SecHome: A Secure Large-Scale Smart Home System Using Hierarchical Identity Based Encryption

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10631)

Abstract

With the rapid development of Cyber-Physical Systems, there has been a growing trend among smart devices to connect networks via different wireless protocols. In particular, smart home devices are becoming more and more prevalent. However, security issues on how to control and prevent unauthorized access to smart devices connected to the cloud still need to be considered and solved. Hierarchical Identity-Based Encryption is a well-known access control model which enables parent nodes to decrypt the data from descendant nodes. In this paper, we present SecHome, a large-scale smart home system using hierarchical identity based encryption protocol. SecHome applies the protocol by using efficient pairing based cryptography to enforce an access control policy, so parent nodes at the top of the hierarchy can monitor their descendant nodes. In practice, we have implemented our SecHome system on both smart phone and smart device sides, and the final evaluations demonstrate that our system is proved to be of practicality and with high efficiency.

Keywords

Smart device Security Privacy Hierarchical Identity-Based Encryption 

Notes

Acknowledgement

We would like to thank the anonymous reviewers for their insight and detailed feedback. Our work was supported by The National Key Research and Development Program of China NO.2017YFB0801900 and Youth Innovation Promotion Association of CAS.

References

  1. 1.
    Brush, A., Lee, B., Mahajan, R., Agarwal, S., Saroiu, S., Dixon, C.: Home automation in the wild: challenges and opportunities. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2115–2124. ACM (2011)Google Scholar
  2. 2.
    Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)CrossRefGoogle Scholar
  3. 3.
    Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of things (IoT): a vision, architectural elements, and future directions. Future Gener. Comput. Syst. 29(7), 1645–1660 (2013)CrossRefGoogle Scholar
  4. 4.
    Weber, R.H.: Internet of things-new security and privacy challenges. Comput. Law Secur. Rev. 26(1), 23–30 (2010)CrossRefGoogle Scholar
  5. 5.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985).  https://doi.org/10.1007/3-540-39568-7_5CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_13CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_14CrossRefGoogle Scholar
  8. 8.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_7CrossRefGoogle Scholar
  9. 9.
    Waters, B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 619–636. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03356-8_36CrossRefGoogle Scholar
  10. 10.
    Liang, K., Liu, J.K., Wong, D.S., Susilo, W.: An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 257–272. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-11203-9_15CrossRefGoogle Scholar
  11. 11.
    Zhou, L., Varadharajan, V., Hitchens, M.: Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans. Inf. Forensics Secur. 8(12), 1947–1960 (2013)CrossRefGoogle Scholar
  12. 12.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security. ACM, pp. 89–98 (2006)Google Scholar
  13. 13.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334. IEEE (2007)Google Scholar
  14. 14.
    Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)CrossRefGoogle Scholar
  15. 15.
    Wan, Z., Liu, J.E., Deng, R.H.: Hasbe: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 7(2), 743–754 (2012)CrossRefGoogle Scholar
  16. 16.
    Jung, T., Li, X.-Y., Wan, Z., Wan, M.: Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE Trans. Inf. Forensics Secur. 10(1), 190–199 (2015)CrossRefGoogle Scholar
  17. 17.
    Horwitz, J., Lynn, B.: Toward hierarchical identity-based encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 466–481. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-46035-7_31CrossRefGoogle Scholar
  18. 18.
    Shao, J., Cao, Z.: Multi-use unidirectional identity-based proxy re-encryption from hierarchical identity-based encryption. Inf. Sci. 206, 83–95 (2012)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Blazy, O., Kiltz, E., Pan, J.: (Hierarchical) identity-based encryption from affine message authentication. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 408–425. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44371-2_23CrossRefGoogle Scholar
  20. 20.
    Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_26CrossRefGoogle Scholar
  21. 21.
    Koeberl, P., Schulz, S., Sadeghi, A.-R., Varadharajan, V.: Trustlite: a security architecture for tiny embedded devices. In: Proceedings of the Ninth European Conference on Computer Systems, Article no. 10, p. 1. ACM (2014)Google Scholar
  22. 22.
    Costin, A., Zaddach, J., Francillon, A., Balzarotti, D., Antipolis, S.: A large-scale analysis of the security of embedded firmwares. In: USENIX Security Symposium (2014)Google Scholar
  23. 23.
    Cui, A., Stolfo, S. J.: A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan. In: Proceedings of the 26th Annual Computer Security Applications Conference, pp. 97–106. ACM (2010)Google Scholar
  24. 24.
    Caro, A.D., Iovino, V.: Java pairing based cryptography library (2011). http://libeccio.dia.unisa.it/projects/jpbc
  25. 25.
    Lynn, B.: Pairing-based cryptography library (2007). http://crypto.stanford.edu/pbc
  26. 26.
    Nir, Y., Langley, A.: ChaCha20 and Poly1305 for IETF Protocols (2015). https://tools.ietf.org/html/rfc7539

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.State Key Laboratory of Information SecurityInstitute of Information Engineering, Chinese Academy of SciencesBeijingChina
  2. 2.State Key Laboratory for Novel Software Technology, Computer Science and Technology DepartmentNanjing UniversityNanjingChina

Personalised recommendations