ProjectCertificate Enrollment in Billions of Things

Competence Areas at RISE ICT
Certificate Enrollment in Billions of Things

The CEBOT project aims to equip IoT devices with capabilities that will enable them to obtain digital certificate(s) in a secure and automated way and by using the communication protocols that these devices speak, such as CoAP and DTLS.

Key management is one of the toughest problem is cybersecurity. Key management solutions based on symmetric cryptography are lightweight but are not scalable to billions of IoT devices. Solutions based on asymmetric cryptography are comparatively heavy but more secure, scalable, and well tested in the current Internet. The lack of a user interface and unattended deployments hinder relying on traditional methods of client authentication using a username and a password. Therefore, a fully automated key management solution that also supports Public Key Infrastructure (PKI) is inevitable for most IoT applications. The greatest challenge with asymmetric cryptography and PKI is the process of certifying keys, called enrollment. This is even more challenging in the IoT as things are resource-constrained and use a recent set of IoT protocols (CoAP, DTLS, etc.) that are not compatible with conventional enrollment techniques. This project is intended to solve this challenging problem of automated certificate enrollment in the IoT.  

This project will be a joint effort of the Technology Nexus Secure Business Solution AB, Stockholm (neXus), and the SICS Swedish ICT, Stockholm. While this project will enhance SICS’s IoT security expertise in general and the capabilities of the Contiki operating systems in particular, neXus, being the leading provider of cybersecurity in Sweden, will be able to extend its services from Internet to IoT. Other direct beneficiaries in Sweden who have already endorsed this project and showed keen interest in the project results are Husqvarna, Ericsson, Saab, SUST, Yanzi Networks, Intel, and Scypho.

Project Leader: Shahid Raza


RISE SICS    neXus