An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems
Publish/subscribe is a widely used paradigm in the Internet of Things (IoT). It allows a loose coupling between data producers and data consumers using a network of interconnected brokers. However, sensitive data could be exposed if a broker is compromised or if the broker itself is curious about th...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2021-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/9321382/ |
id |
doaj-eb487a89c1b743b98ef748262119cff2 |
---|---|
record_format |
Article |
spelling |
doaj-eb487a89c1b743b98ef748262119cff22021-03-30T15:19:40ZengIEEEIEEE Access2169-35362021-01-019190661907710.1109/ACCESS.2021.30514699321382An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe SystemsOlivier Blazy0https://orcid.org/0000-0001-6205-8249Emmanuel Conchon1https://orcid.org/0000-0002-6874-5936Mathieu Klingler2https://orcid.org/0000-0001-7113-2607Damien Sauveron3https://orcid.org/0000-0001-7948-6143XLIM, UMR CNRS, 7252, Université de Limoges, Limoges, FranceXLIM, UMR CNRS, 7252, Université de Limoges, Limoges, FranceXLIM, UMR CNRS, 7252, Université de Limoges, Limoges, FranceXLIM, UMR CNRS, 7252, Université de Limoges, Limoges, FrancePublish/subscribe is a widely used paradigm in the Internet of Things (IoT). It allows a loose coupling between data producers and data consumers using a network of interconnected brokers. However, sensitive data could be exposed if a broker is compromised or if the broker itself is curious about the information that is exchanged. In this paper, we present a complete security framework for topic-based publish/subscribe systems to ensure both security and privacy at the broker level, going beyond the naive encryption of information while keeping the loose coupling between publishers and subscribers. Furthermore, the proposed solution enables user revocation at the broker level; i.e. a revoked user can no longer subscribe to published data. To achieve that, we propose a unified solution relying on attribute-based cryptography with: (1) Attribute-Based Encryption (ABE) for data encryption; (2) a new construction of Attribute-Based Keyword Search (ABKS) to allow the broker to perform an encrypted matching that enforces privacy; and (3) an Attribute-Based Signature (ABS) to enforce the data authentication.https://ieeexplore.ieee.org/document/9321382/Secure publish/subscribeattribute-based cryptographypublications/subscriptions confidentialityuser revocation |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Olivier Blazy Emmanuel Conchon Mathieu Klingler Damien Sauveron |
spellingShingle |
Olivier Blazy Emmanuel Conchon Mathieu Klingler Damien Sauveron An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems IEEE Access Secure publish/subscribe attribute-based cryptography publications/subscriptions confidentiality user revocation |
author_facet |
Olivier Blazy Emmanuel Conchon Mathieu Klingler Damien Sauveron |
author_sort |
Olivier Blazy |
title |
An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems |
title_short |
An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems |
title_full |
An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems |
title_fullStr |
An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems |
title_full_unstemmed |
An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems |
title_sort |
iot attribute-based security framework for topic-based publish/subscribe systems |
publisher |
IEEE |
series |
IEEE Access |
issn |
2169-3536 |
publishDate |
2021-01-01 |
description |
Publish/subscribe is a widely used paradigm in the Internet of Things (IoT). It allows a loose coupling between data producers and data consumers using a network of interconnected brokers. However, sensitive data could be exposed if a broker is compromised or if the broker itself is curious about the information that is exchanged. In this paper, we present a complete security framework for topic-based publish/subscribe systems to ensure both security and privacy at the broker level, going beyond the naive encryption of information while keeping the loose coupling between publishers and subscribers. Furthermore, the proposed solution enables user revocation at the broker level; i.e. a revoked user can no longer subscribe to published data. To achieve that, we propose a unified solution relying on attribute-based cryptography with: (1) Attribute-Based Encryption (ABE) for data encryption; (2) a new construction of Attribute-Based Keyword Search (ABKS) to allow the broker to perform an encrypted matching that enforces privacy; and (3) an Attribute-Based Signature (ABS) to enforce the data authentication. |
topic |
Secure publish/subscribe attribute-based cryptography publications/subscriptions confidentiality user revocation |
url |
https://ieeexplore.ieee.org/document/9321382/ |
work_keys_str_mv |
AT olivierblazy aniotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems AT emmanuelconchon aniotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems AT mathieuklingler aniotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems AT damiensauveron aniotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems AT olivierblazy iotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems AT emmanuelconchon iotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems AT mathieuklingler iotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems AT damiensauveron iotattributebasedsecurityframeworkfortopicbasedpublishsubscribesystems |
_version_ |
1724179679748816896 |