使用DNS基础设施的物联网PKI

2022 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA) Pub Date : 2022-09-09 DOI:10.1109/PKIA56009.2022.9952253

S. Balakrichenan, Ibrahim Ayoub, Benoît Ampeau

{"title":"使用DNS基础设施的物联网PKI","authors":"S. Balakrichenan, Ibrahim Ayoub, Benoît Ampeau","doi":"10.1109/PKIA56009.2022.9952253","DOIUrl":null,"url":null,"abstract":"The main challenge facing IoT today is security. The constrained nature of IoT devices deprives them of using modern security solutions. This leads them to use aged and more vulnerable security mechanisms that expose them to high risks. When compared to more powerful devices, constrained IoT devices cannot use the Public Key Infrastructure with X.509 certificates to establish secure sessions. Moreover, the idea of self-signed certificates and having one trusted CA does not seem that popular. The Domain Name System (DNS) using the DNS-based Authentication of Named Entities protocol (DANE) and DNS's security extensions (DNSSEC) can help create the sought-after Public Key Infrastructure (PKI) for IoT. With a concrete example, this article explains how DNS can deliver IoT PKI functions based on DANE, backed by DNSSEC.","PeriodicalId":333935,"journal":{"name":"2022 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"PKI for IoT using the DNS infrastructure\",\"authors\":\"S. Balakrichenan, Ibrahim Ayoub, Benoît Ampeau\",\"doi\":\"10.1109/PKIA56009.2022.9952253\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The main challenge facing IoT today is security. The constrained nature of IoT devices deprives them of using modern security solutions. This leads them to use aged and more vulnerable security mechanisms that expose them to high risks. When compared to more powerful devices, constrained IoT devices cannot use the Public Key Infrastructure with X.509 certificates to establish secure sessions. Moreover, the idea of self-signed certificates and having one trusted CA does not seem that popular. The Domain Name System (DNS) using the DNS-based Authentication of Named Entities protocol (DANE) and DNS's security extensions (DNSSEC) can help create the sought-after Public Key Infrastructure (PKI) for IoT. With a concrete example, this article explains how DNS can deliver IoT PKI functions based on DANE, backed by DNSSEC.\",\"PeriodicalId\":333935,\"journal\":{\"name\":\"2022 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA)\",\"volume\":\"58 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PKIA56009.2022.9952253\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PKIA56009.2022.9952253","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

当今物联网面临的主要挑战是安全性。物联网设备的约束性质使它们无法使用现代安全解决方案。这导致他们使用陈旧和更脆弱的安全机制，使他们面临高风险。与功能更强大的设备相比，受限的物联网设备不能使用带有X.509证书的公钥基础设施来建立安全会话。此外，自签名证书和拥有一个受信任的CA的想法似乎并不流行。使用基于DNS的命名实体认证协议(DANE)和DNS的安全扩展(DNSSEC)的域名系统(DNS)可以帮助为物联网创建广受欢迎的公钥基础设施(PKI)。本文通过一个具体的例子，解释了DNS如何在DNSSEC的支持下，基于DANE提供物联网PKI功能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

PKI for IoT using the DNS infrastructure

The main challenge facing IoT today is security. The constrained nature of IoT devices deprives them of using modern security solutions. This leads them to use aged and more vulnerable security mechanisms that expose them to high risks. When compared to more powerful devices, constrained IoT devices cannot use the Public Key Infrastructure with X.509 certificates to establish secure sessions. Moreover, the idea of self-signed certificates and having one trusted CA does not seem that popular. The Domain Name System (DNS) using the DNS-based Authentication of Named Entities protocol (DANE) and DNS's security extensions (DNSSEC) can help create the sought-after Public Key Infrastructure (PKI) for IoT. With a concrete example, this article explains how DNS can deliver IoT PKI functions based on DANE, backed by DNSSEC.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA)

自引率

0.00%

发文量