JEDI: Many-to-Many End-to-End Encryption and Key Delegation for IoT

As the Internet of Things (IoT) emerges over the next decade, developing secure communication for IoT devices is of paramount importance. Achieving end-to-end encryption for large-scale IoT systems, like smart buildings or smart cities, is challenging because multiple principals typically interact indirectly via intermediaries, meaning that the recipient of a message is not known in advance. This paper proposes JEDI (Joining Encryption and Delegation for IoT), a many-to-many end-to-end encryption protocol for IoT. JEDI encrypts and signs messages end-to-end, while conforming to the decoupled communication model typical of IoT systems. JEDI's keys support expiry and fine-grained access to data, common in IoT. Furthermore, JEDI allows principals to delegate their keys, restricted in expiry or scope, to other principals, thereby granting access to data and managing access control in a scalable, distributed way. Through careful protocol design and implementation, JEDI can run across the spectrum of IoT devices, including ultra low-power deeply embedded sensors severely constrained in CPU, memory, and energy consumption. We apply JEDI to an existing IoT messaging system and demonstrate that its overhead is modest.

[1]  Jie Wu,et al.  Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers , 2011, Comput. Secur..

[2]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[3]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[4]  Cristian Borcea,et al.  PICADOR: End-to-end encrypted Publish-Subscribe information distribution with proxy re-encryption , 2017, Future Gener. Comput. Syst..

[5]  Ankur Taly,et al.  Privacy, Discovery, and Authentication for the Internet of Things , 2016, ESORICS.

[6]  Eike Kiltz,et al.  Generalized Key Delegation for Hierarchical Identity-Based Encryption , 2007, ESORICS.

[7]  Brent Waters,et al.  A fully collusion resistant broadcast, trace, and revoke system , 2006, CCS '06.

[8]  Keita Emura,et al.  Revocable Identity-Based Encryption Revisited: Security Model and Construction , 2013, Public Key Cryptography.

[9]  Yuto Kawahara,et al.  Barreto-Naehrig Curves , 2016 .

[10]  Jörg Schwenk,et al.  How Secure is TextSecure? , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[11]  Kurt Rothermel,et al.  Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption , 2014, IEEE Transactions on Parallel and Distributed Systems.

[12]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[13]  Simon Duquennoy,et al.  Secure Sharing of Partially Homomorphic Encrypted IoT Data , 2017, SenSys.

[14]  Dan Boneh,et al.  Riposte: An Anonymous Messaging System Handling Millions of Users , 2015, 2015 IEEE Symposium on Security and Privacy.

[15]  Sylvia Ratnasamy,et al.  Droplet: Decentralized Authorization for IoT Data Streams , 2018, ArXiv.

[16]  Hideki Imai,et al.  Conjunctive Broadcast and Attribute-Based Encryption , 2009, Pairing.

[17]  Gregory Gutin,et al.  Cryptographic Enforcement of Information Flow Policies Without Public Information , 2014, ACNS.

[18]  Philip Levis,et al.  RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks , 2012, RFC.

[19]  Mikkel Baun Kjærgaard,et al.  Activity-Tracking Service For Building Operating Systems , 2018, 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[20]  Dahlia Malkhi,et al.  Secure reliable multicast protocols in a WAN , 2000, Distributed Computing.

[21]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[22]  David E. Culler,et al.  WAVE: A Decentralized Authorization Framework with Transitive Delegation , 2019, USENIX Security Symposium.

[23]  Randy H. Katz,et al.  Democratizing authority in the built environment , 2017, BuildSys@SenSys.

[24]  Mark Zhandry,et al.  Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation , 2014, Algorithmica.

[25]  Mikkel Baun Kjærgaard,et al.  Brume - A Horizontally Scalable and Fault Tolerant Building Operating System , 2018, 2018 IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI).

[26]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[27]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[28]  Giovanni Russello,et al.  Secure publish and subscribe systems with efficient revocation , 2018, SAC.

[29]  David E. Culler,et al.  System Design for a Synergistic, Low Power Mote/BLE Embedded Platform , 2016, 2016 15th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN).

[30]  Yohei Watanabe,et al.  New Revocable IBE in Prime-Order Groups: Adaptively Secure, Decryption Key Exposure Resistant, and with Short Public Parameters , 2017, CT-RSA.

[31]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[32]  Razvan Barbulescu,et al.  Extended Tower Number Field Sieve: A New Complexity for the Medium Prime Case , 2016, CRYPTO.

[33]  Markus Jakobsson,et al.  Efficient Constructions for One-Way Hash Chains , 2005, ACNS.

[34]  Nickolai Zeldovich,et al.  Vuvuzela: scalable private messaging resistant to traffic analysis , 2015, SOSP.

[35]  Frank Wang,et al.  Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds , 2016, NSDI.

[36]  David E. Culler,et al.  BOSS: Building Operating System Services , 2013, NSDI.

[37]  Jason Crampton,et al.  On key assignment for hierarchical access control , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[38]  Ankur Taly,et al.  Distributed Authorization in Vanadium , 2016, FOSAD.

[39]  Mani B. Srivastava,et al.  SensorAct: a privacy and security aware federated middleware for building management , 2012, BuildSys '12.

[40]  Keita Emura,et al.  Revocable Hierarchical Identity-Based Encryption: History-Free Update, Security Against Insiders, and Short Ciphertexts , 2015, CT-RSA.

[41]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[42]  Prabal Dutta,et al.  The Internet of Things Has a Gateway Problem , 2015, HotMobile.

[43]  Razvan Barbulescu,et al.  Updating Key Size Estimations for Pairings , 2018, Journal of Cryptology.

[44]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[45]  David E. Culler,et al.  sMAP: a simple measurement and actuation profile for physical information , 2010, SenSys '10.

[46]  Keita Emura,et al.  Efficient Delegation of Key Generation and Revocation Functionalities in Identity-Based Encryption , 2013, CT-RSA.

[47]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[48]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[49]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[50]  Jung Hee Cheon,et al.  Security Analysis of the Strong Diffie-Hellman Problem , 2006, EUROCRYPT.

[51]  Moti Yung,et al.  Scalable Group Signatures with Revocation , 2012, EUROCRYPT.

[52]  Yevgeniy Dodis,et al.  ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption , 2004, CCS '04.

[53]  David Naccache,et al.  Compact CCA2-secure Hierarchical Identity-Based Broadcast Encryption for Fuzzy-entity Data Sharing , 2016, IACR Cryptol. ePrint Arch..

[54]  David E. Culler,et al.  Procrastination Might Lead to a Longer and More Useful Life , 2007, HotNets.

[55]  David E. Culler,et al.  XBOS: An Extensible Building Operating System , 2015 .

[56]  David E. Culler,et al.  System Architecture Directions for Post-SoC/32-bit Networked Sensors , 2018, SenSys.

[57]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[58]  Allison Bishop,et al.  Revocation Systems with Very Small Private Keys , 2010, 2010 IEEE Symposium on Security and Privacy.

[59]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[60]  Roberto Passerone,et al.  POVOMON: An Ad-hoc Wireless Sensor Network for indoor environmental monitoring , 2014, 2014 IEEE Workshop on Environmental, Energy, and Structural Monitoring Systems Proceedings.

[61]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[62]  David E. Culler,et al.  Hamilton: a cost-effective, low power networked sensor for indoor environment monitoring , 2017, BuildSys@SenSys.

[63]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[64]  Ítalo S. Cunha,et al.  AoT: Authentication and Access Control for the Entire IoT Device Life-Cycle , 2016, SenSys.

[65]  Craig Gentry,et al.  Hierarchical Identity Based Encryption with Polynomially Many Levels , 2009, TCC.

[66]  Wen-Guey Tzeng,et al.  A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy , 2002, IEEE Trans. Knowl. Data Eng..

[67]  Deborah Estrin,et al.  An energy-efficient MAC protocol for wireless sensor networks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[68]  Mikhail J. Atallah,et al.  Incorporating Temporal Capabilities in Existing Key Management Schemes , 2007, ESORICS.

[69]  Arnar Birgisson,et al.  Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud , 2014, NDSS.

[70]  Brent Waters,et al.  Low Overhead Broadcast Encryption from Multilinear Maps , 2014, IACR Cryptol. ePrint Arch..

[71]  Yevgeniy Dodis,et al.  Public Key Broadcast Encryption for Stateless Receivers , 2002, Digital Rights Management Workshop.

[72]  Moti Yung,et al.  Group Signatures with Almost-for-Free Revocation , 2012, CRYPTO.

[73]  Benoît Libert,et al.  Adaptive-ID Secure Revocable Identity-Based Encryption , 2009, CT-RSA.

[74]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[75]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[76]  MacLane Wilkison,et al.  NuCypher KMS: Decentralized key management system , 2017, ArXiv.

[77]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[78]  Michael K. Reiter,et al.  A high-throughput secure reliable multicast protocol , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[79]  David E. Culler,et al.  Building application stack (BAS) , 2012, BuildSys '12.

[80]  Mo Li,et al.  Energy Efficient HVAC System with Distributed Sensing and Control , 2014, 2014 IEEE 34th International Conference on Distributed Computing Systems.

[81]  Chin-Chen Chang,et al.  A new cryptographic key assignment scheme with time-constraint access control in a hierarchy , 2004, Comput. Stand. Interfaces.