skip to main content
10.1145/3297280.3297365acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

Privacy-preserving delegable authentication in the internet of things

Published: 08 April 2019 Publication History

Abstract

The expanding Internet of Things (IoT) technology offers the ease of communication with and access to multiple services for companies and individuals. However, because of the limited trustworthiness set on smart devices, as well as the ever-increasing amount of them, challenges for security and privacy protection have been growing. In this paper, we propose a new authentication solution that enables a smart device to securely connect to services, based on attribute-based credentials. Our solution allows IoT devices to authenticate to various services in an efficient way, without compromising their privacy. Indeed, during the authentication of an IoT device to a particular service, a new credential is generated such that only relevant attributes are disclosed to the actual service. Moreover, this operation is delegated to a gateway in order to relieve the workload at devices' side.

References

[1]
M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, and M. Ohkubo. 2010. Structure-Preserving Signatures and Commitments to Group Elements. In Proceedings of CRYPTO'10. Springer Berlin Heidelberg, Berlin, Heidelberg, 209--236.
[2]
C. C. Aggarwal, N. Ashish, and A. Sheth. 2013. The Internet of Things: A Survey from the Data-Centric Perspective. In Managing and Mining Sensor Data. Springer US, Boston, MA, 383--428.
[3]
J. H. Ahn, D. Boneh, J. Camenisch, S. Hohenberger, A. Shelat, and B. Waters. 2015. Computing on Authenticated Data. Journal of Cryptology 28, 2 (01 Apr 2015), 351--395.
[4]
A. Alcaide, E. Palomar, J. Montero-Castillo, and A. Ribagorda. 2013. Anonymous Authentication for Privacy-preserving IoT Target-driven Applications. Computer Security 37 (Sept. 2013), 111--123.
[5]
G. Alpár, L. Batina, L. Batten, V. Moonsamy, A. Krasnova, A. Guellier, and I. Natgunanathan. 2016. New Directions in IoT Privacy Using Attribute-based Authentication. In Proceedings of CF '16. ACM, New York, NY, USA, 461--466.
[6]
G. Alpár, L. Batina, and W. Lueks. 2013. Designated Attribute-Based Proofs for RFID Applications. In Proceedings of RFIDSec'12. Springer Berlin Heidelberg, Berlin, Heidelberg, 59--75.
[7]
G. Alpár and J.-H. Hoepman. 2013. A Secure Channel for Attribute-based Credentials. In Proceedings of DIM '13. ACM, New York, NY, USA, 13--18.
[8]
M. Ambrosin, A. Anzanpour, M. Conti, T. Dargahi, S. R. Moosavi, A. M. Rahmani, and P. Liljeberg. 2016. On the Feasibility of Attribute-Based Encryption on Internet of Things Devices. IEEE Micro 36, 6 (Nov 2016), 25--35.
[9]
G. Ateniese, D. H. Chou, B. de Medeiros, and G. Tsudik. 2005. Sanitizable Signatures. In Proceedings of ESORICS'05. Springer Berlin Heidelberg, Berlin, Heidelberg, 159--177.
[10]
M. Belenkiy, J. Camenisch, M. Chase, M. Kohlweiss, A. Lysyanskaya, and H. Shacham. 2009. Randomizable Proofs and Delegatable Anonymous Credentials. In Proceedings of CRYPTO'09. Springer Berlin Heidelberg, Berlin, Heidelberg, 108--125.
[11]
P. Bichsel, J. Camenisch, M. Dubovitskaya, R. R. Enderlein, S. Krenn, I. Krontiris, A. Lehmann, G. Neven, C. Paquin, F.-S. Preiss, K. Rannenberg, and A. Sabouri. 2015. An Architecture for Privacy-ABCs. In Attribute-based Credentials for Trust: Identity in the Information Society. Springer International Publishing, Cham, 11--78.
[12]
D. Boneh and X. Boyen. 2008. Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups. Journal of Cryptology 21, 2 (2008), 149--177.
[13]
D. Boneh, X. Boyen, and H. Shacham. 2004. Short Group Signatures. In Proceedings of CRYPTO'04. Springer Berlin Heidelberg, Berlin, Heidelberg, 41--55.
[14]
S. A. Brands. 2000. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge, MA, USA.
[15]
C. Brzuska, H. Busch, O. Dagdelen, M. Fischlin, M. Franz, S. Katzenbeisser, M. Manulis, C. Onete, A. Peter, B. Poettering, and D. Schröder. 2010. Redactable Signatures for Tree-Structured Data: Definitions and Constructions. In Proceedings of ACNS'10. Springer Berlin Heidelberg, Berlin, Heidelberg, 87--104.
[16]
J. Camenisch, A. Lehmann, G. Neven, and A. Rial. 2014. Privacy-Preserving Auditing for Attribute-Based Credentials. In Proceedings of ESORICS'14. Springer International Publishing, Cham, 109--127.
[17]
J. Camenisch and A. Lysyanskaya. 2003. A Signature Scheme with Efficient Protocols. In Proceedings of SCN' 02. Springer-Verlag, Berlin, Heidelberg, 268--289.
[18]
Jan Camenisch and Els Van Herreweghen. 2002. Design and Implementation of the Idemix Anonymous Credential System. In Proceedings of CCS '02. ACM, New York, NY, USA, 21--30.
[19]
D. Chaum. 1985. Security Without Identification: Transaction Systems to Make Big Brother Obsolete. Communication ACM 28, 10 (Oct. 1985), 1030--1044.
[20]
G. Fuchsbauer. 2011. Commuting Signatures and Verifiable Encryption. In Proceedings of EUROCRYPT'11. Springer Berlin Heidelberg, Berlin, Heidelberg, 224--245.
[21]
D. Jao and K. Yoshida. 2009. Boneh-Boyen Signatures and the Strong Diffie-Hellman Problem. In Proceedings of Pairing'09. Springer-Verlag, Berlin, Heidelberg, 1--16.
[22]
R. Johnson, D. Molnar, D. Song, and D. Wagner. 2002. Homomorphic Signature Schemes. In Proceedings of CT-RSA'02. Springer Berlin Heidelberg, Berlin, Heidelberg, 244--262.
[23]
A. Joux. 2004. A One Round Protocol for Tripartite Diffie-Hellman. Journal of Cryptology 17, 4 (Sept. 2004), 263--276.
[24]
F. Mattern and C. Floerkemeier. 2010. From the Internet of Computers to the Internet of Things. In From Active Data Management to Event-based Systems and More. Springer-Verlag, Berlin, Heidelberg, 242--259.
[25]
S. Micali and R. L. Rivest. 2002. Transitive Signature Schemes. In Proceedings of CT-RSA'02. Springer Berlin Heidelberg, Berlin, Heidelberg, 236--243.
[26]
C. Paquin. 2013. U-Prove Technology Overview V1.1. Technical Report (revision 2). Microsoft Research.
[27]
K. Rannenberg, J. Camenisch, and A. Sabouri. 2014. Attribute-based Credentials for Trust: Identity in the Information Society. Springer Publishing Company, Incorporated.
[28]
B. Waters. 2005. Efficient Identity-based Encryption Without Random Oracles. In Proceedings of EUROCRYPT'05. Springer-Verlag, Berlin, Heidelberg, 114--127.
[29]
X. Yao, Z. Chen, and Y. Tian. 2015. A lightweight attribute-based encryption scheme for the Internet of Things. Future Generation Computer Systems 49, Supplement C (2015), 104 -- 112.
[30]
T. H. Yuen, W. Susilo, J. K. Liu, and Y. Mu. 2008. Sanitizable Signatures Revisited. In Cryptology and Network Security. Springer Berlin Heidelberg, Berlin, Heidelberg, 80--97.
[31]
J. H. Ziegeldorf, O. G. Morchon, and K. Wehrle. 2014. Privacy in the Internet of Things: Threats and Challenges. Security and Communication Networks 7, 12 (2014), 2728--2742.

Cited By

View all
  • (2023)Data Is the New Oil–Sort of: A View on Why This Comparison Is Misleading and Its Implications for Modern Data AdministrationFuture Internet10.3390/fi1502007115:2(71)Online publication date: 12-Feb-2023
  • (2023)Introducing the enterprise data marketplace: a platform for democratizing company dataJournal of Big Data10.1186/s40537-023-00843-z10:1Online publication date: 24-Nov-2023
  • (2022)SMARTEN—A Sample-Based Approach towards Privacy-Friendly Data RefinementJournal of Cybersecurity and Privacy10.3390/jcp20300312:3(606-628)Online publication date: 15-Aug-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing
April 2019
2682 pages
ISBN:9781450359337
DOI:10.1145/3297280
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 April 2019

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. IoT authentication
  2. attribute-based credentials
  3. privacy

Qualifiers

  • Research-article

Conference

SAC '19
Sponsor:

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25
The 40th ACM/SIGAPP Symposium on Applied Computing
March 31 - April 4, 2025
Catania , Italy

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)10
  • Downloads (Last 6 weeks)4
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Data Is the New Oil–Sort of: A View on Why This Comparison Is Misleading and Its Implications for Modern Data AdministrationFuture Internet10.3390/fi1502007115:2(71)Online publication date: 12-Feb-2023
  • (2023)Introducing the enterprise data marketplace: a platform for democratizing company dataJournal of Big Data10.1186/s40537-023-00843-z10:1Online publication date: 24-Nov-2023
  • (2022)SMARTEN—A Sample-Based Approach towards Privacy-Friendly Data RefinementJournal of Cybersecurity and Privacy10.3390/jcp20300312:3(606-628)Online publication date: 15-Aug-2022
  • (2022)Protecting Sensitive Data in the Information Age: State of the Art and Future ProspectsFuture Internet10.3390/fi1411030214:11(302)Online publication date: 22-Oct-2022
  • (2022)Assessment and treatment of privacy issues in blockchain systemsACM SIGAPP Applied Computing Review10.1145/3570733.357073422:3(5-24)Online publication date: 3-Nov-2022
  • (2022)Can blockchains and data privacy laws be reconciled?Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3506986(1218-1227)Online publication date: 25-Apr-2022
  • (2022) Delegated Anonymous Credentials With Revocation Capability for IoT Service Chains ( DANCIS ) IEEE Internet of Things Journal10.1109/JIOT.2021.30990899:5(3729-3742)Online publication date: 1-Mar-2022
  • (2021)Query Processing in Blockchain Systems: Current State and Future ChallengesFuture Internet10.3390/fi1401000114:1(1)Online publication date: 21-Dec-2021
  • (2021)Demand-Driven Data Provisioning in Data LakesThe 23rd International Conference on Information Integration and Web Intelligence10.1145/3487664.3487784(187-198)Online publication date: 29-Nov-2021
  • (2020)Bringing privacy control back to citizensProceedings of the 35th Annual ACM Symposium on Applied Computing10.1145/3341105.3375754(1272-1279)Online publication date: 30-Mar-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media