Integration of Attribute-Based Encryption and IoT: An IoT Security Architecture

Abstract: Services relying on internet of things (IoTs) are increasing day by day. IoT makes use of internet services like network connectivity and computing capability to transform everyday objects into smart things that can interact with users, and the environment to achieve a purpose they are designed for. IoT nodes are memory, and energy constrained devices that acquire information from the surrounding environment, those nodes cannot handle complex data processing and heavy security tasks alone, thus, in most cases a framework is required for processing, storing, and securing data. The framework can be cloud-based, a publish/subscribe broker, or edge computing based. As services relying on IoT are increasing enormously nowadays, data security and privacy are becoming concerns. Security concerns arise from the fact that most IoT data are stored unencrypted on untrusted third-party clouds, which results in many issues like data theft, data manipulation, and unauthorized disclosure. While some of the solutions provide frameworks that store data in encrypted forms, coarse-grained encryption provides less specific access policies to the users accessing data. A more secure control method applies fine-grained access control, and is known as attribute-based encryption (ABE). This research aims to enhance the privacy and the security of the data stored in an IoT middleware named network smart objects (NOS) and extend its functionality by proposing a new IoT security architecture using an efficient ABE scheme known as key-policy attribute-based encryption (KP-ABE) along with an efficient key revocation mechanism based on proxy re-encryption (PRE). Design science research (DSR) was used to facilitate the solution. To establish the knowledge base, a previous case study was reviewed to explicate the problem and the requirements to the artefact were elicited from research documents. The artefact was designed and then demonstrated in a practical experiment by means of Ubuntu operating system (OS). Finally, the artefact’s requirements were evaluated by applying a computer simulation on the Ubuntu OS. The result of the research is a model artefact of an IoT security architecture which is based on ABE. The model prescribes the components and the architectural structure of the IoT system. The IoT system consists of four entities: data producers, data consumers, NOS, and the TA. The model prescribes the new components needed to implement KP-ABE and PRE modules. First, data is transferred from data producers to NOS through secure hypertext transfer protocol (HTTPS), then the data is periodically processed and analyzed to obtain a uniform representation and add useful metadata regarding security, privacy, and data-quality. After that, the data is encrypted by KP-ABE using users’ attributes. PRE takes place when a decryption key is compromised, then the ciphertext is re-encrypted to prevent it’s disclosure. The evaluation results show that the proposed model improved the data retrieval time of the previous middleware by 32% and the re-encryption time by 87%. Finally, the author discusses the limitations of the proposed model and highlights directions for future research.