Received: 1 November 2019 Revised: 11 March 2020 Accepted: 12 March 2020 DOI: 10.1002/spe.2832 SPECIAL ISSUE PAPER A community-based hierarchical user authentication scheme for Industry 4.0 Akash Sinha 1 Gulshan Shrivastava 1 Prabhat Kumar 1 Deepak Gupta 2 1 Computer Science and Engineering, National Institute of Technology Patna, India 2 Computer Science and Engineering, MAIT, Delhi, India Correspondence Gulshan Shrivastava, Computer Science and Engineering, National Institute of Technology Patna, India. Email: gulshanstv@gmail.com Summary The vision of Industry 4.0 is characterized by the amalgamation of cyber-physical systems and industrial Internet of Things. Such a complex ecosys- tem urges for the requirement of novel security protocol and mechanisms for access control so as to allow the smart devices to authorize external entities and granting them access rights without depending on centralized authentication entities. The work proposed in this article aims to utilize a community-based hierarchical approach to define the procedure for obtaining access rights in the Industry 4.0 ecosystem. The proposed scheme considers a hierarchy of authoriz- ing devices that work in collaboration for providing access control of the smart end devices to the users. The adoption of hierarchical structure ensures that the access rights are eventually given to only those users that have passed multi- ple levels of successful authorization. The proposed scheme also combats any infringement of users identity since the authorizing entities involved in the pro- posed system work in close collaboration for user authentication. The proposed user authentication scheme has been validated using burrows-abadi-needham (BAN)-logic and is proved to be secure against a variety of security attacks. KEYWORDS Industrial Internet of Things, Industry 4.0, multilevel distributed systems, security, social network of things, user authentication 1 INTRODUCTION The rapid advancement of technology has paved the way for the development of promising solutions to address the industrial requirements. Industry 4.0 denotes the fourth industrial revolution that aims at digitization, automation, and addition of intelligence to the manufacturing process. The vision of Industry 4.0 can be realized as the amalgamation of Internet of Things, Internet of Systems, and cyber-physical systems. The true power of Industry 4.0 is vested in the interconnection of the industrial machines allowing them to create, share, and analyze data with an aim of embedding intelligence into the legacy manufacturing process. 1-4 This Industry 4.0 is also known as Industrial Internet of Things (IIoT) and has recently became a significant topic of research because of the challenges and opportunities associated with this domain. 5-7 IIoT can be considered as an interconnected network of smart devices that can collect, exchange, moni- tor, and analyze data. Each industrial IoT ecosystem consists of: Intelligent assets that can sense, communicate, and store information about themselves, public, and/or private data communications infrastructure. These assets or devices usu- ally reside within the industrial plants or offices and it is required that they are controlled or accessed by the authorized personnel only. One of the crucial challenges for such an ecosystem is that where should the access control policies for Softw: Pract Exper. 2020;1–15. wileyonlinelibrary.com/journal/spe © 2020 John Wiley & Sons, Ltd. 1