Currently Reserved
Identity and Access Management (IAM) is a critical function that manages all accesses and privileges within an IT infrastructure. One of the main steps within IAM is the revocation process, in which a previously authorised entity has its privileges removed or reduced from its previous state. In this regard, credential revocation also plays an important role in the lifecycle management of IoT devices. It serves as a critical mechanism to ensure the security and integrity of interconnected systems. With IoT devices becoming more integrated into our daily lives and industrial processes, the potential for security breaches and unauthorised access dramatically increases.
Effective credential revocation enables device manufacturers and administrators to promptly revoke compromised or outdated security certificates, authentication tokens, and cryptographic keys.This process helps prevent unauthorised entities from gaining access to sensitive data, hijacking devices for malicious purposes, or infiltrating broader networks. By systematically revoking and updating credentials throughout the lifecycle of an IoT device, organisations can significantly mitigate security risks and maintain users' trust, thereby fostering a safer and more resilient IoT ecosystem.
Blockchain is a promising approach to enable a trustworthy and transparent platform for sharing security information between stakeholders without the need for a trusted third party [1]. Several blockchain-based revocation approaches have been developed so far [2, 3, 4, 5], with cryptographic accumulators being a promising solution across various application domains [6]. However, those approaches may have significant limitations for IoT devices in terms of scalability and performance. Therefore, this thesis has to test the limitations of the current approaches and optimise the revocation component for IoT devices lifecycle management.
Goals
References
[1] Ricardo Neisse, Gary Steri, and Igor Nai-Fovino. 2017. A Blockchain-based Approach for Data Accountability and Provenance Tracking. In Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES'17). Association for Computing Machinery, New York, NY, USA, Article 14, 1–10. DOI: https://doi.org/10.1145/3098954.3098958.
[2] How Credential Revocation Works - Hyperledger Indy SDK documentation. Available at: https://hyperledger-indy.readthedocs.io/projects/sdk/en/latest/docs/concepts/revocation/cred-revocation.html.
[3] D. Schumm, R. Mukta and H. Paik, "Efficient Credential Revocation Using Cryptographic Accumulators", 2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), Dubai, United Arab Emirates, 2023. DOI: 10.1109/ICBC56567.2023.10174975.
[4] T. Hewa, A. Bracken, M. Ylianttila and M. Liyanage, "Blockchain-based Automated Certificate Revocation for 5G IoT," ICC 2020 - 2020 IEEE International Conference on Communications (ICC), Dublin, Ireland, 2020, pp. 1-7, doi: 10.1109/ICC40277.2020.9148820.
[5] F. R. Vidal, N. Ivaki and N. Laranjeiro, "Revocation Mechanisms for Blockchain Applications: A Review," 2021 10th Latin-American Symposium on Dependable Computing (LADC), Florianópolis, Brazil, 2021, pp. 01-10, doi: 10.1109/LADC53747.2021.9672577.
[6] M. Loporchio, A. Bernasconi, D. D. F. Maesa and L. Ricci, “A Survey of Set Accumulators for Blockchain Systems”, Computer Science Review, vol.49, 2023. DOI: https://doi.org/10.1016/j.cosrev.2023.100570.
Supervisors: Daria Schumm
back to the main page