Intelligent Trust-Based Public-Key Management for IoT by Linking Edge Devices in a Fog Architecture

Abstract

Due to memory and processing limitations, Internet-of-Things (IoT) devices require external fog servers to perform some of their tasks. However, this offloading of tasks comes at the cost of more interactions whose security cannot be guaranteed without the authentication and key management scheme. Traditional prescriptions, such as those used for securing the Web, require referring to central agents, such as certificate authorities (CA) or online certificate status protocol (OCSP) responders, that sit in the cloud. This poses many challenges, including additional communication costs and repetitive delays which work against the low latency and energy efficiency goals of edge networking. In this article, we propose a novel semidecentralized public-key management scheme for smart IoT systems in which devices intelligently decide whether to look for the keying material locally at the edge or refer to the cloud for this purpose. The result is a security architecture that links IoT devices, fog servers, and cloud, but with minimal dependency on the latter. In the proposed solution, devices work collaboratively to deliver revocation lists and digital certificates of fog servers to each other. The decision to go for edge nodes or cloud CA/OCSP responders is made intelligently by each node upon learning its neighborhood and network statistics. The core idea is based on the Web of trust, but unlike that, whenever a material is not found locally, cloud servers are queried. Experiments show that through this intelligent approach, the cost of key management operations, e.g., delay, can be reduced by up to 50%.