Post on 14-Mar-2018
Slide subtitle
Employing Attribute-Based Encryption in Systems with Resource Constrained Devices in an
Information-Centric Networking Context
Global IoT Summit (GIoTS)Geneva, June 6-9, 2017
Börje OhlmanEricsson Research
Joakim Borgh (SAAB), Edith Ngai (Uppsala University), Adeel Mohammad Malik (Ericsson Research)
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 2
ICN2020 ConsortiumKDDI R&D Laboratories, Inc.
(KDD, Saitama)
Japanese Coordinator
Kozo Keikaku Engineering Inc.
(KKE, Japan)
Osaka University
(UOS, Osaka)
Georg-August-Universität Göttingen
(UGO, Germany)
EU Coordinator
NEC Europe Ltd.
(NEE, UK)
Universita’ degli Studi di Roma
Tor Vergata
(URO, Italy)
Cisco Systems France Sarl
(CIS, France)
University College London
(UCL, UK)
Institut de Recherche Technologique
SystemX
(SYX, France)
Ericsson AB
(ERI, Sweden)
Osaka City University
(OCU, Japan)
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 3
Outline
› ICN overview
›ABE overview
›Scenario & Testbed
›Results & Conclusions
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 4
Evolution of networking
Information-centric network (ICN)
Focuses on Dissemination of Information
objectsInformation-centric abstraction
What to communicate
Today’s InternetFocuses on
Conversations between HostsHost-centric abstraction
Who to communicate with
WebCDN
P2P
Evolution
Major ICN approaches• Content Centric Networking (CCN) / Named Data Networking (NDN)• Network of Information (NetInf)• Publish/Subscribe Networking (PSIRP / PURSUIT)
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 5
Security model in traditional node-centric networking
B
Server X
Trusted
Server
Secure
Connection
Connect to
Server X and
get object B
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 6
Security model in Information-centric Networking (ICN)
A
C
D
E
B
A
B
E
A
C
B
A
D
E
A
D
B
Get object B
Trustable
copy of
object B
Untrusted
server
Untrusted
connection
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 7
Content Centric Networking (CCN)
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 8
CCN
/ /videos/CESI want
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 9
CCN
/ /videos/CES
//
/ /videos
/ /videos/CESPrefix routing
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 10
CCN
/ /videos/CES
/ /videos/CESCaching at
each node
(optional)
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 11
CCN
/ /videos/CESAutomatic CDN!
“I want that
same video”
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 12
CCN
/ /videos/CESMobility!
“I moved.
Re-send request”
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 13
(A day in the life of an Information Object (IO))
ICN Router
CacheRequest
AggregatorRequest
RoutingID Bits TT
L
ID I/F TT
LHint I/F
I/F out
I/F in
I/F out
I/F in
I/F out
I/F in
I/F out
I/F in
I/F out
I/F in
I/F out
I/F in
Basic generic ICN Router functionality
GET
RESP
GET
RESP
GET
RESP
Check if IO
is in cache
Check if request
for IO already
been sent
Decide on
which
interface(s)
to forward
request
A request
for an IO is
received
The IO
request is
forwarded
The IO
requested
is received
The IO
is stored in
the cache
The IO
is sent out
on requesting
interfaces
The IO
is sent out
on requesting
interfaces
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 14
Providing cdn & p2p as an application independent Service for Secured Objects
ICN
API
getObject
(objectID)
WiFi Blutooth LTELTE
BroadcastEtc…
sensor personApp 1 App 2 personApp 3 personApp 4
CDN
CDN
CDN
CDN
CDN
P2P
P2P
P2P
P2P
P2P
publishObject
(objectID, attr1,
attr2, attr3)
response
(Object)
getObject
(attr1, attr2)
response
(setof{objectID})
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 15
ICN & ABE Scenario› A person has a personal sensor
device that monitors body
temperature and heart rate
› Data is privacy protected under ABE
encryption policies
› Different encryption policies are used
depending on the health status
Encryption policy
for Normal
health status
Encryption policy for
Critical health status
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 16
ABE & ICN
›ABE provides object security
›ABE is inline with ICN as both focus on
information objects
›ABE allows for complex access policies for
objects while maintaining one encrypted
version of the object
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 17
Attribute-Based Encryption (ABE)
›Pros:–Object security that secures the object at the source, no
need to trust gateways in the network
–Successful decryption can be achieved with multiple
different keys
–Does not require online communication with the key
management server
–Can provide good privacy by use of decentralized
attribute authorities
›Cons:–Computationally heavy
–No easy solution to revoking attributes/keys
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 18
Testbed
› CCN relay implemented in CCN-lite on top of RIOT OS
› Android ICN ABE app developed
› Sensor hardware platform used STM32F4DISCOVERY
– ARM Cortex-M4 32-bitcore, 1 MB Flash memory and 192 kB RAM
Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 19
results & Conclusions
›Performing ABE on sensors is feasible
›RAM is the bottle-neck, not processing power