Abstract: Providing security and protecting privacy are essential but challenging for IoT devices. Public key cryptography (PKC) enables fundamental security protocols for IoT communication, such as DTLS. However, PKC-based security protocols pose challenges to resource-constrained IoT devices. First, public-key certificate validation, which is an important building block for various security protocols, incurs non-trivial overhead on resource-constrained IoT devices, because it either requires long latency or large cache space. Second, efficient check for certificate revocations is critical but challenging, because certificate revoked lists can become quite large.



The proposal first proposes a Collaborative Certificate Validation (CCV) protocol to provide efficient certificate validation. The main idea is to utilize the power of distributed caching and explores the feasibility of using the cache spaces on all IoT devices as a large pool to store validated certificates. CCV protocol includes a memory-efficient and fast locator for certificate holders, a trust model to evaluate the trustworthiness of devices, and a protocol suite for dynamic update and certificate revocation. Evaluation results show that CCV only uses less than 25% validation time and reduces >90% decryption operations on each device, compared to individual validation. Malicious devices that conduct dishonest validations can be detected by the network using the proposed trust model.



The proposal then presents vacuum filters, a type of AMQ structures to support efficient status check of the revoked certificates. Vacuum filters cost the smallest space among all known AMQ data structures and provide higher insertion and lookup throughput in most situations.



The proposed CCV and vacuum filters can provide efficient and scalable secure communication for IoT devices. However, only providing security is not enough. Privacy is another critical issue, especially for the communication between IoT devices and cloud servers. As the future work, I plan to research on providing oblivious services to protect privacy for IoT devices.