Biblio
Filters: Keyword is cbor [Clear All Filters]
.
2021. LICE: Lightweight certificate enrollment for IoT using application layer security. 2021 IEEE Conference on Communications and Network Security (CNS). :19–28.
To bring Internet-grade security to billions of IoT devices and make them first-class Internet citizens, IoT devices must move away from pre-shared keys to digital certificates. Public Key Infrastructure, PKI, the digital certificate management solution on the Internet, is inevitable to bring certificate-based security to IoT. Recent research efforts has shown the feasibility of PKI for IoT using Internet security protocols. New and proposed standards enable IoT devices to implement more lightweight solutions for application layer security, offering real end-to-end security also in the presence of proxies.In this paper we present LICE, an application layer enrollment protocol for IoT, an important missing piece before certificate-based security can be used with new IoT standards such as OSCORE and EDHOC. Using LICE, enrollment operations can complete by consuming less than 800 bytes of data, less than a third of the corresponding operations using state-of-art EST-coaps over DTLS. To show the feasibility of our solution, we implement and evaluate the protocol on real IoT hardware in a lossy low-power radio network environment.
.
2018. POSTER: On Compressing PKI Certificates for Resource Limited Internet of Things Devices. Proceedings of the 2018 on Asia Conference on Computer and Communications Security. :837–839.
Certificate-based Public Key Infrastructure (PKI) schemes are used to authenticate the identity of distinct nodes on the Internet. Using certificates for the Internet of Things (IoT) can allow many privacy sensitive applications to be trusted over the larger Internet architecture. However, since IoT devices are typically resource limited, full sized PKI certificates are not suitable for use in the IoT domain. This work outlines our approach in compressing standards-compliant X.509 certificates so that their sizes are reduced and can be effectively used on IoT nodes. Our scheme combines the use of Concise Binary Object Representation (CBOR) and also a scheme that compresses all data that can be implicitly inferenced within the IoT sub-network. Our scheme shows a certificate compression rate of up to \textbackslashtextasciitilde30%, which allows effective energy reduction when using X.509-based certificates on IoT platforms.