Detecting malicious proxy nodes during IoT network joining phase

During the joining phase of an IoT network, when a node plays the role of a proxy node, it becomes responsible for forwarding Join Requests and Join Responses between the joining node and the network coordinator. If a proxy node is malicious, it has the potential to prevent new nodes from joining the network or direct them toward another entity impersonating the coordinator. Therefore, the joining phase is a critical stage for ensuring network security.In this paper, a robust system for detecting malicious proxy nodes during the joining phase is presented. This solution involves the coordinator maintaining a log table that records the participation frequency of each node as a proxy node. Following each joining phase, the coordinator receives a lightweight end-to-end encrypted packet from the joining node, containing information about any malicious proxy nodes encountered during the joining process. Having these data, the system calculates the number of legitimate proxy node participation for each node. The detection system utilizes these factors, along with a range of tunable parameters, to categorize nodes as either malicious or honest. Furthermore, this solution takes into account various potential attacks on the detection process, originating from both proxy nodes and joining nodes.This solution was integrated with a previously proposed consensus-based authentication mechanism for the 6TiSCH protocol. The evaluation includes both theoretical analysis and simulations, taking into consideration diverse parameters and attack scenarios. The results from the theoretical analysis align with the simulation outcomes, confirming the efficacy of our detection system in identifying malicious nodes and its resilience against potential attacks.