Abstract
X.509 is the de facto digital certificate standard used in building the Public Key Infrastructure (PKI) on the Internet. However, traditional X.509 certificates are too heavy for battery powered or energy harvesting Internet of Things (IoT) devices where it is crucial that energy consumption and memory footprints are as minimal as possible.
In this paper we propose, implement, and evaluate a lightweight digital certificate for resource-constrained IoT devices. We develop an X.509 profile for IoT including only the fields necessary for IoT devices, without compromising the certificate security. Furthermore, we also propose compression of the X.509 profiled fields using the contemporary CBOR encoding scheme. Most importantly, our solutions are compatible with the existing X.509 standard, meaning that our profiled and compressed X.509 certificates for IoT can be enrolled, verified and revoked without requiring modification in the existing X.509 standard and PKI implementations. We implement our solution in the Contiki OS and perform evaluation of our profiled and compressed certificates on a state-of-the-art IoT hardware.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Shelby, Z., Hartke, K., Bormann, C.: The Constrained Application Protocol (CoAP). RFC 7252, June 2014. http://www.ietf.org/rfc/rfc7252.txt
Schaad, J.: CBOR Object Signing and Encryption (COSE). RFC 8152, July 2017
Raza, S., Helgason, T., Papadimitratos, P., Voigt, T.: SecureSense: end-to-end secure communication architecture for the cloud-connected internet of things. Elsevier, June 2017. https://doi.org/10.1016/j.future.2017.06.008
Raza, S., Duquennoy, S., Höglund, J., Roedig, U., Voigt, T.: Secure communication for the Internet of Things - a comparison of link-layer security and IPsec for 6LoWPAN. Secur. Commun. Netw. 7(12), 2654–2668 (2014)
Raza, S., Shafagh, H., Hewage, K., Hummen, R., Voigt, T.: Lithe: lightweight secure CoAP for the Internet of Things. IEEE Sens. J. 13(10), 3711–3720 (2013)
Pritikin, M., McGrew, D.: The Compressed X.509 Certificate Format, May 2010
Deutsch, P.: RFC 1951 - DEFLATE Compressed Data Format Specification version 1.3, May 1996
Housley, P., Ford, W., Polk, T., Solo, D.: Internet X.509 public key infrastructure certificate and CRL profile. RFC 2459, RFC Editor, January 1999. http://www.rfc-editor.org/rfc/rfc2459.txt
Tschofenig, H., Fossati, T.: Transport layer security (TLS)/datagram transport layer security (DTLS) profiles for the Internet of Things. RFC 7925, RFC Editor, July 2016
Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., Kivinen, T.: Internet Key Exchange Protocol Version 2 (IKEv2). STD 79, RFC Editor, October 2014. http://www.rfc-editor.org/rfc/rfc7296.txt
International Telecommunication Union ITU. Introduction to ASN.1
Bormann, C., Hoffman, P.: RFC 7049 - concise Binary Object Representation (CBOR), October 2013
W3Schools. JSON Introduction
Vigano, C., Birkholz, H.: CBOR data definition language (CDDL): a notational convention to express CBOR data structures, September 2016
Kushalnagar, N., et al.: RFC 4944 - transmission of IPv6 Packets over IEEE 802.15.4 Networks, September 2007
Shelby, Z., Hartke, K., Bormann, C.: The Constrained Application Protocol (CoAP), March 2013
Rescorla, E., Modadugu, N.: RFC 6347 - Datagram Transport Layer Security Version 1.2, January 2012
Lambert, K.A.: Guidelines for 64-bit Global Identifier (EUI-64), January 2015
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). https://doi.org/10.1007/3-540-39799-X_31
Brown, D.R.L.: Standards for Efficient Cryptography 1 (SEC 1), May 2009
Turner, S., Yiu, K., Brown, D.R.L., Housley, R., Polk, T.: RFC 5480 - Elliptic Curve Cryptography Subject Public Key Information, March 2009
Vanstone, S.A.: Compressed ECDSA signatures, November 2007
Texas Instruments. CC2538 Powerful Wireless Microcontroller System-On-Chip for 2.4-GHz IEEE 802.15.4, 6lowpan, and ZigBee© Applications, December 2012
Zolertia, S.L.: Firefly - Zolertia/Resources Wiki, January 2017. https://github.com/Zolertia/Resources/wiki/Firefly
Acknowledgement
This research is funded by VINNOVA under the Eurostars SecureIoT project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Forsby, F., Furuhed, M., Papadimitratos, P., Raza, S. (2018). Lightweight X.509 Digital Certificates for the Internet of Things. In: Fortino, G., et al. Interoperability, Safety and Security in IoT. InterIoT SaSeIoT 2017 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 242. Springer, Cham. https://doi.org/10.1007/978-3-319-93797-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-93797-7_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93796-0
Online ISBN: 978-3-319-93797-7
eBook Packages: Computer ScienceComputer Science (R0)