Sökning: WFRF:(Raza Shahid 1980 ) >
Lightweight certifi...
Lightweight certificate revocation for low-power IoT with end-to-end security
-
- Höglund, Joel, 1979- (författare)
- Uppsala universitet,RISE,Datavetenskap,RISE Research Institutes of Sweden, Isafjordsgatan 22, Kista, Stockholm, 16440, Sweden,Institutionen för informationsteknologi
-
- Furuhed, Martin (författare)
- Nexus Group, Telefonv. 26, Stockholm, 12626, Sweden
-
- Raza, Shahid, 1980- (författare)
- Uppsala universitet,RISE,Datavetenskap,RISE Research Institutes of Sweden, Isafjordsgatan 22, Kista, Stockholm, 16440, Sweden,Datorarkitektur och datorkommunikation
-
(creator_code:org_t)
- Amsterdam : Elsevier Ltd, 2023
- 2023
- Engelska.
-
Ingår i: Journal of Information Security and Applications. - Amsterdam : Elsevier Ltd. - 2214-2134 .- 2214-2126. ; 73
- Relaterad länk:
-
https://doi.org/10.1...
-
visa fler...
-
https://urn.kb.se/re...
-
https://doi.org/10.1...
-
https://urn.kb.se/re...
-
https://urn.kb.se/re...
-
visa färre...
Abstract
Ämnesord
Stäng
- Public key infrastructure (PKI) provides the basis of authentication and access control in most networked systems. In the Internet of Things (IoT), however, security has predominantly been based on pre-shared keys (PSK), which cannot be revoked and do not provide strong authentication. The prevalence of PSK in the IoT is due primarily to a lack of lightweight protocols for accessing PKI services. Principal among these services are digital certificate enrollment and revocation, the former of which is addressed in recent research and is being pushed for standardization in IETF. However, no protocol yet exists for retrieving certificate status information on constrained devices, and revocation is not possible unless such a service is available. In this work, we start with implementing the Online Certificate Status Protocol (OCSP), the de facto standard for certificate validation on the Web, on state-of-the-art constrained hardware. In doing so, we demonstrate that the resource overhead of this protocol is unacceptable for highly constrained environments. We design, implement and evaluate a lightweight alternative to OCSP, TinyOCSP, which leverages recently standardized IoT protocols, such as CoAP and CBOR. In our experiments, validating eight certificates with TinyOCSP required 41% less energy than validating just one with OCSP on an ARM Cortex-M3 SoC. Moreover, validation transactions encoded with TinyOCSP are at least 73% smaller than the OCSP equivalent. We design a protocol for compressed certificate revocation lists (CCRL) using Bloom filters which together with TinyOCSP can further reduce validation overhead. We derive a set of equations for computing the optimal filter parameters, and confirm these results through empirical evaluation. © 2023 The Authors
Ämnesord
- TEKNIK OCH TEKNOLOGIER -- Elektroteknik och elektronik -- Kommunikationssystem (hsv//swe)
- ENGINEERING AND TECHNOLOGY -- Electrical Engineering, Electronic Engineering, Information Engineering -- Communication Systems (hsv//eng)
- NATURVETENSKAP -- Data- och informationsvetenskap (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences (hsv//eng)
Nyckelord
- IoT security
- OCSP
- PKI
- Revocation
- X.509
- Authentication
- Network security
- Networked control systems
- Public key cryptography
- Certificate revocation
- End-to-end security
- Internet of thing security
- Low Power
- Networked systems
- Online certificate status protocol
- Public key infrastructure
- Strong authentication
- Internet of things
- Computer Science with specialization in Computer Communication
Publikations- och innehållstyp
- ref (ämneskategori)
- art (ämneskategori)
Hitta via bibliotek
Till lärosätets databas