Lightweight certificate revocation for low-power IoT with end-to-end security

Public key infrastructure (PKI) provides the basis of authentication and access control in most networked systems. In the Internet of Things (IoT), however, security has predominantly been based on pre-shared keys (PSK), which cannot be revoked and do not provide strong authentication. The prevalenc...

Celý popis

Uloženo v:

Podrobná bibliografie
Vydáno v:	Journal of information security and applications Ročník 73; s. 103424
Hlavní autoři:	Höglund, Joel, Furuhed, Martin, Raza, Shahid
Médium:	Journal Article
Jazyk:	angličtina
Vydáno:	Elsevier Ltd 01.03.2023
Témata:	Authentication Certificate revocation Computer Science with specialization in Computer Communication Datavetenskap med inriktning mot datorkommunikation End-to-end security Internet of thing security Internet of things IoT security Low Power Network security Networked control systems Networked systems OCSP Online certificate status protocol PKI Public key cryptography Public key infrastructure Revocation Strong authentication X.509 IoT security OCSP X.509 Revocation PKI
ISSN:	2214-2126, 2214-2134
On-line přístup:	Získat plný text
Tagy:	Přidat tag Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!

Abstract	Public key infrastructure (PKI) provides the basis of authentication and access control in most networked systems. In the Internet of Things (IoT), however, security has predominantly been based on pre-shared keys (PSK), which cannot be revoked and do not provide strong authentication. The prevalence of PSK in the IoT is due primarily to a lack of lightweight protocols for accessing PKI services. Principal among these services are digital certificate enrollment and revocation, the former of which is addressed in recent research and is being pushed for standardization in IETF. However, no protocol yet exists for retrieving certificate status information on constrained devices, and revocation is not possible unless such a service is available. In this work, we start with implementing the Online Certificate Status Protocol (OCSP), the de facto standard for certificate validation on the Web, on state-of-the-art constrained hardware. In doing so, we demonstrate that the resource overhead of this protocol is unacceptable for highly constrained environments. We design, implement and evaluate a lightweight alternative to OCSP, TinyOCSP, which leverages recently standardized IoT protocols, such as CoAP and CBOR. In our experiments, validating eight certificates with TinyOCSP required 41% less energy than validating just one with OCSP on an ARM Cortex-M3 SoC. Moreover, validation transactions encoded with TinyOCSP are at least 73% smaller than the OCSP equivalent. We design a protocol for compressed certificate revocation lists (CCRL) using Bloom filters which together with TinyOCSP can further reduce validation overhead. We derive a set of equations for computing the optimal filter parameters, and confirm these results through empirical evaluation.
AbstractList	Public key infrastructure (PKI) provides the basis of authentication and access control in most networked systems. In the Internet of Things (IoT), however, security has predominantly been based on pre-shared keys (PSK), which cannot be revoked and do not provide strong authentication. The prevalence of PSK in the IoT is due primarily to a lack of lightweight protocols for accessing PKI services. Principal among these services are digital certificate enrollment and revocation, the former of which is addressed in recent research and is being pushed for standardization in IETF. However, no protocol yet exists for retrieving certificate status information on constrained devices, and revocation is not possible unless such a service is available. In this work, we start with implementing the Online Certificate Status Protocol (OCSP), the de facto standard for certificate validation on the Web, on state-of-the-art constrained hardware. In doing so, we demonstrate that the resource overhead of this protocol is unacceptable for highly constrained environments. We design, implement and evaluate a lightweight alternative to OCSP, TinyOCSP, which leverages recently standardized IoT protocols, such as CoAP and CBOR. In our experiments, validating eight certificates with TinyOCSP required 41% less energy than validating just one with OCSP on an ARM Cortex-M3 SoC. Moreover, validation transactions encoded with TinyOCSP are at least 73% smaller than the OCSP equivalent. We design a protocol for compressed certificate revocation lists (CCRL) using Bloom filters which together with TinyOCSP can further reduce validation overhead. We derive a set of equations for computing the optimal filter parameters, and confirm these results through empirical evaluation. Public key infrastructure (PKI) provides the basis of authentication and access control in most networked systems. In the Internet of Things (IoT), however, security has predominantly been based on pre-shared keys (PSK), which cannot be revoked and do not provide strong authentication. The prevalence of PSK in the IoT is due primarily to a lack of lightweight protocols for accessing PKI services. Principal among these services are digital certificate enrollment and revocation, the former of which is addressed in recent research and is being pushed for standardization in IETF. However, no protocol yet exists for retrieving certificate status information on constrained devices, and revocation is not possible unless such a service is available. In this work, we start with implementing the Online Certificate Status Protocol (OCSP), the de facto standard for certificate validation on the Web, on state-of-the-art constrained hardware. In doing so, we demonstrate that the resource overhead of this protocol is unacceptable for highly constrained environments. We design, implement and evaluate a lightweight alternative to OCSP, TinyOCSP, which leverages recently standardized IoT protocols, such as CoAP and CBOR. In our experiments, validating eight certificates with TinyOCSP required 41% less energy than validating just one with OCSP on an ARM Cortex-M3 SoC. Moreover, validation transactions encoded with TinyOCSP are at least 73% smaller than the OCSP equivalent. We design a protocol for compressed certificate revocation lists (CCRL) using Bloom filters which together with TinyOCSP can further reduce validation overhead. We derive a set of equations for computing the optimal filter parameters, and confirm these results through empirical evaluation. © 2023 The Authors Public key infrastructure (PKI) provides the basis of authentication and access control in most networked systems. In the Internet of Things (IoT), however, security has predominantly been based on pre-shared keys (PSK), which cannot be revoked and do not provide strong authentication. The prevalence of PSK in the IoT is due primarily to a lack of lightweight protocols for accessing PKI services. Principal among these services are digital certificate enrollment and revocation, the former of which is addressed in recent research and is being pushed for standardization in IETF. However, no protocol yet exists for retrieving certificate status information on constrained devices, and revocation is not possible unless such a service is available. In this work, we start with implementing the Online Certificate Status Protocol (OCSP), the de facto standard for certificate validation on the Web, on state-of-the-art constrained hardware. In doing so, we demonstrate that the resource overhead of this protocol is unacceptable for highly constrained environments. We design, implement and evaluate a lightweight alternative to OCSP, TinyOCSP, which leverages recently standardized IoT protocols, such as CoAP and CBOR. In our experiments, validating eight certificates with TinyOCSP required 41% less energy than validating just one with OCSP on an ARM Cortex-M3 SoC. Moreover, validation transactions encoded with TinyOCSP are at least 73% smaller than the OCSP equivalent. We design a protocol for compressed certificate revocation lists (CCRL) using Bloom filters which together with TinyOCSP can further reduce validation overhead. We derive a set of equations for computing the optimal filter parameters, and confirm these results through empirical evaluation. Public key infrastructure (PKI) provides the basis of authentication and access control in most networked systems. In the Internet of Things (IoT), however, security has predominantly been based on pre-shared keys (PSK), which cannot be revoked and do not provide strong authentication. The prevalence of PSK in the IoT is due primarily to a lack of lightweight protocols for accessing PKI services. Principal among these services are digital certificate enrollment and revocation, the former of which is addressed in recent research and is being pushed for standardization in IETF. However, no protocol yet exists for retrieving certificate status information on constrained devices, and revocation is not possible unless such a service is available. In this work, we start with implementing the Online Certificate Status Protocol (OCSP), the de facto standard for certificate validation on the Web, on state-of-the-art constrained hardware. In doing so, we demonstrate that the resource overhead of this protocol is unacceptable for highly constrained environments. We design, implement and evaluate a lightweight alternative to OCSP, TinyOCSP, which leverages recently standardized IoT protocols, such as CoAP and CBOR. In our experiments, validating eight certificates with TinyOCSP required 41% less energy than validating just one with OCSP on an ARM Cortex-M3 SoC. Moreover, validation transactions encoded with TinyOCSP are at least 73% smaller than the OCSP equivalent. We design a protocol for compressed certificate revocation lists (CCRL) using Bloom filters which together with TinyOCSP can further reduce validation overhead. We derive a set of equations for computing the optimal filter pa
ArticleNumber	103424
Author	Raza, Shahid Furuhed, Martin Höglund, Joel
Author_xml	– sequence: 1 givenname: Joel orcidid: 0000-0002-9491-8183 surname: Höglund fullname: Höglund, Joel email: joel.hoglund@ri.se organization: RISE Research Institutes of Sweden, Isafjordsgatan 22, Kista, Stockholm, 16440, Sweden – sequence: 2 givenname: Martin surname: Furuhed fullname: Furuhed, Martin email: martin.furuhed@nexusgroup.com organization: Nexus Group, Telefonv. 26, Stockholm, 12626, Sweden – sequence: 3 givenname: Shahid orcidid: 0000-0001-8192-0893 surname: Raza fullname: Raza, Shahid email: shahid.raze@ri.se organization: RISE Research Institutes of Sweden, Isafjordsgatan 22, Kista, Stockholm, 16440, Sweden
BackLink	https://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-64231$$DView record from Swedish Publication Index (Mälardalens högskola) https://urn.kb.se/resolve?urn=urn:nbn:se:ri:diva-63979$$DView record from Swedish Publication Index https://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-495063$$DView record from Swedish Publication Index (Uppsala universitet)
BookMark	eNqNkU9PwzAMxXMACRh8AU69Q0eSptkicUHjrzTEBbhaaepunkYzJRkV356OwYXD4OJnWe9nS35HbK_1LTJ2KvhQcKEvFsMFRTuUXBb9oFBS7bFDKYXKpZD6gJ3EuOCcCylMKYtD9jil2Tx1uKmZw5CoIWcTZgHffd-Qb7PGh2zpu3zlOwzZg3_OOkrzDNs6Tz7vJYvo1oHSxzHbb-wy4sm3DtjL7c3z5D6fPt09TK6muVOlSrnkSmtZCVMbMzZjbSojpTPGldohcqt143Q1sqrCqrFj7fTImqaUta50WRWmGLDz7d7Y4WpdwSrQmw0f4C3BNb1egQ8zWK9BmZLroref_W0PBLowo38uf6vnoJUsRG8fb-0u-BgDNuAofT0uBUtLEBw2ycACNsnAJhnYJtOj8hf6c2sndLmFsH_wO2GA6AhbhzUFdAlqT7vwTwMyrJQ
CitedBy_id	crossref_primary_10_1109_JSEN_2024_3430515 crossref_primary_10_1007_s10207_024_00825_z
Cites_doi	10.1109/TDSC.2015.2467385 10.1145/2463183.2463193 10.1109/INFOCOM.2019.8737423 10.1109/49.839932
ContentType	Journal Article
Copyright	2023 The Authors
Copyright_xml	– notice: 2023 The Authors
DBID	6I. AAFTH AAYXX CITATION ABGEM ADTPV AOWAS D8T DF7 ZZAVC DF2
DOI	10.1016/j.jisa.2023.103424
DatabaseName	ScienceDirect Open Access Titles Elsevier:ScienceDirect:Open Access CrossRef SWEPUB Mälardalens högskola full text SwePub SwePub Articles SWEPUB Freely available online SWEPUB Mälardalens högskola SwePub Articles full text SWEPUB Uppsala universitet
DatabaseTitle	CrossRef
DatabaseTitleList
DeliveryMethod	fulltext_linktorsrc
Discipline	Computer Science
ExternalDocumentID	oai_DiVA_org_uu_495063 oai_DiVA_org_ri_63979 oai_DiVA_org_mdh_64231 10_1016_j_jisa_2023_103424 S2214212623000091
GroupedDBID	--M .~1 1~. 4.4 457 4G. 5VS 6I. 7-5 8P~ AAEDT AAEDW AAFJI AAFTH AAIKJ AAKOC AALRI AAOAW AAQFI AATTM AAXKI AAXUO AAYFN AAYWO ABBOA ABMAC ABXDB ACDAQ ACGFS ACRLP ACZNC ADBBV ADEZE AEBSH AEIPS AEKER AFJKZ AFTJW AFXIZ AGCQF AGHFR AGRNS AGUBO AIALX AIEXJ AIIUN AIKHN AITUG AKRWK ALMA_UNASSIGNED_HOLDINGS AMRAJ ANKPU AOMHK AOUOD APXCP AVARZ AXJTR BKOJK BLXMC BNPGV EBS EFJIC EJD FDB FIRID FNPLU FYGXN GBLVA GBOLZ KOM M41 MO0 OAUVE P-8 P-9 PC. PRBVW RIG ROL SPC SPCBC SSB SSH SSO SSV SSZ T5K ~G- AAYXX ACLOT ACVFH ADCNI AEUPX AFPUW AIGII AKBMS AKYEP CITATION EFKBS EFLBG ABGEM ADTPV AOWAS D8T DF7 ZZAVC DF2
ID	FETCH-LOGICAL-c454t-204662b19d9989869b922c99c56cee0a66fc6b7a4bebfa86c67a9f52d6b65b393
ISICitedReferencesCount	14
ISICitedReferencesURI	http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000925935000001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN	2214-2126 2214-2134
IngestDate	Tue Nov 04 16:52:42 EST 2025 Wed Sep 24 03:41:37 EDT 2025 Tue Nov 04 16:25:03 EST 2025 Wed Nov 05 20:35:53 EST 2025 Tue Nov 18 22:35:37 EST 2025 Sun May 18 06:42:43 EDT 2025
IsDoiOpenAccess	true
IsOpenAccess	true
IsPeerReviewed	true
IsScholarly	true
Keywords	IoT security OCSP X.509 Revocation PKI
Language	English
License	This is an open access article under the CC BY license.
LinkModel	OpenURL
MergedId	FETCHMERGED-LOGICAL-c454t-204662b19d9989869b922c99c56cee0a66fc6b7a4bebfa86c67a9f52d6b65b393
ORCID	0000-0002-9491-8183 0000-0001-8192-0893
OpenAccessLink	https://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-64231
ParticipantIDs	swepub_primary_oai_DiVA_org_uu_495063 swepub_primary_oai_DiVA_org_ri_63979 swepub_primary_oai_DiVA_org_mdh_64231 crossref_citationtrail_10_1016_j_jisa_2023_103424 crossref_primary_10_1016_j_jisa_2023_103424 elsevier_sciencedirect_doi_10_1016_j_jisa_2023_103424
PublicationCentury	2000
PublicationDate	2023-03-01
PublicationDateYYYYMMDD	2023-03-01
PublicationDate_xml	– month: 03 year: 2023 text: 2023-03-01 day: 01
PublicationDecade	2020
PublicationTitle	Journal of information security and applications
PublicationYear	2023
Publisher	Elsevier Ltd
Publisher_xml	– name: Elsevier Ltd
References	Gibson (b23) 2014 Pritikin, Yee, Harkins (b11) 2013 Vasseur (b5) 2010 Larisch, Choffnes, Levin, Maggs, Mislove, Wilson (b14) 2017 Micali S. NOVOMODO: Scalable Certificate Validation and Simplified PKI Management. In: Proceedings of the 1st annual PKI research workshop, Vol. 15. 2002. Stevens, Bursztein, Karpman (b26) 2017 Naor, Nissim (b19) 2000; 18 Liu, Tome, Zhang, Choffnes, Levin, Maggs (b3) 2015 Foundation (b27) 2018 Wright, Lincoln, Millen (b25) 2000 Hummen R, Ziegeldorf JH, Shafagh H, Raza S, Wehrle K. Towards Viable Certificate-based Authentication for the Web of Things. In: ACM workshop on hot topics on wireless network security and privacy, co-located with ACM WiSec 2013. Budapest, Hungary; 2013, p. 0–5. Rabieh, Mahmoud, Akkaya, Tonyali (b13) 2017; 14 Micali (b20) 1996 Bormann, Hoffman (b7) 2013 Selander, Mattsson, Palombini, Seitz (b8) 2018 Kocher (b17) 1998 Jones (b28) 2017 Raya, Jungels, Papadimitratos, Aad, Hubaux (b12) 2006 Wang M, Qian C, Li X, Shi S. Collaborative Validation of Public-Key Certificates for IoT by Distributed Caching. In: Proceedings of IEEE INFOCOM. Paris, France; 2019, p. 92–105. Mani, Durairajan, Barford, Sommers (b31) 2018 Bormann, Ersue, Keränen (b16) 2014 Santesson, Myers, Ankney, Malpani, Galperin, Adams (b2) 2013 Li Duan, Yong Li, Lijun Liao (b15) 2018 Selander, Raza, Furuhed, Vucinic (b9) 2019 Goodrich, Tamassia, Schwerin (b18) 2001 Lim, Lakshminarayanan (b22) 2007 Zhang, Choffnes, Levin, Dumitraş, Mislove, Schulman (b30) 2014 Montenegro, Hui, Culler, Kushalnagar (b4) 2007 van der Stok, Kampanakis, Kumar, Richardson, Furuhed, Raza (b10) 2018 Shelby, Hartke, Bormann (b6) 2014 Goel, Gupta (b29) 2010 Zhang (10.1016/j.jisa.2023.103424_b30) 2014 Selander (10.1016/j.jisa.2023.103424_b9) 2019 Bormann (10.1016/j.jisa.2023.103424_b16) 2014 Pritikin (10.1016/j.jisa.2023.103424_b11) 2013 Wright (10.1016/j.jisa.2023.103424_b25) 2000 Micali (10.1016/j.jisa.2023.103424_b20) 1996 van der Stok (10.1016/j.jisa.2023.103424_b10) 2018 Goodrich (10.1016/j.jisa.2023.103424_b18) 2001 Mani (10.1016/j.jisa.2023.103424_b31) 2018 Li Duan (10.1016/j.jisa.2023.103424_b15) 2018 Naor (10.1016/j.jisa.2023.103424_b19) 2000; 18 Larisch (10.1016/j.jisa.2023.103424_b14) 2017 Selander (10.1016/j.jisa.2023.103424_b8) 2018 Goel (10.1016/j.jisa.2023.103424_b29) 2010 Foundation (10.1016/j.jisa.2023.103424_b27) 2018 Liu (10.1016/j.jisa.2023.103424_b3) 2015 Vasseur (10.1016/j.jisa.2023.103424_b5) 2010 Shelby (10.1016/j.jisa.2023.103424_b6) 2014 Bormann (10.1016/j.jisa.2023.103424_b7) 2013 Jones (10.1016/j.jisa.2023.103424_b28) 2017 10.1016/j.jisa.2023.103424_b24 10.1016/j.jisa.2023.103424_b1 Stevens (10.1016/j.jisa.2023.103424_b26) 2017 10.1016/j.jisa.2023.103424_b21 Raya (10.1016/j.jisa.2023.103424_b12) 2006 Kocher (10.1016/j.jisa.2023.103424_b17) 1998 Santesson (10.1016/j.jisa.2023.103424_b2) 2013 Gibson (10.1016/j.jisa.2023.103424_b23) 2014 Montenegro (10.1016/j.jisa.2023.103424_b4) 2007 Rabieh (10.1016/j.jisa.2023.103424_b13) 2017; 14 Lim (10.1016/j.jisa.2023.103424_b22) 2007
References_xml	– year: 2013 ident: b7 article-title: Concise binary object representation (CBOR) – start-page: 68 year: 2001 end-page: 82 ident: b18 article-title: Implementation of an authenticated dictionary with skip lists and commutative hashing publication-title: Proceedings DARPA information survivability conference and exposition II, Vol. 2 – year: 2018 ident: b10 article-title: EST over secure CoAP (EST-coaps) publication-title: Internet-draft draft-ietf-ace-coap-est-06 – volume: 18 start-page: 561 year: 2000 end-page: 570 ident: b19 article-title: Certificate revocation and certificate update publication-title: IEEE J Sel Areas Commun – start-page: 143 year: 2010 end-page: 154 ident: b29 article-title: Small subset queries and bloom filters using ternary associative memories, with applications publication-title: Proceedings of the ACM SIGMETRICS international conference on measurement and modeling of computer systems – start-page: 183 year: 2015 end-page: 196 ident: b3 article-title: An end-to-end measurement of certificate revocation in the web’s PKI publication-title: Proceedings of the 2015 internet measurement conference – start-page: 539 year: 2017 end-page: 556 ident: b14 article-title: Crlite: A scalable system for pushing all TLS revocations to all browsers publication-title: 2017 IEEE symposium on security and privacy – start-page: 19 year: 2000 end-page: 24 ident: b25 article-title: Efficient fault-tolerant certificate revocation publication-title: Proceedings of the 7th ACM conference on computer and communications security – start-page: 7:1 year: 2018 end-page: 7:8 ident: b15 article-title: Flexible certificate revocation list for efficient authentication in IoT publication-title: Proceedings of the 8th international conference on the internet of things – year: 2017 ident: b26 article-title: Announcing the first SHA1 collision – volume: 14 start-page: 420 year: 2017 end-page: 432 ident: b13 article-title: Scalable certificate revocation schemes for smart grid AMI networks using bloom filters publication-title: IEEE Trans Dependable Secure Comput – year: 2018 ident: b8 article-title: Object security for constrained restful environments (OSCORE) publication-title: Internet-draft draft-ietf-core-object-security-15 – reference: Micali S. NOVOMODO: Scalable Certificate Validation and Simplified PKI Management. In: Proceedings of the 1st annual PKI research workshop, Vol. 15. 2002. – year: 2006 ident: b12 article-title: Certificate revocation in vehicular networks publication-title: Laboratory for computer communications and applications – reference: Wang M, Qian C, Li X, Shi S. Collaborative Validation of Public-Key Certificates for IoT by Distributed Caching. In: Proceedings of IEEE INFOCOM. Paris, France; 2019, p. 92–105. – year: 2017 ident: b28 article-title: The end of SHA-1 on the public web – year: 2014 ident: b23 article-title: An evaluation of the effectiveness of chrome’s CRLSets – year: 2010 ident: b5 article-title: Interconnecting smart objects with IP: the next internet – year: 2014 ident: b16 article-title: Terminology for constrained-node networks – year: 2013 ident: b11 article-title: Enrollment over secure transport – start-page: 172 year: 1998 end-page: 177 ident: b17 article-title: On certificate revocation and validation publication-title: Proceedings of the second international conference on financial cryptography – start-page: 182 year: 2007 end-page: 187 ident: b22 article-title: On the performance of certificate validation schemes based on pre-computed responses publication-title: IEEE GLOBECOM 2007 - IEEE global telecommunications conference – year: 2018 ident: b31 article-title: A system for clock synchronization in an internet of things – reference: Hummen R, Ziegeldorf JH, Shafagh H, Raza S, Wehrle K. Towards Viable Certificate-based Authentication for the Web of Things. In: ACM workshop on hot topics on wireless network security and privacy, co-located with ACM WiSec 2013. Budapest, Hungary; 2013, p. 0–5. – year: 2013 ident: b2 article-title: X.509 internet public key infrastructure online certificate status protocol - OCSP – year: 1996 ident: b20 article-title: Efficient certificate revocation – start-page: 489 year: 2014 end-page: 502 ident: b30 article-title: Analysis of SSL certificate reissues and revocations in the wake of heartbleed publication-title: Proceedings of the 2014 conference on internet measurement conference – year: 2019 ident: b9 article-title: Protecting EST payloads with OSCORE publication-title: Internet-draft draft-selander-ace-coap-est-oscore-02 – year: 2014 ident: b6 article-title: The constrained application protocol (CoAP) – year: 2007 ident: b4 article-title: Transmission of IPv6 packets over IEEE 802.15.4 networks – year: 2018 ident: b27 article-title: OSCP manpage – year: 2007 ident: 10.1016/j.jisa.2023.103424_b4 – year: 2019 ident: 10.1016/j.jisa.2023.103424_b9 article-title: Protecting EST payloads with OSCORE – year: 2014 ident: 10.1016/j.jisa.2023.103424_b23 – year: 2018 ident: 10.1016/j.jisa.2023.103424_b10 article-title: EST over secure CoAP (EST-coaps) – year: 2017 ident: 10.1016/j.jisa.2023.103424_b26 – year: 2013 ident: 10.1016/j.jisa.2023.103424_b2 – start-page: 19 year: 2000 ident: 10.1016/j.jisa.2023.103424_b25 article-title: Efficient fault-tolerant certificate revocation – year: 2006 ident: 10.1016/j.jisa.2023.103424_b12 article-title: Certificate revocation in vehicular networks – start-page: 539 year: 2017 ident: 10.1016/j.jisa.2023.103424_b14 article-title: Crlite: A scalable system for pushing all TLS revocations to all browsers – year: 2013 ident: 10.1016/j.jisa.2023.103424_b11 – start-page: 172 year: 1998 ident: 10.1016/j.jisa.2023.103424_b17 article-title: On certificate revocation and validation – volume: 14 start-page: 420 issue: 4 year: 2017 ident: 10.1016/j.jisa.2023.103424_b13 article-title: Scalable certificate revocation schemes for smart grid AMI networks using bloom filters publication-title: IEEE Trans Dependable Secure Comput doi: 10.1109/TDSC.2015.2467385 – year: 2018 ident: 10.1016/j.jisa.2023.103424_b27 – year: 2014 ident: 10.1016/j.jisa.2023.103424_b6 – ident: 10.1016/j.jisa.2023.103424_b21 – ident: 10.1016/j.jisa.2023.103424_b1 doi: 10.1145/2463183.2463193 – ident: 10.1016/j.jisa.2023.103424_b24 doi: 10.1109/INFOCOM.2019.8737423 – year: 2013 ident: 10.1016/j.jisa.2023.103424_b7 – start-page: 68 year: 2001 ident: 10.1016/j.jisa.2023.103424_b18 article-title: Implementation of an authenticated dictionary with skip lists and commutative hashing – year: 1996 ident: 10.1016/j.jisa.2023.103424_b20 – year: 2017 ident: 10.1016/j.jisa.2023.103424_b28 – start-page: 489 year: 2014 ident: 10.1016/j.jisa.2023.103424_b30 article-title: Analysis of SSL certificate reissues and revocations in the wake of heartbleed – start-page: 182 year: 2007 ident: 10.1016/j.jisa.2023.103424_b22 article-title: On the performance of certificate validation schemes based on pre-computed responses – year: 2018 ident: 10.1016/j.jisa.2023.103424_b31 – year: 2014 ident: 10.1016/j.jisa.2023.103424_b16 – start-page: 7:1 year: 2018 ident: 10.1016/j.jisa.2023.103424_b15 article-title: Flexible certificate revocation list for efficient authentication in IoT – year: 2018 ident: 10.1016/j.jisa.2023.103424_b8 article-title: Object security for constrained restful environments (OSCORE) – start-page: 143 year: 2010 ident: 10.1016/j.jisa.2023.103424_b29 article-title: Small subset queries and bloom filters using ternary associative memories, with applications – start-page: 183 year: 2015 ident: 10.1016/j.jisa.2023.103424_b3 article-title: An end-to-end measurement of certificate revocation in the web’s PKI – year: 2010 ident: 10.1016/j.jisa.2023.103424_b5 – volume: 18 start-page: 561 issue: 4 year: 2000 ident: 10.1016/j.jisa.2023.103424_b19 article-title: Certificate revocation and certificate update publication-title: IEEE J Sel Areas Commun doi: 10.1109/49.839932
SSID	ssj0001219523 ssib023362450
Score	2.3486474
Snippet	Public key infrastructure (PKI) provides the basis of authentication and access control in most networked systems. In the Internet of Things (IoT), however,...
SourceID	swepub crossref elsevier
SourceType	Open Access Repository Enrichment Source Index Database Publisher
StartPage	103424
SubjectTerms	Authentication Certificate revocation Computer Science with specialization in Computer Communication Datavetenskap med inriktning mot datorkommunikation End-to-end security Internet of thing security Internet of things IoT security Low Power Network security Networked control systems Networked systems OCSP Online certificate status protocol PKI Public key cryptography Public key infrastructure Revocation Strong authentication X.509
Title	Lightweight certificate revocation for low-power IoT with end-to-end security
URI	https://dx.doi.org/10.1016/j.jisa.2023.103424 https://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-64231 https://urn.kb.se/resolve?urn=urn:nbn:se:ri:diva-63979 https://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-495063
Volume	73
WOSCitedRecordID	wos000925935000001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
journalDatabaseRights	– providerCode: PRVESC databaseName: Elsevier SD Freedom Collection Journals 2021 issn: 2214-2126 databaseCode: AIEXJ dateStart: 20130701 customDbUrl: isFulltext: true dateEnd: 99991231 titleUrlDefault: https://www.sciencedirect.com omitProxy: false ssIdentifier: ssj0001219523 providerName: Elsevier
link	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV3Nb9MwFLeg48CFb7SOD_kwTpUn7NhOfCywiU1jQqJMvVmOk6ytSlJlzTbx12PHzgcTLezAJaoi5zXJ7-eX5_ee3wNgP6AqiDmLkY54hKgxSFFEkgQlqcYaZ4yxOpvw_DQ8O4umU_HVpw5d1u0EwjyPbm7E6r9Cbc4ZsO3W2TvA3Qo1J8xvA7o5GtjN8Z-AP7XL7eva4znSNms6q7e52U0qhe5SC5fFNVrZFmmj42Li3LFpnqB1gVLrSvdt7TbYrr7cai2sGerKvvbi4S1jbDD-A79YVs6JfVKkbVrHUVVWM-dvdQUNurjTz9qs_TZTM590730TJOiSs5wKIwRTZD6OvK9vw6CnMLEtQUj_qMudW2FxsLBRfSv9oBv8e-HsWx-0Ns2wyWBbSCtDWhnSybgPdkjIRDQAO-Pjw-lJzy2HBaubArb37rdauazA2zez0Zzp152tbZXJE_DIAwXHjhxPwb00fwYeNw08oNfnz8GXHldgjyuw4wo0QMOWK9BwBVquwI4rsCHAC_D96HDy8TPy_TWQpoyuzayhnJMYi0TYLqJcxIIQLYRm3JhO7xXnmeZxqGicxpmKuOahEhkjCbezOxDBSzDIizzdBdAstONUqSwx1iENgkyFmcCaxjgROlIZGQLcvCapffF52wNlKTdjNASj9pqVK72ydTRr3r70xqMzCqXh09br3jmo2v-wBdc_zc_Hsigv5I9kJs0SPcBDsL9tXDmXdYj8L-KqSlLBzLJg704P9wo87KbXazBYl1X6BjzQV-v5ZfnWc_gXunW6qA
linkProvider	Elsevier
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Lightweight+certificate+revocation+for+low-power+IoT+with+end-to-end+security&rft.jtitle=Journal+of+information+security+and+applications&rft.au=H%C3%B6glund%2C+Joel&rft.au=Furuhed%2C+Martin&rft.au=Raza%2C+Shahid&rft.date=2023-03-01&rft.issn=2214-2126&rft.volume=73&rft.spage=103424&rft_id=info:doi/10.1016%2Fj.jisa.2023.103424&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_jisa_2023_103424
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2214-2126&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2214-2126&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2214-2126&client=summon