Preventing Misuse of Duplicate Certificates in IoT/M2M Systems

The IoT/M2M service providers need security mechanisms to avoid illegal usage of the service. Normally, this can be accomplished by using the certificate to authenticate the device before providing the service. In this paper, we consider the situation where a malicious user attempts to pay only for the service of a device but deploy the same certificate for many other devices to access the service illegally. To address this problem of duplicate certificates, we design two prevention mechanisms on top of the security framework defined in the oneM2M standard. Furthermore, we implement these two protection mechanisms on the OM2M platform and evaluate them in terms of their cost and performance in order to find the most suitable one for service providers.