- Title: End-to-End Protection of IoT Communications Through Cryptographic Enforcement of Access Control Policies
- Authors: Stefano Berlato, Roberto Carbone, Umberto Morelli, Silvio Ranise
- DOI: 10.1007/978-3-031-10684-2_14
AbstractIt is crucial to ensure the security and privacy of communications in IoT scenarios that process an increasingly large amount of sensitive data. In this context, we propose a cryptographic enforcement mechanism of access control policies to guarantee the confidentiality and integrity of messages exchanged with the MQTT protocol in presence of external attackers, malicious insiders and "honest-but-curious" service providers. A preliminary performance evaluation with a prototype implementation in an open-source tool shows the overhead is acceptable in relevant use case scenarios and provides a higher level of security with respect to other approaches.
Below, you find links to complementary material and additional resources referenced in the paper.
The experimental results of the configurations described in the paper are available here.