Abstract: The Internet of Things (IoT) is enabling a newgeneration of innovative services based on the seamless integration of smart objects into information systems. Such IoT devices generate an uninterrupted flow of information that can be transmitted through an untrusted network and stored on an untrusted infrastructure. The latter raises new security and privacy challenges that require novel cryptographic methods. Attribute-Based Encryption (ABE) is a new type of public-key encryption that enforces a fine-grained access control on encrypted databased on flexible access policies. The feasibility of ABE adoptionin fully-fledged computing systems, i.e. smartphones or embeddedsystems, has been demonstrated in recent works. In this paper we assess the feasibility of the adoption of ABE in typical IoT constrained devices, characterized by limited capabilities in terms of computing, storage and power. Specifically, an implementation of three ABE schemes for ESP32, a low-cost popular platformto deploy IoT devices, is developed and evaluated in terms of encryption/decryption time and energy consumption. The performance evaluation shows that the adoption of ABE on constraineddevices is feasible, although it has a cost that increases with thenumber of attributes. The analysis in particular highlights how ABE has a significant impact in the lifetime of battery-powered devices, which is impaired significantly when a high number of attributes is adopted.
Keywords: Internet of Things;constrained devices;security;attribute-based encryption;performance evaluati
File pubblicazione: https://ieeexplore.ieee.org/abstract/document/8784091