Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Digital Certificate Revocation for the Internet of Things
KTH, School of Electrical Engineering and Computer Science (EECS).
2019 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Digital certificates have long been used for traditional Internet applications, and have now entered into widespread use for the Internet of Things. However, constrained devices currently have no means to verify the revocation status of certificates. Without the ability to revoke certificates, network administrators have no recourse in the event of a private key compromise. This thesis explores three alternatives to solve this problem: (1) implement the Online Certificate Status Protocol (OCSP) as is on a CoAP network stack, (2) compress certificate revocation lists (CRLs) using Bloom filters, and (3) design an optimized version of OCSP (referred to here as TinyOCSP). This work concludes that TinyOCSP reduces the message overhead of online validation by at least 73%. This reduced the energy consumption of certificate validation by 50% relative to OCSP in the experiments on constrained hardware, which shows that it may be a feasible solution for the IoT

Abstract [sv]

Digitala certifikat har länge tillämpats inom traditionella internetappliceringar och har numera även omfattande användningsområden inom IoT. Begränsade apparater har i nuläget dock inga metoder för att verifiera återkallningsstatusar av certifikat. Utan förmågan att återkalla certifikat har nätverksadministratörer inga alternativ att återfalla till när en hemlig nyckel har blivit stulen. Denna uppsats undersöker tre alternativ för att lösa detta problem: (1) tillämpning av Online Certificate Status Protocol (OCSP) med CoAP, (2) komprimering av certificate revocation lists (CRLs) som använder Bloom filters, och (3) skapa en optimerad version av OCSP (TinyOCSP). Arbetet drar slutsatsen att TinyOCSP minskar message overhead av onlinevalidering med åtminstone 73%. Detta minskade energikonsumtion av certifikatsvalidering med 50% jämfört med OCSP i experimentet med begränsade apparater, vilket visar att detta är en tänkar lösning för IoT.

Place, publisher, year, edition, pages
2019. , p. 44
Series
TRITA-EECS-EX ; 2019:107
Keywords [en]
IoT; public key infrastructure; digital certificate; revocation; security
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:kth:diva-254384OAI: oai:DiVA.org:kth-254384DiVA, id: diva2:1331631
External cooperation
RISE Cybersecurity
Supervisors
Examiners
Available from: 2019-06-27 Created: 2019-06-27 Last updated: 2019-06-27Bibliographically approved

Open Access in DiVA

fulltext(1383 kB)39 downloads
File information
File name FULLTEXT01.pdfFile size 1383 kBChecksum SHA-512
aed6a385018b28d9fcaaf561f0a91dbce55b0967360dcc2f7adffe2de91958eae84a61f9d4302c8681b84a827366ffd9856d507b869923c50ed1add2e0f80648
Type fulltextMimetype application/pdf

By organisation
School of Electrical Engineering and Computer Science (EECS)
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 39 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 146 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf