SLAPE: Secure Lightweight Authentication for Privacy Enhanced Federated Learning in Industrial Internet of Things

Federated learning (FL) has emerged as a promising technique in the Industrial Internet of Things (IIoT) by enabling distributed devices to collaboratively train models without sharing raw data. In FL, ensuring data privacy and secure authentication becomes essential due to the sensitivity of industrial data and the potential for adversarial attacks. This paper highlights a security flaw in a recently proposed FL authentication protocol designed for IIoT environments. Specifically, the scheme is analyzed to be susceptible to public-key replacement attacks. We propose a secure, lightweight authentication scheme for privacy-enhanced federated learning (SLAPE) to address vulnerabilities in participant registration, group key distribution, local data training, and aggregation processes. SLAPE leverages the Elliptic Curve Cryptography with the Chinese Remainder Theorem to support malicious group member traceability, revocation of compromised identities, and efficient batch verification of multiple messages. It effectively resists Type-I attacks that previous schemes could not, while also incorporating forward and backward security essential for IIoT applications. We rigorously demonstrate SLAPE’s resilience against prevalent threats through both formal and informal analyses. Our evaluation results indicate that SLAPE demonstrably enhances the security and privacy of existing schemes, with improvements in computational efficiency for both proof generation and verification, while keeping communication overhead relatively low.