research-article

Fog-based Secure Communications for Low-power IoT Devices

Authors:
Luca Ferretti

University of Modena and Reggio Emilia, Italy

University of Modena and Reggio Emilia, Italy

0000-0001-5824-2297
View Profile

,
Mirco Marchetti

University of Modena and Reggio Emilia, Italy

University of Modena and Reggio Emilia, Italy

0000-0002-7408-6906
View Profile

,
Michele Colajanni

University of Modena and Reggio Emilia, Italy

University of Modena and Reggio Emilia, Italy

0000-0002-9499-1559
View Profile

Authors Info & Claims

ACM Transactions on Internet Technology Volume 19 Issue 2Article No.: 27pp 1–21https://doi.org/10.1145/3284554

Published:28 March 2019Publication History

ACM Transactions on Internet Technology

Abstract

Designing secure, scalable, and resilient IoT networks is a challenging task because of resource-constrained devices and no guarantees of reliable network connectivity. Fog computing improves the resiliency of IoT, but its security model assumes that fog nodes are fully trusted. We relax this latter constraint by proposing a solution that guarantees confidentiality of messages exchanged through semi-honest fog nodes thanks to a lightweight proxy re-encryption scheme. We demonstrate the feasibility of the solution by applying it to IoT networks of low-power devices through experiments on microcontrollers and ARM-based architectures.

References

Amazon Web Services. 2018. AWS IoT. Retrieved from https://aws.amazon.com/iot/.Google Scholar
Moreno Ambrosin, Arman Anzanpour, Mauro Conti, Tooska Dargahi, Sanaz Rahimi Moosavi, Amir M. Rahmani, and Pasi Liljeberg. 2016. On the feasibility of attribute-based encryption on Internet of Things devices. IEEE Micro 36, 6 (2016), 25--35. Google ScholarDigital Library
Giuseppe Ateniese, Kevin Fu, Matthew Green, and Susan Hohenberger. 2006. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9, 1 (2006), 1--30. Google ScholarDigital Library
Luciano Barreto, Antonio Celesti, Massimo Villari, Maria Fazio, and Antonio Puliafito. 2015. An authentication model for IoT clouds. In Proceedings of the IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. Google ScholarDigital Library
Luciano Barreto, Antonio Celesti, Massimo Villari, Maria Fazio, and Antonio Puliafito. 2015. Security and IoT cloud federation: Design of authentication schemes. In Proceedings of the International Internet of Things Summit. Springer.Google Scholar
Paolo Bellavista and Alessandro Zanni. 2017. Feasibility of fog computing deployment based on docker containerization over RaspberryPi. In Proceedings of the ACM 18th International Conference on Distributed Computing and Networking. Google ScholarDigital Library
Daniel J. Bernstein. 2006. Curve25519: New Diffie-Hellman speed records. In Proceedings of the IACR International Workshop on Public Key Cryptography. Springer. Google ScholarDigital Library
Daniel J. Bernstein, Peter Birkner, Marc Joye, Tanja Lange, and Christiane Peters. 2008. Twisted Edwards curves. In Proceedings of the IACR International Conference on Advances in Cryptology (Africacrypt’08). Springer. Google ScholarDigital Library
Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. 2012. High-speed high-security signatures. J. Cryptogr. Eng. 2, 2 (2012), 1--13.Google ScholarCross Ref
Daniel J. Bernstein, Mike Hamburg, Anna Krasnova, and Tanja Lange. 2013. Elligator: Elliptic-curve points indistinguishable from uniform random strings. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. Google ScholarDigital Library
Matt Blaze, Gerrit Bleumer, and Martin Strauss. 1998. Divertible protocols and atomic proxy cryptography. Proceedings of the IACR International Conference on Theory and Applications of Cryptographic Techniques (Eurocrypt98).Google ScholarCross Ref
Dan Boneh, Kevin Lewi, Hart Montgomery, and Ananth Raghunathan. 2013. Key homomorphic PRFs and their applications. In Proceedings of the IACR International Conference on Advances in Cryptology (CRYPTO’13).Google ScholarCross Ref
Flavio Bonomi, Rodolfo Milito, Jiang Zhu, and Sateesh Addepalli. 2012. Fog computing and its role in the internet of things. In Proceedings of the 1st ACM Workshop on Mobile Cloud Computing. Google ScholarDigital Library
A. Keranen C. Bormann, M. Ersue. 2014. RFC7228: Terminology for Constrained-node Networks. RFC.Google Scholar
Ran Canetti, Oded Goldreich, and Shai Halevi. 2004. The random oracle methodology, revisited. J. ACM 51, 4 (2004), 557--594. Google ScholarDigital Library
Ran Canetti, Shai Halevi, and Jonathan Katz. 2004. Chosen-ciphertext security from identity-based encryption. In Proceedings of the IACR International Conference on Theory and Applications of Cryptographic Techniques (Eurocrypt’04). Springer.Google ScholarCross Ref
Ran Canetti and Susan Hohenberger. 2007. Chosen-ciphertext secure proxy re-encryption. In Proceedings of the 14th International ACM Conference on Computer and Communications Security. Google ScholarDigital Library
Stanley Chow, Philip Eisen, Harold Johnson, and Paul C. Van Oorschot. 2002. White-box cryptography and an AES implementation. In Proceedings of the International Conference on Selected Areas in Cryptography. Springer. Google ScholarDigital Library
OpenFog Consortium. 2018. IEEE approved draft standard for adoption of OpenFog reference architecture for fog computing. IEEE P1934/D2.0 (Apr. 2018).Google Scholar
Robert H. Deng, Jian Weng, Shengli Liu, and Kefei Chen. 2008. Chosen-ciphertext secure proxy re-encryption without pairings. In Proceedings of the International Conference on Cryptology and Network Security. Springer. Google ScholarDigital Library
Michael Düll, Björn Haase, Gesine Hinterwälder, Michael Hutter, Christof Paar, Ana Helena Sánchez, and Peter Schwabe. 2015. High-speed Curve25519 on 8-bit, 16-bit and 32-bit microcontrollers. Des. Codes Cryptogr. 77, 2 (2015). Google ScholarDigital Library
Luca Ferretti, Michele Colajanni, and Mirco Marchetti. 2014. Distributed, concurrent, and independent access to encrypted cloud databases. IEEE Trans. Parallel Distrib. Syst. 25, 2 (2014), 437--446. Google ScholarDigital Library
GNU Project. 2018. The GNU Multiple Precision Arithmetic Library. Retrieved from https://gmplib.org/.Google Scholar
Philippe Golle, Markus Jakobsson, Ari Juels, and Paul Syverson. 2004. Universal re-encryption for mixnets. In Proceedings of the IACR Cryptographers Track at the RSA Conference. Springer.Google ScholarCross Ref
Google Cloud Platform. 2018. Google Cloud IoT. Retrieved from https://cloud.google.com/iot/docs/.Google Scholar
Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM Conference on Computer and Communications Security. Google ScholarDigital Library
René Hummen, Hossein Shafagh, Shahid Raza, Thiemo Voig, and Klaus Wehrle. 2014. Delegation-based authentication and authorization for the IP-based internet of things. In Proceedings of the IEEE International Conference on Sensing, Communication, and Networking.Google ScholarCross Ref
Michaela Iorga, Larry Feldman, Robert Barton, Michael J. Martin, Nedim S. Goren, and Charif Mahmoudi. 2018. NIST SP 500-325: Fog Computing Conceptual Model. NIST SP.Google Scholar
D. McGrew J. Salowey, A. Choudhury. 2008. RFC5246: AES Galois Counter Mode (GCM) Cipher Suites for TLS. RFC.Google Scholar
B. Kaliski. 2000. RFC2898: PKCS 5: Password-Based Cryptography Specification Version 2.0. RFC. Google ScholarDigital Library
Jonathan Katz and Yehuda Lindell. 2014. Introduction to Modern Cryptography. CRC Press, Boca Raton, FL. Google ScholarDigital Library
Hugo Krawczyk. 2010. Cryptographic extraction and key derivation: The HKDF scheme. In Proceedings of the IACR International Conference on Advances in Cryptology (CRYPTO’10). Springer. Google ScholarDigital Library
LoRa Alliance. 2018. LoRaWAN. Retrieved from https://www.lora-alliance.org/.Google Scholar
Wil Michiels. 2010. Opportunities in white-box cryptography. In Proceedings of the IEEE International Conference on Security and Privacy (2010).Google ScholarDigital Library
Niels Moller. 2018. Nettle: A low-level cryptographic library. Retrieved from https://www.lysator.liu.se/&sim;nisse/nettle/.Google Scholar
Chanathip Namprempre, Phillip Rogaway, and Thomas Shrimpton. 2014. Reconsidering generic composition. In Proceedings of the IACR International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT’14). Springer.Google ScholarCross Ref
Moni Naor, Benny Pinkas, and Omer Reingold. 1999. Distributed pseudo-random functions and KDCs. In Proceedings of the International Conference on Theory and Applications of Cryptographic Techniques. Google ScholarDigital Library
Erick Nascimento, Julio López, and Ricardo Dahab. 2015. Efficient and secure elliptic curve cryptography for 8-bit AVR microcontrollers. In Proceedings of the International Conference on Security, Privacy, and Applied Cryptography Engineering. Google ScholarDigital Library
Andrew Nash, William Duane, and Celia Joseph. 2001. PKI: Implementing and Managing E-security. McGraw-Hill, New York, NY. Google ScholarDigital Library
B. Clifford Neuman and Theodore Ts’o. 1994. Kerberos: An authentication service for computer networks. IEEE Commun. Mag. 32, 9 (1994), 33--38. Google ScholarDigital Library
Kim Thuat Nguyen, Nouha Oualha, and Maryline Laurent. 2016. Authenticated key agreement mediated by a proxy re-encryptor for the internet of things. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’16). Springer.Google ScholarCross Ref
National Institute of Standards and Technology. 2013. FIPS 186-4: Digital Signature Standard (DSS). NIST Pubs.Google Scholar
David Nuñez, Isaac Agudo, and Javier Lopez. 2016. Attacks to a proxy-mediated key agreement protocol based on symmetric encryption. In Proceedings of the 31st IFIP International Conference on Data and Applications Security and Privacy.Google Scholar
OASIS. Sep. 2018. Message Queuing Telemetry Transport (v3.1.1). OASIS Standard.Google Scholar
Emanuel Onica, Pascal Felber, Hugues Mercier, and Etienne Rivière. 2016. Confidentiality-preserving publish/subscribe: A survey. Comput. Surv. 49, 2 (2016), 27. Google ScholarDigital Library
OpenID. 2018. OpenID: The Internet Identity Layer. Retrieved from https://openid.net/.Google Scholar
Nicholas Pippenger. 1980. On the evaluation of powers and monomials. SIAM J. Comput. 9, 2 (1980), 230--250.Google ScholarDigital Library
Joost Renes, Peter Schwabe, Benjamin Smith, and Lejla Batina. 2016. μKummer: Efficient hyperelliptic signatures and key exchange for microcontrollers. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems.Google ScholarCross Ref
Rodrigo Roman, Jianying Zhou, and Javier Lopez. 2013. On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57, 10 (2013), 2266--2279. Google ScholarDigital Library
I. Liusvaara S. Josefsson. 2017. RFC8032: Edwards-Curve Digital Signature Algorithm (EdDSA). RFC.Google Scholar
L. Seitz, F. Palombini, M. Gunnarsson, and G. Selander. Sep. 2018. OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework. Internet-draft.Google Scholar
L. Seitz, G. Selander, E. Wahlstroem, S. Erdtman, and H. Tschofenig. Sep. 2018. Authentication and Authorization for Constrained Environments (ACE) Using the OAuth 2.0 Framework (ACE-OAuth). Internet-draft.Google Scholar
G. Selander, J. Mattsson, and F. Palombini. Sep. 2018. Object Security for Constrained RESTful Environments (OSCORE). Internet-draft.Google Scholar
C. Sengul, A. Kirby, and P. Fremantle. 2018. MQTT-TLS Profile of ACE. Internet-draft.Google Scholar
Jun Shao and Zhenfu Cao. 2009. CCA-secure proxy re-encryption without pairings. In Proceedings of the International Workshop on Public Key Cryptography. Google ScholarDigital Library
Ivan Stojmenovic and Sheng Wen. 2014. The fog computing paradigm: Scenarios and security issues. In Proceedings of the IEEE Conference on Computer Science and Information Systems.Google ScholarCross Ref
Amril Syalim, Takashi Nishide, and Kouichi Sakurai. 2011. Realizing proxy re-encryption in the symmetric world. In Proceedings of the International Conference on Informatics Engineering and Information Science. Springer.Google ScholarCross Ref
Open Whisper Systems. 2017. The XEdDSA and VXEdDSA Signature Schemes. Retrieved from https://signal.org/docs/specifications/xeddsa/.Google Scholar
Lu Tan and Neng Wang. 2010. Future internet: The internet of things. In Proceedings of the IEEE 3rd International Conference on Advanced Computer Theory and Engineering.Google Scholar
Luis M. Vaquero and Luis Rodero-Merino. 2014. Finding your way in the fog: Towards a comprehensive definition of fog computing. ACM SIGCOMM Comput. Commun. Rev. 44, 5 (2014), 27--32. Google ScholarDigital Library
Frank Wang, James Mickens, Nickolai Zeldovich, and Vinod Vaikuntanathan. 2016. Sieve: Cryptographically enforced access control for user data in untrusted clouds. In Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation. Google ScholarDigital Library
Ben Zhang, Nitesh Mor, John Kolb, Douglas S Chan, Ken Lutz, Eric Allman, John Wawrzynek, Edward A Lee, and John Kubiatowicz. 2015. The cloud is not enough: Saving IoT from the cloud. In Proceedings of the 7th USENIX Workshop on Hot Topics in Cloud Coputing. Google ScholarDigital Library
Zhi-Kai Zhang, Michael Cheng Yi Cho, and Shiuhpyng Shieh. 2015. Emerging security threats and countermeasures in IoT. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. Google ScholarDigital Library

Index Terms

Fog-based Secure Communications for Low-power IoT Devices
1. Networks
  1. Network properties
    1. Network security
      1. Security protocols
2. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption
  2. Network security
    1. Security protocols

Recommendations

CCA-secure ABE with outsourced decryption for fog computing

Fog computing is not a replacement but an extension of cloud computing for the prevalence of the Internet of Things (IoT) applications. In particular, fog computing inserts a middle layer named fog into the infrastructure of cloud computing to obtain ...
Read More
Fully secure fuzzy identity-based encryption for secure IoT communications

How to securely transmit data is an important problem in Internet of Things (IoT). Fuzzy identity-based encryption (FIBE) is a good candidate for resolving this problem. However, existing FIBE schemes suffer from the following disadvantages: rely on ...
Read More
Lattice-Based HRA-secure Attribute-Based Proxy Re-Encryption in Standard Model
Computer Security – ESORICS 2021
Abstract
Proxy re-encryption (PRE), introduced by Blaze, Bleumer, and Strauss at EUROCRYPT 98, offers delegation of decryption rights, i.e., it securely enables the re-encryption of ciphertexts from one key to another, without relying on trusted parties. ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Internet Technology Volume 19, Issue 2
Special Issue on Fog, Edge, and Cloud Integration
May 2019
288 pages
ISSN:1533-5399
EISSN:1557-6051
DOI:10.1145/3322882
Editor:
Ling Liu
Georgia Institute of Technology, USA
Issue’s Table of Contents
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 28 March 2019
- Accepted: 1 October 2018
- Revised: 1 September 2018
- Received: 1 December 2017
Published in toit Volume 19, Issue 2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Internet-of-things
Security
authorization
confidentiality
encryption
fog computing
proxy re-encryption
publish/subscribe
secure communications
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 26
  Total Citations
  View Citations
- 602
  Total Downloads
- Downloads (Last 12 months)55
- Downloads (Last 6 weeks)6
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Fog-based Secure Communications for Low-power IoT Devices

ACM Transactions on Internet Technology

Abstract

References

Cited By

Index Terms

Recommendations

CCA-secure ABE with outsourced decryption for fog computing

Fully secure fuzzy identity-based encryption for secure IoT communications

Lattice-Based HRA-secure Attribute-Based Proxy Re-Encryption in Standard Model