New lightweight PKI technologies help secure constrained IoT devices

As billions of devices are being connected to the internet of things, security is lagging behind. Especially for small and battery-powered devices with constrained computing resources. But new lightweight PKI technologies from research project CEBOT, SecureIoT and SecureCare, now enable true end-to-end security also for constrained devices.

Public key infrastructure (PKI) is state of the art when it comes to internet security. However, many small, battery-powered IoT devices lack the required computing resources to use traditional PKI protocols. Most current deployments with constrained devices are not secured at all or only by shared keys, PINs or passwords. As a result, there is a large risk of hacker attacks and eavesdropping.

Now, there is a breakthrough in solving this problem. New lightweight PKI technologies have been developed in the research projects to enable PKI for IoT devices. Martin Furuhed, Nexus’ PKI expert since more than 20 years, has participated in the project and coauthored a paper that addresses two challenges: secure enrollment and certificate overhead reduction.

“In this paper, we develop an automated certificate enrollment protocol light enough for highly constrained devices. This provides end-to-end security between certificate authorities (CA) and the recipient IoT devices. We also design a lightweight profile for X.509 digital certificates. Existing CAs can now issue traditional X.509 certificates to IoT devices,” says Shahid Raza, Director of Cybersecurity at RISE Research Institutes of Sweden. Read the paper here: PKI4IoT: Towards Public Key Infrastructure for the Internet of Things.

Published

About SecureIoT

SecureIoT (Certificate-based Security for Resource-constrained Internet of Things) is a research project funded by Eurostars and run by the RISE Cybersecurity unit together with Nexus.

The aim of SecureIoT has been to equip IoT devices with capabilities to obtain digital certificates in a secure and automated way and by using the communication protocols that these devices speak.

In the previous research projects CEBOT and SecureIoT, a light-weight and fully automated enrollment protocol, lightweight revocation checking and compression technologies for certificates were created for use by constrained devices. SecureCare will continue on this path by developing other lightweight PKI technologies needed to target IoT scenarios.

 

Interested in how Nexus can help enabling trust for your IoT devices?

Explore 

 

 

Read more from Nexus

Customer Cases PKI

Bangladesh Bank selects Nexus Smart ID for management of trusted identities

20 February, 2020
Bangladesh Bank selects Nexus Smart ID for management of trusted digital identities We are pleased to announce that the Bangladesh Bank has select...
Customer Cases PKI

Trusted electronic identities for IT devices secures the future of democracy in Stockholm

27 January, 2020
Trusted electronic identities for IT devices secures the future of democracy in Stockholm We are proud and pleased to announce that Region Stockho...
Customer Cases PKI

LFV selects Atea and Nexus Smart ID to enable SWIM

8 January, 2020
LFV, Sweden's leading provider of air traffic control and associated services for civil and military aviation selected Atea and Nexus Smart ID to e...