Collaborative Validation of Public-Key Certificates for IoT by Distributed Caching

Public-key certificate validation is an important building block for various security protocols for IoT devices, such as secure channel establishment, handshaking, verifying sensing data authenticity from cloud storage, and Blockchains. However, certification validation incurs non-trivial overhead on resource-constrained IoT devices, because it either requires long latency or large cache space. This work proposes to utilize the power of distributed caching and explores the feasibility of using the cache spaces on all IoT devices as a large pool to store validated certificates. We design a Collaborative Certificate Validation (CCV) protocol including a memory-efficient and fast locator for certificate holders, a trust model to evaluate the trustworthiness of devices, and a protocol suite for dynamic update and certificate revocation. Evaluation results show that CCV only uses less than 25% validation time and reduces >90% decryption operations on each device, compared to a recent method. Malicious devices that conduct dishonest validations can be detected by the network using the proposed trust model.

[1]  Om Prakash,et al.  EMAP: EXPEDITE MESSAGE AUTHENTICATION PROTOCOL FOR VEHICULAR AD HOC NETWORKS , 2014 .

[2]  Klaus Wehrle,et al.  Delegation-based authentication and authorization for the IP-based Internet of Things , 2014, 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[3]  Guiran Chang,et al.  TRM-IoT: A trust management model based on fuzzy reputation for internet of things , 2011, Comput. Sci. Inf. Syst..

[4]  Dan Boneh,et al.  The Case for Prefetching and Prevalidating TLS Server Certificates , 2012, NDSS.

[5]  Bruce M. Maggs,et al.  CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[6]  Li Fan,et al.  Summary cache: a scalable wide-area web cache sharing protocol , 2000, TNET.

[7]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[8]  Miika Komu,et al.  HIP Diet EXchange (DEX) , 2020 .

[9]  Federico Ferrari,et al.  FlockLab: A testbed for distributed, synchronized tracing and profiling of wireless embedded systems , 2013, 2013 ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN).

[10]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[11]  Michael Devetsikiotis,et al.  Blockchains and Smart Contracts for the Internet of Things , 2016, IEEE Access.

[12]  Suat Özdemir,et al.  Security in internet of things: A survey , 2017, 2017 International Symposium on Networks, Computers and Communications (ISNCC).

[13]  Xin Li,et al.  An IoT Data Communication Framework for Authenticity and Integrity , 2017, 2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI).

[14]  Hannu Tenhunen,et al.  International Conference on Ambient Systems , Networks and Technologies ( ANT 2015 ) SEA : A Secure and E ffi cient Authentication and Authorization Architecture for IoT-Based Healthcare Using Smart Gateways , 2015 .

[15]  Anna N. Kim,et al.  When HART goes wireless: Understanding and implementing the WirelessHART standard , 2008, 2008 IEEE International Conference on Emerging Technologies and Factory Automation.

[16]  Xiang Zhou,et al.  A Trust Evaluation Algorithm for Wireless Sensor Networks Based on Node Behaviors and D-S Evidence Theory , 2011, Sensors.

[17]  Masahiro Mambo,et al.  Verifying the Validity of Public Key Certificates Using Edge Computing , 2017 .

[18]  Audun Jøsang,et al.  Optimal Trust Network Analysis with Subjective Logic , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.

[19]  Qin Zhang,et al.  A concise forwarding information base for scalable and fast name lookups , 2017, 2017 IEEE 25th International Conference on Network Protocols (ICNP).

[20]  Klaus Wehrle,et al.  Towards viable certificate-based authentication for the internet of things , 2013, HotWiSec '13.

[21]  Kemal Akkaya,et al.  Efficient Certificate Verification for Vehicle-to-Grid Communications , 2017, FNSS.

[22]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[23]  M. Salem An Efficient Distributed Trust Model for Wireless Sensor Networks , 2016 .

[24]  Jiguo Yu,et al.  SecureGuard: A Certificate Validation System in Public Key Infrastructure , 2018, IEEE Transactions on Vehicular Technology.

[25]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[26]  Mani B. Srivastava,et al.  Reputation-based framework for high integrity sensor networks , 2008, TOSN.