An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems

An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems

Publish/subscribe is a widely used paradigm in the Internet of Things (IoT). It allows a loose coupling between data producers and data consumers using a network of interconnected brokers. However, sensitive data could be exposed if a broker is compromised or if the broker itself is curious about th...

Full description

Bibliographic Details
Main Authors: Olivier Blazy, Emmanuel Conchon, Mathieu Klingler, Damien Sauveron
Format: Article
Language:English
Published: IEEE 2021-01-01
Series:IEEE Access
Subjects:
Secure publish/subscribe
attribute-based cryptography
publications/subscriptions confidentiality
user revocation
Online Access:https://ieeexplore.ieee.org/document/9321382/
id doaj-eb487a89c1b743b98ef748262119cff2
record_format Article
spelling doaj-eb487a89c1b743b98ef748262119cff22021-03-30T15:19:40ZengIEEEIEEE Access2169-35362021-01-019190661907710.1109/ACCESS.2021.30514699321382An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe SystemsOlivier Blazy0https://orcid.org/0000-0001-6205-8249Emmanuel Conchon1https://orcid.org/0000-0002-6874-5936Mathieu Klingler2https://orcid.org/0000-0001-7113-2607Damien Sauveron3https://orcid.org/0000-0001-7948-6143XLIM, UMR CNRS, 7252, Université de Limoges, Limoges, FranceXLIM, UMR CNRS, 7252, Université de Limoges, Limoges, FranceXLIM, UMR CNRS, 7252, Université de Limoges, Limoges, FranceXLIM, UMR CNRS, 7252, Université de Limoges, Limoges, FrancePublish/subscribe is a widely used paradigm in the Internet of Things (IoT). It allows a loose coupling between data producers and data consumers using a network of interconnected brokers. However, sensitive data could be exposed if a broker is compromised or if the broker itself is curious about the information that is exchanged. In this paper, we present a complete security framework for topic-based publish/subscribe systems to ensure both security and privacy at the broker level, going beyond the naive encryption of information while keeping the loose coupling between publishers and subscribers. Furthermore, the proposed solution enables user revocation at the broker level; i.e. a revoked user can no longer subscribe to published data. To achieve that, we propose a unified solution relying on attribute-based cryptography with: (1) Attribute-Based Encryption (ABE) for data encryption; (2) a new construction of Attribute-Based Keyword Search (ABKS) to allow the broker to perform an encrypted matching that enforces privacy; and (3) an Attribute-Based Signature (ABS) to enforce the data authentication.https://ieeexplore.ieee.org/document/9321382/Secure publish/subscribeattribute-based cryptographypublications/subscriptions confidentialityuser revocation
collection DOAJ
language English
format Article
sources DOAJ
author Olivier Blazy
Emmanuel Conchon
Mathieu Klingler
Damien Sauveron
spellingShingle Olivier Blazy
Emmanuel Conchon
Mathieu Klingler
Damien Sauveron
An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems
IEEE Access
Secure publish/subscribe
attribute-based cryptography
publications/subscriptions confidentiality
user revocation
author_facet Olivier Blazy
Emmanuel Conchon
Mathieu Klingler
Damien Sauveron
author_sort Olivier Blazy
title An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems
title_short An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems
title_full An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems
title_fullStr An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems
title_full_unstemmed An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems
title_sort iot attribute-based security framework for topic-based publish/subscribe systems
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2021-01-01
description Publish/subscribe is a widely used paradigm in the Internet of Things (IoT). It allows a loose coupling between data producers and data consumers using a network of interconnected brokers. However, sensitive data could be exposed if a broker is compromised or if the broker itself is curious about the information that is exchanged. In this paper, we present a complete security framework for topic-based publish/subscribe systems to ensure both security and privacy at the broker level, going beyond the naive encryption of information while keeping the loose coupling between publishers and subscribers. Furthermore, the proposed solution enables user revocation at the broker level; i.e. a revoked user can no longer subscribe to published data. To achieve that, we propose a unified solution relying on attribute-based cryptography with: (1) Attribute-Based Encryption (ABE) for data encryption; (2) a new construction of Attribute-Based Keyword Search (ABKS) to allow the broker to perform an encrypted matching that enforces privacy; and (3) an Attribute-Based Signature (ABS) to enforce the data authentication.
topic Secure publish/subscribe
attribute-based cryptography
publications/subscriptions confidentiality
user revocation
url https://ieeexplore.ieee.org/document/9321382/
work_keys_str_mv AT olivierblazy aniotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems
AT emmanuelconchon aniotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems
AT mathieuklingler aniotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems
AT damiensauveron aniotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems
AT olivierblazy iotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems
AT emmanuelconchon iotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems
AT mathieuklingler iotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems
AT damiensauveron iotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems
_version_ 1724179679748816896

Similar Items