{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T17:20:26Z","timestamp":1764782426263},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2024,3,2]],"date-time":"2024-03-02T00:00:00Z","timestamp":1709337600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,3,2]],"date-time":"2024-03-02T00:00:00Z","timestamp":1709337600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"RISE Research Institutes of Sweden"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2024,6]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>IoT deployments grow in numbers and size, which makes questions of long-term support and maintainability increasingly important. Without scalable and standard-compliant capabilities to transfer the control of IoT devices between service providers, IoT system owners cannot ensure long-term maintainability, and risk vendor lock-in. The manual overhead must be kept low for large-scale IoT installations to be economically feasible. We propose AutoPKI, a lightweight protocol to update the IoT PKI credentials and shift the trusted domains, enabling the transfer of control between IoT service providers, building upon the latest IoT standards for secure communication and efficient encodings. We show that the overhead for the involved IoT devices is small and that the overall required manual overhead can be minimized. We analyse the fulfilment of the security requirements, and for a subset of them, we demonstrate that the desired security properties hold through formal verification using the Tamarin prover.<\/jats:p>","DOI":"10.1007\/s10207-024-00825-z","type":"journal-article","created":{"date-parts":[[2024,3,2]],"date-time":"2024-03-02T20:01:33Z","timestamp":1709409693000},"page":"1859-1875","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["AutoPKI: public key infrastructure for IoT with automated trust transfer"],"prefix":"10.1007","volume":"23","author":[{"given":"Joel","family":"H\u00f6glund","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Simon","family":"Bouget","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Martin","family":"Furuhed","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John","family":"Preu\u00df Mattsson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"G\u00f6ran","family":"Selander","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shahid","family":"Raza","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,3,2]]},"reference":[{"key":"825_CR1","doi-asserted-by":"publisher","unstructured":"H\u00f6glund, J., Raza, S., Furuhed, M.: In 2022 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA) (2022), pp. 1\u20138. https:\/\/doi.org\/10.1109\/PKIA56009.2022.9952223","DOI":"10.1109\/PKIA56009.2022.9952223"},{"key":"825_CR2","doi-asserted-by":"crossref","unstructured":"Housley, R., Ford, W., Polk, T., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. RFC 2459, RFC Editor (1999)","DOI":"10.17487\/rfc2459"},{"key":"825_CR3","doi-asserted-by":"publisher","unstructured":"H\u00f6glund, J., Lindemer, S., Furuhed, M., Raza, S.: PKI4IoT: towards public key infrastructure for the Internet of Things. Comput. Secur. 89 (2020). https:\/\/doi.org\/10.1016\/j.cose.2019.101658","DOI":"10.1016\/j.cose.2019.101658"},{"key":"825_CR4","doi-asserted-by":"publisher","unstructured":"H\u00f6glund, J., Raza, S.: In: IEEE Conference on Communications and Network Security, CNS 2021, Tempe, AZ, USA, October 4\u20136, 2021 (IEEE, 2021). https:\/\/doi.org\/10.1109\/CNS53000.2021.9705036","DOI":"10.1109\/CNS53000.2021.9705036"},{"key":"825_CR5","unstructured":"Selander, G., Mattsson, J., Palombini, F.: Ephemeral Diffie\u2013Hellman over cose (edhoc). Internet-Draft draft-ietf-lake-edhoc-03, IETF Secretariat (2020)"},{"key":"825_CR6","doi-asserted-by":"crossref","unstructured":"Schoorman, F.D., Mayer, R.C., Davis, J.H.: An integrative model of organizational trust: Past, present, and future. Acad. Manag. Rev. 32(2), 344 (2007)","DOI":"10.5465\/amr.2007.24348410"},{"key":"825_CR7","doi-asserted-by":"publisher","unstructured":"Khan, M.S.N., Marchal, S., Buchegger, S., Asokan, N.: In: Privacy and Identity Management. Fairness, Accountability, and Transparency in the Age of Big Data, vol. 547, pp. 205\u2013221 (2018). https:\/\/doi.org\/10.1007\/978-3-030-16744-8_14","DOI":"10.1007\/978-3-030-16744-8_14"},{"key":"825_CR8","doi-asserted-by":"publisher","unstructured":"Gunnarsson, M., Gehrmann, C.: In: Proceedings of the 6th International Conference on Information Systems Security and Privacy, vol.\u00a01, ed. by S.\u00a0Furnell, P.\u00a0Mori, E.\u00a0Weippl, O.\u00a0Camp (SciTePress, 2020), vol.\u00a01, pp. 33\u201344. https:\/\/doi.org\/10.5220\/0008928300330044","DOI":"10.5220\/0008928300330044"},{"key":"825_CR9","doi-asserted-by":"publisher","unstructured":"Dent, A.W.: Certificateless Cryptography (Springer US, Boston, MA, 2011), pp. 192\u2013193. https:\/\/doi.org\/10.1007\/978-1-4419-5906-5_314","DOI":"10.1007\/978-1-4419-5906-5_314"},{"key":"825_CR10","unstructured":"Dent, A.W.: In: Public Key Infrastructures, Services and Applications, ed. by F.\u00a0Martinelli, B.\u00a0Preneel (Springer Berlin Heidelberg, Berlin, Heidelberg, 2010), pp. 1\u201316"},{"issue":"8","key":"825_CR11","doi-asserted-by":"publisher","first-page":"3701","DOI":"10.1109\/TII.2018.2794991","volume":"14","author":"A Karati","year":"2018","unstructured":"Karati, A., Islam, S.H., Karuppiah, M.: Provably secure and lightweight certificateless signature scheme for IIoT environments. IEEE Trans. Ind. Inf. 14(8), 3701 (2018). https:\/\/doi.org\/10.1109\/TII.2018.2794991","journal-title":"IEEE Trans. Ind. Inf."},{"key":"825_CR12","doi-asserted-by":"publisher","unstructured":"Safkhani, M., Rostampour, S., Bendavid, Y., Sadeghi, S., Bagheri, N.: Improving RFID\/IoT-based generalized ultra-lightweight mutual authentication protocols. J. Inf. Secur. Appl. 67, 103194 (2022) https:\/\/doi.org\/10.1016\/j.jisa.2022.103194","DOI":"10.1016\/j.jisa.2022.103194"},{"key":"825_CR13","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2022.103173","volume":"67","author":"O AbuAlghanam","year":"2022","unstructured":"AbuAlghanam, O., Qatawneh, M., Almobaideen, W., Saadeh, M.: A new hierarchical architecture and protocol for key distribution in the context of IoT-based smart cities. J. Inf. Secur. Appl. 67, 103173 (2022). https:\/\/doi.org\/10.1016\/j.jisa.2022.103173","journal-title":"J. Inf. Secur. Appl."},{"issue":"2","key":"825_CR14","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1109\/TIT.1983.1056650","volume":"29","author":"D Dolev","year":"1983","unstructured":"Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198 (1983). https:\/\/doi.org\/10.1109\/TIT.1983.1056650","journal-title":"IEEE Trans. Inf. Theory"},{"issue":"5","key":"825_CR15","doi-asserted-by":"publisher","first-page":"1306","DOI":"10.1109\/TSC.2018.2885766","volume":"14","author":"C M\u00fcller","year":"2021","unstructured":"M\u00fcller, C., Gutierrez, A.M., Fernandez, P., Mart\u00edn-D\u00edaz, O., Resinas, M., Ruiz-Cort\u00e9s, A.: Automated validation of compensable SLAs. IEEE Trans. Serv. Comput. 14(5), 1306 (2021). https:\/\/doi.org\/10.1109\/TSC.2018.2885766","journal-title":"IEEE Trans. Serv. Comput."},{"key":"825_CR16","doi-asserted-by":"publisher","unstructured":"Uriarte, R.B., de\u00a0Nicola, R., Kritikos, K.: In: 2018 IEEE International Conference on Cloud Computing Technology and Science (CloudCom) (2018), pp. 266\u2013271. https:\/\/doi.org\/10.1109\/CloudCom2018.2018.00059","DOI":"10.1109\/CloudCom2018.2018.00059"},{"key":"825_CR17","doi-asserted-by":"publisher","unstructured":"Alzubaidi, A., Mitra, K., Solaiman, E.: In: 2021 IEEE International Conference on Smart Internet of Things (SmartIoT) (2021), pp. 74\u201381. https:\/\/doi.org\/10.1109\/SmartIoT52359.2021.00021","DOI":"10.1109\/SmartIoT52359.2021.00021"},{"key":"825_CR18","unstructured":"Beniiche, A.: ArXiv arXiv:2004.07140 (2020)"},{"key":"825_CR19","doi-asserted-by":"publisher","unstructured":"IEEE Std 802.1AR-2018 pp. 1\u201373 (2018). https:\/\/doi.org\/10.1109\/IEEESTD.2018.8423794","DOI":"10.1109\/IEEESTD.2018.8423794"},{"key":"825_CR20","doi-asserted-by":"crossref","unstructured":"Nystrom, M., Kaliski, B.: PKCS #10: Certification Request Syntax Specification Version 1.7. RFC 2986, RFC Editor (2000)","DOI":"10.17487\/rfc2986"},{"key":"825_CR21","unstructured":"Mattsson, J.P., Selander, G., Raza, S., H\u00f6glund, J., Furuhed, M.: CBOR Encoded X.509 Certificates (C509 Certificates). Internet-Draft draft-ietf-cose-cbor-encoded-cert-03, IETF Secretariat (2022)"},{"key":"825_CR22","unstructured":"Schaad, J.: CBOR Object Signing and Encryption (COSE): Header parameters for carrying and referencing X.509 certificates. Internet-Draft draft-ietf-cose-x509-08, IETF Secretariat (2020)"},{"key":"825_CR23","doi-asserted-by":"crossref","unstructured":"Tschofenig, H., Fossati, T.: Transport layer security (tls) \/ datagram transport layer security (dtls) profiles for the internet of things. RFC 7925, RFC Editor (2016)","DOI":"10.17487\/RFC7925"},{"key":"825_CR24","doi-asserted-by":"publisher","unstructured":"Ha, D.A., Nguyen, K.T., Zao, J.K.: In: Proceedings of the 7th Symposium on Information and Communication Technology (Association for Computing Machinery, New York, NY, USA, 2016), SoICT \u201916, pp. 173\u2013179. https:\/\/doi.org\/10.1145\/3011077.3011108","DOI":"10.1145\/3011077.3011108"},{"key":"825_CR25","doi-asserted-by":"crossref","unstructured":"Pritikin, M., Richardson, M., Eckert, T., Behringer, M., Watsen, K.: Bootstrapping remote secure key infrastructure (brski). RFC 8995, RFC Editor (2021)","DOI":"10.17487\/RFC8995"},{"key":"825_CR26","doi-asserted-by":"crossref","unstructured":"van\u00a0der Stok, P., Kampanakis, P., Richardson, M., Raza, S.: EST-coaps: Enrollment over Secure Transport with the Secure Constrained Application Protocol. RFC 9148, RFC Editor (2022)","DOI":"10.17487\/RFC9148"},{"key":"825_CR27","doi-asserted-by":"crossref","unstructured":"Moran, B., Tschofenig, H., Brown, D., Meriac, M.: A Firmware Update Architecture for Internet of Things. RFC 9019, RFC Editor (2021)","DOI":"10.17487\/RFC9019"},{"key":"825_CR28","doi-asserted-by":"publisher","unstructured":"Ankerg\u00e5rd, S.F.J.J., Dushku, E., Dragoni, N.: State-of-the-art software-based remote attestation: opportunities and open issues for Internet of Things. Sensors 21(5) (2021). https:\/\/doi.org\/10.3390\/s21051598","DOI":"10.3390\/s21051598"},{"key":"825_CR29","doi-asserted-by":"crossref","unstructured":"Birkholz, H., Thaler, D., Richardson, M., Smith, N., Pan, W.: Remote attestation procedures architecture. Internet-Draft draft-ietf-rats-architecture-15, IETF Secretariat (2022)","DOI":"10.17487\/RFC9334"},{"key":"825_CR30","doi-asserted-by":"publisher","unstructured":"H\u00f6glund, J., Furuhed, M., Raza, S.: Lightweight certificate revocation for low-power IoT with end-to-end security. J. Inf. Secur. Appl. 73 (2023). https:\/\/doi.org\/10.1016\/j.jisa.2023.103424","DOI":"10.1016\/j.jisa.2023.103424"},{"key":"825_CR31","doi-asserted-by":"publisher","unstructured":"H\u00f6glund, J., Raza, S.: In: 2022 IEEE International Conference on Cyber Security and Resilience (CSR) (2022), pp. 253\u2013260. https:\/\/doi.org\/10.1109\/CSR54599.2022.9850290","DOI":"10.1109\/CSR54599.2022.9850290"},{"key":"825_CR32","doi-asserted-by":"publisher","unstructured":"Dushku, E., Rabbani, M.M., Conti, M., Mancini, L.V., Ranise, S.: SARA: Secure asynchronous remote attestation for IoT systems. IEEE Trans. Inf. Forensics Secur. 15 (2020). https:\/\/doi.org\/10.1109\/TIFS.2020.2983282","DOI":"10.1109\/TIFS.2020.2983282"},{"key":"825_CR33","unstructured":"ComodoSSLstore. Comodo positive ssl certificate. https:\/\/web.archive.org\/web\/20220420135513\/https:\/\/comodosslstore.com\/positivessl.aspx (2022)"},{"key":"825_CR34","doi-asserted-by":"crossref","unstructured":"Krawczyk, H.: In: Advances. In: Boneh, D. (ed.) Cryptology\u2014CRYPTO 2003, pp. 400\u2013425. Springer, Berlin (2003)","DOI":"10.1007\/978-3-540-45146-4_24"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00825-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-024-00825-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00825-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,27]],"date-time":"2024-05-27T02:07:13Z","timestamp":1716775633000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-024-00825-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,2]]},"references-count":34,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2024,6]]}},"alternative-id":["825"],"URL":"https:\/\/doi.org\/10.1007\/s10207-024-00825-z","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3,2]]},"assertion":[{"value":"2 March 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no conflicts of interest relevant to the content of this article and the work covered does not involve any human participants or animal usage.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}