Slide subtitle

Employing Attribute-Based Encryption in Systems with Resource Constrained Devices in an

Information-Centric Networking Context

Global IoT Summit (GIoTS)Geneva, June 6-9, 2017

Börje OhlmanEricsson Research

Joakim Borgh (SAAB), Edith Ngai (Uppsala University), Adeel Mohammad Malik (Ericsson Research)

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 2

ICN2020 ConsortiumKDDI R&D Laboratories, Inc.

(KDD, Saitama)

Japanese Coordinator

Kozo Keikaku Engineering Inc.

(KKE, Japan)

Osaka University

(UOS, Osaka)

Georg-August-Universität Göttingen

(UGO, Germany)

EU Coordinator

NEC Europe Ltd.

(NEE, UK)

Universita’ degli Studi di Roma

Tor Vergata

(URO, Italy)

Cisco Systems France Sarl

(CIS, France)

University College London

(UCL, UK)

Institut de Recherche Technologique

SystemX

(SYX, France)

Ericsson AB

(ERI, Sweden)

Osaka City University

(OCU, Japan)

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 3

Outline

› ICN overview

›ABE overview

›Scenario & Testbed

›Results & Conclusions

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 4

Evolution of networking

Information-centric network (ICN)

Focuses on Dissemination of Information

objectsInformation-centric abstraction

What to communicate

Today’s InternetFocuses on

Conversations between HostsHost-centric abstraction

Who to communicate with

WebCDN

P2P

Evolution

Major ICN approaches• Content Centric Networking (CCN) / Named Data Networking (NDN)• Network of Information (NetInf)• Publish/Subscribe Networking (PSIRP / PURSUIT)

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 5

Security model in traditional node-centric networking

B

Server X

Trusted

Server

Secure

Connection

Connect to

Server X and

get object B

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 6

Security model in Information-centric Networking (ICN)

A

C

D

E

B

A

B

E

A

C

B

A

D

E

A

D

B

Get object B

Trustable

copy of

object B

Untrusted

server

Untrusted

connection

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 7

Content Centric Networking (CCN)

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 8

CCN

/ /videos/CESI want

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 9

CCN

/ /videos/CES

//

/ /videos

/ /videos/CESPrefix routing

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 10

CCN

/ /videos/CES

/ /videos/CESCaching at

each node

(optional)

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 11

CCN

/ /videos/CESAutomatic CDN!

“I want that

same video”

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 12

CCN

/ /videos/CESMobility!

“I moved.

Re-send request”

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 13

(A day in the life of an Information Object (IO))

ICN Router

CacheRequest

AggregatorRequest

RoutingID Bits TT

L

ID I/F TT

LHint I/F

I/F out

I/F in

I/F out

I/F in

I/F out

I/F in

I/F out

I/F in

I/F out

I/F in

I/F out

I/F in

Basic generic ICN Router functionality

GET

RESP

GET

RESP

GET

RESP

Check if IO

is in cache

Check if request

for IO already

been sent

Decide on

which

interface(s)

to forward

request

A request

for an IO is

received

The IO

request is

forwarded

The IO

requested

is received

The IO

is stored in

the cache

The IO

is sent out

on requesting

interfaces

The IO

is sent out

on requesting

interfaces

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 14

Providing cdn & p2p as an application independent Service for Secured Objects

ICN

API

getObject

(objectID)

WiFi Blutooth LTELTE

BroadcastEtc…

sensor personApp 1 App 2 personApp 3 personApp 4

CDN

CDN

CDN

CDN

CDN

P2P

P2P

P2P

P2P

P2P

publishObject

(objectID, attr1,

attr2, attr3)

response

(Object)

getObject

(attr1, attr2)

response

(setof{objectID})

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 15

ICN & ABE Scenario› A person has a personal sensor

device that monitors body

temperature and heart rate

› Data is privacy protected under ABE

encryption policies

› Different encryption policies are used

depending on the health status

Encryption policy

for Normal

health status

Encryption policy for

Critical health status

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 16

ABE & ICN

›ABE provides object security

›ABE is inline with ICN as both focus on

information objects

›ABE allows for complex access policies for

objects while maintaining one encrypted

version of the object

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 17

Attribute-Based Encryption (ABE)

›Pros:–Object security that secures the object at the source, no

need to trust gateways in the network

–Successful decryption can be achieved with multiple

different keys

–Does not require online communication with the key

management server

–Can provide good privacy by use of decentralized

attribute authorities

›Cons:–Computationally heavy

–No easy solution to revoking attributes/keys

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 18

Testbed

› CCN relay implemented in CCN-lite on top of RIOT OS

› Android ICN ABE app developed

› Sensor hardware platform used STM32F4DISCOVERY

– ARM Cortex-M4 32-bitcore, 1 MB Flash memory and 192 kB RAM

Börje Ohlman (Ericsson Research) | Global IoT Summit (GIoTS) | Geneva, June 6-9, 2017 | Page 19

results & Conclusions

›Performing ABE on sensors is feasible

›RAM is the bottle-neck, not processing power