Puncturable Attribute-Based Encryption for Secure Data Delivery in Internet of Things

While the Internet of Things (IoT) is embraced as important tools for efficiency and productivity, it is becoming an increasingly attractive target for cybercriminals. This work represents the first endeavor to develop practical Puncturable Attribute Based Encryption schemes that are light-weight and applicable in IoTs. In the proposed scheme, the attribute-based encryption is adopted for fine grained access control. The secret keys are puncturable to revoke the decryption capability for selected messages, recipients, or time periods, thus protecting selected important messages even if the current key is compromised. In contrast to conventional forward encryption, a distinguishing merit of the proposed approach is that the recipients can update their keys by themselves without key re-issuing from the key distributor. It does not require frequent communications between IoT devices and the key distribution center, neither does it need deleting components to expunge existing keys to produce a new key. Moreover, we devise a novel approach which efficiently integrates attribute-based key and punctured keys such that the key size is roughly the same as that of the original attribute-based encryption. We prove the correctness of the proposed scheme and its security under the Decisional Bilinear Diffie-Hellman (DBDH) assumption. We also implement the proposed scheme on Raspberry Pi and observe that the computation efficiency of the proposed approach is comparable to the original attribute-based encryption. Both encryption and decryption can be completed within tens of milliseconds.

[1]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[2]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[3]  Cheng Chen,et al.  Efficient Ciphertext Policy Attribute-Based Encryption with Constant-Size Ciphertext and Constant Computation-Cost , 2011, ProvSec.

[4]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[5]  Robert H. Deng,et al.  Adaptable Ciphertext-Policy Attribute-Based Encryption , 2013, Pairing.

[6]  Zhibin Zhou,et al.  On efficient ciphertext-policy attribute based encryption and broadcast encryption: extended abstract , 2010, CCS '10.

[7]  Amit Sahai,et al.  Bounded Ciphertext Policy Attribute Based Encryption , 2008, ICALP.

[8]  Hideki Imai,et al.  Dual-Policy Attribute Based Encryption , 2009, ACNS.

[9]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[10]  Atsuko Miyaji,et al.  A ciphertext-policy attribute-based encryption scheme with constant ciphertext length , 2010, Int. J. Appl. Cryptogr..

[11]  Guomin Yang,et al.  Hidden Ciphertext Policy Attribute-Based Encryption Under Standard Assumptions , 2016, IEEE Transactions on Information Forensics and Security.

[12]  Eike Kiltz,et al.  Chosen-Ciphertext Security from Tag-Based Encryption , 2006, TCC.

[13]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[14]  Matthew Green,et al.  Forward Secure Asynchronous Messaging from Puncturable Encryption , 2015, 2015 IEEE Symposium on Security and Privacy.

[15]  Angelo De Caro,et al.  jPBC: Java pairing based cryptography , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[16]  Jonathan Katz,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[17]  Francisco Rodríguez-Henríquez,et al.  NEON Implementation of an Attribute-Based Encryption Scheme , 2013, ACNS.

[18]  Zilong Wang,et al.  Adaptive Key Protection in Complex Cryptosystems with Attributes , 2012, IACR Cryptol. ePrint Arch..

[19]  Hideki Imai,et al.  Efficient and Fully Secure Forward Secure Ciphertext-Policy Attribute-Based Encryption , 2013, ISC.

[20]  Allison Bishop,et al.  New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques , 2012, CRYPTO.

[21]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[22]  Christoph G. Günther,et al.  An Identity-Based Key-Exchange Protocol , 1990, EUROCRYPT.

[23]  Nuttapong Attrapadung,et al.  Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts , 2011, Public Key Cryptography.

[24]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..