Consensus-based mutual authentication scheme for Industrial IoT

6TiSCH; Authentication; Consensus; Industrial IoT; IoT; Key establishment; Security; Authentication scheme; Evaluation results; IIoT; Industrial IIoT; Key establishments; Mutual authentication; Network coordinators; Software; Hardware and Architecture; Computer Networks and Communications

Abstract :

[en] Authentication of new joining nodes in IoT networks is a critical element for maintaining its security. It ensures the legitimacy of the network to the joining node, and the authorization of this new node to the network coordinator. Most of the mutual authentication schemes in IoT rely on a pre-shared key (PSK) between the network coordinator and the joining node. The process of sharing this PSK is however usually not defined in the standards. Moreover, in large scale and dynamic networks, like Industrial IoT (IIoT), configuring each device with a distinct key before the joining phase is impractical. To address these challenges, we propose in this paper an autonomous mutual authentication and key establishment protocol for IIoT. In our solution, the network coordinator authenticates first the new joining node using its certificate. Second, the network coordinator is authenticated by the joining node through a novel and lightweight consensus. This is based on Shamir Secret Sharing and achieved among multiple nodes already part of the network. Once this mutual authentication is accomplished, a key is established between the network coordinator and the joining node over a public channel. We integrated our solution with the joining phase of 6TiSCH framework to evaluate its performance on a real industrial protocol. In term of security, the evaluation results proved the robustness of our solution with a high success rate of authentication, even when up to one third of the nodes in the network are malicious. Furthermore, the evaluation results proved its efficiency in term of communication, latency and energy consumption, even when implemented on constrained devices and across various network topologies.

Disciplines :

Computer science

Author, co-author :

Haj-Hassan, Ali; Computer Science Department, University of Mons, Belgium ; Univ. Polytechnique Hauts-de-France, LAMIH, CNRS, UMR 8201, INSA Hauts-de-France, France

Imine, Youcef; Univ. Polytechnique Hauts-de-France, LAMIH, CNRS, UMR 8201, INSA Hauts-de-France, France

Gallais, Antoine; Univ. Polytechnique Hauts-de-France, LAMIH, CNRS, UMR 8201, INSA Hauts-de-France, France

Quoitin, Bruno ; Université de Mons - UMONS > Faculté des Science > Service des Réseaux et Télécommunications

Language :

English

Title :

Consensus-based mutual authentication scheme for Industrial IoT

Publication date :

25 June 2023

Journal title :

Ad Hoc Networks

ISSN :

1570-8705

eISSN :

1570-8713

Publisher :

Elsevier B.V.

Volume :

145

Peer reviewed :

Peer Reviewed verified by ORBi

Research unit :

S802 - Réseaux et Télécommunications

Research institute :

Infortech

Available on ORBi UMONS :

since 12 January 2024

Statistics

Number of views

78 (0 by UMONS)

Number of downloads

0 (0 by UMONS)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

Bibliography

Chreim, B., Esseghir, M., Merghem-Boulahia, L., LOSISH–LOad Scheduling In Smart Homes based on demand response: Application to smart grids. Appl. Energy, 323, 2022, 119606.
Laghari, A.A., Wu, K., Laghari, R.A., Ali, M., Khan, A.A., A review and state of art of Internet of Things (IoT). Arch. Comput. Methods Eng., 2021, 1–19.
Nazir, R., Laghari, A.A., Kumar, K., David, S., Ali, M., Survey on wireless network security. Arch. Comput. Methods Eng., 2021, 1–20.
El-Hajj, M., Fadlallah, A., Chamoun, M., Serhrouchni, A., A survey of Internet of Things (IoT) authentication schemes. Sensors, 19(5), 2019, 1141.
Yang, Y., Wu, L., Yin, G., Li, L., Zhao, H., A survey on security and privacy issues in Internet-of-Things. IEEE Internet Things J. 4:5 (2017), 1250–1258.
Hussain, S., Ullah, S.S., Ali, I., Xie, J., Inukollu, V.N., Certificateless signature schemes in Industrial Internet of Things: A comparative survey. Comput. Commun. 181 (2022), 116–131.
Al-Naji, F.H., Zagrouba, R., A survey on continuous authentication methods in Internet of Things environment. Comput. Commun. 163 (2020), 109–133.
Mamdouh, M., Awad, A.I., Khalaf, A.A., Hamed, H.F., Authentication and identity management of IoHT devices: Achievements, challenges, and future directions. Comput. Secur., 111, 2021, 102491.
Khadidos, A.O., Shitharth, S., Manoharan, H., Yafoz, A., Khadidos, A.O., Alyoubi, K.H., An intelligent security framework based on collaborative mutual authentication model for smart city networks. IEEE Access 10 (2022), 85289–85304.
Chennam, K.K., Aluvalu, R., Shitharth, S., An authentication model with high security for cloud database. Architectural Wireless Networks Solutions and Security Issues, 2021, Springer, 13–25.
Haj-Hassan, A., Imine, Y., Gallais, A., Quoitin, B., Zero-touch mutual authentication scheme for 6TiSCH industrial IoT networks. 2022 International Wireless Communications and Mobile Computing, IWCMC, 2022, IEEE, 354–359.
Vilajosana, X., Watteyne, T., Chang, T., Vučinić, M., Duquennoy, S., Thubert, P., IETF 6TiSCH: A tutorial. IEEE Commun. Surv. Tutor. 22:1 (2019), 595–615.
Righetti, F., Vallati, C., Tiloca, M., Anastasi, G., Vulnerabilities of the 6P protocol for the Industrial Internet of Things: Impact analysis and mitigation. Comput. Commun. 194 (2022), 411–432.
Jan, M.A., Nanda, P., He, X., Tan, Z., Liu, R.P., A robust authentication scheme for observing resources in the Internet of Things environment. 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, 2014, IEEE, 205–211.
Vučinić, M., Simon, J., Pister, K., Richardson, M., Constrained join protocol (CoJP) for 6TiSCH. 2021 RFC 9031.
Shah, T., Venkatesan, S., Authentication of IoT device and IoT server using secure vaults. 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE, 2018, IEEE, 819–824.
Sanchez-Iborra, R., Sánchez-Gómez, J., Pérez, S., Fernández, P.J., Santa, J., Hernández-Ramos, J.L., Skarmeta, A.F., Enhancing lorawan security through a lightweight and authenticated key management approach. Sensors, 18(6), 2018, 1833.
Hussen, H.R., Tizazu, G.A., Ting, M., Lee, T., Choi, Y., Kim, K.-H., SAKES: Secure authentication and key establishment scheme for M2M communication in the IP-based wireless sensor network (6L0WPAN). 2013 Fifth International Conference on Ubiquitous and Future Networks, ICUFN, 2013, IEEE, 246–251.
Esfahani, A., Mantas, G., Matischek, R., Saghezchi, F.B., Rodriguez, J., Bicaku, A., Maksuti, S., Tauber, M.G., Schmittner, C., Bastos, J., A lightweight authentication mechanism for M2M communications in industrial IoT environment. IEEE Internet Things J. 6:1 (2017), 288–296.
Alshahrani, M., Traore, I., Woungang, I., Anonymous mutual IoT interdevice authentication and key agreement scheme based on the ZigBee technique. Internet Things, 7, 2019, 100061.
Cui, J., Cheng, F., Zhong, H., Zhang, Q., Gu, C., Liu, L., Multi-factor based session secret key agreement for the Industrial Internet of Things. Ad Hoc Netw., 138, 2023, 102997.
Ming, Y., Yang, P., Mahdikhani, H., Lu, R., A secure one-to-many authentication and key agreement scheme for industrial IoT. IEEE Syst. J., 2022.
Porambage, P., Schmitt, C., Kumar, P., Gurtov, A., Ylianttila, M., Two-phase authentication protocol for wireless sensor networks in distributed IoT applications. 2014 IEEE Wireless Communications and Networking Conference, WCNC, 2014, Ieee, 2728–2733.
Bejder, E., Mathiasen, A.K., De Donno, M., Dragoni, N., Fafoutis, X., SHAKE: Shared acceleration key establishment for resource-constrained IoT devices. 2020 IEEE 6th World Forum on Internet of Things, WF-IoT, 2020, IEEE, 1–6.
Li, Z., Pei, Q., Markwood, I., Liu, Y., Zhu, H., Secret key establishment via RSS trajectory matching between wearable devices. IEEE Trans. Inf. Forensics Secur. 13:3 (2017), 802–817.
Arno, A., Toyoda, K., Sasase, I., Accelerometer assisted authentication scheme for smart bicycle lock. 2015 IEEE 2nd World Forum on Internet of Things, WF-IoT, 2015, IEEE, 520–523.
Melki, R., Noura, H.N., Chehab, A., Lightweight multi-factor mutual authentication protocol for IoT devices. Int. J. Inf. Secur. 19:6 (2020), 679–694.
Tian, C., Jiang, Q., Li, T., Zhang, J., Xi, N., Ma, J., Reliable PUF-based mutual authentication protocol for UAVs towards multi-domain environment. Comput. Netw., 218, 2022, 109421.
Zheng, Y., Liu, W., Gu, C., Chang, C.-H., PUF-based mutual authentication and key exchange protocol for peer-to-peer IoT applications. IEEE Trans. Dependable Secure Comput., 2022.
Barbareschi, M., De Benedictis, A., La Montagna, E., Mazzeo, A., Mazzocca, N., A PUF-based mutual authentication scheme for cloud-edges IoT systems. Future Gener. Comput. Syst. 101 (2019), 246–261.
Shamsoshoara, A., Korenda, A., Afghah, F., Zeadally, S., A survey on physical unclonable function (PUF)-based security solutions for Internet of Things. Comput. Netw., 183, 2020, 107593.
Mall, P., Amin, R., Das, A.K., Leung, M.T., Choo, K.-K.R., PUF-based authentication and key agreement protocols for IoT, WSNs and smart grids: a comprehensive survey. IEEE Internet Things J., 2022.
Chen, C.-M., Liu, S., Improved secure and lightweight authentication scheme for next-generation IOT infrastructure. Secur. Commun. Netw. 2021 (2021), 1–13.
Shafiq, A., Ayub, M.F., Mahmood, K., Sadiq, M., Kumari, S., Chen, C.-M., An identity-based anonymous three-party authenticated protocol for IoT infrastructure. J. Sensors 2020 (2020), 1–17.
Vogli, E., Ribezzo, G., Grieco, L.A., Boggia, G., Fast network joining algorithms in industrial IEEE 802.15. 4 deployments. Ad Hoc Netw. 69 (2018), 65–75.
Almusaylim, Z.A., Alhumam, A., Jhanjhi, N., Proposing a secure RPL based internet of things routing protocol: a review. Ad Hoc Netw., 101, 2020, 102096.
Randhawa, R.H., Hameed, A., Mian, A.N., Energy efficient cross-layer approach for object security of CoAP for IoT devices. Ad Hoc Netw., 92, 2019, 101761.
Selander, G., Mattsson, J.P., Palombini, F., Seitz, L., Object security for constrained RESTful environments (OSCORE). 2019 RFC 8613. Available: https://www.rfc-editor.org/info/rfc8613.
G. Selander, J. Mattsson, F. Palombini, L. Seitz, Object Security for Constrained Restful Environments (Oscore), Tech. Rep., 2019.
Singh, K., Prabhakar, T., Kuri, J., et al. Quick and efficient network access schemes for IoT devices. Ad Hoc Netw., 115, 2021, 102435.
Shamir, A., How to share a secret. Commun. ACM 22:11 (1979), 612–613.
Silverman, J.H., Suzuki, J., Elliptic curve discrete logarithms and the index calculus. International Conference on the Theory and Application of Cryptology and Information Security, 1998, Springer, 110–125.
Lamport, L., Shostak, R., Pease, M., The Byzantine generals problem. Concurrency: The Works of Leslie Lamport, 2019, 203–226.
Kittur, A.S., Pais, A.R., Batch verification of digital signatures: approaches and challenges. J. Inf. Secur. Appl. 37 (2017), 15–27.
Kritsis, K., Papadopoulos, G.Z., Gallais, A., Chatzimisios, P., Theoleyre, F., A tutorial on performance evaluation and validation methodology for low-power and lossy networks. IEEE Commun. Surv. Tutor. 20:3 (2018), 1799–1825.
Oikonomou, G., Duquennoy, S., Elsts, A., Eriksson, J., Tanaka, Y., Tsiftes, N., The Contiki-NG open source operating system for next generation IoT devices. SoftwareX, 18, 2022, 101089.
MacKay, K., Micro-ecc GitHub repository. 2022 https://github.com/kmackay/micro-ecc. (Last accessed 7 December 2022).
Tech. Rep. https://docs.contiki-ng.org/en/develop/doc/programming/TSCH-and-6TiSCH.html.
Dunkels, A., Osterlind, F., Tsiftes, N., He, Z., Software-based on-line energy estimation for sensor nodes. Proceedings of the 4th Workshop on Embedded Networked Sensors, EmNets ’07, 2007, Association for Computing Machinery, New York, NY, USA, 28–32, 10.1145/1278972.1278979.
Bauer, J., Staudemeyer, R.C., Pöhls, H.C., Fragkiadakis, A., ECDSA on things: IoT integrity protection in practise. International Conference on Information and Communications Security, 2016, Springer, 3–17.
C. Bormann, M. Ersue, A. Keranen, Terminology for Constrained-Node Networks, Tech. Rep., 2014.
Kietzmann, P., Boeckmann, L., Lanzieri, L., Schmidt, T.C., Wählisch, M., A performance study of crypto-hardware in the low-end IoT. Proceedings of the 2021 International Conference on Embedded Wireless Systems and Networks, EWSN ’21, 2021, Junction Publishing, USA, 79–90.