Collaborative Validation of Public-Key Certificates for IoT by Distributed Caching

Abstract

Public-key certificate validation is an important building block for various security protocols for IoT devices, such as secure channel establishment, handshaking, and verifying sensing data authenticity from cloud storage. However, certification validation incurs non-trivial overhead on resource-constrained IoT devices, because it either brings long latency or large cache space. This work proposes to utilize the power of distributed caching and explores the feasibility of using the cache spaces on all IoT devices as a large pool to store validated certificates. We design a Collaborative Certificate Validation (CCV) protocol including a memory-efficient and fast locator for certificate holders, a trust model to evaluate the trustworthiness of devices, and a protocol suite for dynamic update and certificate revocation. Evaluation results show that CCV only uses less than 25% validation time and reduces >90% decryption operations on each device, compared to a recent method. Malicious devices that conduct dishonest validations can be detected by the network using the proposed trust model.