Open this publication in new window or tab >>2019 (English)In: WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks, Association for Computing Machinery, Inc , 2019, p. 117-127Conference paper, Published paper (Refereed)
Abstract [en]
A public key infrastructure (PKI) has been widely deployed and well tested on the Internet. However, this standard practice of delivering scalable security has not yet been extended to the rapidly growing Internet of Things (IoT). Thanks to vendor hardware support and standardization of resource-efficient communication protocols, asymmetric cryptography is no longer unfeasible on small devices. To migrate IoT from poorly scalable, pair-wise symmetric encryption to PKI, a major obstacle remains: how do we certify the public keys of billions of small devices without manual checks or complex logistics? The process of certifying a public key in form of a digital certificate is called enrollment. In this paper, we design an enrollment protocol, called Indraj, to automate enrollment of certificate-based digital identities on resource-constrained IoT devices. Reusing the semantics of the Enrollment over Secure Transport (EST) protocol designed for Internet hosts, Indraj optimizes resource usage by leveraging an IoT stack consisting of Constrained Application Protocol (CoAP), Datagram Transport Layer Security (DTLS) and IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN).We evaluate our implementation on a low power 32-bit MCU, showing the feasibility of our protocol in terms of latency, power consumption and memory usage. Asymmetric cryptography enabled by automatic certificate enrollment will finally turn IoT devices into well behaved, first-class citizens on the Internet.
Place, publisher, year, edition, pages
Association for Computing Machinery, Inc, 2019
Keywords
Contiki OS, Digital Certificate, Enrollment, EST, Internet of Things, PKI, Security, Constrained optimization, Digital devices, Electric batteries, Low power electronics, Mobile security, Mobile telecommunication systems, Network protocols, Personal communication systems, Public key cryptography, Semantics, Wireless networks, Constrained Application Protocol (CoAP), Contiki ossa, Digital certificates, IPv6 over low-power wireless personal area networks (6LoWPAN), Public-key infrastructure, Transport layer security, Network security
National Category
Natural Sciences
Identifiers
urn:nbn:se:ri:diva-39056 (URN)10.1145/3317549.3323408 (DOI)2-s2.0-85066759864 (Scopus ID)9781450367264 (ISBN)
Conference
12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019, 15 May 2019 through 17 May 2019
Note
Funding details: VINNOVA; Funding text 1: This research has partly been funded by VINNOVA, Formas och Energimyndigheten under the Strategic Innovation Program on IoT (SIP-IoT), and partly by VINNOVA through the Eurostars SecureIoT project.
2019-06-262019-06-262023-06-08Bibliographically approved