4 research outputs found
Towards Automated PKI Trust Transfer for IoT
IoT deployments grow in numbers and size and questions of long time support
and maintainability become increasingly important. To prevent vendor lock-in,
standard compliant capabilities to transfer control of IoT devices between
service providers must be offered. We propose a lightweight protocol for
transfer of control, and we show that the overhead for the involved IoT devices
is small and the overall required manual overhead is minimal. We analyse the
fulfilment of the security requirements to verify that the stipulated
requirements are satisfied.Comment: Accepted at 2022 IEEE International Conference on Public Key
Infrastructure and its Applications (PKIA). 8 pages, 4 figure
Protecting EST Payloads with OSCORE: IETF Internet Draft
draft-selander-ace-coap-est-oscore-04This document specifies public-key certificate enrollment procedures protected with lightweight application-layer security protocols suitable for Internet of Things (IoT) deployments. The protocols leverage payload formats defined in Enrollment over Secure Transport (EST) and existing IoT standards including the Constrained Application Protocol (CoAP), Concise Binary Object Representation (CBOR) and the CBOR Object Signing and Encryption (COSE) format
PKI4IoT : Towards public key infrastructure for the Internet of Things
Public Key Infrastructure is the state-of-the-art credential management solution on the Internet. However, the millions of constrained devices that make of the Internet of Things currently lack a centralized, scalable system for managing keys and identities. Modern PKI is built on a set of protocols which were not designed for constrained environments, and as a result many small, battery-powered IoT devices lack the required computing resources. In this paper, we develop an automated certificate enrollment protocol light enough for highly constrained devices, which provides end-to-end security between certificate authorities (CA) and the recipient IoT devices. We also design a lightweight profile for X.509 digital certificates with CBOR encoding, called XIOT. Existing CAs can now issue traditional X.509 to IoT devices. These are converted to and from the XIOT format by edge devices on constrained networks. This procedure preserves the integrity of the original CA signature, so the edge device performing certificate conversion need not be trusted. We implement these protocols within the Contiki embedded operating system and evaluate their performance on an ARM Cortex-M3 platform. Our evaluation demonstrates reductions in energy expenditure and communication latency. The RAM and ROM required to implement these protocols are on par with the other lightweight protocols in Contiki’s network stack