CrypSH A Novel IoT Data Protection Scheme Based on BGN Cryptosystem
Abstract : The Internet of Things (IoT) is an emerging paradigm and has penetrated deeply into our daily life. Due to the seamless connections of the IoT devices with the physical world through the Internet, the IoT applications use the cloud to store and provide ubiquitous access to collected data. Sharing of data with third party services and other users incurs potential risks and leads to unique security and privacy concerns, e.g., data breaches. Existing cryptographic solutions are inapt for resource-constrained IoT devices, because of their significant computational overhead. To address these concerns, we propose a data protection scheme to store the encrypted IoT data in a cloud, while still allowing query processing over the encrypted data. Our proposed scheme features a novel encrypted data sharing scheme based on Boneh-Goh-Nissim (BGN) cryptosystem, with revocation capabilities and in-situ key updates. We perform exhaustive experiments on real datasets, to assess the feasibility of the proposed scheme on the resource constrained IoT devices. The results show the feasibility of our scheme, together with the ability to provide a high level of security. The results also show that our scheme significantly reduces the computation, storage and energy overheads than the best performed scheme in the state-of-the-art.
? To tackle this issue, existing distributed approaches used the homomorphic encryption technology.
? To the best of our knowledge, none of the existing solutions considered all the privacy requirements mentioned above, while covering the whole IoT data lifecycle, from the user’s consent to the data analysis.
? We compare the proposal with some existing solutions in terms of communication cost and eavesdropping probability on private individual data.
? Because of the transparency characteristic of public blockchains, it is possible to verify that the data of a transaction has existed at a specific time, but by keeping public keys anonymous, the identity of participants in real-life cannot be revealed.
? It is important to design a proper structure of the authorisation mechanism since it ensures that a joining IoT device (i) issues the reencryption token for the genuine group and (ii) retrieves the correct group key.
? To issue this re-encryption token and subsequent decrypting of group data, Bob uses the public key, pkg, and the private key, prkg, of the group.
? The proposed CrypSH is semantically secure against the adaptive chosen message attack, if the discrete logarithm problem is hard.
? The correct guessing is only possible when A can solve the discrete logarithm problem.
• In the proposed system, each data consumer can create a smart contract and publish both terms of service and requested IoT data.
• The latter is proposed and hosted on the blockchain to put several IoT devices in the same group based on the smart device owners’ privacy choices.
• In this way, the proposed solution eliminates the need to trust a centralized consumer or a data aggregator while keeping the IoT data analysis accuracy.
• In order to overcome the raw data disclosure issue, several solutions were proposed to use the homomorphic encryption technology to protect the user’s privacy while guarantying the data accuracy.
? We measure the performance of the CrypSH in terms of the computational overhead, storage overhead, energy overhead, throughput, data freshness and end-to-end delay.
? In this paper, we consider the Pilatus as our main competitor and show that our proposed scheme not only achieves system security but also improves on performance significantly than the Pilatus.
? To measure the storage overhead, we consider ciphertext size as a performance metric.
? We measure the storage overhead of both the CrypSH and the Pilatus considering the ciphertext size as performance metric.
? It means that the performance of the CrypSH is improved by reducing the ciphertext sizes to 13% and 25% compared to the Pilatus during the standard and sharing modes, respectively.
|