IoT-friendly, pre-computed and outsourced attribute based encryption

Abstract

The Internet of Things (IoT) and its applications are growing at an unprecedented rate. In such a complex network with an enormous number of nodes, an important challenge is how to securely handle the access control problem. Attribute Based Encryption (ABE) is a powerful and flexible cryptographic primitive to address the challenge of realizing fine-grained access control in many systems. However, using ABE in IoT systems is often problematic due to the heavy computational overhead originating from the bilinear pairing operations and the relatively large key sizes of ABE schemes.This paper deals with this challenge by proposing some solutions to overcome the limitations of using ABE in IoT systems. The contributions of this paper are divided into three parts. In the first part, we propose modified fuzzy identity-based encryption (FIBE) schemes that use fewer optimal ate pairing operations compared to the original FIBE. FIBE is a special case of ABE, in which the access structure simplifies to a threshold gate. We also introduce a new security notion named the Conditional Chosen Ciphertext Attack-2 (Conditional CCA-2) selective security which is stronger than the CPA selective security notion. We prove that the proposed FIBE schemes have Conditional CCA-2 selective security, under the Asymmetric Decisional Modified Bilinear Diffie–Hellman (ADMBDH) assumption. In the second part, we proposed Key Policy Attribute Based Encryption (KP-ABE) schemes that use fewer pairing operations compared to the previous KP-ABE schemes. Our FIBE and KP-ABE schemes use elliptic curve groups which ensure shorter keys. In the third part of our contribution, we propose secure methods to outsource the heavy operations in FIBE and KP-ABE schemes (i.e. scalar multiplication by a curve point, exponentiation, and pairing) such that IoT devices can cope with the complexity.