Applying Attribute-Based Encryption in IoT and Automotive Scenarios

With the advent of the Internet of Things (IoT) and the Industrial IoT (IIoT), the amount of information available has grown so much that the main focus was to collect and store such data efficiently. Unfortunately, as often happens, security was initially overlooked, and this lack of protection led to several cyberattacks against privates, companies, and even national agencies. Indeed, data generated by IoT devices are usually stored on the Internet (e.g., on a cloud server) in such a way that they are virtually accessible to anybody at any time. Data in such a state is called extit{data at rest}. Access to those cloud servers is protected with some access control mechanisms, for example, enforced via software so that any user can access only data that he/she possesses. extit{Data Leakage} is an outpour of sensible information by a hacker that gained control of a cloud server and, therefore, can access every information stored on it. One solution is to encrypt data at rest. On the one hand, encryption addresses the data leakage problem, but, on the other hand, it makes data sharing complex. Attribute-Based-Encryption (ABE) is an asymmetric encryption scheme that allows one to mathematically enforce an Access Control Mechanism (ACM) during the decryption procedure so that only permitted entities can access the protected data. The main advantage of using ABE in (I)IoT systems is to achieve multiple-receiver encryption with fine-grained access control. ABE provides confidentiality for extit{data at rest} (e.g., stored on third-party cloud storage) while allowing parties with different access privileges to decrypt it. In this dissertation, we investigate the problem of engineering the Attribute-Based Encryption schemes within IoT (Internet of Things) and IIoT (Industrial IoT) systems. However, this displays tough challenges, particularly bandwidth consumption, feasibility over constrained devices, access policies management, and key management. Our investigation has been carried out in several directions. First, we compared the ABE approach with another similar technique in the literature, namely the Sticky Policy technique, to point out ABE potentialities. Secondly, we discuss some scenarios in which ABE can be adopted, while improving one of the original schemes. Then, we evaluate ABE performances in terms of bandwidth, energy consumption, computation time, and CPU load on a broad range of devices: from IoT constrained devices like the ESP32, to the RaspberryPi 3, to a more advanced automotive-compliant Xilinx ZCU 102 evaluation board. We also approach the related problems of: (i) reducing the encryption overhead of the ABE ciphertext; (ii) designing a recovery mechanism in case of key compromise; (iii) correctly selecting the most suitable ABE scheme for any IoT applications.