Secure Mechanisms for Certificate Validation and Secret Key Distribution in Resource-Constrained Networks Open Access
Downloadable ContentDownload PDF
The prevalence of ubiquitously connected resource-limited devices is forming the main factor of resource-constrained networks. Exploiting such a vast network yields an unprecedented ability to monitor and control our environments. While resource constrained networks provide us with numerous valuable benefits, it also exposes us to several security threats. The security of the communication network has gradually become one of the primary factors that affect any system. We challenge the established belief that the security of communications must be inherent in every resource-constrained network to defeat various security threats. This dissertation is focused on alleviating the burden of communication security challenges for various applications in resource-constrained networks.In the first work, we consider certificate validation in the Public Key Infrastructure (PKI), which is a vital phase of establishing secure connections on resource-constrained networks. Developing such a system is challenging because digital certificates need to be validated for many clients with elastic resources at low cost. We present SecureGuard, a certificate validation system that effectively handles the certificate validation process during the TLS handshake. Our results show that SecureGuard can validate the digital certificates in a very short time, secure manner, and less network overhead. Along the way, we analyze the TLS handshake of the Alexa Top 1 Million domains and explore different weaknesses of the current certificate validation approaches. In our second work, we focus on utilizing fog computing to provide security services for IoT environments. Fog computing is envisioned to enable a wide range of benefits, some of which are decreased bandwidth, and reduced latency. In this work, we investigate the security and privacy issues in IoT environments and propose a novel scheme that employs fog to securely distribute revocation information among IoT devices. In the third work, we explore the security issues of certificate revocation information in Vehicular Ad-Hoc Networks (VANETs). We propose an efficient revocation scheme based on the use of fog computing and Merkle hash trees replacing the time consuming CRL checking process. More specifically, we divide the roadway into several domains, in which fog nodes manage the vehicles in a localized manner. Then, we utilize Merkle hash trees to provide a highly scalable way to disseminate the revocation information and ensure the integrity of the certificate's status. The performance analysis is carried out to demonstrate the effectiveness of our scheme in terms of verification delay compared with the conventional mechanisms.In our last work, we intend to address the prevalent security issues of fog computing network. To achieve confidentiality, authentication, verifiability, and access control, we design a secure protocol based on Ciphertext-Policy Attribute-Based Encryption (CP-ABE). The security analysis and performance evaluation results illustrate the efficiency of our protocol. Furthermore, we implement our protocol to show its feasibility and prove its correctness.