Abstract
Designing secure, scalable, and resilient IoT networks is a challenging task because of resource-constrained devices and no guarantees of reliable network connectivity. Fog computing improves the resiliency of IoT, but its security model assumes that fog nodes are fully trusted. We relax this latter constraint by proposing a solution that guarantees confidentiality of messages exchanged through semi-honest fog nodes thanks to a lightweight proxy re-encryption scheme. We demonstrate the feasibility of the solution by applying it to IoT networks of low-power devices through experiments on microcontrollers and ARM-based architectures.
- Amazon Web Services. 2018. AWS IoT. Retrieved from https://aws.amazon.com/iot/.Google Scholar
- Moreno Ambrosin, Arman Anzanpour, Mauro Conti, Tooska Dargahi, Sanaz Rahimi Moosavi, Amir M. Rahmani, and Pasi Liljeberg. 2016. On the feasibility of attribute-based encryption on Internet of Things devices. IEEE Micro 36, 6 (2016), 25--35. Google ScholarDigital Library
- Giuseppe Ateniese, Kevin Fu, Matthew Green, and Susan Hohenberger. 2006. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9, 1 (2006), 1--30. Google ScholarDigital Library
- Luciano Barreto, Antonio Celesti, Massimo Villari, Maria Fazio, and Antonio Puliafito. 2015. An authentication model for IoT clouds. In Proceedings of the IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. Google ScholarDigital Library
- Luciano Barreto, Antonio Celesti, Massimo Villari, Maria Fazio, and Antonio Puliafito. 2015. Security and IoT cloud federation: Design of authentication schemes. In Proceedings of the International Internet of Things Summit. Springer.Google Scholar
- Paolo Bellavista and Alessandro Zanni. 2017. Feasibility of fog computing deployment based on docker containerization over RaspberryPi. In Proceedings of the ACM 18th International Conference on Distributed Computing and Networking. Google ScholarDigital Library
- Daniel J. Bernstein. 2006. Curve25519: New Diffie-Hellman speed records. In Proceedings of the IACR International Workshop on Public Key Cryptography. Springer. Google ScholarDigital Library
- Daniel J. Bernstein, Peter Birkner, Marc Joye, Tanja Lange, and Christiane Peters. 2008. Twisted Edwards curves. In Proceedings of the IACR International Conference on Advances in Cryptology (Africacrypt’08). Springer. Google ScholarDigital Library
- Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. 2012. High-speed high-security signatures. J. Cryptogr. Eng. 2, 2 (2012), 1--13.Google ScholarCross Ref
- Daniel J. Bernstein, Mike Hamburg, Anna Krasnova, and Tanja Lange. 2013. Elligator: Elliptic-curve points indistinguishable from uniform random strings. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. Google ScholarDigital Library
- Matt Blaze, Gerrit Bleumer, and Martin Strauss. 1998. Divertible protocols and atomic proxy cryptography. Proceedings of the IACR International Conference on Theory and Applications of Cryptographic Techniques (Eurocrypt98).Google ScholarCross Ref
- Dan Boneh, Kevin Lewi, Hart Montgomery, and Ananth Raghunathan. 2013. Key homomorphic PRFs and their applications. In Proceedings of the IACR International Conference on Advances in Cryptology (CRYPTO’13).Google ScholarCross Ref
- Flavio Bonomi, Rodolfo Milito, Jiang Zhu, and Sateesh Addepalli. 2012. Fog computing and its role in the internet of things. In Proceedings of the 1st ACM Workshop on Mobile Cloud Computing. Google ScholarDigital Library
- A. Keranen C. Bormann, M. Ersue. 2014. RFC7228: Terminology for Constrained-node Networks. RFC.Google Scholar
- Ran Canetti, Oded Goldreich, and Shai Halevi. 2004. The random oracle methodology, revisited. J. ACM 51, 4 (2004), 557--594. Google ScholarDigital Library
- Ran Canetti, Shai Halevi, and Jonathan Katz. 2004. Chosen-ciphertext security from identity-based encryption. In Proceedings of the IACR International Conference on Theory and Applications of Cryptographic Techniques (Eurocrypt’04). Springer.Google ScholarCross Ref
- Ran Canetti and Susan Hohenberger. 2007. Chosen-ciphertext secure proxy re-encryption. In Proceedings of the 14th International ACM Conference on Computer and Communications Security. Google ScholarDigital Library
- Stanley Chow, Philip Eisen, Harold Johnson, and Paul C. Van Oorschot. 2002. White-box cryptography and an AES implementation. In Proceedings of the International Conference on Selected Areas in Cryptography. Springer. Google ScholarDigital Library
- OpenFog Consortium. 2018. IEEE approved draft standard for adoption of OpenFog reference architecture for fog computing. IEEE P1934/D2.0 (Apr. 2018).Google Scholar
- Robert H. Deng, Jian Weng, Shengli Liu, and Kefei Chen. 2008. Chosen-ciphertext secure proxy re-encryption without pairings. In Proceedings of the International Conference on Cryptology and Network Security. Springer. Google ScholarDigital Library
- Michael Düll, Björn Haase, Gesine Hinterwälder, Michael Hutter, Christof Paar, Ana Helena Sánchez, and Peter Schwabe. 2015. High-speed Curve25519 on 8-bit, 16-bit and 32-bit microcontrollers. Des. Codes Cryptogr. 77, 2 (2015). Google ScholarDigital Library
- Luca Ferretti, Michele Colajanni, and Mirco Marchetti. 2014. Distributed, concurrent, and independent access to encrypted cloud databases. IEEE Trans. Parallel Distrib. Syst. 25, 2 (2014), 437--446. Google ScholarDigital Library
- GNU Project. 2018. The GNU Multiple Precision Arithmetic Library. Retrieved from https://gmplib.org/.Google Scholar
- Philippe Golle, Markus Jakobsson, Ari Juels, and Paul Syverson. 2004. Universal re-encryption for mixnets. In Proceedings of the IACR Cryptographers Track at the RSA Conference. Springer.Google ScholarCross Ref
- Google Cloud Platform. 2018. Google Cloud IoT. Retrieved from https://cloud.google.com/iot/docs/.Google Scholar
- Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM Conference on Computer and Communications Security. Google ScholarDigital Library
- René Hummen, Hossein Shafagh, Shahid Raza, Thiemo Voig, and Klaus Wehrle. 2014. Delegation-based authentication and authorization for the IP-based internet of things. In Proceedings of the IEEE International Conference on Sensing, Communication, and Networking.Google ScholarCross Ref
- Michaela Iorga, Larry Feldman, Robert Barton, Michael J. Martin, Nedim S. Goren, and Charif Mahmoudi. 2018. NIST SP 500-325: Fog Computing Conceptual Model. NIST SP.Google Scholar
- D. McGrew J. Salowey, A. Choudhury. 2008. RFC5246: AES Galois Counter Mode (GCM) Cipher Suites for TLS. RFC.Google Scholar
- B. Kaliski. 2000. RFC2898: PKCS 5: Password-Based Cryptography Specification Version 2.0. RFC. Google ScholarDigital Library
- Jonathan Katz and Yehuda Lindell. 2014. Introduction to Modern Cryptography. CRC Press, Boca Raton, FL. Google ScholarDigital Library
- Hugo Krawczyk. 2010. Cryptographic extraction and key derivation: The HKDF scheme. In Proceedings of the IACR International Conference on Advances in Cryptology (CRYPTO’10). Springer. Google ScholarDigital Library
- LoRa Alliance. 2018. LoRaWAN. Retrieved from https://www.lora-alliance.org/.Google Scholar
- Wil Michiels. 2010. Opportunities in white-box cryptography. In Proceedings of the IEEE International Conference on Security and Privacy (2010).Google ScholarDigital Library
- Niels Moller. 2018. Nettle: A low-level cryptographic library. Retrieved from https://www.lysator.liu.se/∼nisse/nettle/.Google Scholar
- Chanathip Namprempre, Phillip Rogaway, and Thomas Shrimpton. 2014. Reconsidering generic composition. In Proceedings of the IACR International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT’14). Springer.Google ScholarCross Ref
- Moni Naor, Benny Pinkas, and Omer Reingold. 1999. Distributed pseudo-random functions and KDCs. In Proceedings of the International Conference on Theory and Applications of Cryptographic Techniques. Google ScholarDigital Library
- Erick Nascimento, Julio López, and Ricardo Dahab. 2015. Efficient and secure elliptic curve cryptography for 8-bit AVR microcontrollers. In Proceedings of the International Conference on Security, Privacy, and Applied Cryptography Engineering. Google ScholarDigital Library
- Andrew Nash, William Duane, and Celia Joseph. 2001. PKI: Implementing and Managing E-security. McGraw-Hill, New York, NY. Google ScholarDigital Library
- B. Clifford Neuman and Theodore Ts’o. 1994. Kerberos: An authentication service for computer networks. IEEE Commun. Mag. 32, 9 (1994), 33--38. Google ScholarDigital Library
- Kim Thuat Nguyen, Nouha Oualha, and Maryline Laurent. 2016. Authenticated key agreement mediated by a proxy re-encryptor for the internet of things. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’16). Springer.Google ScholarCross Ref
- National Institute of Standards and Technology. 2013. FIPS 186-4: Digital Signature Standard (DSS). NIST Pubs.Google Scholar
- David Nuñez, Isaac Agudo, and Javier Lopez. 2016. Attacks to a proxy-mediated key agreement protocol based on symmetric encryption. In Proceedings of the 31st IFIP International Conference on Data and Applications Security and Privacy.Google Scholar
- OASIS. Sep. 2018. Message Queuing Telemetry Transport (v3.1.1). OASIS Standard.Google Scholar
- Emanuel Onica, Pascal Felber, Hugues Mercier, and Etienne Rivière. 2016. Confidentiality-preserving publish/subscribe: A survey. Comput. Surv. 49, 2 (2016), 27. Google ScholarDigital Library
- OpenID. 2018. OpenID: The Internet Identity Layer. Retrieved from https://openid.net/.Google Scholar
- Nicholas Pippenger. 1980. On the evaluation of powers and monomials. SIAM J. Comput. 9, 2 (1980), 230--250.Google ScholarDigital Library
- Joost Renes, Peter Schwabe, Benjamin Smith, and Lejla Batina. 2016. μKummer: Efficient hyperelliptic signatures and key exchange for microcontrollers. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems.Google ScholarCross Ref
- Rodrigo Roman, Jianying Zhou, and Javier Lopez. 2013. On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57, 10 (2013), 2266--2279. Google ScholarDigital Library
- I. Liusvaara S. Josefsson. 2017. RFC8032: Edwards-Curve Digital Signature Algorithm (EdDSA). RFC.Google Scholar
- L. Seitz, F. Palombini, M. Gunnarsson, and G. Selander. Sep. 2018. OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework. Internet-draft.Google Scholar
- L. Seitz, G. Selander, E. Wahlstroem, S. Erdtman, and H. Tschofenig. Sep. 2018. Authentication and Authorization for Constrained Environments (ACE) Using the OAuth 2.0 Framework (ACE-OAuth). Internet-draft.Google Scholar
- G. Selander, J. Mattsson, and F. Palombini. Sep. 2018. Object Security for Constrained RESTful Environments (OSCORE). Internet-draft.Google Scholar
- C. Sengul, A. Kirby, and P. Fremantle. 2018. MQTT-TLS Profile of ACE. Internet-draft.Google Scholar
- Jun Shao and Zhenfu Cao. 2009. CCA-secure proxy re-encryption without pairings. In Proceedings of the International Workshop on Public Key Cryptography. Google ScholarDigital Library
- Ivan Stojmenovic and Sheng Wen. 2014. The fog computing paradigm: Scenarios and security issues. In Proceedings of the IEEE Conference on Computer Science and Information Systems.Google ScholarCross Ref
- Amril Syalim, Takashi Nishide, and Kouichi Sakurai. 2011. Realizing proxy re-encryption in the symmetric world. In Proceedings of the International Conference on Informatics Engineering and Information Science. Springer.Google ScholarCross Ref
- Open Whisper Systems. 2017. The XEdDSA and VXEdDSA Signature Schemes. Retrieved from https://signal.org/docs/specifications/xeddsa/.Google Scholar
- Lu Tan and Neng Wang. 2010. Future internet: The internet of things. In Proceedings of the IEEE 3rd International Conference on Advanced Computer Theory and Engineering.Google Scholar
- Luis M. Vaquero and Luis Rodero-Merino. 2014. Finding your way in the fog: Towards a comprehensive definition of fog computing. ACM SIGCOMM Comput. Commun. Rev. 44, 5 (2014), 27--32. Google ScholarDigital Library
- Frank Wang, James Mickens, Nickolai Zeldovich, and Vinod Vaikuntanathan. 2016. Sieve: Cryptographically enforced access control for user data in untrusted clouds. In Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation. Google ScholarDigital Library
- Ben Zhang, Nitesh Mor, John Kolb, Douglas S Chan, Ken Lutz, Eric Allman, John Wawrzynek, Edward A Lee, and John Kubiatowicz. 2015. The cloud is not enough: Saving IoT from the cloud. In Proceedings of the 7th USENIX Workshop on Hot Topics in Cloud Coputing. Google ScholarDigital Library
- Zhi-Kai Zhang, Michael Cheng Yi Cho, and Shiuhpyng Shieh. 2015. Emerging security threats and countermeasures in IoT. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. Google ScholarDigital Library
Index Terms
- Fog-based Secure Communications for Low-power IoT Devices
Recommendations
CCA-secure ABE with outsourced decryption for fog computing
Fog computing is not a replacement but an extension of cloud computing for the prevalence of the Internet of Things (IoT) applications. In particular, fog computing inserts a middle layer named fog into the infrastructure of cloud computing to obtain ...
Fully secure fuzzy identity-based encryption for secure IoT communications
How to securely transmit data is an important problem in Internet of Things (IoT). Fuzzy identity-based encryption (FIBE) is a good candidate for resolving this problem. However, existing FIBE schemes suffer from the following disadvantages: rely on ...
Lattice-Based HRA-secure Attribute-Based Proxy Re-Encryption in Standard Model
Computer Security – ESORICS 2021AbstractProxy re-encryption (PRE), introduced by Blaze, Bleumer, and Strauss at EUROCRYPT 98, offers delegation of decryption rights, i.e., it securely enables the re-encryption of ciphertexts from one key to another, without relying on trusted parties. ...
Comments