Visible to the public On the Feasibility of Attribute-Based Encryption on Constrained IoT Devices for Smart Systems

TitleOn the Feasibility of Attribute-Based Encryption on Constrained IoT Devices for Smart Systems
Publication TypeConference Paper
Year of Publication2019
AuthorsGirgenti, Benedetto, Perazzo, Pericle, Vallati, Carlo, Righetti, Francesca, Dini, Gianluca, Anastasi, Giuseppe
Conference Name2019 IEEE International Conference on Smart Computing (SMARTCOMP)
Date Publishedjun
KeywordsABE adoption, ABE schemes, Access Control, attribute based encryption, attribute-based encryption, authorisation, battery-powered devices, computer network security, Constrained Devices, constrained IoT devices, cryptography, data privacy, Embedded systems, encrypted data, Encryption, fine-grained access control, flexible access policies, Human Behavior, Information systems, Internet of Things, mobile computing, performance evaluation, policy-based governance, privacy challenges, Protocols, pubcrawl, public-key encryption, Scalability, security, security challenges, smart objects, smart phones, smart systems, Sugar
AbstractThe Internet of Things (IoT) is enabling a new generation of innovative services based on the seamless integration of smart objects into information systems. Such IoT devices generate an uninterrupted flow of information that can be transmitted through an untrusted network and stored on an untrusted infrastructure. The latter raises new security and privacy challenges that require novel cryptographic methods. Attribute-Based Encryption (ABE) is a new type of public-key encryption that enforces a fine-grained access control on encrypted data based on flexible access policies. The feasibility of ABE adoption in fully-fledged computing systems, i.e. smartphones or embedded systems, has been demonstrated in recent works. In this paper we assess the feasibility of the adoption of ABE in typical IoT constrained devices, characterized by limited capabilities in terms of computing, storage and power. Specifically, an implementation of three ABE schemes for ESP32, a low-cost popular platform to deploy IoT devices, is developed and evaluated in terms of encryption/decryption time and energy consumption. The performance evaluation shows that the adoption of ABE on constrained devices is feasible, although it has a cost that increases with the number of attributes. The analysis in particular highlights how ABE has a significant impact in the lifetime of battery-powered devices, which is impaired significantly when a high number of attributes is adopted.
Citation Keygirgenti_feasibility_2019