https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Lightweight certificate revocation for low-power IoT with end-to-end security
RISE Research Institutes of Sweden, Isafjordsgatan 22, Kista, Stockholm, 16440, Sweden.ORCID iD: 0000-0002-9491-8183
Nexus Group, Telefonv. 26, Stockholm, 12626, Sweden.
RISE Research Institutes of Sweden, Isafjordsgatan 22, Kista, Stockholm, 16440, Sweden.ORCID iD: 0000-0001-8192-0893
2023 (English)In: Journal of Information Security and Applications, ISSN 2214-2126, Vol. 73, p. 103424-103424, article id 103424Article in journal (Refereed) Published
Abstract [en]

Public key infrastructure (PKI) provides the basis of authentication and access control in most networked systems. In the Internet of Things (IoT), however, security has predominantly been based on pre-shared keys (PSK), which cannot be revoked and do not provide strong authentication. The prevalence of PSK in the IoT is due primarily to a lack of lightweight protocols for accessing PKI services. Principal among these services are digital certificate enrollment and revocation, the former of which is addressed in recent research and is being pushed for standardization in IETF. However, no protocol yet exists for retrieving certificate status information on constrained devices, and revocation is not possible unless such a service is available. In this work, we start with implementing the Online Certificate Status Protocol (OCSP), the de facto standard for certificate validation on the Web, on state-of-the-art constrained hardware. In doing so, we demonstrate that the resource overhead of this protocol is unacceptable for highly constrained environments. We design, implement and evaluate a lightweight alternative to OCSP, TinyOCSP, which leverages recently standardized IoT protocols, such as CoAP and CBOR. In our experiments, validating eight certificates with TinyOCSP required 41% less energy than validating just one with OCSP on an ARM Cortex-M3 SoC. Moreover, validation transactions encoded with TinyOCSP are at least 73% smaller than the OCSP equivalent. We design a protocol for compressed certificate revocation lists (CCRL) using Bloom filters which together with TinyOCSP can further reduce validation overhead. We derive a set of equations for computing the optimal filter parameters, and confirm these results through empirical evaluation.

Place, publisher, year, edition, pages
2023. Vol. 73, p. 103424-103424, article id 103424
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:mdh:diva-64231DOI: 10.1016/j.jisa.2023.103424ISI: 000925935000001Scopus ID: 2-s2.0-85146599883OAI: oai:DiVA.org:mdh-64231DiVA, id: diva2:1796200
Available from: 2023-09-11 Created: 2023-09-11 Last updated: 2023-09-29Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Raza, Shahid

Search in DiVA

By author/editor
Höglund, JoelRaza, Shahid
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 11 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf