    The private keyVjand secret valuebare used to obtain the secret session keySK, the adversary is incapable to get the private values due to HECDLP, as a result the adversary can’t generate the secret session key and hence, the proposed IIoT-CS scheme can ensure security against key compromise attack.

    7 Comparative Analysis

    This section presents the comparative analysis of computational cost, communication overhead and security features.

    7.1 Computational Cost

    The computational overhead depends on the execution time of different cryptographic operations involved in an authentication scheme.Garg et al.[23] show that the time required to execute elliptic curve scalar multiplication (ECSM) and hash-to-point (HtP) operations is 0.986 and 14.293 ms, respectively, using MIRACL [39].The execution time of Hyperelliptic Curve Divisor Multiplication (HECDM) is considered as 0.48 ms [40].The time consumption of cryptographic operations is very small compared to the time consumption of ECSM and HECDM and therefore can be ignored.In the proposed scheme, each sender node (ith-node) and the receiver node (jthnode) performs 3 HECDM operations.Therefore, the time consumed by the sender and receiver node together is 6 × 0.48 = 2.88 ms.The KGC performs 3 HECDM operations for at least 2 IoT nodes in the system to authenticate each other.Therefore, the time consumed by the KGC is 3× 0.48 = 1.44 ms.The total time consumed by the KGC and nodes to for mutual authentication is 2.88 ms + 1.44 ms = 4.32 ms.The comparison of the computational cost of IIoT-CS scheme with the existing schemes [15,23,41] is shown in Tab.2 and Fig.4a.It is clear from the results that IIoT-CS scheme is less expensive in computational cost as compared to the existing schemes.

    Figure 4:Comparative analysis of (a) computational cost and (b) communication overhead

    Table 2:Computational cost analysis

    7.2 Communication Overhead

    Communication overhead can be determined from the number of bits sent and received by the participating IoT nodes in the authentication phase.We assumed SHA-256 as our hash function, which generates 256-bits output and 128-bit AES as our encryption algorithm which generates 128-bits ciphertext.In the proposed IIoT-CS scheme, an IoT node is required to send two messages {Wi,Yi} and {Ti,C,S,Z} and receive two messages {Wj,Yj} and {Tj,Auth}.The communication overhead of an IoT node to send the message {Wi,Yi} and {Ti,C,S,Z} is 160+ 80 + 80 + 128 + 256 + 80 = 784 bits.Whereas the communication overhead of an IoT node to receive the messages{Wj,Yj} and {Tj,Auth} is 160 + 80 + 80 + 128 = 448 bits.The overall communication overhead of an IoT node is 784 + 448 = 1232 bits.The comparison of the communication overhead of IIoT-CS scheme with the existing schemes [15,23,41] is shown in Tab.3 and Fig.4b.It is clear from the results that IIoT-CS scheme incurs the lowest communication overhead as compared to the existing schemes.

    Table 3:Communication overhead analysis

    7.3 Comparison of Security Attributes

    We compare the proposed scheme’s security functionality with existing state-of-the-art [15,23,41].The proposed scheme offers mutual authentication, non-repudiation, unforgeability, forward secrecy, resist, replay, eavesdropping, DoS, impersonation, MitM, and key compromise attacks as shown in the Tab.4.It is obvious that the proposed IIoT-CS scheme is by far the most secure scheme amongst the existing protocols.

    Table 4:Comparison of the security features

    8 Conclusion

    In this study, we used HEC based CS scheme in the developing of an efficient and secure authentication mechanism for IIoT environment.The proposed scheme uses 80-bit HEC rather than 160-bit ECC for security and performance.We apply both formal and informal security analysis to evaluate the proposed scheme’s security.We performed the formal security analysis by using AVISPA tool and RoR model, which affirms the security of the proposed scheme.It has been shown in the analysis that the proposed scheme offers confidentiality, mutual authentication,integrity, and non-repudiation and is also robust to a range of security attacks such as replay,eavesdropping, impersonation, MitM, DoS, and key compromise attacks etc.Our proposed scheme is relatively less expensive compared to the current state-of-the-art.Our proposed scheme is 31.25% and 51.31% more efficient in computational cost and communication overhead, respectively, compared to the most recent protocol.Thus, our proposed scheme is a viable option for IoT devices with inadequate resources.

    9 Future Work

    We want to incorporate and evaluate the proposed IIoT-CS scheme in a real-world IIoT environment in the future.This will make more improvements to the proposed scheme and will encourage us to evaluate its security and efficiency more accurately.

    Funding Statement:This work is supported by the University of Malaya IIRG Grant (IIRG008A-19IISSN), Ministry of Education FRGS Grant (FP055-2019A).This work was also supported by Grant System of University of Zilina No.1/2020.(Project No.7962) and partially supported by the Slovak Grant Agency for Science (VEGA) under Grant Number 1/0157/21.The authors are grateful to the Taif University Researchers Supporting Project (Number TURSP-2020/36), Taif University, Taif, Saudi Arabia.

    Conflicts of Interest:The authors declare that they have no conflicts of interest to report regarding the present study.

    国产在线视频一区二区| 欧美日韩国产mv在线观看视频| 视频在线观看一区二区三区| 大码成人一级视频| 一本大道久久a久久精品| 99久久人妻综合| 在线天堂中文资源库| 久久久久久久久久久久大奶| 国产国拍精品亚洲av在线观看| 日韩欧美精品免费久久| 18禁观看日本| 久久毛片免费看一区二区三区| 精品人妻熟女毛片av久久网站| 丝袜脚勾引网站| 天美传媒精品一区二区| av又黄又爽大尺度在线免费看| 91精品伊人久久大香线蕉| 婷婷色av中文字幕| 99re6热这里在线精品视频| 一级片免费观看大全| 国产精品人妻久久久影院| 日本av手机在线免费观看| 国产精品欧美亚洲77777| 亚洲精品自拍成人| 色5月婷婷丁香| 在线观看免费视频网站a站| 免费黄频网站在线观看国产| 在线观看一区二区三区激情| 久久99热6这里只有精品| 精品一区在线观看国产| 在线精品无人区一区二区三| 波多野结衣一区麻豆| 久久午夜综合久久蜜桃| 国产亚洲一区二区精品| 亚洲国产毛片av蜜桃av| 午夜影院在线不卡| 黄网站色视频无遮挡免费观看| 9色porny在线观看| 自拍欧美九色日韩亚洲蝌蚪91| 国产一区亚洲一区在线观看| 婷婷色综合www| 十八禁高潮呻吟视频| 久久久国产精品麻豆| 哪个播放器可以免费观看大片| 免费大片18禁| 久久久久久久国产电影| 欧美日韩综合久久久久久| 欧美日韩视频精品一区| 亚洲国产精品专区欧美| 亚洲av国产av综合av卡| 亚洲av欧美aⅴ国产| 国产福利在线免费观看视频| 女人久久www免费人成看片| 99re6热这里在线精品视频| 国产精品不卡视频一区二区| 欧美日韩成人在线一区二区| 精品少妇久久久久久888优播| 久久久精品区二区三区| 国产白丝娇喘喷水9色精品| av免费观看日本| 免费观看性生交大片5| 免费看av在线观看网站| www.av在线官网国产| 欧美bdsm另类| 亚洲国产最新在线播放| 成人综合一区亚洲| 成人毛片60女人毛片免费| 国产男女内射视频| 99热这里只有是精品在线观看| 久久av网站| a级毛片在线看网站| 日本与韩国留学比较| 国产熟女欧美一区二区| 看十八女毛片水多多多| 亚洲精品久久成人aⅴ小说| 免费人成在线观看视频色| 久久久精品免费免费高清| 深夜精品福利| 国产精品偷伦视频观看了| 欧美性感艳星| 乱人伦中国视频| 成人免费观看视频高清| 一本色道久久久久久精品综合| 亚洲综合精品二区| 久久久精品免费免费高清| 国产黄色免费在线视频| xxxhd国产人妻xxx| 精品99又大又爽又粗少妇毛片| 精品酒店卫生间| 成人手机av| 汤姆久久久久久久影院中文字幕| 成人亚洲精品一区在线观看| 久久鲁丝午夜福利片| 全区人妻精品视频| 777米奇影视久久| 水蜜桃什么品种好| 在线天堂中文资源库| 日韩不卡一区二区三区视频在线| 2021少妇久久久久久久久久久| 亚洲欧美色中文字幕在线| 国产男女超爽视频在线观看| 一级片免费观看大全| 肉色欧美久久久久久久蜜桃| 熟女电影av网| 国产黄色免费在线视频| 国产熟女欧美一区二区| 这个男人来自地球电影免费观看 | 久久久久久久精品精品| 亚洲欧美成人精品一区二区| a级片在线免费高清观看视频| 九草在线视频观看| 18在线观看网站| 搡女人真爽免费视频火全软件| 各种免费的搞黄视频| 日韩精品免费视频一区二区三区 | 韩国精品一区二区三区 | 日本av免费视频播放| 男女下面插进去视频免费观看 | 18禁观看日本| 性高湖久久久久久久久免费观看| 精品久久蜜臀av无| 最后的刺客免费高清国语| 亚洲欧美一区二区三区国产| 午夜激情av网站| 国产精品一区www在线观看| 久久久久精品性色| 亚洲精品456在线播放app| 日韩电影二区| 国产 一区精品| 91精品国产国语对白视频| 日日啪夜夜爽| 亚洲精品视频女| 天美传媒精品一区二区| 精品亚洲成国产av| freevideosex欧美| 最近中文字幕高清免费大全6| 黄网站色视频无遮挡免费观看| 国产爽快片一区二区三区| 午夜精品国产一区二区电影| 韩国精品一区二区三区 | 亚洲精品久久久久久婷婷小说| 夫妻午夜视频| 内地一区二区视频在线| 91午夜精品亚洲一区二区三区| 校园人妻丝袜中文字幕| 国产淫语在线视频| 国产精品无大码| 大片免费播放器 马上看| 黄网站色视频无遮挡免费观看| 国产亚洲一区二区精品| 美女中出高潮动态图| 免费高清在线观看日韩| 成年人免费黄色播放视频| 国产女主播在线喷水免费视频网站| 日韩av在线免费看完整版不卡| 少妇被粗大猛烈的视频| 日韩精品有码人妻一区| 国产精品久久久久久av不卡| 午夜免费观看性视频| 哪个播放器可以免费观看大片| 一级毛片我不卡| 80岁老熟妇乱子伦牲交| 亚洲天堂av无毛| av电影中文网址| 夜夜爽夜夜爽视频| 如日韩欧美国产精品一区二区三区| 亚洲色图综合在线观看| 国产精品蜜桃在线观看| 新久久久久国产一级毛片| av女优亚洲男人天堂| 香蕉精品网在线| 久久女婷五月综合色啪小说| 国产视频首页在线观看| 久久久久久人妻| 午夜福利网站1000一区二区三区| 美女福利国产在线| 日韩在线高清观看一区二区三区| 一本—道久久a久久精品蜜桃钙片| 曰老女人黄片| 国产精品一区二区在线观看99| 亚洲精品中文字幕在线视频| 国产又爽黄色视频| 亚洲国产最新在线播放| 黄网站色视频无遮挡免费观看| 性色av一级| 国产毛片在线视频| 久久精品久久久久久噜噜老黄| 久久热在线av| 欧美3d第一页| kizo精华| 91国产中文字幕| 国产成人av激情在线播放| 麻豆精品久久久久久蜜桃| 久久久精品免费免费高清| 制服丝袜香蕉在线| 亚洲美女视频黄频| 亚洲欧美日韩卡通动漫| 国产成人欧美| 亚洲精品美女久久av网站| 日本与韩国留学比较| 成人影院久久| 下体分泌物呈黄色| 乱码一卡2卡4卡精品| av有码第一页| 69精品国产乱码久久久| 欧美少妇被猛烈插入视频| 女性被躁到高潮视频| 久久精品国产鲁丝片午夜精品| 日韩熟女老妇一区二区性免费视频| 黄片无遮挡物在线观看| av一本久久久久| 日本欧美国产在线视频| 新久久久久国产一级毛片| 色94色欧美一区二区| 成人黄色视频免费在线看| 亚洲欧洲精品一区二区精品久久久 | 看免费成人av毛片| 香蕉丝袜av| 少妇人妻久久综合中文| 一区二区三区四区激情视频| a级毛色黄片| 亚洲欧美成人精品一区二区| 纵有疾风起免费观看全集完整版| 久久人人爽人人爽人人片va| av不卡在线播放| 国产在线一区二区三区精| 黄色一级大片看看| 2022亚洲国产成人精品| 五月玫瑰六月丁香| 国产在视频线精品| 丰满饥渴人妻一区二区三| 午夜视频国产福利| 国产男女超爽视频在线观看| 成人国产麻豆网| 免费观看在线日韩| 日韩制服骚丝袜av| 伦理电影免费视频| 午夜福利影视在线免费观看| 久久久精品区二区三区| 一区二区日韩欧美中文字幕 | 国产精品人妻久久久影院| 午夜91福利影院| 成年av动漫网址| 97超碰精品成人国产| 亚洲国产精品一区二区三区在线| 自拍欧美九色日韩亚洲蝌蚪91| 中文乱码字字幕精品一区二区三区| 久久国产精品男人的天堂亚洲 | 国产免费一区二区三区四区乱码| 久久久久久久国产电影| 精品人妻在线不人妻| 香蕉丝袜av| 日韩制服骚丝袜av| 国产免费视频播放在线视频| 免费看av在线观看网站| 国产成人一区二区在线| 日产精品乱码卡一卡2卡三| 国产精品三级大全| 老司机亚洲免费影院| 国产精品麻豆人妻色哟哟久久| 亚洲国产日韩一区二区| 91国产中文字幕| 中文字幕最新亚洲高清| 亚洲欧美中文字幕日韩二区| 97在线人人人人妻| 国产高清不卡午夜福利| 最新中文字幕久久久久| 午夜福利视频精品| 国产亚洲一区二区精品| 久久狼人影院| 亚洲第一区二区三区不卡| 日本vs欧美在线观看视频| 91精品国产国语对白视频| 国产精品蜜桃在线观看| 99国产精品免费福利视频| 哪个播放器可以免费观看大片| 亚洲av电影在线观看一区二区三区| 亚洲av综合色区一区| www.av在线官网国产| 成人黄色视频免费在线看| 日韩成人av中文字幕在线观看| 国产亚洲一区二区精品| 色5月婷婷丁香| 亚洲熟女精品中文字幕| 青春草亚洲视频在线观看| 人妻少妇偷人精品九色| 乱码一卡2卡4卡精品| 久久国产精品大桥未久av| 国产极品粉嫩免费观看在线| av国产精品久久久久影院| 晚上一个人看的免费电影| 精品国产一区二区三区四区第35| 一区二区三区精品91| 人妻人人澡人人爽人人| 久久亚洲国产成人精品v| 日韩不卡一区二区三区视频在线| 国产 精品1| 少妇的逼水好多| 免费在线观看黄色视频的| 大香蕉97超碰在线| 99国产精品免费福利视频| 国产欧美另类精品又又久久亚洲欧美| 久久久精品区二区三区| 99视频精品全部免费 在线| 国产片内射在线| 精品人妻一区二区三区麻豆| 男女啪啪激烈高潮av片| 午夜福利视频精品| 久热这里只有精品99| 看非洲黑人一级黄片| 国产成人av激情在线播放| 超碰97精品在线观看| 久热这里只有精品99| 日本与韩国留学比较| 久久久久人妻精品一区果冻| 另类精品久久| av有码第一页| 极品人妻少妇av视频| 日韩免费高清中文字幕av| 巨乳人妻的诱惑在线观看| 亚洲欧美精品自产自拍| 国产国拍精品亚洲av在线观看| 一二三四在线观看免费中文在 | 精品福利永久在线观看| 2018国产大陆天天弄谢| 熟女人妻精品中文字幕| 国产av一区二区精品久久| 只有这里有精品99| 免费观看无遮挡的男女| 国产日韩欧美亚洲二区| 在线看a的网站| 免费av中文字幕在线| 国产精品一二三区在线看| 免费大片黄手机在线观看| av片东京热男人的天堂| 最后的刺客免费高清国语| 亚洲精品久久成人aⅴ小说| 视频在线观看一区二区三区| 国产综合精华液| 天天躁夜夜躁狠狠躁躁| 人体艺术视频欧美日本| 亚洲一级一片aⅴ在线观看| 韩国av在线不卡| 色5月婷婷丁香| 国产精品无大码| 美女福利国产在线| 久久人人97超碰香蕉20202| 免费在线观看完整版高清| 91aial.com中文字幕在线观看| 一级毛片我不卡| 久久久欧美国产精品| 最黄视频免费看| 一二三四中文在线观看免费高清| 日韩制服丝袜自拍偷拍| 边亲边吃奶的免费视频| 校园人妻丝袜中文字幕| av在线老鸭窝| 天天躁夜夜躁狠狠久久av| 国精品久久久久久国模美| 国产亚洲av片在线观看秒播厂| 母亲3免费完整高清在线观看 | 日韩伦理黄色片| 国产在视频线精品| 欧美97在线视频| 男女边摸边吃奶| 久久99热这里只频精品6学生| 国产乱人偷精品视频| 成年美女黄网站色视频大全免费| 免费av中文字幕在线| 丝袜在线中文字幕| 熟女电影av网| 九色成人免费人妻av| 另类精品久久| 成人亚洲精品一区在线观看| 亚洲精品乱久久久久久| 丰满少妇做爰视频| 成年女人在线观看亚洲视频| 亚洲美女黄色视频免费看| 久久精品国产综合久久久 | 自拍欧美九色日韩亚洲蝌蚪91| 麻豆乱淫一区二区| 不卡视频在线观看欧美| 色婷婷av一区二区三区视频| 免费黄色在线免费观看| 国产白丝娇喘喷水9色精品| 精品午夜福利在线看| 国产精品一区二区在线不卡| 国产老妇伦熟女老妇高清| av视频免费观看在线观看| 午夜av观看不卡| 一级毛片我不卡| 天天影视国产精品| 国产极品天堂在线| 欧美少妇被猛烈插入视频| 热re99久久精品国产66热6| 欧美日本中文国产一区发布| 亚洲国产av影院在线观看| 成人无遮挡网站| 精品国产一区二区三区四区第35| 只有这里有精品99| 日本爱情动作片www.在线观看| 欧美成人午夜免费资源| 亚洲,欧美,日韩| 国产成人91sexporn| 熟女人妻精品中文字幕| 岛国毛片在线播放| 最近最新中文字幕免费大全7| 欧美xxxx性猛交bbbb| 黄色一级大片看看| 一边亲一边摸免费视频| 人妻少妇偷人精品九色| 日本黄色日本黄色录像| 国产精品国产三级国产av玫瑰| 久久精品久久久久久久性| 色94色欧美一区二区| 精品久久国产蜜桃| 午夜精品国产一区二区电影| 日本-黄色视频高清免费观看| 欧美精品av麻豆av| 性色av一级| 国产免费福利视频在线观看| 一区二区三区四区激情视频| 久久精品国产a三级三级三级| 纵有疾风起免费观看全集完整版| 看免费av毛片| 国产免费又黄又爽又色| 日本与韩国留学比较| 成人无遮挡网站| 天天影视国产精品| 亚洲美女黄色视频免费看| 在现免费观看毛片| 又黄又爽又刺激的免费视频.| 亚洲精品aⅴ在线观看| 亚洲精品久久午夜乱码| 亚洲欧美色中文字幕在线| 欧美精品一区二区免费开放| 欧美 亚洲 国产 日韩一| 久久亚洲国产成人精品v| 日韩大片免费观看网站| 香蕉精品网在线| 男的添女的下面高潮视频| 男男h啪啪无遮挡| 80岁老熟妇乱子伦牲交| 99久久中文字幕三级久久日本| 欧美成人午夜精品| 欧美日韩综合久久久久久| 少妇的逼好多水| 中文字幕亚洲精品专区| 精品福利永久在线观看| 卡戴珊不雅视频在线播放| 免费看不卡的av| av片东京热男人的天堂| 少妇人妻精品综合一区二区| 国产精品久久久久久久电影| 人人妻人人添人人爽欧美一区卜| 大片免费播放器 马上看| 三级国产精品片| 免费av不卡在线播放| 欧美精品av麻豆av| 久久久a久久爽久久v久久| 婷婷色综合大香蕉| 9热在线视频观看99| 国产熟女欧美一区二区| 色哟哟·www| 免费黄网站久久成人精品| 最新的欧美精品一区二区| 久久国产亚洲av麻豆专区| 少妇被粗大的猛进出69影院 | 中文字幕最新亚洲高清| 自线自在国产av| 波多野结衣一区麻豆| 黄网站色视频无遮挡免费观看| 国产一区二区激情短视频 | 国产又爽黄色视频| 久久久久久久久久久久大奶| 免费观看无遮挡的男女| 国产精品久久久av美女十八| 男人操女人黄网站| 成年人午夜在线观看视频| 成人免费观看视频高清| 亚洲精品乱久久久久久| 香蕉精品网在线| 交换朋友夫妻互换小说| 免费观看性生交大片5| 精品一品国产午夜福利视频| 又大又黄又爽视频免费| 国产精品嫩草影院av在线观看| 亚洲中文av在线| 久久久久人妻精品一区果冻| 国产日韩欧美亚洲二区| 国产精品成人在线| 亚洲精品国产av成人精品| 久久精品国产亚洲av涩爱| 免费av中文字幕在线| 精品99又大又爽又粗少妇毛片| 国产黄色免费在线视频| 99久久精品国产国产毛片| 国产午夜精品一二区理论片| av又黄又爽大尺度在线免费看| 中文字幕免费在线视频6| 国产女主播在线喷水免费视频网站| 热re99久久国产66热| 久久毛片免费看一区二区三区| 最近最新中文字幕免费大全7| 蜜桃国产av成人99| 国产永久视频网站| 国产成人a∨麻豆精品| 18禁国产床啪视频网站| 亚洲欧洲国产日韩| 亚洲五月色婷婷综合| 精品福利永久在线观看| 美女内射精品一级片tv| kizo精华| 国产国拍精品亚洲av在线观看| 男人舔女人的私密视频| 在线观看免费日韩欧美大片| a级毛片黄视频| 亚洲人成77777在线视频| 欧美国产精品一级二级三级| 亚洲伊人色综图| 亚洲欧美成人综合另类久久久| 性色av一级| 亚洲精品自拍成人| 精品一区二区三区视频在线| 免费高清在线观看日韩| 久久99热这里只频精品6学生| 亚洲欧美成人精品一区二区| 高清av免费在线| tube8黄色片| 亚洲国产av新网站| 99热这里只有是精品在线观看| 日本黄大片高清| 91在线精品国自产拍蜜月| 午夜视频国产福利| 精品久久蜜臀av无| 97在线人人人人妻| 日韩中字成人| 少妇人妻精品综合一区二区| 午夜福利网站1000一区二区三区| 好男人视频免费观看在线| 免费看光身美女| xxxhd国产人妻xxx| 亚洲精品一二三| 国产激情久久老熟女| 日韩视频在线欧美| 国产亚洲欧美精品永久| 日本欧美视频一区| 精品久久蜜臀av无| 国产高清三级在线| 国产一区二区在线观看av| 久久久久久久国产电影| 如日韩欧美国产精品一区二区三区| 秋霞在线观看毛片| 精品福利永久在线观看| 大香蕉97超碰在线| 中文字幕人妻丝袜制服| 国产免费一区二区三区四区乱码| 国产一区二区激情短视频 | 九九在线视频观看精品| 少妇猛男粗大的猛烈进出视频| 捣出白浆h1v1| 青青草视频在线视频观看| 18禁国产床啪视频网站| 丰满迷人的少妇在线观看| 国产伦理片在线播放av一区| 黑人欧美特级aaaaaa片| 国产在线视频一区二区| 国产av国产精品国产| 国产一区二区三区综合在线观看 | 日韩成人伦理影院| av一本久久久久| 国产午夜精品一二区理论片| 在线观看免费视频网站a站| 亚洲av福利一区| 亚洲国产毛片av蜜桃av| 免费不卡的大黄色大毛片视频在线观看| 乱码一卡2卡4卡精品| 一级毛片 在线播放| 国产一区有黄有色的免费视频| 一级毛片 在线播放| 亚洲图色成人| 亚洲欧洲国产日韩| 精品亚洲乱码少妇综合久久| 国产一区二区在线观看av| 国产高清三级在线| 黑人高潮一二区| 一个人免费看片子| 精品久久蜜臀av无| 美女中出高潮动态图| 有码 亚洲区| a级片在线免费高清观看视频| 久久热在线av| 亚洲精品美女久久久久99蜜臀 | 丝袜美足系列| 你懂的网址亚洲精品在线观看| 免费日韩欧美在线观看| 交换朋友夫妻互换小说| 少妇 在线观看| 免费高清在线观看视频在线观看| a级毛片黄视频| 一级,二级,三级黄色视频| 国产日韩欧美视频二区| 91aial.com中文字幕在线观看| 国产精品久久久久久久久免| 亚洲欧美成人综合另类久久久| 十八禁高潮呻吟视频| 十分钟在线观看高清视频www| av在线老鸭窝| 有码 亚洲区| 欧美激情 高清一区二区三区| 观看美女的网站| 国产免费现黄频在线看| 9191精品国产免费久久| 肉色欧美久久久久久久蜜桃| 久久久久网色|