On the feasibility of attribute-based encryption on Internet of Things devices

Attribute-based encryption (ABE) could be an effective cryptographic tool for the secure management of Internet of Things (IoT) devices, but its feasibility in the IoT has been under-investigated thus far. This article explores such feasibility for well-known IoT platforms, namely, Intel Galileo Gen 2, Intel Edison, Raspberry pi 1 model B, and Raspberry pi zero, and concludes that adopting ABE in the IoT is indeed feasible

ABAKA : a novel attribute-based k-anonymous collaborative solution for LBSs

The increasing use of mobile devices, along with advances in telecommunication systems, increased the popularity of Location-Based Services (LBSs). In LBSs, users share their exact location with a potentially untrusted Location-Based Service Provider (LBSP). In such a scenario, user privacy becomes a major con- cern: the knowledge about user location may lead to her identification as well as a continuous tracing of her position. Researchers proposed several approaches to preserve users’ location privacy. They also showed that hiding the location of an LBS user is not enough to guarantee her privacy, i.e., user’s pro- file attributes or background knowledge of an attacker may reveal the user’s identity. In this paper we propose ABAKA, a novel collaborative approach that provides identity privacy for LBS users considering users’ profile attributes. In particular, our solution guarantees p -sensitive k -anonymity for the user that sends an LBS request to the LBSP. ABAKA computes a cloaked area by collaborative multi-hop forwarding of the LBS query, and using Ciphertext-Policy Attribute-Based Encryption (CP-ABE). We ran a thorough set of experiments to evaluate our solution: the results confirm the feasibility and efficiency of our proposal

Reconfigurable Security: Edge Computing-based Framework for IoT

In various scenarios, achieving security between IoT devices is challenging since the devices may have different dedicated communication standards, resource constraints as well as various applications. In this article, we first provide requirements and existing solutions for IoT security. We then introduce a new reconfigurable security framework based on edge computing, which utilizes a near-user edge device, i.e., security agent, to simplify key management and offload the computational costs of security algorithms at IoT devices. This framework is designed to overcome the challenges including high computation costs, low flexibility in key management, and low compatibility in deploying new security algorithms in IoT, especially when adopting advanced cryptographic primitives. We also provide the design principles of the reconfigurable security framework, the exemplary security protocols for anonymous authentication and secure data access control, and the performance analysis in terms of feasibility and usability. The reconfigurable security framework paves a new way to strength IoT security by edge computing.Comment: under submission to possible journal publication

Performance evaluation of Attribute-Based Encryption on constrained IoT devices

The Internet of Things (IoT) is enabling a new generation of innovative services based on the seamless integration of smart objects into information systems. This raises new security and privacy challenges that require novel cryptographic methods. Attribute-Based Encryption (ABE) is a type of public-key encryption that enforces a fine-grained access control on encrypted data based on flexible access policies. The feasibility of ABE adoption in fully-fledged computing systems, i.e., smartphones or embedded systems, has been demonstrated in recent works. In this paper, we consider IoT devices characterized by strong limitations in terms of computing, storage, and power. Specifically, we assess the performance of ABE in typical IoT constrained devices. We evaluate the performance of three representative ABE schemes configured considering the worst-case scenario on two popular IoT platforms, namely ESP32 and RE-Mote. Our results show that, if we assume to employ up to 10 attributes in ciphertexts and to leverage hardware cryptographic acceleration, then ABE can indeed be adopted on devices with very limited memory and computing power, while obtaining a satisfactory battery lifetime. In our experiments, as also performed in other works in the literature, we consider only the worst-case configuration, which, however, might not be completely representative of the real working conditions of sensors employing ABE. For this reason, we complete our evaluation by proposing a novel benchmark method that we used to complement the experiments by evaluating the average performance. We show that by always considering the worst case, the current literature significantly overestimates the processing time and the energy consumption

Pay as You Go: A Generic Crypto Tolling Architecture

The imminent pervasive adoption of vehicular communication, based on dedicated short-range technology (ETSI ITS G5 or IEEE WAVE), 5G, or both, will foster a richer service ecosystem for vehicular applications. The appearance of new cryptography based solutions envisaging digital identity and currency exchange are set to stem new approaches for existing and future challenges. This paper presents a novel tolling architecture that harnesses the availability of 5G C-V2X connectivity for open road tolling using smartphones, IOTA as the digital currency and Hyperledger Indy for identity validation. An experimental feasibility analysis is used to validate the proposed architecture for secure, private and convenient electronic toll payment

ShareABEL: Secure Sharing of mHealth Data through Cryptographically-Enforced Access Control

Owners of mobile-health apps and devices often want to share their mHealth data with others, such as physicians, therapists, coaches, and caregivers. For privacy reasons, however, they typically want to share a limited subset of their information with each recipient according to their preferences. In this paper, we introduce ShareABEL, a scalable, usable, and practical system that allows mHealth-data owners to specify access-control policies and to cryptographically enforce those policies so that only parties with the proper corresponding permissions are able to decrypt data. The design (and prototype implementation) of this system makes three contributions: (1) it applies cryptographically-enforced access-control measures to wearable healthcare data, which pose different challenges than Electronic Medical Records (EMRs), (2) it recognizes the temporal nature of mHealth data streams and supports revocation of access to part or all of a data stream, and (3) it departs from the vendor- and device-specific silos of mHealth data by implementing a secure end-to-end system that can be applied to data collected from a variety of mHealth apps and devices