Escolar Documentos
Profissional Documentos
Cultura Documentos
THE SECURE MANAGEMENT OF INTERNET OF THINGS (IOT) DEVICES, BUT ITS FEASIBILITY
IN THE IOT HAS BEEN UNDER-INVESTIGATED THUS FAR. THIS ARTICLE EXPLORES SUCH
Moreno Ambrosin
FEASIBILITY FOR WELL-KNOWN IOT PLATFORMS, NAMELY, INTEL GALILEO GEN 2, INTEL
University of Padua
EDISON, RASPBERRY PI 1 MODEL B, AND RASPBERRY PI ZERO, AND CONCLUDES THAT Arman Anzanpour
ADOPTING ABE IN THE IOT IS INDEED FEASIBLE. University of Turku
Mauro Conti
...... The Internet of Things (IoT) is a
growing trend populating the world with bil-
other IoT systems. For example, in a smart
healthcare system, devices in a patients smart University of Padua
lions of interconnected devices that relate to house might need to interact directly with a
physical things, ranging from wearable sen-
sors to smartphones and smart cars.1
hospitals IoT system. However, either of the
collaborating entities could be untrusted, or
Tooska Dargahi
Although the IoT has the potential to enable
innovative new services and simplify commu-
the transmitted data might need to be revealed
only to some selected parties. These challenges
CNIT (Consorzio Nazionale
nication between people and objects, it also
brings new security and privacy challenges.
call for efficient authentication and fine-
grained access control mechanisms that require
Interuniversitario per le
For example, consider an IP-enabled sensor
in a smart healthcare system that transmits
advanced cryptographic methods. Further-
more, an important aspect to consider when it
Telecomunicazioni)
patients medical data to a remote healthcare comes to resource-constrained IoT devices is
server. In this scenario, the conveyed medical providing flexible key management protocols, Sanaz Rahimi Moosavi
data could be routed through an untrusted which has motivated researchers to develop
network or stored in an untrusted cloud serv- efficient security solutions for IoT systems.2 Amir M. Rahmani
ice, potentially exposing privacy-sensitive In recent years, several security protocols
data to cyberattacks. have adopted Attribute-Based Encryption Pasi Liljeberg
Besides generic IoT security and privacy (ABE) as a building block in different distrib-
issues, the concept of distributed IoT introdu- uted environments,3 such as the IoT,4 cloud University of Turku
ces additional context-specific challenges.1 services,5 and medical systems.6 ABE is a pub-
Devices not only send their data to the cloud, lic key scheme in which both encryption and
but they can also form an Intranet of Things, decryption are based on high-level data access
communicating with each other and with policies. Considering the aforementioned
.............................................................
0272-1732/16/$33.00 c 2016 IEEE Published by the IEEE Computer Society 25
..............................................................................................................................................................................................
THE INTERNET OF THINGS
26 IEEE MICRO
Key-Policy Attribute-Based Ciphertext-Policy Attribute-Based
Encryption (KP-ABE) Encryption (CP-ABE)
Encryption
Public assigned to the data Public (Dev_family = Board_XYZ
KP-ABE key
CP-ABE key
Dev_family = Board_XYZ,
KP-ABE CP-ABE Dev_role = Role_1)
Enc Dev_role = Role_1, Enc
...
Release_Date > 2013 ...
Secret key
Secret key holding
associated with a
KP-ABE CP-ABE some attributes
specific policy
Dec Dec
Decryption
Decryption
Data Data
Release_Date > 2013 ... ...
... ...
(a) (b)
fill_policy
PBC library
(c)
Figure 1. High-level overview of (a) Key-Policy Attribute-Based Encryption (KP-ABE) and (b) Ciphertext-Policy Attribute-Based
Encryption (CP-ABE). (c) Simplified library structure.
.............................................................
NOVEMBER/DECEMBER 2016 27
..............................................................................................................................................................................................
THE INTERNET OF THINGS
28 IEEE MICRO
multitasking, we report the average execution level, rather than the number of attributes, is
time for each board collected over several increased. For stronger security (that is, mov-
simulations, minimizing the impact of any ing from 80 to 128 bits), the number of con-
background tasks on the results. sidered attributes must be reduced, on average,
by 10 times. As an example of the tradeoff
Evaluation and Discussion between security and the number of attributes,
Figures 2 and 3 show the execution time, CP-ABE encryption with 15 attributes and a
memory usage, and energy consumption of 112-bit security level shows an average execu-
CP-ABE on the considered devices, with tion time of 9.68 seconds and energy con-
varying numbers of attributes and security sumption of 1.75 J. Similar performance can
levels (confidence intervals are included in be achieved with a security level of 128 bits
the figures but are not visible because they are using policies with fewer than five attributes. A
too small). As expected, increasing the num- notable insight from our experimentation is
ber of attributes leads to increased execution this Pareto-space of combinatorial choices of
time and memory usage (and consequently, platform, security levels, and attributes.
increased energy consumption). Similarly, a We further analyzed the overhead of our
higher security level leads to increased work- implementation at a function-call levelthat
load on the tested devices. is, we measured the timing overhead intro-
The memory usage footprint is similar for duced by each function in CP-ABE crypto-
all the boards, ranging between 14 and 15 graphic operations on the Intel Edison board.
Mbytes using a small or medium number of In general, the encryption routine spends
attributes. Security level does not significantly almost 91 percent of the time executing
impact memory usage, which is instead (multiple times) two functions from the PBC
affected by the number of adopted attributes. library: element from hash, to convert
In terms of execution time and energy con- and hash value into a group element, and
sumption, Raspberry Pi 1 and Raspberry Pi element pow zn, to perform exponentia-
Zero have similar behavior and show the best tion in ZN. Decryption depends almost
performance, whereas Intel Galileo shows the entirely on the pairing apply function
worst performance. For example, considering (almost 97 percent overhead).
an 80-bit security level and 30 attributes, it
takes approximately 5 seconds for encryption, Numeric Attributes in ABE
and approximately 3.6 and 2.9 seconds for According to CP-ABEs original design,10
decryption, on Raspberry Pi 1 and Raspberry access policies are expressed as a conjunction
Pi Zero, respectively. With Intel Galileo, the of Boolean predicatessuch as A (that is, A
execution time is approximately 15 and true), or A < N, where N Nand are
13 seconds for encryption and decryption, represented as trees. Leaf nodes of such trees
respectively. For comparison, note that estab- (for example, A, B, and C in Figure 4a) are
lishing a TLS (version: 1.2; cipher: ECDHE- attributes, whereas inner nodes represent log-
RSA-AES128-GCM-SHA256; key length: ical threshold gates of the form K of N,
2048) session with www.google.com:443, meaning that, for a set of attributes to satisfy
on Intel Edison, requires on average 0.206 the subtree rooted in such a gate, the set must
seconds. In the same setting, energy consump- (recursively) satisfy at least K of the N sub-
tion of decryption and encryption on Rasp- trees of the inner node. A leaf nodethat is,
berry Pi 1 and Raspberry Pi Zero are an attributeis satisfied by a key, if such an
approximately 0.5 and 0.8 J, respectively, attribute is associated with the key.
whereas Intel Galileo requires approximately Consider the example in Figure 4a. The
3.7 and 4.3 J, for decryption and encryption, policy (AB)C is translated into a tree with
respectively. three leaves and two inner threshold gates.
Our study provides a clear estimate of how The Boolean operator is translated into a
the security level and number of attributes 2-of-2 gate (that is, both subtrees connected
contribute to overall performance, and offers a to this gate must be true for this gate to be
caveat for choosing them. In general, the per- considered true), whereas the operator is a
formance penalty is higher when the security 1-of-2 gate (if at least one of the connected
.............................................................
NOVEMBER/DECEMBER 2016 29
..............................................................................................................................................................................................
THE INTERNET OF THINGS
350 30 30
Raspberry Pi Zero, 80 bits 80 bit 112 bit 128 bit 80 bit 112 bit 128 bit
Memory usage (Mbytes)
0 0 0
0 5 10 15 20 25 30 10 100 1,000 10 100 1,000
(d) No. attributes (e) No. attributes (f) No. attributes
30 30 80
80 bit 112 bit 128 bit 80 bit 112 bit 128 bit Intel Galileo Gen 2, 80 bits
Memory usage (Mbytes)
70
Memory usage (Mbytes)
Energy (J)
50
15 15 40
30
10 10
20
5 5 10
0 0 0
10 100 1,000 10 100 1,000 0 5 10 15 20 25 30
(g) No. attributes (h) No. attributes (i) No. attributes
80 80 80
Intel Edison, 80 bits Raspberry Pi 1 Mod. B, 80 bits Raspberry Pi Zero, 80 bits
70 70 70
Intel Edison, 112 bits Raspberry Pi 1 Mod. B, 112 bits Raspberry Pi Zero, 112 bits
60 Intel Edison, 128 bits 60 60
Raspberry Pi 1 Mod. B, 128 bits Raspberry Pi Zero, 128 bits
Energy (J)
Energy (J)
Energy (J)
50 50 50
40 40 40
30 30 30
20 20 20
10 10 10
0 0 0
0 5 10 15 20 25 30 0 5 10 15 20 25 30 0 5 10 15 20 25 30
(j) No. attributes (k) No. attributes (l) No. attributes
Figure 2. Execution time, memory, and energy consumption for CP-ABE encryption. Execution time for (a) Intel Galileo Gen 2, (b)
Intel Edison, (c) Raspberry Pi 1, and (d) Raspberry Pi Zero; memory for (e) Intel Galileo Gen 2, (f) Intel Edison, (g) Raspberry Pi 1, and
(h) Raspberry Pi Zero; and energy for (i) Intel Galileo Gen 2, (j) Intel Edison, (k) Raspberry Pi 1, and (l) Raspberry Pi Zero.
30 IEEE MICRO
350 350 350
Intel Galileo Gen 2, 80 bits Intel Edison, 80 bits Raspberry Pi 1 Mod. B, 80 bits
300 300 300
Intel Galileo Gen 2, 112 bits Intel Edison, 112 bits Raspberry Pi 1 Mod. B, 112 bits
Execution time (s)
0 0 0
0 5 10 15 20 25 30 0 5 10 15 20 25 30 0 5 10 15 20 25 30
(a) No. attributes (b) No. attributes (c) No. attributes
350 30 30
Raspberry Pi Zero, 80 bits 80 bit 112 bit 128 bit 80 bit 112 bit 128 bit
Memory usage (Mbytes)
0 0 0
0 5 10 15 20 25 30 10 100 1,000 10 100 1,000
(d) No. attributes (e) No. attributes (f) No. attributes
30 30 80
80 bit 112 bit 128 bit 80 bit 112 bit 128 bit Intel Galileo Gen 2, 80 bits
70
Memory usage (Mbytes)
Energy (J)
50
15 15 40
30
10 10
20
5 5 10
0 0 0
10 100 1,000 10 100 1,000 0 5 10 15 20 25 30
(g) No. attributes (h) No. attributes (i) No. attributes
80 80 80
70 Intel Edison, 80 bits 70
Raspberry Pi 1 Mod. B, 80 bits 70 Raspberry Pi Zero, 80 bits
Intel Edison, 112 bits Raspberry Pi 1 Mod. B, 112 bits Raspberry Pi Zero, 112 bits
60 60 Raspberry Pi 1 Mod. B, 128 bits 60
Intel Edison, 128 bits Raspberry Pi Zero, 128 bits
Energy (J)
Energy (J)
50 50 50
Energy (J)
40 40 40
30 30 30
20 20 20
10 10 10
0 0 0
0 5 10 15 20 25 30 0 5 10 15 20 25 30 0 5 10 15 20 25 30
(j) No. attributes (k) No. attributes (l) No. attributes
Figure 3. Execution time, memory, and energy consumption for CP-ABE decryption. Execution time for (a) Intel Galileo Gen 2,
(b) Intel Edison, (c) Raspberry Pi 1, and (d) Raspberry Pi Zero; memory for (e) Intel Galileo Gen 2, (f) Intel Edison, (g) Raspberry
Pi 1, and (h) Raspberry Pi Zero; and energy for (i) Intel Galileo Gen 2, (j) Intel Edison, (k) Raspberry Pi 1, and (l) Raspberry Pi
Zero.
A:gt 2N (A>2N), which are compressed icies involving numeric attributes generate
representations of the remaining bits, quite complex trees and consequently impact
required due to the 64-bit representation of a the performance of cryptographic operations.
numeric attribute. To better understand such an impact, we
Single numeric clauses can be converted measured the execution time of CP-ABE
into access tree structures of simple attributes. encryption using simple policies in the form
Figure 4b shows the translation of A < 11. A < 2X, where X ranges from 1 to 24. Figure
As we can see, even simple access control pol- 4c presents our results, experimented on a
.............................................................
NOVEMBER/DECEMBER 2016 31
..............................................................................................................................................................................................
THE INTERNET OF THINGS
A < 1110
A < 10112
Leaf Leaf
5 of 5
A:xxxx...x0xxx 2 of 2
2 of 2 C Necessary because the
numeric attribute is
represented in 64 bits.
A:xxxx...xx0xx 1 of 2
A B
A:xxxx...xxx0x A:xxxx...xxxx0
(a) (b)
10
8 bits word
16 bits word
8
24 bits word
Execution time (s)
4 A < 32768
A < 256
0
20 22 24 26 28 210 212 214 216 218 220 222 224
(c) Numeric value used for integer comparison
Figure 4. Access policy translation in CP-ABE. (a) Simple policy, (b) policy with numeric attributes, and (c) CP-ABE encryption
time on a Raspberry Pi 1 access policy A < N, where N ranges from 20 to 224.
Raspberry Pi. We made two important For example, in Figure 4c, the access policy
observations: A < 256 (28) generates an access tree with 11
leaves and 2 AND gates, requiring approxi-
Encryption time (which depends on
mately 1.941 seconds for encryption, whereas
the size of the tree) does not grow
encryption with A < 768 (215) generates a sim-
directly with the size of the consid-
pler access tree with only three leaves and one
ered number, but rather with the
AND gate, requiring approximately 0.547 sec-
minimum number of bytes neces-
onds. We can also extend these considerations
sary to represent the number.
on the usage of numerical attributes to the KP-
Numbers that are a power of 2 gener-
ABE scheme from Goyal and colleagues9
ate simpler access trees, with a conse-
because it uses a similar access tree construction
quent reduced encryption time.
as that of Bethencourt and colleagues.10
Moreover, for power of 2, the closer
the most significant bit at 1 is to the
size of the bit word in use (that is, 8, Use Case: IoT in Healthcare
16, 24, or 32), the simpler the corre- To demonstrate the feasibility of using ABE
sponding access tree will be. in real-world IoT scenarios, we consider a
............................................................
32 IEEE MICRO
Medical Heart rate Respiration Blood oxygen Body ECG
parameter rate saturation temperature
Sensor SPO2 finger e-Health SPO2 finger TMP36 e-Health ECG
grip airflow sensor grip sensor
Sampling Every 5 Every 10 Every second Every minute 500 samples
rate13 seconds seconds per second
Sample size 1 byte 1 byte 3 bytes 3 bytes 3 bytes
(a)
2.0
1.6
Latency (s)
1.2
Maximum latency
0.8
0.4
0
1 2 3 4 5 6 7 8 9 10
(b) No. attributes
Figure 5. Healthcare use case parameters and latency evaluation on an Intel Edison board,
using an 80-bit security level. (a) Sensor properties and application parameters. (b) Latency on
Intel Edison.
simple yet realistic use case: smart healthcare. focus on ECG data. Given the approximately
We implemented a prototype wireless health- 80 ms needed for data transmission (per
care data reader system for remote monitor- UDP packet) and the average 45 ms needed
ing, data collection, and processing. In our to encrypt the measurements file with AES,
system, measurements from medical sensors the most expensive operations are related to
are collected, encrypted with CP-ABE, and CP-ABE. To find a reasonable balance
sent to a data collection server (via Wi-Fi) by between the assured security level and expres-
an Intel Edison board equipped with an e- siveness (in terms of the number of attrib-
Health Sensor Shield version 2.0. The whole utes), we conducted tests using up to 10
process is carried out by two services running attributes and an 80-bit security level, meas-
on the board: the first reads the data from uring the overall latency. In Figure 5b, latency
sensors and writes it into files (one per data remains smaller, or close to 1 second (our
type), and the second encrypts the files with upper bound for latency) with a maximum
CP-ABE and sends them to the server, which of five attributes. We can conclude that CP-
could represent an untrusted gateway, cloud ABE can be used in such a scenario to sup-
service, or another IoT device. Figure 5a port up to five attributes with 80 bits of
summarizes our application parameters. The security. Note that the encryption time is a
specific system sampling rate requirements bit longer compared to the results given ear-
give us clear latency constraints based on lier because time includes AES encryption
which one should choose the acceptable and per-file key generation, and the back-
range for the number of attributes and secur- ground reading service is always busy record-
ity level. ing data.
In general, the reading and sending rates
should be roughly the same to guarantee the
expected quality of service. Furthermore,
because most of the traffic in our scenario is
ECG data, approximately 1,500 bytes/sec-
W e have shown the feasibility of adopt-
ing ABE in representative IoT sys-
tems. Our results can be a reference for
ond (500 reads of 3 bytes every second), we researchers and designers of novel ABE-based
.............................................................
NOVEMBER/DECEMBER 2016 33
..............................................................................................................................................................................................
THE INTERNET OF THINGS
security solutions. We believe future research Trans. Dependable and Secure Computing,
should focus on improving ABE efficiency, 2015; doi:10.1109/TDSC.2015.2499755.
via both a careful selection of attributes and 6. L. Ming et al., Data Security and Privacy in
software and hardware optimizations for the Wireless Body Area Networks, IEEE Wire-
cryptographic library. Our analysis shows less Comm., Feb. 2010; doi:10.1109/
that the utilized library can be significantly MWC.2010.5416350.
optimized via proper memory management, 7. M. Ambrosin et al., On the Feasibility of
customized data structure deployment, and Attribute-Based Encryption on Smartphone
simplification of cryptographic arithmetic Devices, Proc. Workshop IoT Challenges
operations considering input attributes. in Mobile and Industrial Systems, 2015, pp.
Moreover, considering the fact that the com- 4954.
plexity of CP-ABE and KP-ABE depends on
8. X. Wang et al., Performance Evaluation of
the number of exponentiations and pairing
Attribute-Based Encryption: Toward Data Pri-
operations performed by each of their
vacy in the IoT, Proc. IEEE Intl Conf. Comm.,
algorithms, future work could address the
2014; doi:10.1109/ICC.2014.6883405.
migration of complex arithmetic operations,
such as exponentiation, to hardware accelera- 9. V. Goyal et al., Attribute-Based Encryption
tors (for example, custom logic on field- for Fine-Grained Access Control of Encrypted
programmable gate arrays) in order to enhance Data, Proc. 13th ACM Conf. Computer and
energy efficiency and total execution time. MICRO Comm. Security, 2006, pp. 8998.
10. J. Bethencourt et al., Ciphertext-Policy Attrib-
ute-Based Encryption, Proc. IEEE Symp.
Acknowledgments Security and Privacy, 2007, pp. 321334.
This research was partially supported by the 11. D. Warren and C. Dewar, Understanding
EU Marie Curie Fellowship PCIG11-GA- 5G: Perspectives on Future Technological
2012-321980 and EU projects ReCRED (ref. Advancements in Mobile, tech. report,
653417), EU TagItSmart! (H2020-ICT30- GSMA Intelligence, 2014.
2015-688061), and EU-India REACH (ICI+/ 12. K. Spilker, From the MVPs: Introduction to the
2014/342-896). Internet of Things from the Device to Micro-
soft Azure Cloud, Microsoft Press, 2015.
....................................................................
References 13. J. Ming-Zhe et al., IoT-Based Remote
1. R. Roman et al., On the Features and Chal- Facial Expression Monitoring System with
lenges of Security and Privacy in Distributed sEMG Signal, Proc. IEEE Sensors Applica-
Internet of Things, Computer Networks, tions Symp., 2016; doi:10.1109/
July 2013, pp. 22662279. SAS.2016.7479847.
34 IEEE MICRO
He is a student member of IEEE. Contact University of Turku. His research interests
him at armanz@utu.fi. include the Internet of Things, healthcare
technology, embedded systems, and multicore
Mauro Conti is an associate professor in the processor architectures. Liljeberg received a
Department of Mathematics at the Univer- PhD in communication systems from the
sity of Padua. His research interests include University of Turku. He is a member of IEEE.
security and privacy. Conti received a PhD Contact him at pasi.liljeberg@utu.fi.
in computer science from Sapienza Univer-
sity of Rome. His awards include a Marie
Curie Fellowship and a fellowship by the
German DAAD. He is an associate editor of
IEEE Communications Surveys & Tutorials
and IEEE Transactions on Information Foren-
sics and Security. He is a senior member of Read your subscriptions through
IEEE. Contact him at conti@math.unipd.it. the myCS publications portal at
http://mycs.computer.org.
NOVEMBER/DECEMBER 2016 35