Adarsh Raghoothaman 2022
Autor | Adarsh Raghoothaman |
Date | 20. Oktober 2022 |
Degree | Master |
Title |
Concept for a Web-of-Trust-based Certificate Management in RIOT OS |
Abstract | In the realm of Internet of Things (IoT), billions of devices communicate with each other or with other devices on the Internet. IoT devices are also generally resource-constrained in terms of memory storage capacity, processing power, network bandwidth and battery power. When the devices communicate, malicious parties can sabotage the communication and cause disruption in the whole IoT environment. Therefore, security arises as a significant factor to be considered. In standard internet, security and trust among devices are provided by the centralized Public Key Infrastructure (PKI). Digital certificates are used to establish the authenticity of devices and secure the communication. PKI depends on the Certificate Authority (CA) to issue and manage the certificates. In addition, most of the IoT environments are directly dependent on cloud platforms. The cloud provides certificates for each network device and manages the devices. The sole dependency of IoT environments on the cloud and CA can be a single point of failure in case of an attack. This affects the whole IoT infrastructure, and the security and reliability of devices are compromised. This issue can be solved by using decentralized key management solutions based on Web of Trust (WoT). Devices can issue certificates for each other in a peer-to-peer manner without depending on a centralized entity like CA. The issued certificates are validated using digital signatures. When authority is transferred from a centralized platform to individual devices in the network, possible single points of failure can be avoided. However, forming trust among the devices become challenging, when the network becomes huge and complex. We need a mechanism to implement asymmetric encryption in an efficient and scalable manner. When devices in the environment do not have the trust to communicate with another node, they should find all the certificate chains along the path for forming a trust. There is much research regarding decentralized key management solutions, still, no IoT Operating Systems have a practical implementation of the concept. In this work, we first review and compare the existing decentralized key management solutions for IoT. We then analyse the requirements for such key management solutions. Then we design and implement a concept for certificate chain discovery in RIOT Operating System (OS). Finally, we evaluate the implementation based on different parameters, total duration for certificate lookup, Central Processing Unit (CPU) overhead for processing the certificates, memory usage and communication overhead. |