Establishing Dynamic Secure Sessions for ECQV Implicit Certificates in Embedded Systems (2311.11444v1)

Abstract: Be it in the IoT or automotive domain, implicit certificates are gaining ever more prominence in constrained embedded devices. They present a resource-efficient security solution against common threat concerns. The computational requirements are not the main issue anymore. The focus is now placed on determining a good balance between the provided security level and the derived threat model. A security aspect that often gets overlooked is the establishment of secure communication sessions, as most design solutions are based only on the use of static key derivation, and therefore, lack the perfect forward secrecy. This leaves the transmitted data open for potential future exposures by having keys tied to the certificates rather than the communication sessions. We aim to patch this gap, by presenting a design that utilizes the Station to Station (STS) protocol with implicit certificates. In addition, we propose potential protocol optimization implementation steps and run a comprehensive study on the performance and security level between the proposed design and the state-of-the-art key derivation protocols. In our comparative study, we show that with a slight computational increase of 20\% compared to a static ECDSA key derivation, we are able to mitigate many session-related security vulnerabilities that would otherwise remain open.