Table 2.
Cryptographic key lifetimes and performance overheads (conceptual defaults, grounded in surveyed SIoT literature).
| Component/operation | Material/mechanism | Lifetime/overhead |
|---|---|---|
| Device identity | Ed25519 / ECDSA-P256 keypair; finite-field schemes 19 | 6–12 months (or on reprovision) |
| Channel session | TLS/DTLS traffic keys (HKDF); PUF-based derivation 20 | Per connection / transaction |
| PEP auth token | Signed policy token | 5–15 minutes rolling refresh |
| Trust evidence | Event signature (Ed25519) | Per event (immutable) |
| Storage at rest | AES-GCM symmetric data keys | 24h rotation (envelope rewrap) |
| Audit/anchoring | Blockchain anchoring keys 21 | 1–3 s commit delay; hourly batching |
| Registry signing | Service registry key 22 | 3–6 months with audit log |
| PDP policy check | Fog-node policy evaluation | 20–50 ms (delegation selection overhead) 23 |
| PEP enforcement | Policy decision enforcement | <5 ms (message interception + enforcement negligible vs PDP) 23 |
| AES-GCM encryption | Symmetric crypto cost (AES-GCM; lightweight ciphers such as SIMECK-T 24) | <5% CPU |
| Trust verification | Trust/score update | 2.2 s, 280 Tx/s 25 |
| Blockchain logging | Append-only tamper-evident logs | 1–3 s per commit 26 |