Projects per year
Abstract
Implicit certificates are gaining ever more prominence in constrained embedded devices, in both the internet of things (IoT) and automotive domains. They present a resource-efficient security solution against common threat concerns. The computational requirements are not the main issue anymore, with the focus now shifting to determining a good balance between the provided security level and the derived threat model. A security aspect that often gets overlooked is the establishment of secure communication sessions, as most design solutions are based only on the use of static key derivation, and therefore lack the perfect forward secrecy. This leaves the transmitted data open for potential future exposures as keys are tied to the certificates rather than the communication sessions. We aim to close this gap and present a design that utilizes the Station to Station (STS) protocol with implicit certificates. In addition, we propose potential protocol optimization implementation steps and run a comprehensive study on the performance and security level between the proposed design and the state-of-the-art key derivation protocols. In our comparative study, we show that we are able to mitigate many session-related security vulnerabilities that would otherwise remain open with only a slight computational increase of 20% compared to a static elliptic curve digital signature algorithm (ECDSA) key derivation.
Original language | English |
---|---|
Title of host publication | 2023 Design, Automation and Test in Europe Conference and Exhibition, DATE 2023 - Proceedings |
Number of pages | 6 |
ISBN (Electronic) | 9783981926378 |
DOIs | |
Publication status | Published - 2023 |
Event | Design, Automation & Test in Europe Conference & Exhibition: DATE 2023 - Antwerp, Belgium Duration: 17 Apr 2023 → 19 Apr 2023 |
Conference
Conference | Design, Automation & Test in Europe Conference & Exhibition |
---|---|
Abbreviated title | DATE '23 |
Country/Territory | Belgium |
City | Antwerp |
Period | 17/04/23 → 19/04/23 |
Keywords
- ECQV
- Implicit Certificates
- Sessions
- Security
- Dynamic
- embedded
- implicit
- session
- key derivation
- certificate
- IoT
- security
- STS
- dynamic
- automotive
ASJC Scopus subject areas
- Computer Science (miscellaneous)
- General Engineering
- Computer Networks and Communications
Fields of Expertise
- Information, Communication & Computing
-
Hardware/Software-Codesign
Steger, C., Seifert, C., Stelzer, P., Fiala, G. & Basic, F.
1/01/95 → …
Project: Research area
-
SEAMAL BMS - Creation of the requirement and definition of the system architecture
1/04/20 → 20/09/22
Project: Research project
Activities
-
Establishing Dynamic Secure Sessions for ECQV Implicit Certificates in Embedded Systems
Fikret Basic (Speaker)
18 Apr 2023Activity: Talk or presentation › Talk at conference or symposium › Science to science
-
Design, Automation & Test in Europe Conference & Exhibition
Fikret Basic (Participant)
17 Apr 2023 → 19 Apr 2023Activity: Participation in or organisation of › Conference or symposium (Participation in/Organisation of)