Published: May 26, 2022
The following paper has been accepted at the 36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2022):
- Title: End-to-End Protection of IoT Communications Through Cryptographic Enforcement of Access Control Policies
- Author: Stefano Berlato, Roberto Carbone, Umberto Morelli, Silvio Ranise
- Abstract: It is crucial to ensure the security and privacy of communications in IoT scenarios that process an increasingly large amount of sensitive data. In this context, we propose a cryptographic enforcement mechanism of access control policies to guarantee the confidentiality and integrity of messages exchanged with the MQTT protocol in presence of external attackers, malicious insiders and "honest-but-curious" service providers. A preliminary performance evaluation with a prototype implementation in an open-source tool shows the overhead is acceptable in relevant use case scenarios and provides a higher level of security with respect to other approaches.
- DOI: 10.1007/978-3-031-10684-2_14
- Complementary Material: Link
About the conference
- Name: 36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2022)
- Date: from July 18, 2022 to July 20, 2022
- Location: Newark, NJ, USA
- Website: http://cs.iit.edu/~dbsec2022/
