Lightweight Attribute-based Encryption Supporting Access Policy Update for Cloud Assisted IoT

Belguith, Sana; Kaaniche, Nesrine; Russello, Giovanni

doi:10.5220/0006854601350146

Cited by 12 publications

(15 citation statements)

References 28 publications

(50 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Salonikias et al [80] proposed a role-based authorization in traditional web services in which administrators have to regulate access rights. In [81], attribute-based encryption is proposed, in which predefined attributes of users must be satisfied [82,83]. However, there are open challenges related to multiple devices for predefined policies.…”

Section: Fog Computing Security Challengesmentioning

confidence: 99%

The Security of Big Data in Fog-Enabled IoT Applications Including Blockchain: A Survey

Tariq

Asim

Al-Obeidat

et al. 2019

Sensors

215

171

View full text Add to dashboard Cite

The proliferation of inter-connected devices in critical industries, such as healthcare and power grid, is changing the perception of what constitutes critical infrastructure. The rising interconnectedness of new critical industries is driven by the growing demand for seamless access to information as the world becomes more mobile and connected and as the Internet of Things (IoT) grows. Critical industries are essential to the foundation of today’s society, and interruption of service in any of these sectors can reverberate through other sectors and even around the globe. In today’s hyper-connected world, the critical infrastructure is more vulnerable than ever to cyber threats, whether state sponsored, criminal groups or individuals. As the number of interconnected devices increases, the number of potential access points for hackers to disrupt critical infrastructure grows. This new attack surface emerges from fundamental changes in the critical infrastructure of organizations technology systems. This paper aims to improve understanding the challenges to secure future digital infrastructure while it is still evolving. After introducing the infrastructure generating big data, the functionality-based fog architecture is defined. In addition, a comprehensive review of security requirements in fog-enabled IoT systems is presented. Then, an in-depth analysis of the fog computing security challenges and big data privacy and trust concerns in relation to fog-enabled IoT are given. We also discuss blockchain as a key enabler to address many security related issues in IoT and consider closely the complementary interrelationships between blockchain and fog computing. In this context, this work formalizes the task of securing big data and its scope, provides a taxonomy to categories threats to fog-based IoT systems, presents a comprehensive comparison of state-of-the-art contributions in the field according to their security service and recommends promising research directions for future investigations.

show abstract

Section: Fog Computing Security Challengesmentioning

confidence: 99%

The Security of Big Data in Fog-Enabled IoT Applications Including Blockchain: A Survey

Tariq

Asim

Al-Obeidat

et al. 2019

Sensors

215

171

View full text Add to dashboard Cite

show abstract

“…AES has been also adopted to provide secure communication between IoT devices [73]. Though an attribute-based encryption algorithm requires high computation costs, several lightweight versions have been designed to suit IoT applications, such as reduced computation algorithms [40,74], offloading heavy computations to an edge [75], or cloud server [26].…”

Section: The Lack Of Standardized Lightweight Encryption Algorithms Fmentioning

confidence: 99%

“…Since smart objects have a limited calculation capacity, restricted energy, and limited memory, lightweight encryption algorithms are widely used in the IoT field, such as in RFID tags, sensors, and healthcare devices [39]. Additionally, the lightweight concept for IoT is extended to lightweight attribute-based encryption schema for cloud applications [40][41][42], lightweight collaborative key management protocol [43], lightweight protocol for smart home authentication and key-session exchange [44,45]. Many IoT protocols have been proposed for different ISO layers, such as link layer (802.15.4, PLC), network layer (RPL, 6LoWPA), presentation layer (TLS, 802.1AR, 802.1X), and application layer (CoAP) [46].…”

mentioning

confidence: 99%

A Survey of IoT Security Based on a Layered Architecture of Sensing and Data Analysis

Mrabet

Belguith

Alhomoud

et al. 2020

Sensors

Self Cite

190

View full text Add to dashboard Cite

The Internet of Things (IoT) is leading today’s digital transformation. Relying on a combination of technologies, protocols, and devices such as wireless sensors and newly developed wearable and implanted sensors, IoT is changing every aspect of daily life, especially recent applications in digital healthcare. IoT incorporates various kinds of hardware, communication protocols, and services. This IoT diversity can be viewed as a double-edged sword that provides comfort to users but can lead also to a large number of security threats and attacks. In this survey paper, a new compacted and optimized architecture for IoT is proposed based on five layers. Likewise, we propose a new classification of security threats and attacks based on new IoT architecture. The IoT architecture involves a physical perception layer, a network and protocol layer, a transport layer, an application layer, and a data and cloud services layer. First, the physical sensing layer incorporates the basic hardware used by IoT. Second, we highlight the various network and protocol technologies employed by IoT, and review the security threats and solutions. Transport protocols are exhibited and the security threats against them are discussed while providing common solutions. Then, the application layer involves application protocols and lightweight encryption algorithms for IoT. Finally, in the data and cloud services layer, the main important security features of IoT cloud platforms are addressed, involving confidentiality, integrity, authorization, authentication, and encryption protocols. The paper is concluded by presenting the open research issues and future directions towards securing IoT, including the lack of standardized lightweight encryption algorithms, the use of machine-learning algorithms to enhance security and the related challenges, the use of Blockchain to address security challenges in IoT, and the implications of IoT deployment in 5G and beyond.

show abstract

“…ABE schemes have been widely applied to secure outsourced data to distant cloud servers [24]. Although the proposed schemes achieves encrypted fine grained access control to data, they rely on a single authority to manage all the attributes used in the system and issue the related secret keys [25], [26], [27]. As such, the risk of key escrow attacks is arising, considering that all users' private keys are maintained by one single central entity.…”

Section: A Attribute Based Encryption (Abe)mentioning

confidence: 99%

Accountable privacy preserving attribute based framework for authenticated encrypted access in clouds

Belguith

Kaaniche

Laurent

et al. 2020

Journal of Parallel and Distributed Computing

Self Cite

View full text Add to dashboard Cite

In this paper, we propose an accountable privacy preserving attribute-based framework, called Ins-PAbAC, that combines attribute based encryption and attribute based signature techniques for securely sharing outsourced data contents via public cloud servers. The proposed framework presents several advantages. First, it provides an encrypted access control feature, enforced at the data owner's side, while providing the desired expressiveness of access control policies. Second, Ins-PAbAC preserves users' privacy, relying on an anonymous authentication mechanism, derived from a privacy preserving attribute based signature scheme that hides the users' identifying information. Furthermore, our proposal introduces an accountable attribute based signature that enables an inspection authority to reveal the identity of the anonymously-authenticated user if needed. Third, Ins-PAbAC is provably secure, as it is resistant to both curious cloud providers and malicious users adversaries. Finally, experimental results, built upon OpenStack Swift testbed, point out the applicability of the proposed scheme in real world scenarios.

show abstract

Lightweight Attribute-based Encryption Supporting Access Policy Update for Cloud Assisted IoT

Cited by 12 publications

References 28 publications

The Security of Big Data in Fog-Enabled IoT Applications Including Blockchain: A Survey

The Security of Big Data in Fog-Enabled IoT Applications Including Blockchain: A Survey

A Survey of IoT Security Based on a Layered Architecture of Sensing and Data Analysis

Accountable privacy preserving attribute based framework for authenticated encrypted access in clouds

Contact Info

Product

Resources

About