Trust-Based Certificate Management for Industrial IoT Networks

Abstract

The Industrial Internet of Things (IIoT) network is composed of devices that contain sensitive data, which makes them vulnerable to various security threats. Digital Certificates can be used to reinforce the security of the IIoT network, however, their management remains a major issue. Hence, in this paper, we rely on trust management to deal with the whole certificate management process in IIoT networks, from revocation to verification. For this purpose, we organize the IIoT network into a clustering architecture where each cluster head hosts an agent, called CH-UR agent, that renews/revokes the certificates of its cluster member nodes. We apply signaling game theory to build a Certificate Revocation Game modeling the interactions between a member IIoT node and the CH-UR agent. Thus, upon the belief on the member node, updated by using the Bayesian rules, the best response strategy for the CH-UR agent can be obtained. Further, we propose a new efficient certificate verification scheme based on short-lived certificates (SLC) and suitable for IIoT network requirements. The performance evaluation of our framework proves, firstly, the accuracy and convergence speed of our revocation mechanism to detect untrusted devices and on-off attacks. Secondly, the effectiveness of our clustering architecture to reduce the resource consumption resulting from the management of SLCs to 60% even with the increase of network density. Thirdly, the effectiveness of the proposed certificate verification scheme to reduce the time needed to obtain the revocation information as well as the resulting storage and communication overhead to achieve this purpose.