Performance evaluation of Attribute-Based Encryption on constrained IoT devices

The Internet of Things (IoT) is enabling a new generation of innovative services based on the seamless integration of smart objects into information systems. This raises new security and privacy challenges that require novel cryptographic methods. Attribute-Based Encryption (ABE) is a type of public-key encryption that enforces a fine-grained access control on encrypted data based on flexible access policies. The feasibility of ABE adoption in fully-fledged computing systems, i.e., smartphones or embedded systems, has been demonstrated in recent works. In this paper, we consider IoT devices characterized by strong limitations in terms of computing, storage, and power. Specifically, we assess the performance of ABE in typical IoT constrained devices. We evaluate the performance of three representative ABE schemes configured considering the worst-case scenario on two popular IoT platforms, namely ESP32 and RE-Mote. Our results show that, if we assume to employ up to 10 attributes in ciphertexts and to leverage hardware cryptographic acceleration, then ABE can indeed be adopted on devices with very limited memory and computing power, while obtaining a satisfactory battery lifetime. In our experiments, as also performed in other works in the literature, we consider only the worst-case configuration, which, however, might not be completely representative of the real working conditions of sensors employing ABE. For this reason, we complete our evaluation by proposing a novel benchmark method that we used to complement the experiments by evaluating the average performance. We show that by always considering the worst case, the current literature significantly overestimates the processing time and the energy consumption

On the feasibility of attribute-based encryption on constrained iot devices for smart systems

The Internet of Things (IoT) is enabling a new generation of innovative services based on the seamless integration of smart objects into information systems. Such IoT devices generate an uninterrupted flow of information that can be transmitted through an untrusted network and stored on an untrusted infrastructure. The latter raises new security and privacy challenges that require novel cryptographic methods. Attribute-Based Encryption (ABE) is a new type of public-key encryption that enforces a fine-grained access control on encrypted data based on flexible access policies. The feasibility of ABE adoption in fully-fledged computing systems, i.e. smartphones or embedded systems, has been demonstrated in recent works. In this paper we assess the feasibility of the adoption of ABE in typical IoT constrained devices, characterized by limited capabilities in terms of computing, storage and power. Specifically, an implementation of three ABE schemes for ESP32, a low-cost popular platform to deploy IoT devices, is developed and evaluated in terms of encryption/decryption time and energy consumption. The performance evaluation shows that the adoption of ABE on constrained devices is feasible, although it has a cost that increases with the number of attributes. The analysis in particular highlights how ABE has a significant impact in the lifetime of battery-powered devices, which is impaired significantly when a high number of attributes is adopted