An IoT Attribute-Based Security Framework for Topic-Based Publish/Subscribe Systems

Abstract

Publish/subscribe is a widely used paradigm in the Internet of Things (IoT). It allows a loose coupling between data producers and data consumers using a network of interconnected brokers. However, sensitive data could be exposed if a broker is compromised or if the broker itself is curious about the information that is exchanged. In this paper, we present a complete security framework for topic-based publish/subscribe systems to ensure both security and privacy at the broker level, going beyond the naive encryption of information while keeping the loose coupling between publishers and subscribers. Furthermore, the proposed solution enables user revocation at the broker level; i.e. a revoked user can no longer subscribe to published data. To achieve that, we propose a unified solution relying on attribute-based cryptography with: (1) Attribute-Based Encryption (ABE) for data encryption; (2) a new construction of Attribute-Based Keyword Search (ABKS) to allow the broker to perform an encrypted matching that enforces privacy; and (3) an Attribute-Based Signature (ABS) to enforce the data authentication.