Today, smart devices and services have become a part of our daily life. These devices and services offer a richer user experience with a much higher quality of services than before. Many of them utilize sensing functions via cloud architecture to perform remote device controls and monitoring. Generally, the security of the communication between these devices and the service provider (e.g., cloud server) is achieved by using the TLS protocol via PKI standard. In this study, we investigate the risk associating with the use of public certificate authorities (CAs) in a PKI-based IoT system. An experiment is conducted to demonstrate existing vulnerabilities in real IoT devices available in the market. Next, the use of a private CA in the cloud-centric IoT architecture is proposed to achieve better control over the certificate issuing process and the validity period of the certificate. Lastly, the security analysis pointing out the strengths and drawbacks of the proposed method is discussed in detail.

中文翻译：

---

通过使用私有CA来提高长寿命IoT设备中的数字证书可用性

如今，智能设备和服务已成为我们日常生活的一部分。这些设备和服务提供了比以前更高质量的服务，提供了更丰富的用户体验。他们中的许多人都通过云架构利用传感功能来执行远程设备控制和监视。通常，这些设备与服务提供商（例如，云服务器）之间的通信安全性是通过PKI标准使用TLS协议来实现的。在这项研究中，我们调查了在基于PKI的IoT系统中与使用公共证书颁发机构（CA）相关的风险。进行了一项实验，以演示市场上可用的真实IoT设备中的现有漏洞。下一个，提议在以云为中心的物联网架构中使用私有CA，以更好地控制证书的颁发过程和证书的有效期。最后，详细讨论了安全性分析，指出了该方法的优缺点。