Security and Effectiveness Analysis of the Gateway Integrity Checking Protocol

Industrial Internet of Things (IIoT) gateways connected to the Internet are often based on conventional operating systems such as Linux and on conventional communication protocols such as HTTPS and therefore are valuable targets for malicious attackers. When compromised, a malicious IIoT gateway can interfere with data exchanged between IIoT devices and systems running on servers or the Cloud. The Gateway Integrity Checking Protocol (GIP), proposed in previous work, defines a gossip mechanism to collect data from sets of IIoT devices to respond to security challenges issued by an External Security Agent (ESA) to assess a gateway's trustworthiness. GIP relies on a secure channel between IIoT devices and the ESA, which is achieved using a Public Key Infrastructure (PKI) for message authentication and encryption. In this article, we perform an analysis of the security measures employed by GIP, using formal descriptions to demonstrate that GIP is no less secure than the hash algorithm and the public key infrastructure used. Additionally, we simulate different configurations of GIP to measure detection rate and time to detect integrity faults.