IaaS-Aided Access Control for Information-Centric IoT

Information-Centric Networking (ICN) is a novel network architecture designed to replace the current IP-based architecture. In ICN, contents are identified based on unique names and can be cached in-network in order to immediately serve subsequent requests. These characteristics are particularly important in the context of the Internet of Things (IoT), where they allow to heavily reduce loads on the things, as well as increase content availability and decrease energy consumption. In this paper we address the open problem of providing access control for IoT deployments in ICN. Our protocol takes advantage of the reliance of IoT on Infrastructure-as-a-Service and provides confidentiality, traitor tracing and revocation of an unbound number of users. At the same time, our protocol preserves both network caching and location-independent content retrieval. To the best of our knowledge, our protocol is the first access control protocol for ICN providing all these advantages. We provide an extensive analysis of the security properties of our protocol, as well as a thorough experimental evaluation. Our evaluation shows that our protocol does not pose significant over-head with respect to published content size nor computational time required. Considering a popular IoT camera, our evaluation shows that our protocol introduces 0.27% size overhead and 150ms of computational overhead for a 7 seconds stream.

[1]  Wen-Guey Tzeng,et al.  A Public-Key Traitor Tracing Scheme with Revocation Using Dynamic Shares , 2001, Des. Codes Cryptogr..

[2]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[3]  Satyajayant Misra,et al.  AccConF: An Access Control Framework for Leveraging In-Network Cached Data in the ICN-Enabled Wireless Edge , 2019, IEEE Transactions on Dependable and Secure Computing.

[4]  Qian Zhu,et al.  IOT Gateway: BridgingWireless Sensor Networks into Internet of Things , 2010, 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[5]  Sérgio Donizetti Zorzo,et al.  An access control mechanism to ensure privacy in named data networking using attribute-based encryption with immediate revocation of privileges , 2015, 2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC).

[6]  Thomas C. Schmidt,et al.  Information centric networking in the IoT: experiments with NDN in the wild , 2014, ICN '14.

[7]  Adam Dunkels,et al.  Connecting Wireless Sensornets with TCP/IP Networks , 2004, WWIC.

[8]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[9]  Brent Waters,et al.  Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys , 2006, EUROCRYPT.

[10]  Brent Waters,et al.  Practical constructions and new proof methods for large universe attribute-based encryption , 2013, CCS.

[11]  Ian Miers,et al.  Charm: a framework for rapidly prototyping cryptosystems , 2013, Journal of Cryptographic Engineering.

[12]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[13]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[14]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[15]  Mauro Conti,et al.  OnboardICNg: a Secure Protocol for On-boarding IoT Devices in ICN , 2016, ICN.

[16]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[17]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[18]  Willy Susilo,et al.  A Ciphertext-Policy Attribute-Based Proxy Re-encryption with Chosen-Ciphertext Security , 2013, 2013 5th International Conference on Intelligent Networking and Collaborative Systems.

[19]  Xiaolei Dong,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes , 2015, IEEE Transactions on Information Forensics and Security.

[20]  Zhen Liu,et al.  Blackbox traceable CP-ABE: how to catch people leaking their keys by selling decryption devices on ebay , 2013, CCS.