A Comprehensive Security Framework for Publish/Subscribe-Based IoT Services Communication

The publish/subscribe paradigm provides a loosely-coupled and scalable communication model for the large-scale IoT service systems, such as supervisory control and data acquisition (SCADA). Data confidentiality and service privacy are two crucial security issues for the publish/subscribe model deployed in different domains. The existing access control schemes for such model cannot address both the issues at the same time. In this paper, we propose a comprehensive access control framework (CACF) to bridge this gap. The design principle of the proposed framework is twofold: (a) a bi-directional policy matching scheme for protecting the privacy of IoT services; and (b) a fully homomorphic encryption scheme for encrypting published events to protect data confidentiality. We analyze the correctness and security of the CACF, moreover, we prototype CACF based on Apache ActiveMQ, an open source message broker, and evaluate its performance. The experimental results indicate that our security system meets the latency requirements for very high-quality SCADA services.

[1]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[2]  Dongxi Liu Practical Fully Homomorphic Encryption without Noise Reduction , 2015, IACR Cryptol. ePrint Arch..

[3]  R. Kalaiselvi,et al.  SCALABLE AND SECURE SHARING OF PERSONAL HEALTH RECORDS IN CLOUD COMPUTING , 2016 .

[4]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[5]  Pascal Felber,et al.  Efficient Key Updates through Subscription Re-encryption for Privacy-Preserving Publish/Subscribe , 2015, Middleware.

[6]  Dongxi Liu,et al.  Efficient Processing of Encrypted Data in Honest-but-Curious Clouds , 2016, 2016 IEEE 9th International Conference on Cloud Computing (CLOUD).

[7]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[8]  Dan Ionescu,et al.  Design and Implementation of a Hardware Versatile Publish-Subscribe Architecture for the Internet of Things , 2018, IEEE Access.

[9]  Kurt Rothermel,et al.  Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption , 2014, IEEE Transactions on Parallel and Distributed Systems.

[10]  Vinod Vaikuntanathan,et al.  Fast Proxy Re-Encryption for Publish/Subscribe Systems , 2017, IACR Cryptol. ePrint Arch..

[11]  Elisa Bertino,et al.  ACConv -- An Access Control Model for Conversational Web Services , 2011, TWEB.

[12]  David J. Hill,et al.  A Unified Framework for Wide Area Measurement System Planning , 2017, ArXiv.

[13]  Atul Prakash,et al.  Secure Distribution of Events in Content-Based Publish Subscribe Systems , 2001, USENIX Security Symposium.

[14]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[15]  Ning Zhang,et al.  PCP: A Privacy-Preserving Content-Based Publish–Subscribe Scheme With Differential Privacy in Fog Computing , 2017, IEEE Access.

[16]  Craig Gentry,et al.  (Leveled) Fully Homomorphic Encryption without Bootstrapping , 2014, ACM Trans. Comput. Theory.

[17]  Panwit Tuwanut,et al.  A survey on IoT architectures, protocols, applications, security, privacy, real-world implementation and future trends , 2015 .

[18]  D. Richard Kuhn,et al.  Attribute-Based Access Control , 2017, Computer.

[19]  Dongxi Liu,et al.  Secure Data-Centric Access Control for Smart Grid Services Based on Publish/Subscribe Systems , 2016, ACM Trans. Internet Techn..

[20]  Pascal Felber,et al.  Confidentiality-Preserving Publish/Subscribe , 2016, ACM Comput. Surv..

[21]  Andrés Mejías,et al.  Controlled and Secure Access to Promote the Industrial Internet of Things , 2018, IEEE Access.

[22]  Dijiang Huang,et al.  Efficient Attribute-Based Comparable Data Access Control , 2015, IEEE Transactions on Computers.

[23]  Pascal Felber,et al.  Efficient and Confidentiality-Preserving Content-Based Publish/Subscribe with Prefiltering , 2017, IEEE Transactions on Dependable and Secure Computing.

[24]  Sasu Tarkoma,et al.  Toward Efficient Filter Privacy-Aware Content-Based Pub/Sub Systems , 2013, IEEE Transactions on Knowledge and Data Engineering.

[25]  Li Duan,et al.  Realizing IoT service’s policy privacy over publish/subscribe-based middleware , 2016, SpringerPlus.

[26]  Bruno Crispo,et al.  Design and implementation of a confidentiality and access control solution for publish/subscribe systems , 2012, Comput. Networks.

[27]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[28]  Christian Esposito,et al.  On Security in Publish/Subscribe Services: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[29]  Anne-Marie Kermarrec,et al.  The many faces of publish/subscribe , 2003, CSUR.

[30]  Richard Monson-Haefel,et al.  Java Message Service - Creating Distributed Enterprise Applications (2. ed.) , 2009 .

[31]  Jesus Alonso-Zarate,et al.  A Survey on Application Layer Protocols for the Internet of Things , 2015 .

[32]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[33]  Chris Develder,et al.  An Information-Centric Communication Infrastructure for Real-Time State Estimation of Active Distribution Networks , 2015, IEEE Transactions on Smart Grid.

[34]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.