This page contains complementary material related to the following paper:

Title: End-to-End Protection of IoT Communications Through Cryptographic Enforcement of Access Control Policies
Authors: Stefano Berlato, Roberto Carbone, Umberto Morelli, Silvio Ranise
DOI: 10.1007/978-3-031-10684-2_14

Abstract

It is crucial to ensure the security and privacy of communications in IoT scenarios that process an increasingly large amount of sensitive data. In this context, we propose a cryptographic enforcement mechanism of access control policies to guarantee the confidentiality and integrity of messages exchanged with the MQTT protocol in presence of external attackers, malicious insiders and "honest-but-curious" service providers. A preliminary performance evaluation with a prototype implementation in an open-source tool shows the overhead is acceptable in relevant use case scenarios and provides a higher level of security with respect to other approaches.

Complementary Material

Below, you find links to complementary material and additional resources referenced in the paper.

Extended Article

An extended version of this work with more details on the Cryptographic Access Control scheme is available here. Please see the repository for more details on CryptoAC.