Zero-Touch Mutual Authentication Scheme for 6TiSCH Industrial IoT Networks

Industrial IoT (IIoT) networks must provide reliability, determinism and security. In terms of security, ensuring an efficient authentication is still a challenging task. Most of the authentication approaches adopted in IIoT wireless communication protocols rely on the existence of a pre-shared key (PSK) between each joining node and the central authority of the network. How to share the PSK is however not specified in their standards. In this paper, we propose a new zero-touch mutual authentication and key establishment protocol for IIoT. In our protocol, the network coordinator authenticates a new joining node using certificates. Then, the joining node authenticates the network coordinator through a novel consensus achieved among nodes that are already in the network. Our novel consensus is based on Shamir secret sharing, and allows each new node to build its trust based on the knowledge of a group of nodes that are already in the network. Finally, our protocol allows to securely establish a common key between new joining nodes and the network coordinator over a public channel. In addition to the theoretical aspects, we evaluate the performance of our protocol under two attack scenarios where 33% of the nodes in the network are malicious. We show in all cases that we efficiently ensure authentication with high success probabilities, by establishing a consensus including a limited number of nodes in the network.