Consensus-based mutual authentication scheme for Industrial IoT

Authentication of new joining nodes in IoT networks is a critical element for maintaining its security. It ensures the legitimacy of the network to the joining node, and the authorization of this new node to the network coordinator. Most of the mutual authentication schemes in IoT rely on a pre-shared key (PSK) between the network coordinator and the joining node. The process of sharing this PSK is however usually not defined in the standards. Moreover, in large scale and dynamic networks, like Industrial IoT (IIoT), configuring each device with a distinct key before the joining phase is impractical. To address these challenges, we propose in this paper an autonomous mutual authentication and key establishment protocol for IIoT. In our solution, the network coordinator authenticates first the new joining node using its certificate. Second, the network coordinator is authenticated by the joining node through a novel and lightweight consensus. This is based on Shamir Secret Sharing and achieved among multiple nodes already part of the network. Once this mutual authentication is accomplished, a key is established between the network coordinator and the joining node over a public channel. We integrated our solution with the joining phase of 6TiSCH framework to evaluate its performance on a real industrial protocol. In term of security, the evaluation results proved the robustness of our solution with a high success rate of authentication, even when up to one third of the nodes in the network are malicious. Furthermore, the evaluation results proved its efficiency in term of communication, latency and energy consumption, even when implemented on constrained devices and across various network topologies.