This paper addresses long-standing challenges in remote authentication for the Internet of Things—particularly in industrial automation—including large time-of-check-to-time-of-use (TOCTOU) vulnerability windows, high authentication latency, substantial resource overhead, and susceptibility to interference from compromised devices. We propose a lightweight, robust software-state verification mechanism. Our approach introduces a TOCTOU-resilient authentication architecture that integrates a lightweight cryptographic protocol, a distributed challenge-response scheme, deterministic execution scheduling, and redundancy-based validation. This design enables constant-time single-device authentication and ensures continuous trustworthiness even under concurrent presence of multiple malicious nodes. Evaluation of a prototype system demonstrates that the TOCTOU window is reduced to the microsecond scale, per-node authentication latency remains consistently ≤12 ms, and verification accuracy sustains 99.8% under interference from ten or more adversarial nodes.

Internet-of-Things (IoT) devices are increasingly common in both consumer and industrial settings, often performing safety-critical functions. Although securing these devices is vital, manufacturers typically neglect security issues or address them as an afterthought. This is of particular importance in IoT networks, e.g., in the industrial automation settings. To this end, network attestation -- verifying the software state of all devices in a network -- is a promising mitigation approach. However, current network attestation schemes have certain shortcomings: (1) lengthy TOCTOU (Time-Of-Check-Time-Of-Use) vulnerability windows, (2) high latency and resource overhead, and (3) susceptibility to interference from compromised devices. To address these limitations, we construct TRAIN (TOCTOU-Resilient Attestation for IoT Networks), an efficient technique that minimizes TOCTOU windows, ensures constant-time per-device attestation, and maintains resilience even with multiple compromised devices. We demonstrate TRAIN's viability and evaluate its performance via a fully functional and publicly available prototype.