| 1. |
- He, Zhitao, et al.
(author)
-
Indraj : Digital certificate enrollment for battery-powered wireless devices
- 2019
-
In: WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks. - New York, NY, USA : Association for Computing Machinery, Inc. - 9781450367264 ; , s. 117-127
-
Conference paper (peer-reviewed)abstract
- A public key infrastructure (PKI) has been widely deployed and well tested on the Internet. However, this standard practice of delivering scalable security has not yet been extended to the rapidly growing Internet of Things (IoT). Thanks to vendor hardware support and standardization of resource-efficient communication protocols, asymmetric cryptography is no longer unfeasible on small devices. To migrate IoT from poorly scalable, pair-wise symmetric encryption to PKI, a major obstacle remains: how do we certify the public keys of billions of small devices without manual checks or complex logistics? The process of certifying a public key in form of a digital certificate is called enrollment. In this paper, we design an enrollment protocol, called Indraj, to automate enrollment of certificate-based digital identities on resource-constrained IoT devices. Reusing the semantics of the Enrollment over Secure Transport (EST) protocol designed for Internet hosts, Indraj optimizes resource usage by leveraging an IoT stack consisting of Constrained Application Protocol (CoAP), Datagram Transport Layer Security (DTLS) and IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN).We evaluate our implementation on a low power 32-bit MCU, showing the feasibility of our protocol in terms of latency, power consumption and memory usage. Asymmetric cryptography enabled by automatic certificate enrollment will finally turn IoT devices into well behaved, first-class citizens on the Internet.
|
|
| 2. |
- Khodaei, Mohammad, et al.
(author)
-
Scaling Pseudonymous Authentication for Large Mobile Systems
- 2019
-
In: WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks. - Miami, FL, USA : ACM. - 9781450367264 ; , s. 174-185
-
Conference paper (peer-reviewed)abstract
- The central building block of secure and privacy-preserving Vehicular Communication (VC) systems is a Vehicular Public-Key Infrastructure (VPKI), which provides vehicles with multiple anonymized credentials, termed pseudonyms. These pseudonyms are used to ensure message authenticity and integrity while preserving vehicle (thus passenger) privacy. In the light of emerging large-scale multi-domain VC environments, the efficiency of the VPKI and, more broadly, its scalability are paramount. By the same token, preventing misuse of the credentials, in particular, Sybil-based misbehavior, and managing “honest-but-curious” insiders are other facets of a challenging problem. In this paper, we leverage the state-of-the-art VPKI system and enhance its functionality towards a highly-available, dynamically-scalable, and resilient design; this ensures that the system remains operational in the presence of benign failures or resource depletion attacks, and that it dynamically scales out, or possibly scales in, according to request arrival rates. Our full-blown implementation on the Google Cloud Platform shows that deploying large-scale and efficient VPKI can be cost-effective.
|
|
