research-article

Privacy-preserving delegable authentication in the internet of things

Authors:
Clémentine Gritti

NTNU, Trondheim, Norway

NTNU, Trondheim, Norway
View Profile

,
Melek Önen

EURECOM, Sophia Antipolis, France

EURECOM, Sophia Antipolis, France
View Profile

,
Refik Molva

EURECOM, Sophia Antipolis, France

EURECOM, Sophia Antipolis, France
View Profile

SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied ComputingApril 2019Pages 861–869https://doi.org/10.1145/3297280.3297365

Published:08 April 2019Publication History

SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing

Pages 861–869

ABSTRACT

The expanding Internet of Things (IoT) technology offers the ease of communication with and access to multiple services for companies and individuals. However, because of the limited trustworthiness set on smart devices, as well as the ever-increasing amount of them, challenges for security and privacy protection have been growing. In this paper, we propose a new authentication solution that enables a smart device to securely connect to services, based on attribute-based credentials. Our solution allows IoT devices to authenticate to various services in an efficient way, without compromising their privacy. Indeed, during the authentication of an IoT device to a particular service, a new credential is generated such that only relevant attributes are disclosed to the actual service. Moreover, this operation is delegated to a gateway in order to relieve the workload at devices' side.

References

M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, and M. Ohkubo. 2010. Structure-Preserving Signatures and Commitments to Group Elements. In Proceedings of CRYPTO'10. Springer Berlin Heidelberg, Berlin, Heidelberg, 209--236. Google ScholarDigital Library
C. C. Aggarwal, N. Ashish, and A. Sheth. 2013. The Internet of Things: A Survey from the Data-Centric Perspective. In Managing and Mining Sensor Data. Springer US, Boston, MA, 383--428.Google Scholar
J. H. Ahn, D. Boneh, J. Camenisch, S. Hohenberger, A. Shelat, and B. Waters. 2015. Computing on Authenticated Data. Journal of Cryptology 28, 2 (01 Apr 2015), 351--395. Google ScholarDigital Library
A. Alcaide, E. Palomar, J. Montero-Castillo, and A. Ribagorda. 2013. Anonymous Authentication for Privacy-preserving IoT Target-driven Applications. Computer Security 37 (Sept. 2013), 111--123. Google ScholarDigital Library
G. Alpár, L. Batina, L. Batten, V. Moonsamy, A. Krasnova, A. Guellier, and I. Natgunanathan. 2016. New Directions in IoT Privacy Using Attribute-based Authentication. In Proceedings of CF '16. ACM, New York, NY, USA, 461--466. Google ScholarDigital Library
G. Alpár, L. Batina, and W. Lueks. 2013. Designated Attribute-Based Proofs for RFID Applications. In Proceedings of RFIDSec'12. Springer Berlin Heidelberg, Berlin, Heidelberg, 59--75. Google ScholarDigital Library
G. Alpár and J.-H. Hoepman. 2013. A Secure Channel for Attribute-based Credentials. In Proceedings of DIM '13. ACM, New York, NY, USA, 13--18. Google ScholarDigital Library
M. Ambrosin, A. Anzanpour, M. Conti, T. Dargahi, S. R. Moosavi, A. M. Rahmani, and P. Liljeberg. 2016. On the Feasibility of Attribute-Based Encryption on Internet of Things Devices. IEEE Micro 36, 6 (Nov 2016), 25--35. Google ScholarDigital Library
G. Ateniese, D. H. Chou, B. de Medeiros, and G. Tsudik. 2005. Sanitizable Signatures. In Proceedings of ESORICS'05. Springer Berlin Heidelberg, Berlin, Heidelberg, 159--177. Google ScholarDigital Library
M. Belenkiy, J. Camenisch, M. Chase, M. Kohlweiss, A. Lysyanskaya, and H. Shacham. 2009. Randomizable Proofs and Delegatable Anonymous Credentials. In Proceedings of CRYPTO'09. Springer Berlin Heidelberg, Berlin, Heidelberg, 108--125. Google ScholarDigital Library
P. Bichsel, J. Camenisch, M. Dubovitskaya, R. R. Enderlein, S. Krenn, I. Krontiris, A. Lehmann, G. Neven, C. Paquin, F.-S. Preiss, K. Rannenberg, and A. Sabouri. 2015. An Architecture for Privacy-ABCs. In Attribute-based Credentials for Trust: Identity in the Information Society. Springer International Publishing, Cham, 11--78.Google Scholar
D. Boneh and X. Boyen. 2008. Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups. Journal of Cryptology 21, 2 (2008), 149--177. Google ScholarDigital Library
D. Boneh, X. Boyen, and H. Shacham. 2004. Short Group Signatures. In Proceedings of CRYPTO'04. Springer Berlin Heidelberg, Berlin, Heidelberg, 41--55.Google Scholar
S. A. Brands. 2000. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge, MA, USA. Google ScholarDigital Library
C. Brzuska, H. Busch, O. Dagdelen, M. Fischlin, M. Franz, S. Katzenbeisser, M. Manulis, C. Onete, A. Peter, B. Poettering, and D. Schröder. 2010. Redactable Signatures for Tree-Structured Data: Definitions and Constructions. In Proceedings of ACNS'10. Springer Berlin Heidelberg, Berlin, Heidelberg, 87--104. Google ScholarDigital Library
J. Camenisch, A. Lehmann, G. Neven, and A. Rial. 2014. Privacy-Preserving Auditing for Attribute-Based Credentials. In Proceedings of ESORICS'14. Springer International Publishing, Cham, 109--127. Google ScholarDigital Library
J. Camenisch and A. Lysyanskaya. 2003. A Signature Scheme with Efficient Protocols. In Proceedings of SCN' 02. Springer-Verlag, Berlin, Heidelberg, 268--289. Google ScholarDigital Library
Jan Camenisch and Els Van Herreweghen. 2002. Design and Implementation of the Idemix Anonymous Credential System. In Proceedings of CCS '02. ACM, New York, NY, USA, 21--30. Google ScholarDigital Library
D. Chaum. 1985. Security Without Identification: Transaction Systems to Make Big Brother Obsolete. Communication ACM 28, 10 (Oct. 1985), 1030--1044. Google ScholarDigital Library
G. Fuchsbauer. 2011. Commuting Signatures and Verifiable Encryption. In Proceedings of EUROCRYPT'11. Springer Berlin Heidelberg, Berlin, Heidelberg, 224--245. Google ScholarDigital Library
D. Jao and K. Yoshida. 2009. Boneh-Boyen Signatures and the Strong Diffie-Hellman Problem. In Proceedings of Pairing'09. Springer-Verlag, Berlin, Heidelberg, 1--16. Google ScholarDigital Library
R. Johnson, D. Molnar, D. Song, and D. Wagner. 2002. Homomorphic Signature Schemes. In Proceedings of CT-RSA'02. Springer Berlin Heidelberg, Berlin, Heidelberg, 244--262. Google ScholarDigital Library
A. Joux. 2004. A One Round Protocol for Tripartite Diffie-Hellman. Journal of Cryptology 17, 4 (Sept. 2004), 263--276. Google ScholarDigital Library
F. Mattern and C. Floerkemeier. 2010. From the Internet of Computers to the Internet of Things. In From Active Data Management to Event-based Systems and More. Springer-Verlag, Berlin, Heidelberg, 242--259. Google ScholarDigital Library
S. Micali and R. L. Rivest. 2002. Transitive Signature Schemes. In Proceedings of CT-RSA'02. Springer Berlin Heidelberg, Berlin, Heidelberg, 236--243. Google ScholarDigital Library
C. Paquin. 2013. U-Prove Technology Overview V1.1. Technical Report (revision 2). Microsoft Research.Google Scholar
K. Rannenberg, J. Camenisch, and A. Sabouri. 2014. Attribute-based Credentials for Trust: Identity in the Information Society. Springer Publishing Company, Incorporated. Google ScholarDigital Library
B. Waters. 2005. Efficient Identity-based Encryption Without Random Oracles. In Proceedings of EUROCRYPT'05. Springer-Verlag, Berlin, Heidelberg, 114--127. Google ScholarDigital Library
X. Yao, Z. Chen, and Y. Tian. 2015. A lightweight attribute-based encryption scheme for the Internet of Things. Future Generation Computer Systems 49, Supplement C (2015), 104 -- 112. Google ScholarDigital Library
T. H. Yuen, W. Susilo, J. K. Liu, and Y. Mu. 2008. Sanitizable Signatures Revisited. In Cryptology and Network Security. Springer Berlin Heidelberg, Berlin, Heidelberg, 80--97. Google ScholarDigital Library
J. H. Ziegeldorf, O. G. Morchon, and K. Wehrle. 2014. Privacy in the Internet of Things: Threats and Challenges. Security and Communication Networks 7, 12 (2014), 2728--2742.Google ScholarCross Ref

Index Terms

Privacy-preserving delegable authentication in the internet of things
1. Networks
  1. Network properties
    1. Network security
      1. Mobile and wireless security
2. Security and privacy
  1. Network security
    1. Mobile and wireless security

Recommendations

Privacy preserving Internet of Things

The Internet of Things (IoT) is the latest web evolution that incorporates billions of devices that are owned by different organisations and people who are deploying and using them for their own purposes. IoT-enabled harnessing of the information that ...
Read More
Secure and Privacy-Preserving RFID Authentication Scheme for Internet of Things Applications
Abstract
Privacy issue has become a crucial concern in internet of things (IoT) applications ranging from home appliances to vehicular networks. RFID system has found enormous scope in IoT applications such as consumer electronics, healthcare, tracking ...
Read More
Authenticated and Privacy-Preserving Consent Management in the Internet of Things
Abstract
As the Internet of Things (IoT) starts providing meaningful solutions in multiple domains, users expect to take full advantage of the features and benefits of smart devices, but not at the cost of privacy loss. They want to keep control over their ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing
April 2019
2682 pages
ISBN:9781450359337
DOI:10.1145/3297280
Conference Chairs:
Chih-Cheng Hung
Kennesaw State University, Marietta, Georgia
,
George A. Papadopoulos
University of Cyprus, Nicosia, Cyprus
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 8 April 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
IoT authentication
attribute-based credentials
privacy
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate1,650of6,669submissions,25%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 11
  Total Citations
  View Citations
- 203
  Total Downloads
- Downloads (Last 12 months)12
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Privacy-preserving delegable authentication in the internet of things

SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing

ABSTRACT

References

Cited By

Index Terms

Recommendations

Privacy preserving Internet of Things

Secure and Privacy-Preserving RFID Authentication Scheme for Internet of Things Applications

Authenticated and Privacy-Preserving Consent Management in the Internet of Things