Digital Certificate Revocation for the Internet of Things

Abstract: Digital certificates have long been used for traditional Internet applications, and have now entered into widespread use for the Internet of Things. However, constrained devices currently have no means to verify the revocation status of certificates. Without the ability to revoke certificates, network administrators have no recourse in the event of a private key compromise. This thesis explores three alternatives to solve this problem: (1) implement the Online Certificate Status Protocol (OCSP) as is on a CoAP network stack, (2) compress certificate revocation lists (CRLs) using Bloom filters, and (3) design an optimized version of OCSP (referred to here as TinyOCSP). This work concludes that TinyOCSP reduces the message overhead of online validation by at least 73%. This reduced the energy consumption of certificate validation by 50% relative to OCSP in the experiments on constrained hardware, which shows that it may be a feasible solution for the IoT