-
SEA-BREW: A Scalable Attribute-Based Encryption Scheme for Low-Bitrate IoT Wireless Networks
Authors:
Michele La Manna,
Pericle Perazzo,
Gianluca Dini
Abstract:
Attribute-Based Encryption (ABE) is an emerging cryptographic technique that allows one to embed a fine-grained access control mechanism into encrypted data. In this paper we propose a novel ABE scheme called SEA-BREW (Scalable and Efficient Abe with Broadcast REvocation for Wireless networks), which is suited for Internet of Things (IoT) and Industrial IoT (IIoT) applications. In contrast to stat…
▽ More
Attribute-Based Encryption (ABE) is an emerging cryptographic technique that allows one to embed a fine-grained access control mechanism into encrypted data. In this paper we propose a novel ABE scheme called SEA-BREW (Scalable and Efficient Abe with Broadcast REvocation for Wireless networks), which is suited for Internet of Things (IoT) and Industrial IoT (IIoT) applications. In contrast to state-of-the-art ABE schemes, ours is capable of securely performing key revocations with a single short broadcast message, instead of a number of unicast messages that is linear with the number of nodes. This is desirable for low-bitrate Wireless Sensor and Actuator Networks (WSANs) which often are the heart of (I)IoT systems. In SEA-BREW, sensors, actuators, and users can exchange encrypted data via a cloud server, or directly via wireless if they belong to the same WSAN. We formally prove that our scheme is secure also in case of an untrusted cloud server that colludes with a set of users, under the generic bilinear group model. We show by simulations that our scheme requires a constant computational overhead on the cloud server with respect to the complexity of the access control policies. This is in contrast to state-of-the-art solutions, which require instead a linear computational overhead.
△ Less
Submitted 25 January, 2021;
originally announced January 2021.
-
ABE-Cities: An Attribute-Based Encryption System for Smart Cities
Authors:
Marco Rasori,
Pericle Perazzo,
Gianluca Dini
Abstract:
In the near future, a technological revolution will involve our cities, where a variety of smart services based on the Internet of Things will be developed to facilitate the needs of the citizens. Sensing devices are already being deployed in urban environments, and they will generate huge amounts of data. Such data are typically outsourced to some cloud storage because this lowers capital and ope…
▽ More
In the near future, a technological revolution will involve our cities, where a variety of smart services based on the Internet of Things will be developed to facilitate the needs of the citizens. Sensing devices are already being deployed in urban environments, and they will generate huge amounts of data. Such data are typically outsourced to some cloud storage because this lowers capital and operating expenses and guarantees high availability. However, cloud storage may have incentives to release stored data to unauthorized entities. In this work we present ABE-Cities, an encryption scheme for urban sensing which solves the above problems while ensuring fine-grained access control on data by means of Attribute-Based Encryption (ABE). Basically, ABE-Cities encrypts data before storing it in the cloud and provides users with keys able to decrypt only those portions of data the user is authorized to access. In ABE-Cities, the sensing devices perform only lightweight symmetric cryptography operations, thus they can also be resource-constrained. ABE-Cities provides planned expiration of keys, as well as their unplanned revocation. We propose methods to make the key revocation efficient, and we show by simulations the overall efficiency of ABE-Cities.
△ Less
Submitted 31 July, 2018;
originally announced July 2018.
-
Performance and Security Evaluation of SDN Networks in OMNeT++/INET
Authors:
Marco Tiloca,
Alexandra Stagkopoulou,
Gianluca Dini
Abstract:
Software Defined Networking (SDN) has been recently introduced as a new communication paradigm in computer networks. By separating the control plane from the data plane and entrusting packet forwarding to straightforward switches, SDN makes it possible to deploy and run networks which are more flexible to manage and easier to configure. This paper describes a set of extensions for the INET framewo…
▽ More
Software Defined Networking (SDN) has been recently introduced as a new communication paradigm in computer networks. By separating the control plane from the data plane and entrusting packet forwarding to straightforward switches, SDN makes it possible to deploy and run networks which are more flexible to manage and easier to configure. This paper describes a set of extensions for the INET framework, which allow researchers and network designers to simulate SDN architectures and evaluate their performance and security at design time. Together with performance evaluation and design optimization of SDN networks, our extensions enable the simulation of SDN-based anomaly detection and mitigation techniques, as well as the quantitative evaluation of cyber-physical attacks and their impact on the network and application. This work is an ongoing research activity, and we plan to propose it for an official contribution to the INET framework.
△ Less
Submitted 15 September, 2016;
originally announced September 2016.
-
Distributed Intrusion Detection for the Security of Societies of Robots
Authors:
Adriano Fagiolini,
Gianluca Dini,
Antonio Bicchi
Abstract:
This paper addresses the problem of detecting possible intruders in a group of autonomous robots, which coexist in a shared environment and interact with each other according to a set of "social behaviors", or common rules. Such rules specify what actions each robot is allowed to perform in the pursuit of its individual goals: rules are distributed, i.e. they can evaluated based only on the state…
▽ More
This paper addresses the problem of detecting possible intruders in a group of autonomous robots, which coexist in a shared environment and interact with each other according to a set of "social behaviors", or common rules. Such rules specify what actions each robot is allowed to perform in the pursuit of its individual goals: rules are distributed, i.e. they can evaluated based only on the state of the individual robot, and on information that can be sensed directly or through communication with immediate neighbors. We consider intruders as robots which misbehave, i.e. do not follow the rules, because of either spontaneous failures or malicious reprogramming. Our goal is to detect intruders by observing the congruence of their behavior with the social rules as applied to the current state of the overall system. Moreover, in accordance with the fully distributed nature of the problem, the detection itself must be peformed by individual robots, based only on local information. The paper introduces a formalism that allows to model uniformly a large variety of possible robot societies. The main contribution consists in the proposal of an Intrusion Detection System, i.e. a protocol that, under suitabkle conditions, allows individual robots to detect possible misbehaving robots in their vicinity, and trigger possible further actions to secure the society. It is worth noting that the generality of the protocol formalism makes so that local monitors can be automatically generated once the cooperation rules and the robot dynamics are specified. The effectiveness of the proposed technique is shown through application to examples of automated robotic systems.
△ Less
Submitted 12 January, 2011;
originally announced January 2011.
