Attribute-based encryption and sticky policies for data access control in a smart home scenario: a comparison on networked smart object middleware (original) (raw)
Related papers
Privacy Preserving Framework For Smart Home Using Attribute-Based Encryption
International Journal of Computer Science and Engineering, 2020
IoT is one of the emerging technologies that have already effected our daily life in various ways. Due to the nature and ease of living, people are becoming more and more dependent on the IoT devices and environments like smart phones, wearable devices, smart home and etc. IoT has influences over a various domain from a simple pre-programmed coffee machine, smartvehicles to assisted living. These devices communicate with each other to provide services to the users as well as the service providers. But these communicated data coming from the devices contains a lot of information about personal identity information (PII). Most of the time, the users of these devices are unaware of these information or they do not have the control over the data that they are sending to the cloud. Even the cloud services are secured but they are always curious. There are few standards for IoT security, still most of the security mechanisms for IoT are only providing End-to-End secured connections like TLS, DTLS, etc. but the data itself is not secured. According to the new security regulations like GDPR, FTC and etc. the data has to be encrypted at the source and data owner have the right of the data and needs to provide consent whenever used by the service providers. One of the best way to achieve these requirements is to use Attribute-Based Encryption (ABE) which provides access control as well as data encryption. In this dissertation we are proposing two different approaches for the security, privacy and access control of user data using ABE and smart home as the case study.
Securing Home IoT Environments with Attribute-Based Access Control
Proceedings of the Third ACM Workshop on Attribute-Based Access Control, 2018
Rapid advances in IoT networks have led to the proliferation of several end-user IoT devices. A modern day home IoT environment now resembles a complete network ecosystem with a variety of devices co-existing and operating concurrently. It is necessary that these devices do not disrupt the operations of other devices, either accidentally or maliciously. Accidental disruptions are usually due to misconfigured devices, which may, for instance, result in a device sending network broadcasts and flooding the network. Malicious disruptions may be caused by devices being compromised by attackers or due to devices purchased from untrusted manufacturers. An intentional disruption can include sending control information to other devices to manipulate their operations, and requesting for sensitive information such as surveillance videos or camera pictures. One way of preventing such disruptions is by enforcing access control on IoT devices. Attribute-Based Access Control is the most appropriate model because of its ability to enforce access control based on the attributes of the devices, users, and environment context. We consider the NIST Next Generation Access Control (NGAC) specification for our ABAC requirements because of several reasons, including its support for adaptive policies, efficiency, and ease of policy management.
A Survey on Attribute-Based Encryption Schemes Suitable for the Internet of Things
IEEE Internet of Things Journal, 2022
The Internet of Things (IoT) is an information service paradigm based on the integration of smart objects, mobile devices, and computers via the Internet. IoT technologies are key enablers for a multitude of applications in diverse fields, such as digital health, smart city, industrial automation, and supply chain. This raises new security and privacy challenges that can be addressed by advanced cryptographic methods. One of the most prominent is attribute-based encryption (ABE), which allows one to encrypt data while enforcing fine-grained access control on it. ABE is advantageous in many IoT applications since it allows data to be safely stored on untrusted storage, such as third-party cloud servers, hackable publish-subscribe brokers, physically accessible sensors, etc. This article surveys the ABE literature proposing schemes and solutions that are best suited for IoT applications. To do so, it first identifies three performance indicators that are key in IoT, namely, the data producer CPU efficiency, the data producer bandwidth efficiency, and the key authority bandwidth efficiency. Then, it analyzes only those schemes that are promising from the point of view of one or more indicators and, therefore, more applicable in typical IoT applications. As a further contribution, this article selects a subset of representative schemes and assesses their efficiency by thorough simulations. Such simulations show that no scheme excels in all three performance indicators at once, but some simultaneously perform well in two indicators.
Mathematics, 2021
People can store their data on servers in cloud computing and allow public users to access data via data centers. One of the most difficult tasks is to provide security for the access policy of data, which is also needed to be stored at cloud servers. The access structure (policy) itself may reveal partial information about what the ciphertext contains. To provide security for the access policy of data, a number of encryption schemes are available. Among these, CP-ABE (Ciphertext-Policy Attribute-Based Encryption) scheme is very significant because it helps to protect, broadcast, and control the access of information. The access policy that is sent as plaintext in the existing CP-ABE scheme along with a ciphertext may leak user privacy and data privacy. To resolve this problem, we hereby introduce a new technique, which hides the access policy using a hashing algorithm and provides security against insider attack using a signature verification scheme. The proposed system is compared...
Ciphertext-Policy Attribute-Based Encryption
In several distributed systems a user should only be able to access data if a user posses a certain set of credentials or attributes. Currently, the only method for enforcing such policies is to employ a trusted server to store the data and mediate access control. However, if any server storing the data is compromised, then the confidentiality of the data will be compromised. In this paper we present a system for realizing complex access control on encrypted data that we call Ciphertext-Policy Attribute-Based Encryption. By using our techniques encrypted data can be kept confidential even if the storage server is untrusted; moreover, our methods are secure against collusion attacks. Previous Attribute-Based Encryption systems used attributes to describe the encrypted data and built policies into user's keys; while in our system attributes are used to describe a user's credentials, and a party encrypting data determines a policy for who can decrypt. Thus, our methods are conceptually closer to traditional access control methods such as Role-Based Access Control (RBAC). In addition, we provide an implementation of our system and give performance measurements.
Survey on Revocation in Ciphertext-Policy Attribute-Based Encryption
Sensors, 2019
Recently, using advanced cryptographic techniques to process, store, and share datasecurely in an untrusted cloud environment has drawn widespread attention from academicresearchers. In particular, Ciphertext‐Policy Attribute‐Based Encryption (CP‐ABE) is a promising,advanced type of encryption technique that resolves an open challenge to regulate fine‐grainedaccess control of sensitive data according to attributes, particularly for Internet of Things (IoT)applications. However, although this technique provides several critical functions such as dataconfidentiality and expressiveness, it faces some hurdles including revocation issues and lack ofmanaging a wide range of attributes. These two issues have been highlighted by many existingstudies due to their complexity which is hard to address without high computational cost affectingthe resource‐limited IoT devices. In this paper, unlike other survey papers, existing single andmultiauthority CP‐ABE schemes are reviewed with the main fo...
ABE-Cities: An Attribute-Based Encryption System for Smart Cities
2018 IEEE International Conference on Smart Computing (SMARTCOMP), 2018
In the near future, a technological revolution will involve our cities, where a variety of smart services based on the Internet of Things will be developed to facilitate the needs of the citizens. Sensing devices are already being deployed in urban environments, and they will generate huge amounts of data. Such data are typically outsourced to some cloud storage because this lowers capital and operating expenses and guarantees high availability. However, cloud storage may have incentives to release stored data to unauthorized entities. In this work we present ABE-Cities, an encryption scheme for urban sensing which solves the above problems while ensuring fine-grained access control on data by means of Attribute-Based Encryption (ABE). Basically, ABE-Cities encrypts data before storing it in the cloud and provides users with keys able to decrypt only those portions of data the user is authorized to access. In ABE-Cities, the sensing devices perform only lightweight symmetric cryptog...
Puncturable Attribute-Based Encryption for Secure Data Delivery in Internet of Things
IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, 2018
While the Internet of Things (IoT) is embraced as important tools for efficiency and productivity, it is becoming an increasingly attractive target for cybercriminals. This work represents the first endeavor to develop practical Puncturable Attribute Based Encryption schemes that are lightweight and applicable in IoTs. In the proposed scheme, the attribute-based encryption is adopted for fine grained access control. The secret keys are puncturable to revoke the decryption capability for selected messages, recipients, or time periods, thus protecting selected important messages even if the current key is compromised. In contrast to conventional forward encryption, a distinguishing merit of the proposed approach is that the recipients can update their keys by themselves without key reissuing from the key distributor. It does not require frequent communications between IoT devices and the key distribution center, neither does it need deleting components to expunge existing keys to produce a new key. Moreover, we devise a novel approach which efficiently integrates attribute-based key and punctured keys such that the key size is roughly the same as that of the original attribute-based encryption. We prove the correctness of the proposed scheme and its security under the Decisional Bilinear Diffie-Hellman (DBDH) assumption. We also implement the proposed scheme on Raspberry Pi and observe that the computation efficiency of the proposed approach is comparable to the original attribute-based encryption. Both encryption and decryption can be completed within tens of milliseconds.
Computer Networks
Attribute based encryption (ABE) is an encrypted access control mechanism that ensures efficient data sharing among dynamic group of users. Nevertheless, this encryption technique presents two main drawbacks, namely high decryption cost and publicly shared access policies, thus leading to possible users' privacy leakage. In this paper, we introduce PHOABE, a Policy-Hidden Outsourced ABE scheme. Our construction presents several advantages. First, it is a multi-attribute authority ABE scheme. Second, the expensive computations for the ABE decryption process is partially delegated to a Semi Trusted Cloud Server. Third, users' privacy is protected thanks to a hidden access policy. Fourth, PHOABE is proven to be selectively secure, verifiable and policy privacy preserving under the random oracle model. Five, estimation of the processing overhead proves its feasibility in IoT constrained environments.
Cryptography Based Light-Weight Attribute Encryption Scheme for Internet of Things
For those organization for vast number about IoT devices, progressively vast amounts about information need aid produced, which abandons provision suppliers confronting new tests especially for administration to security. Information security might make attained utilizing cryptographic encryption strategies. Cryptographic keys are needed will unscramble data, Furthermore must a chance to be disseminated to An specific best approach will commissioned information clients that perform dissimilar errands with respect to information. To deal with an extensive amount about units generating trickles for data, an adaptable and fine-grained get control result thought to a chance to be utilized. A guaranteeing approach need as of late rose In view of Attribute-Based encryption (ABE) that gives adaptable What's more fine-grained get control. This framework employments quality based encryption to IOT gadgets. Those different clients previously, an association will oblige to entry different information produced Eventually Tom's perusing diverse sensors. Hence, in this system, best the clients who need aid commissioned will right specific information camwood right it. The way used to scramble that information is itself encrypted Also sent should client. When a commissioned client solicitation those data, as much genuineness is main checked and the qualities of the asked information are sent on as much email. He may be at that point obliged with enters this data. These qualities would use to unscramble those encrypted enter. Those decrypted fact that thus used to unscramble the information