LocalPKI: An Interoperable and IoT Friendly PKI

A public-key infrastructure (PKI) binds public keys to identities of entities. Usually, this binding is established through a process of registration and issuance of certificates by a certificate authority (CA) where the validation of the registration is performed by a registration authority. In this paper, we propose an alternative scheme, called LocalPKI , where the binding is performed by a local authority and the issuance is left to the end user or to the local authority. The role of a third entity is then to register this binding and to provide up-to-date status information on this registration. The idea is that many more local actors could then take the role of a local authority, thus allowing for an easier spread of public-key certificates in the population. Moreover, LocalPKI represents also an appropriate solution to be deployed in the Internet of Things context. Our scheme’s security is formally proven with the help of Tamarin, an automatic verification tool for cryptographic protocols.