Flexible certificate revocation list for efficient authentication in IoT

When relying on public key infrastructure (PKI) for authentication, whether a party can be trusted primarily depends on its certificate status. Bob's certificate status can be retrieved by Alice through her interaction with Certificate Authority (CA) in the PKI. More specifically, Alice can download Certificate Revocation List (CRL) and then check whether the serial number of the Bob's certificate appears in this list. If not found, Alice knows that Bob can be trusted. Once downloaded, a CRL can be used offline for arbitrary many times till it expires, which saves the bandwidth to an extreme. However, if the number of revoked certificates becomes too large, the size of the CRL will exceed the RAM of Alice's device. This conflict between bandwidth and RAM consumption becomes even more challenging for the Internet-of-Things (IoT), since the IoT end-devices is usually constrained by both factors. To solve this problem in PKI-based authentication in IoT, we proposed two novel lightweight CRL protocols with maximum flexibility tailored for constrained IoT end-devices. The first one is based on generalized Merkle hash tree and the second is based on Bloom filter. We also provided quantitative theorems for CRL parameter configuration, which help strike perfect balance among bandwidth, RAM usage and security in various practical IoT scenarios. Furthermore, we thoroughly evaluated the proposed CRL protocols and exhibited their outstanding efficiency in terms of RAM and bandwidth consumption. In addition, our formal treatment of the security of a CRL protocol can also be of independent interest.