research-article

Fog-based Secure Communications for Low-power IoT Devices

Authors:

Mirco Marchetti,

Michele ColajanniAuthors Info & Claims

ACM Transactions on Internet Technology (TOIT), Volume 19, Issue 2

Article No.: 27, Pages 1 - 21

https://doi.org/10.1145/3284554

Published: 28 March 2019 Publication History

Abstract

Designing secure, scalable, and resilient IoT networks is a challenging task because of resource-constrained devices and no guarantees of reliable network connectivity. Fog computing improves the resiliency of IoT, but its security model assumes that fog nodes are fully trusted. We relax this latter constraint by proposing a solution that guarantees confidentiality of messages exchanged through semi-honest fog nodes thanks to a lightweight proxy re-encryption scheme. We demonstrate the feasibility of the solution by applying it to IoT networks of low-power devices through experiments on microcontrollers and ARM-based architectures.

References

[1]

Amazon Web Services. 2018. AWS IoT. Retrieved from https://aws.amazon.com/iot/.

[2]

Moreno Ambrosin, Arman Anzanpour, Mauro Conti, Tooska Dargahi, Sanaz Rahimi Moosavi, Amir M. Rahmani, and Pasi Liljeberg. 2016. On the feasibility of attribute-based encryption on Internet of Things devices. IEEE Micro 36, 6 (2016), 25--35.

Digital Library

[3]

Giuseppe Ateniese, Kevin Fu, Matthew Green, and Susan Hohenberger. 2006. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9, 1 (2006), 1--30.

Digital Library

[4]

Luciano Barreto, Antonio Celesti, Massimo Villari, Maria Fazio, and Antonio Puliafito. 2015. An authentication model for IoT clouds. In Proceedings of the IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining.

Digital Library

[5]

Luciano Barreto, Antonio Celesti, Massimo Villari, Maria Fazio, and Antonio Puliafito. 2015. Security and IoT cloud federation: Design of authentication schemes. In Proceedings of the International Internet of Things Summit. Springer.

[6]

Paolo Bellavista and Alessandro Zanni. 2017. Feasibility of fog computing deployment based on docker containerization over RaspberryPi. In Proceedings of the ACM 18th International Conference on Distributed Computing and Networking.

Digital Library

[7]

Daniel J. Bernstein. 2006. Curve25519: New Diffie-Hellman speed records. In Proceedings of the IACR International Workshop on Public Key Cryptography. Springer.

Digital Library

[8]

Daniel J. Bernstein, Peter Birkner, Marc Joye, Tanja Lange, and Christiane Peters. 2008. Twisted Edwards curves. In Proceedings of the IACR International Conference on Advances in Cryptology (Africacrypt’08). Springer.

Digital Library

[9]

Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. 2012. High-speed high-security signatures. J. Cryptogr. Eng. 2, 2 (2012), 1--13.

[10]

Daniel J. Bernstein, Mike Hamburg, Anna Krasnova, and Tanja Lange. 2013. Elligator: Elliptic-curve points indistinguishable from uniform random strings. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security.

Digital Library

[11]

Matt Blaze, Gerrit Bleumer, and Martin Strauss. 1998. Divertible protocols and atomic proxy cryptography. Proceedings of the IACR International Conference on Theory and Applications of Cryptographic Techniques (Eurocrypt98).

[12]

Dan Boneh, Kevin Lewi, Hart Montgomery, and Ananth Raghunathan. 2013. Key homomorphic PRFs and their applications. In Proceedings of the IACR International Conference on Advances in Cryptology (CRYPTO’13).

[13]

Flavio Bonomi, Rodolfo Milito, Jiang Zhu, and Sateesh Addepalli. 2012. Fog computing and its role in the internet of things. In Proceedings of the 1st ACM Workshop on Mobile Cloud Computing.

Digital Library

[14]

A. Keranen C. Bormann, M. Ersue. 2014. RFC7228: Terminology for Constrained-node Networks. RFC.

[15]

Ran Canetti, Oded Goldreich, and Shai Halevi. 2004. The random oracle methodology, revisited. J. ACM 51, 4 (2004), 557--594.

Digital Library

[16]

Ran Canetti, Shai Halevi, and Jonathan Katz. 2004. Chosen-ciphertext security from identity-based encryption. In Proceedings of the IACR International Conference on Theory and Applications of Cryptographic Techniques (Eurocrypt’04). Springer.

[17]

Ran Canetti and Susan Hohenberger. 2007. Chosen-ciphertext secure proxy re-encryption. In Proceedings of the 14th International ACM Conference on Computer and Communications Security.

Digital Library

[18]

Stanley Chow, Philip Eisen, Harold Johnson, and Paul C. Van Oorschot. 2002. White-box cryptography and an AES implementation. In Proceedings of the International Conference on Selected Areas in Cryptography. Springer.

Digital Library

[19]

OpenFog Consortium. 2018. IEEE approved draft standard for adoption of OpenFog reference architecture for fog computing. IEEE P1934/D2.0 (Apr. 2018).

[20]

Robert H. Deng, Jian Weng, Shengli Liu, and Kefei Chen. 2008. Chosen-ciphertext secure proxy re-encryption without pairings. In Proceedings of the International Conference on Cryptology and Network Security. Springer.

Digital Library

[21]

Michael Düll, Björn Haase, Gesine Hinterwälder, Michael Hutter, Christof Paar, Ana Helena Sánchez, and Peter Schwabe. 2015. High-speed Curve25519 on 8-bit, 16-bit and 32-bit microcontrollers. Des. Codes Cryptogr. 77, 2 (2015).

Digital Library

[22]

Luca Ferretti, Michele Colajanni, and Mirco Marchetti. 2014. Distributed, concurrent, and independent access to encrypted cloud databases. IEEE Trans. Parallel Distrib. Syst. 25, 2 (2014), 437--446.

Digital Library

[23]

GNU Project. 2018. The GNU Multiple Precision Arithmetic Library. Retrieved from https://gmplib.org/.

[24]

Philippe Golle, Markus Jakobsson, Ari Juels, and Paul Syverson. 2004. Universal re-encryption for mixnets. In Proceedings of the IACR Cryptographers Track at the RSA Conference. Springer.

[25]

Google Cloud Platform. 2018. Google Cloud IoT. Retrieved from https://cloud.google.com/iot/docs/.

[26]

Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM Conference on Computer and Communications Security.

Digital Library

[27]

René Hummen, Hossein Shafagh, Shahid Raza, Thiemo Voig, and Klaus Wehrle. 2014. Delegation-based authentication and authorization for the IP-based internet of things. In Proceedings of the IEEE International Conference on Sensing, Communication, and Networking.

[28]

Michaela Iorga, Larry Feldman, Robert Barton, Michael J. Martin, Nedim S. Goren, and Charif Mahmoudi. 2018. NIST SP 500-325: Fog Computing Conceptual Model. NIST SP.

[29]

D. McGrew J. Salowey, A. Choudhury. 2008. RFC5246: AES Galois Counter Mode (GCM) Cipher Suites for TLS. RFC.

[30]

B. Kaliski. 2000. RFC2898: PKCS 5: Password-Based Cryptography Specification Version 2.0. RFC.

Digital Library

[31]

Jonathan Katz and Yehuda Lindell. 2014. Introduction to Modern Cryptography. CRC Press, Boca Raton, FL.

Digital Library

[32]

Hugo Krawczyk. 2010. Cryptographic extraction and key derivation: The HKDF scheme. In Proceedings of the IACR International Conference on Advances in Cryptology (CRYPTO’10). Springer.

Digital Library

[33]

LoRa Alliance. 2018. LoRaWAN. Retrieved from https://www.lora-alliance.org/.

[34]

Wil Michiels. 2010. Opportunities in white-box cryptography. In Proceedings of the IEEE International Conference on Security and Privacy (2010).

Digital Library

[35]

Niels Moller. 2018. Nettle: A low-level cryptographic library. Retrieved from https://www.lysator.liu.se/&sim;nisse/nettle/.

[36]

Chanathip Namprempre, Phillip Rogaway, and Thomas Shrimpton. 2014. Reconsidering generic composition. In Proceedings of the IACR International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT’14). Springer.

[37]

Moni Naor, Benny Pinkas, and Omer Reingold. 1999. Distributed pseudo-random functions and KDCs. In Proceedings of the International Conference on Theory and Applications of Cryptographic Techniques.

Digital Library

[38]

Erick Nascimento, Julio López, and Ricardo Dahab. 2015. Efficient and secure elliptic curve cryptography for 8-bit AVR microcontrollers. In Proceedings of the International Conference on Security, Privacy, and Applied Cryptography Engineering.

Digital Library

[39]

Andrew Nash, William Duane, and Celia Joseph. 2001. PKI: Implementing and Managing E-security. McGraw-Hill, New York, NY.

Digital Library

[40]

B. Clifford Neuman and Theodore Ts’o. 1994. Kerberos: An authentication service for computer networks. IEEE Commun. Mag. 32, 9 (1994), 33--38.

Digital Library

[41]

Kim Thuat Nguyen, Nouha Oualha, and Maryline Laurent. 2016. Authenticated key agreement mediated by a proxy re-encryptor for the internet of things. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’16). Springer.

[42]

National Institute of Standards and Technology. 2013. FIPS 186-4: Digital Signature Standard (DSS). NIST Pubs.

[43]

David Nuñez, Isaac Agudo, and Javier Lopez. 2016. Attacks to a proxy-mediated key agreement protocol based on symmetric encryption. In Proceedings of the 31st IFIP International Conference on Data and Applications Security and Privacy.

[44]

OASIS. Sep. 2018. Message Queuing Telemetry Transport (v3.1.1). OASIS Standard.

[45]

Emanuel Onica, Pascal Felber, Hugues Mercier, and Etienne Rivière. 2016. Confidentiality-preserving publish/subscribe: A survey. Comput. Surv. 49, 2 (2016), 27.

Digital Library

[46]

OpenID. 2018. OpenID: The Internet Identity Layer. Retrieved from https://openid.net/.

[47]

Nicholas Pippenger. 1980. On the evaluation of powers and monomials. SIAM J. Comput. 9, 2 (1980), 230--250.

Digital Library

[48]

Joost Renes, Peter Schwabe, Benjamin Smith, and Lejla Batina. 2016. μKummer: Efficient hyperelliptic signatures and key exchange for microcontrollers. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems.

[49]

Rodrigo Roman, Jianying Zhou, and Javier Lopez. 2013. On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57, 10 (2013), 2266--2279.

Digital Library

[50]

I. Liusvaara S. Josefsson. 2017. RFC8032: Edwards-Curve Digital Signature Algorithm (EdDSA). RFC.

[51]

L. Seitz, F. Palombini, M. Gunnarsson, and G. Selander. Sep. 2018. OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework. Internet-draft.

[52]

L. Seitz, G. Selander, E. Wahlstroem, S. Erdtman, and H. Tschofenig. Sep. 2018. Authentication and Authorization for Constrained Environments (ACE) Using the OAuth 2.0 Framework (ACE-OAuth). Internet-draft.

[53]

G. Selander, J. Mattsson, and F. Palombini. Sep. 2018. Object Security for Constrained RESTful Environments (OSCORE). Internet-draft.

[54]

C. Sengul, A. Kirby, and P. Fremantle. 2018. MQTT-TLS Profile of ACE. Internet-draft.

[55]

Jun Shao and Zhenfu Cao. 2009. CCA-secure proxy re-encryption without pairings. In Proceedings of the International Workshop on Public Key Cryptography.

Digital Library

[56]

Ivan Stojmenovic and Sheng Wen. 2014. The fog computing paradigm: Scenarios and security issues. In Proceedings of the IEEE Conference on Computer Science and Information Systems.

[57]

Amril Syalim, Takashi Nishide, and Kouichi Sakurai. 2011. Realizing proxy re-encryption in the symmetric world. In Proceedings of the International Conference on Informatics Engineering and Information Science. Springer.

[58]

Open Whisper Systems. 2017. The XEdDSA and VXEdDSA Signature Schemes. Retrieved from https://signal.org/docs/specifications/xeddsa/.

[59]

Lu Tan and Neng Wang. 2010. Future internet: The internet of things. In Proceedings of the IEEE 3rd International Conference on Advanced Computer Theory and Engineering.

[60]

Luis M. Vaquero and Luis Rodero-Merino. 2014. Finding your way in the fog: Towards a comprehensive definition of fog computing. ACM SIGCOMM Comput. Commun. Rev. 44, 5 (2014), 27--32.

Digital Library

[61]

Frank Wang, James Mickens, Nickolai Zeldovich, and Vinod Vaikuntanathan. 2016. Sieve: Cryptographically enforced access control for user data in untrusted clouds. In Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation.

Digital Library

[62]

Ben Zhang, Nitesh Mor, John Kolb, Douglas S Chan, Ken Lutz, Eric Allman, John Wawrzynek, Edward A Lee, and John Kubiatowicz. 2015. The cloud is not enough: Saving IoT from the cloud. In Proceedings of the 7th USENIX Workshop on Hot Topics in Cloud Coputing.

Digital Library

[63]

Zhi-Kai Zhang, Michael Cheng Yi Cho, and Shiuhpyng Shieh. 2015. Emerging security threats and countermeasures in IoT. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security.

Digital Library

Cited By

Khashan OKhafajah NAlomoush WAlshinwan M(2024)Innovative Energy-Efficient Proxy Re-Encryption for Secure Data Exchange in Wireless Sensor NetworksIEEE Access10.1109/ACCESS.2024.336048812(23290-23304)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3360488
Li PXia JWang QZhang YWu M(2024)Secure architecture for Industrial Edge of Things(IEoT): A hierarchical perspectiveComputer Networks10.1016/j.comnet.2024.110641251(110641)Online publication date: Sep-2024
https://doi.org/10.1016/j.comnet.2024.110641
Gangadharaiah SBhajantri L(2024)Secure data dissemination and routing in Internet of ThingsInternational Journal of Information Technology10.1007/s41870-024-01848-4Online publication date: 28-Apr-2024
https://doi.org/10.1007/s41870-024-01848-4
Show More Cited By

Index Terms

Fog-based Secure Communications for Low-power IoT Devices
1. Networks
  1. Network properties
    1. Network security
      1. Security protocols
2. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption
  2. Network security
    1. Security protocols

Recommendations

CCA-secure ABE with outsourced decryption for fog computing

Fog computing is not a replacement but an extension of cloud computing for the prevalence of the Internet of Things (IoT) applications. In particular, fog computing inserts a middle layer named fog into the infrastructure of cloud computing to obtain ...
Fully secure fuzzy identity-based encryption for secure IoT communications

How to securely transmit data is an important problem in Internet of Things (IoT). Fuzzy identity-based encryption (FIBE) is a good candidate for resolving this problem. However, existing FIBE schemes suffer from the following disadvantages: rely on ...
Lattice-Based HRA-secure Attribute-Based Proxy Re-Encryption in Standard Model
Computer Security – ESORICS 2021
Abstract
Proxy re-encryption (PRE), introduced by Blaze, Bleumer, and Strauss at EUROCRYPT 98, offers delegation of decryption rights, i.e., it securely enables the re-encryption of ciphertexts from one key to another, without relying on trusted parties. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet Technology

ACM Transactions on Internet Technology Volume 19, Issue 2

Special Issue on Fog, Edge, and Cloud Integration

May 2019

288 pages

ISSN:1533-5399

EISSN:1557-6051

DOI:10.1145/3322882

Editor:
Ling Liu
Georgia Institute of Technology, USA

Issue’s Table of Contents

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 March 2019

Accepted: 01 October 2018

Revised: 01 September 2018

Received: 01 December 2017

Published in TOIT Volume 19, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
612
Total Downloads

Downloads (Last 12 months)43
Downloads (Last 6 weeks)5

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Khashan OKhafajah NAlomoush WAlshinwan M(2024)Innovative Energy-Efficient Proxy Re-Encryption for Secure Data Exchange in Wireless Sensor NetworksIEEE Access10.1109/ACCESS.2024.336048812(23290-23304)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3360488
Li PXia JWang QZhang YWu M(2024)Secure architecture for Industrial Edge of Things(IEoT): A hierarchical perspectiveComputer Networks10.1016/j.comnet.2024.110641251(110641)Online publication date: Sep-2024
https://doi.org/10.1016/j.comnet.2024.110641
Gangadharaiah SBhajantri L(2024)Secure data dissemination and routing in Internet of ThingsInternational Journal of Information Technology10.1007/s41870-024-01848-4Online publication date: 28-Apr-2024
https://doi.org/10.1007/s41870-024-01848-4
Krichen M(2023)Formal Methods and Validation Techniques for Ensuring Automotive Systems SecurityInformation10.3390/info1412066614:12(666)Online publication date: 18-Dec-2023
https://doi.org/10.3390/info14120666
Zuo PSun GLi ZGuo CLi SWei Z(2023)Toward Secure Transmission in Fog Internet of Things Using Intelligent Resource AllocationIEEE Sensors Journal10.1109/JSEN.2023.326902423:11(12263-12273)Online publication date: 1-Jun-2023
https://doi.org/10.1109/JSEN.2023.3269024
Yang XYu XHou HTan ZWu F(2023)Efficient Asymmetric Encryption Scheme based on Elliptic Encryption Technology2023 IEEE 6th Information Technology,Networking,Electronic and Automation Control Conference (ITNEC)10.1109/ITNEC56291.2023.10082706(709-714)Online publication date: 24-Feb-2023
https://doi.org/10.1109/ITNEC56291.2023.10082706
Hegde NDeepthi P(2023)Securing Data in Internet of Things (IoT) Using Elliptic Curve CryptographyAdvances in Cognitive Science and Communications10.1007/978-981-19-8086-2_95(1013-1020)Online publication date: 10-Mar-2023
https://doi.org/10.1007/978-981-19-8086-2_95
Mutluturk MKor BMetin B(2022)The Role of Edge/Fog Computing Security in IoT and Industry 4.0 InfrastructuresResearch Anthology on Edge Computing Protocols, Applications, and Integration10.4018/978-1-6684-5700-9.ch023(468-479)Online publication date: 1-Apr-2022
https://doi.org/10.4018/978-1-6684-5700-9.ch023
De Donno MFafoutis XDragoni N(2022)AntibIoTicJournal of Computer Security10.3233/JCS-21002730:5(689-725)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.3233/JCS-210027
Dongre NAtique MShaik ZRaut A(2022)A Survey on Security Issues and Secure Frameworks in Internet of Things (IoT)2022 4th International Conference on Smart Systems and Inventive Technology (ICSSIT)10.1109/ICSSIT53264.2022.9716413(173-181)Online publication date: 20-Jan-2022
https://doi.org/10.1109/ICSSIT53264.2022.9716413
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents