Advertisement

Lightweight X.509 Digital Certificates for the Internet of Things

  • Filip Forsby
  • Martin Furuhed
  • Panos Papadimitratos
  • Shahid RazaEmail author
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 242)

Abstract

X.509 is the de facto digital certificate standard used in building the Public Key Infrastructure (PKI) on the Internet. However, traditional X.509 certificates are too heavy for battery powered or energy harvesting Internet of Things (IoT) devices where it is crucial that energy consumption and memory footprints are as minimal as possible.

In this paper we propose, implement, and evaluate a lightweight digital certificate for resource-constrained IoT devices. We develop an X.509 profile for IoT including only the fields necessary for IoT devices, without compromising the certificate security. Furthermore, we also propose compression of the X.509 profiled fields using the contemporary CBOR encoding scheme. Most importantly, our solutions are compatible with the existing X.509 standard, meaning that our profiled and compressed X.509 certificates for IoT can be enrolled, verified and revoked without requiring modification in the existing X.509 standard and PKI implementations. We implement our solution in the Contiki OS and perform evaluation of our profiled and compressed certificates on a state-of-the-art IoT hardware.

Keywords

X.509 certificate IoT CBOR 6LoWPAN Contiki 

Notes

Acknowledgement

This research is funded by VINNOVA under the Eurostars SecureIoT project.

References

  1. 1.
    Shelby, Z., Hartke, K., Bormann, C.: The Constrained Application Protocol (CoAP). RFC 7252, June 2014. http://www.ietf.org/rfc/rfc7252.txt
  2. 2.
    Schaad, J.: CBOR Object Signing and Encryption (COSE). RFC 8152, July 2017Google Scholar
  3. 3.
    Raza, S., Helgason, T., Papadimitratos, P., Voigt, T.: SecureSense: end-to-end secure communication architecture for the cloud-connected internet of things. Elsevier, June 2017.  https://doi.org/10.1016/j.future.2017.06.008
  4. 4.
    Raza, S., Duquennoy, S., Höglund, J., Roedig, U., Voigt, T.: Secure communication for the Internet of Things - a comparison of link-layer security and IPsec for 6LoWPAN. Secur. Commun. Netw. 7(12), 2654–2668 (2014)CrossRefGoogle Scholar
  5. 5.
    Raza, S., Shafagh, H., Hewage, K., Hummen, R., Voigt, T.: Lithe: lightweight secure CoAP for the Internet of Things. IEEE Sens. J. 13(10), 3711–3720 (2013)CrossRefGoogle Scholar
  6. 6.
    Pritikin, M., McGrew, D.: The Compressed X.509 Certificate Format, May 2010Google Scholar
  7. 7.
    Deutsch, P.: RFC 1951 - DEFLATE Compressed Data Format Specification version 1.3, May 1996Google Scholar
  8. 8.
    Housley, P., Ford, W., Polk, T., Solo, D.: Internet X.509 public key infrastructure certificate and CRL profile. RFC 2459, RFC Editor, January 1999. http://www.rfc-editor.org/rfc/rfc2459.txt
  9. 9.
    Tschofenig, H., Fossati, T.: Transport layer security (TLS)/datagram transport layer security (DTLS) profiles for the Internet of Things. RFC 7925, RFC Editor, July 2016Google Scholar
  10. 10.
    Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., Kivinen, T.: Internet Key Exchange Protocol Version 2 (IKEv2). STD 79, RFC Editor, October 2014. http://www.rfc-editor.org/rfc/rfc7296.txt
  11. 11.
    International Telecommunication Union ITU. Introduction to ASN.1Google Scholar
  12. 12.
    Bormann, C., Hoffman, P.: RFC 7049 - concise Binary Object Representation (CBOR), October 2013Google Scholar
  13. 13.
    W3Schools. JSON IntroductionGoogle Scholar
  14. 14.
    Vigano, C., Birkholz, H.: CBOR data definition language (CDDL): a notational convention to express CBOR data structures, September 2016Google Scholar
  15. 15.
    Kushalnagar, N., et al.: RFC 4944 - transmission of IPv6 Packets over IEEE 802.15.4 Networks, September 2007Google Scholar
  16. 16.
    Shelby, Z., Hartke, K., Bormann, C.: The Constrained Application Protocol (CoAP), March 2013Google Scholar
  17. 17.
    Rescorla, E., Modadugu, N.: RFC 6347 - Datagram Transport Layer Security Version 1.2, January 2012Google Scholar
  18. 18.
    Lambert, K.A.: Guidelines for 64-bit Global Identifier (EUI-64), January 2015Google Scholar
  19. 19.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986).  https://doi.org/10.1007/3-540-39799-X_31CrossRefGoogle Scholar
  20. 20.
    Brown, D.R.L.: Standards for Efficient Cryptography 1 (SEC 1), May 2009Google Scholar
  21. 21.
    Turner, S., Yiu, K., Brown, D.R.L., Housley, R., Polk, T.: RFC 5480 - Elliptic Curve Cryptography Subject Public Key Information, March 2009Google Scholar
  22. 22.
    Vanstone, S.A.: Compressed ECDSA signatures, November 2007Google Scholar
  23. 23.
    Texas Instruments. CC2538 Powerful Wireless Microcontroller System-On-Chip for 2.4-GHz IEEE 802.15.4, 6lowpan, and ZigBee© Applications, December 2012Google Scholar
  24. 24.
    Zolertia, S.L.: Firefly - Zolertia/Resources Wiki, January 2017. https://github.com/Zolertia/Resources/wiki/Firefly

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  • Filip Forsby
    • 1
    • 3
  • Martin Furuhed
    • 2
  • Panos Papadimitratos
    • 3
  • Shahid Raza
    • 1
    Email author
  1. 1.Security LabRISE SICSStockholmSweden
  2. 2.Technology Nexus Secured Business SolutionsStockholmSweden
  3. 3.Networked Systems Security GroupKTHStockholmSweden

Personalised recommendations