Identity-based broadcast encryption with outsourced partial decryption for hybrid security models in edge computing

Jongkil Kim, Seyit Camtepe, Willy Susilo, Surya Nepal, Joonsang Baek

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

15 Scopus citations

Abstract

Each layer of nodes and communication networks in edge computing, from cloud to the end device (i.e, often considered as resourceconstrained IoT devices), exhibits a different level of trust for each stakeholder - e.g., edge nodes may not be fully trusted by IoT devices and the cloud. Moreover, asymmetric nature of resources between layers makes it hard to establish a balance between security and performance - e.g., lightweight cryptography may degrade security level against untrusted nodes while heavyweight ones may not be feasible for the light-weight end devices. An advanced encryption scheme such as the Identity-Based Broadcast Encryption (IBBE) is a popular technique to reduce storage and communication overhead. However, IBBE requires heavy computation to the end devices and still does not fully satisfy the security requirements that exist in the layers of edge computing. This paper presents a new IBBE with outsourced partial decryption for hybrid security models that each layer in edge computing requires. It balances the computational overhead based on asymmetric nature that nodes in each layer have. Particularly, with new schemes, the ciphertext can be transformed from its initial format. The cloud encrypts their data for multiple end devices and store them in the edge nodes, but those interim nodes can blindly transform the ciphertext from the cloud into a form which (i) is decryptable by only an authorized end device, and (ii) imposes smaller decryption and data transmission burden to end devices, regardless of the number of recipients. Our security analysis shows that new schemes are selectively and adaptively secure. We implement our solution and show that new schemes reduce the communication overhead from an edge node to end devices and the computation overhead on the end devices, compared to the original IBBE schemes.

Original languageEnglish
Title of host publicationAsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages55-66
Number of pages12
ISBN (Electronic)9781450367523
DOIs
StatePublished - 2 Jul 2019
Event2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019 - Auckland, New Zealand
Duration: 9 Jul 201912 Jul 2019

Publication series

NameAsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

Conference

Conference2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019
Country/TerritoryNew Zealand
CityAuckland
Period9/07/1912/07/19

Bibliographical note

Publisher Copyright:
© 2019 Association for Computing Machinery.

Keywords

  • Edge computing
  • Identity-based broadcast encryption
  • Identity-based encryption
  • Outsourced decryption

Fingerprint

Dive into the research topics of 'Identity-based broadcast encryption with outsourced partial decryption for hybrid security models in edge computing'. Together they form a unique fingerprint.

Cite this