New lightweight PKI technologies help secure constrained IoT devices

As billions of devices are being connected to the internet of things, security is lagging behind. Especially for small and battery-powered devices with constrained computing resources. But new lightweight PKI technologies from research project CEBOT, SecureIoT and SecureCare, now enable true end-to-end security also for constrained devices.

Public key infrastructure (PKI) is state of the art when it comes to internet security. However, many small, battery-powered IoT devices lack the required computing resources to use traditional PKI protocols. Most current deployments with constrained devices are not secured at all or only by shared keys, PINs or passwords. As a result, there is a large risk of hacker attacks and eavesdropping.

Now, there is a breakthrough in solving this problem. New lightweight PKI technologies have been developed in the research projects to enable PKI for IoT devices. Martin Furuhed, Nexus’ PKI expert for more than 20 years, has participated in the project and co-authored a paper that addresses two challenges: secure enrollment and certificate overhead reduction.

“In this paper, we develop an automated certificate enrollment protocol light enough for highly constrained devices. This provides end-to-end security between certificate authorities (CA) and the recipient IoT devices. We also design a lightweight profile for X.509 digital certificates. Existing CAs can now issue traditional X.509 certificates to IoT devices,” says Shahid Raza, Director of Cybersecurity at RISE Research Institutes of Sweden. Read the paper here: PKI4IoT: Towards Public Key Infrastructure for the Internet of Things.

Published

09/12 2019

About SecureIoT

SecureIoT (Certificate-based Security for Resource-constrained Internet of Things) is a research project funded by Eurostars and run by the RISE Cybersecurity unit together with Nexus.

The aim of SecureIoT has been to equip IoT devices with capabilities to obtain digital certificates in a secure and automated way and by using the communication protocols that these devices speak.

In the previous research projects CEBOT and SecureIoT, a light-weight and fully automated enrollment protocol, lightweight revocation checking and compression technologies for certificates were created for use by constrained devices. SecureCare will continue on this path by developing other lightweight PKI technologies needed to target IoT scenarios.

 

Interested in how Nexus can help enabling trust for your IoT devices?

Explore 

 

 

Read more from Nexus

Authentication Blog FIDO PKI Workforce Zero Trust

Does FIDO’s promise of passwordless meet the reality of enterprise governance

30 October, 2025
FIDO2 and passkeys promise secure, passwordless authentication, but enterprise adoption brings new governance challenges. Learn how organizations c...
Read more
Authentication Blog FIDO PKI Workforce Zero Trust

The enterprise perspective on authentication: FIDO2 vs. PKI

30 October, 2025
PKI smartcard vs. FIDO2 authentication—key differences, pros and cons for enterprise security and identity management.
Read more
Authentication Blog Multi-Factor Authentication (MFA) Workforce Zero Trust

Bringing Zero Trust to shared devices with NFC authentication

29 October, 2025
Shared mobile devices don’t have to mean shared risk. Learn how NFC-based authentication and trusted workforce identities make Zero Trust practical...
Read more

This website uses cookies

Cookies ("cookies") consist of small text files. The text files contain data which is stored on your device. To be able to place some type of cookies we need your consent. We at Technology Nexus Secured Business Solutions AB, corporate identity number 556258-0414 use these types of cookies. To read more about which cookies we use and storage duration, click here to get to our cookiepolicy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that need to be placed for fundamental functions on the website to work. Fundamental functions are for instance cookies that are needed for you to use menus and navigate the website.

Functional cookies

Functional cookies need to be placed for the website to perform in the way that you excpect. For instance to remember which language you prefer, to know if you are logged in, to keep the website secure, remember login credentials or to enable sorting of products on the website in the way that you prefer.

Statistical cookies

To know how you interact with the website we place cookies to collect statistics. These cookies anonymize personal data.

Ad measurement cookies

To be able to provide a better service and experience we place cookies to tailor marketing for you. Another purpose for this placement is to market products or services to you, give tailored offers or market and give recommendations on new concepts based on what you have bought from us previously.