On the feasibility of attribute-based encryption on Internet of Things devices

Attribute-based encryption (ABE) could be an effective cryptographic tool for the secure management of Internet of Things (IoT) devices, but its feasibility in the IoT has been under-investigated thus far. This article explores such feasibility for well-known IoT platforms, namely, Intel Galileo Gen 2, Intel Edison, Raspberry pi 1 model B, and Raspberry pi zero, and concludes that adopting ABE in the IoT is indeed feasible

Performance evaluation of Attribute-Based Encryption on constrained IoT devices

The Internet of Things (IoT) is enabling a new generation of innovative services based on the seamless integration of smart objects into information systems. This raises new security and privacy challenges that require novel cryptographic methods. Attribute-Based Encryption (ABE) is a type of public-key encryption that enforces a fine-grained access control on encrypted data based on flexible access policies. The feasibility of ABE adoption in fully-fledged computing systems, i.e., smartphones or embedded systems, has been demonstrated in recent works. In this paper, we consider IoT devices characterized by strong limitations in terms of computing, storage, and power. Specifically, we assess the performance of ABE in typical IoT constrained devices. We evaluate the performance of three representative ABE schemes configured considering the worst-case scenario on two popular IoT platforms, namely ESP32 and RE-Mote. Our results show that, if we assume to employ up to 10 attributes in ciphertexts and to leverage hardware cryptographic acceleration, then ABE can indeed be adopted on devices with very limited memory and computing power, while obtaining a satisfactory battery lifetime. In our experiments, as also performed in other works in the literature, we consider only the worst-case configuration, which, however, might not be completely representative of the real working conditions of sensors employing ABE. For this reason, we complete our evaluation by proposing a novel benchmark method that we used to complement the experiments by evaluating the average performance. We show that by always considering the worst case, the current literature significantly overestimates the processing time and the energy consumption

Reconfigurable Security: Edge Computing-based Framework for IoT

In various scenarios, achieving security between IoT devices is challenging since the devices may have different dedicated communication standards, resource constraints as well as various applications. In this article, we first provide requirements and existing solutions for IoT security. We then introduce a new reconfigurable security framework based on edge computing, which utilizes a near-user edge device, i.e., security agent, to simplify key management and offload the computational costs of security algorithms at IoT devices. This framework is designed to overcome the challenges including high computation costs, low flexibility in key management, and low compatibility in deploying new security algorithms in IoT, especially when adopting advanced cryptographic primitives. We also provide the design principles of the reconfigurable security framework, the exemplary security protocols for anonymous authentication and secure data access control, and the performance analysis in terms of feasibility and usability. The reconfigurable security framework paves a new way to strength IoT security by edge computing.Comment: under submission to possible journal publication

Lightweight Scheme for Smart Home Environments using Offloading Technique

Internet of Things (IoT) as an emerging technology has been transforming the different aspects of our world from simple preprogrammed coffee machine to smart farming. Due to the human nature to simplify and ease of living, human are becoming dependent on these automated IoT devices and smart environments like smart phones, wearable devices, smart home and etc. In order to provide better QoS, these devices needs to work together and share data among them, also to the service providers and the cloud. Since these devices are resource constrained, IoT technology heavily depends on the cloud for processing, analytics and storage. But these data coming from the devices contains lot of personal identity information (PII). Almost all the time, the users of these devices are unaware of these information that is being transmitted or they do not possess the control over the data that they are being sent to the service provider, as well as to the cloud. Even the cloud services and service providers are secured but they are always curious. There are lot of security measures implemented for end to end communication but IoT lacks the mechanism for securing the data that the devices are generating along with access control. In this article we are proposing an approach for the security, privacy and access control of user data using Attribute Based Encryption (ABE) in smart home as the case study

Attribute-Based Encryption and Sticky Policies for Data Access Control in a Smart Home Scenario: a Comparison on Networked Smart Object Middleware

Regulating the access to the Internet of Things (IoT) network's resources is a complex-prone task, which requires to pay a great attention on how policies are defined, shared, and enforced. The present paper considers the specific context of a smart home, which represents one of the main IoT application domains, and it focuses on two solutions proposed in the literature to cope with the aforementioned issues. On the one side, approaches based on Attribute-Based Encryption (ABE) allow one to encrypt data for multiple recipients, in such a way that only those recipients whose attributes satisfy a given access policy can decrypt afterwards. ABE guarantees a high level of customization due to the variety of attributes which can be defined, and it is also flexible enough to be adapted to different kinds of scenarios. On the other side, approaches based on sticky policies allow to attach an access policy directly to the data itself, and to employ a trusted authority to evaluate and enforce the policy itself. Sticky policies also guarantee a highly distributed and customizable enforcement of access control rules. In this paper, we compare the advantages and the drawbacks in terms of performance and robustness of such two techniques by means of their integration within the prototype of an IoT middleware, named NetwOrked Smart object (NOS). Hence, the effectiveness of the presented solutions is validated by means of a real test-bed in the smart home scenario, in terms of storage occupancy, CPU load, and data retrieval delay. The final goal is to reveal the best approach to be used depending on the application's requirements

Expressive Policy-Based Access Control for Resource-Constrained Devices

Upcoming smart scenarios enabled by the Internet of Things envision smart objects that expose services that can adapt to user behavior or be managed with the goal of achieving higher productivity, often in multi-stakeholder applications. In such environments, smart things are cheap sensors (and actuators) and, therefore, constrained devices. However, they are also critical components because of the importance of the provided information. Therefore, strong security is a must. Nevertheless, existing feasible approaches do not cope well with the principle of least privilege; they lack both expressiveness and the ability to update the policy to be enforced in the sensors. In this paper, we propose an access control model that comprises a policy language that provides dynamic fine-grained policy enforcement in the sensors based on local context conditions. This dynamic policy cycle requires a secure, efficient, and traceable message exchange protocol. For that purpose, a security protocol called Hidra is also proposed. A security and performance evaluation demonstrates the feasibility and adequacy of the proposed protocol and access control model.This work was supported in part by the Training and Research Unit through UPV/EHU under Grant UFI11/16 and in part by the Department of Economic Development and Competitiveness of the Basque Government through the Security Technologies SEKUTEK Collaborative Research Projec

Impact assessment of policy expressivenessof an optimised access control model forsmart sensors

In the incoming internet of things (IoT) applications, smart sensors expose services to interact with them, to be parameterised, managed and maintained. Therefore, fine-grained end-to-end access control enforcement is mandatory to tackle the derived security requirements. However, it is still not feasible in very constrained devices. There is an innovative access control model that conveys an expressive policy language and an optimised codification for tight and flexible access control enforcement in very constrained devices. Such tightness enabled by the expressiveness of the policy language leads to detailed policy instances that might impact on the performance and therefore, in the feasibility and further applicability. In this context, this study assesses how the policy length impacts the performance of the establishment of a security association through the protocol named Hidra proposed by such an adapted access control model. Consequently, the notable results of the performance evaluation prove the feasibility and adequacy of this access control model for the new smart IoT scenarios.Part of this work is funded by the Department of Economic Development and Competitiveness of the Basque Government through the SEKUrtasun TEKnologiak SEKUTEK KK-2017/00044 collaborative research project and by the Spanish Ministry of Economy, Industry and Competitiveness through the State Secretariat for Research, Development and Innovation under the 'Adaptive Management of 5G Services to Support Critical Events in Cities (5G-City)' project TEC2016-76795-C6-5-R