SAKMS: A Secure Authentication and Key Management Scheme for IETF 6TiSCH Industrial Wireless Networks Based on Improved Elliptic-Curve Cryptography

The Internet Engineering Task Force (IETF) developed a standard wireless communication protocol stack called 6TiSCH to provide low-power and high-reliability communications in harsh industrial environments. However, the current IETF 6TiSCH protocol lacks adequate consideration of inter-device authentication and key management, exposing the IETF 6TiSCH-based wireless network to security risks such as key leakage and malicious attacks. Meanwhile, existing authentication and key management schemes cannot be directly applied to the resource-constrained IETF 6TiSCH industrial wireless network. To address this challenge, we propose a novel scheme called SAKMS, which is tightly integrated with the IETF 6TiSCH network and incorporates the following key components: (i) improved elliptic curve cryptography (ECC) operation, a regular window method is proposed to accelerate the computation of the ECC-related operations; (ii) secure authentication process, SAKMS distributes implicit certificates for each device in the network and adopts the improved ECC algorithm to achieve secure and trustworthy authentication between devices, and the process only consist of hashing, XOR, and a few ECC multiplication operations; (iii) dynamic key update, after successful authentication, devices can negotiate and dynamically update link keys, ensuring resilience against potential key leakage issues. We perform formal and informal security analyses to demonstrate the resilience of SAKMS against various known attacks. Finally, we extensively evaluate the performance of SAKMS in a real 6TiSCH wireless sensor network. The experimental results show a 37% improvement in the computational efficiency of ECC operations compared to existing works, with link key establishment taking only 0.9 s on the OpenMoteSTM platform.