Non-interactive Certificate Update Protocol for Efficient Authentication in IoT
Authors: 
Li Duan, Yong Li, Lijun LiaoAuthors Info & Claims
Article No.: 8, Pages 1 - 8
Abstract
A non-interactive certificate update protocol (NICU) allows CA to update the public key of node certificates without interacting with nodes and with the new certificate, a node can update its private signing key accordingly.
In this paper, we provide construction of efficient NICU protocols and instantiate them based on pseudo random function, public key encryption and the homomorphic property of the signature key pairs. We thoroughly evaluate the NICU protocols and exhibit their outstanding efficiency in terms of speed of certificate update, and bandwidth consumption. In addition, our formal security analysis of NICU protocols can also be of independent interest.
References
[1]
Ala Al-Fuqaha, Mohsen Guizani, Mehdi Mohammadi, Mohammed Aledhari, and Moussa Ayyash. 2015. Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials 17, 4 (2015), 2347--2376.
[2]
Benedikt Brecht, Dean Therriault, André Weimerskirch, William Whyte, Virendra Kumar, Thorsten Hehn, and Roy Goudy. 2018. A security credential management system for V2X communications. IEEE Transactions on Intelligent Transportation Systems 99 (2018), 1--22.
[3]
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard). http://www.ietf.org/rfc/rfc5280.txt
[4]
A. Deacon and R. Hurst. 2007. The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments. RFC 5019 (Proposed Standard). http://www.ietf.org/rfc/rfc5019.txt
[5]
Whitfield Diffie and Martin Hellman. 1976. New directions in cryptography. IEEE transactions on Information Theory 22, 6 (1976), 644--654.
[6]
Li Duan, Yong Li, and Lijun Liao. 2018. Flexible certificate revocation list for efficient authentication in IoT. In Proceedings of the 8th International Conference on the Internet of Things. ACM, 7.
[7]
P. Eronen and H. Tschofenig. 2005. Pre-Shared Key Ciphersuites for Transport Layer Security (TLS). RFC 4279 (Proposed Standard). http://www.ietf.org/rfc/rfc4279.txt
[8]
Internet Engineering Task Force. 2008. Transport Layer Security Version 1.2. RFC 5246. https://tools.ietf.org/html/rfc5246.
[9]
Tibor Jager, Florian Kohlar, Sven Schäge, and Jörg Schwenk. 2012. On the security of TLS-DHE in the standard model. In Advances in Cryptology--CRYPTO 2012. Springer, 273--293.
[10]
Jonathan Katz and Yehuda Lindell. 2014. Introduction to modern cryptography. CRC press.
[11]
Hugo Krawczyk, Ran Canetti, and Mihir Bellare. 1997. HMAC: Keyed-hashing for message authentication. (1997).
[12]
Yabing Liu, Will Tome, Liang Zhang, David Choffnes, Dave Levin, Bruce Maggs, Alan Mislove, Aaron Schulman, and Christo Wilson. 2015. An end-to-end measurement of certificate revocation in the web's PKI. In Proceedings of the 2015 Internet Measurement Conference. ACM, 183--196.
[13]
M. Lochter and J. Merkle. 2010. Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation. RFC 5639 (Informational). http://www.ietf.org/rfc/rfc5639.txt
[14]
Mohamed Mahmoud, Kemal Akkaya, Khaled Rabieh, and Samet Tonyali. 2014. An efficient certificate revocation scheme for large-scale AMI networks. In Performance Computing and Communications Conference (IPCCC), 2014 IEEE International. IEEE, 1--8.
[15]
E.Rescorla. 2012. Datagram Transport Layer Security Version 1.2. RFC 6347. https://tools.ietf.org/html/rfc6347 Obsolete RFC 4347.
[16]
Giovanni Rigazzi, Andrea Tassi, Robert J Piechocki, Theo Tryfonas, and Andrew Nix. 2017. Optimized Certificate Revocation List Distribution for Secure V2X Communications. arXiv preprint arXiv:1705.06903 (2017).
[17]
The Federal Office for Information Security, Germany. 2017. TR-03145-1 Secure CA operation, Part 1, Generic requirements for Trust Centers instantiating as Certification Authority (CA) in a Public-Key Infrastructure (PKI) with security level 'high', Version 1.1. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03145/TR03145.pdf.
[18]
Mohsen Toorani and A Beheshti. 2008. LPKI-a lightweight public key infrastructure for the mobile environments. In Communication Systems, 2008. ICCS 2008. 11th IEEE Singapore International Conference on. IEEE, 162--166.
[19]
W.C.A. Wijngaards. 2012. Elliptic curve digital signature algorithm (dsa) for dnssec. RFC 6605 (Informational). http://buildbot.tools.ietf.org/html/rfc6605
[20]
K. Zhao and L. Ge. 2013. A Survey on the Internet of Things Security. In 2013 Ninth International Conference on Computational Intelligence and Security. 663--667. https://doi.org/10.1109/CIS.2013.145
Index Terms
- Non-interactive Certificate Update Protocol for Efficient Authentication in IoT
Recommendations
Flexible certificate revocation list for efficient authentication in IoT
IOT '18: Proceedings of the 8th International Conference on the Internet of ThingsWhen relying on public key infrastructure (PKI) for authentication, whether a party can be trusted primarily depends on its certificate status. Bob's certificate status can be retrieved by Alice through her interaction with Certificate Authority (CA) in ...
Efficient Non-interactive Deniable Authentication Protocols
CIT '05: Proceedings of the The Fifth International Conference on Computer and Information TechnologyDeniable authentication protocol is an authentication protocol that allows a sender to authenticate a message for a receiver, in a way that the receiver cannot convince a third party that such authentication ever took place. In recent years, due to the ...
A New ID-Based Deniable Authentication Protocol
Deniable authenticated protocol is a new cryptographic authentication protocol that enables a designated receiver to identify the source of a given message without being able to prove the identity of the sender to a third party. Therefore, it can be ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2019
263 pages
ISBN:9781450372077
DOI:10.1145/3365871
Copyright © 2019 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 October 2019
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
IoT 2019
Acceptance Rates
IoT '19 Paper Acceptance Rate 28 of 84 submissions, 33%;
Overall Acceptance Rate 28 of 84 submissions, 33%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 135Total Downloads
- Downloads (Last 12 months)10
- Downloads (Last 6 weeks)1
Reflects downloads up to 03 Jan 2025
Other Metrics
Citations
Cited By
View allView Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in