Attribute-Based Encryption (ABE) could be an effective cryptographic tool for the secure management of Internet-of-Things (IoT) devices, but its feasibility in the IoT has been under-investigated thus far. This article explores such feasibility for well-known IoT platforms, namely, Intel Galileo Gen 2, Intel Edison, Raspberry Pi 1 Model B, and Raspberry Pi Zero, and concludes that adopting ABE in the IoT is indeed feasible.Accepted for publication --IEEE Micro Special Issue on Internet of Things (2016)
Preprint versionAttribute-Based Encryption and IoT. In recent years, several security protocols adopted Attribute-Based Encryption (ABE) as a building block in different distributed environments [3], such as IoT [4], cloud services [5], and medical systems [6]. ABE is a public key scheme where both encryption and decryption are based on high-level data access policies. Considering the aforementioned requirements in distributed and heterogeneous IoT scenarios, ABE provides more efficient access control mechanism compared to conventional cryptographic algorithms [3], [6], [7]: (i) allows fine-grained access control based on recipients' attributes; (ii) scales independent from the number of authorized users; (iii) is resilient against collusion attacks; (iv) does not require key sharing or key management algorithms between the participating parties (data owner does not need to identify the destination client). Besides its noteworthy advantages, a proper key revocation algorithm is still a challenging issue in ABE (beyond the scope of this paper), and an ongoing research effort [3]. More relevant to our work, ABE suffers from high computational overhead [6], [8]. However, the literature is still missing a proper assessment of ABE efficiency on resource-constrained devices, widely used in the IoT domain.In order to shine a light on the feasibility of ABE in IoT, we perform a comprehensive analysis of the cost of ABE operations on resource-constrained devices. In particular, along the same line of our previous work [7], which investigated the feasibility of ABE on smartphone devices, in this paper we implement the original Key-Policy Attribute-Based Encryption (KP-ABE) [9] and Ciphertext-Policy Attribute-Based Encryption (CP-ABE) [10] on widely used IoT-enabling devices. Our work focuses on the evaluation of encryption and decryption (hereinafter called cryptographic operations ) on four boards: Intel Galileo Gen 2, Intel Edison, Raspberry Pi 1 Model B, and Raspberry Pi Zero. Due to space limitation, we only report the results for CP-ABE. However, we noticed that the KP-ABE experiments have a very similar quantitative behavior to CP-ABE results. Supported by our observations from thorough experimental results, we provide evidence of the feasibility of adopting ABE on resource-constrained devices. Moreover, we present a smart healthcare use case application to evaluate feasibility of using ABE in real world IoT scenarios.