Practical and Scalable Access Control Mechanism for the Internet of Things.

Internet of Things (IoT) promises a strong world connecting digital and physical enviromments. Nevertheless, such a framework comes with huge security and privacy vulnerabilities, due to the heterogeneous nature of devices and of the diversity of their provenance. Other noticeable, technical challenges in IoT are brought with the constrained resources of devices, forcing to design protocol as lightweight as possible. In this paper, we present a new system with access control key updates and direct user revocation, that are beneficial features in IoT. Access control is done using Ciphertext-Policy Attribute-Based Encryption where attributes represent roles of devices within their networks. Moreover, we devise a novel approach, based on a binary tree, to append time credentials. This allows us to find an interesting trade-off between key update frequency and user revocation list length, as well as stressing time-sensitive data exchanged in IoT environments. The security of our scheme is proved under the Decisional Bilinear Diffie-Hellman Exponent assumption. Future work will focus on the implementation and analysis of our solution, in order to confirm that the latter is fully deployable in IoT networks.