Identity and Access Management (IAM) is an integral part of the security solution for IoT. Today, the cloud service providers determine the IAM schemes, and the constrained IoT devices implement them. The IoT services adapt to use an IoT application layer protocol like the MQTT; however, for IAM, the authentication of these services is identical to the web services and mandates the support for PublicKey Infrastructure (PKI) on constrained clients that are no user-operated browsers.
On a constrained device, the verification of the X.509 certificate chain is resource intensive and requires information like the time - information that may be missing or unavailable on the device. Further, today, the resourceful and human-aided browsers struggle to effectively handle the security exceptions triggered by expired, revoked, and malicious X.509 certificates. These challenges only compound with sleepy, battery powered, and remotely operated devices with no possibility for human inspection.PKI may not just be inefficient and demanding but can overwhelm a minimally equipped IoT device with a large and ever-expanding umbrella of trust. An IoT device connects to only a handful for services in its entire lifetime and needs limited trust. PKI may, therefore, be ill-suited for IoT. A study of the existing alternatives to the PKI provides no solution suitable for use in IoT. Besides, some alternatives like the OAuth-based federated identity, rely on PKI for service authentication.
We present a novel trust model, Vriksh: The Tree of Trust (VTT), tailored for use in IoT. This model aims to provide an embedded device-friendly entity authentication and limit the trust peripheries. With VTT, trust trees group the identities with equal access rights in the system using Merkle trees. We prototype the use of VTTwith TLS raw public keys to compare the energy and resource efficiency of VTT with PKI on an embedded platform. With VTT, we show new, efficient solutions for emerging use cases are possible without the invention of new cryptographic primitives or modifications to the existing ciphers in TLS. However, to establish VTT as an alternative to PKI, the verification of the proposed revocation methods for VTT and independent security reviews are essential. Moreover, PKI with its wide-scale use, enjoys the privilege of constant improvement with extensive use, scrutiny, many attacks, and known vulnerabilities.
In the absence of ready alternatives, we make deployment recommendations for the use of PKI in IoT based on findings from this thesis. A question raised in the thesis, however, remains unaddressed for PKI - How to handle certificate expiry and revocation in remotely operated IoT devices? A critical topic to be pursued in the future to secure IoT.