Lin Shi, Cui Li, Ke Niu
School of Cryptographic Engineering, Engineering University of PAP, Xi'an 710000, China.
School of Information and Communication, National University of Defense Technology, Wuhan 430000, China.
Sensors (Basel). 2024 Jan 10;24(2):0. doi: 10.3390/s24020438.
In light of the existing security vulnerabilities within IoT publish-subscribe systems, our study introduces an improved end-to-end encryption approach using conditional proxy re-encryption. This method not only overcomes limitations associated with the reliance on a trusted authority and the challenge of reliably revoking users in previous proxy re-encryption frameworks, but also strengthens data privacy against potential collusion between the broker and subscribers. Through our innovative encryption protocol, unauthorized re-encryption by brokers is effectively prevented, enhancing secure communication between publisher and subscriber. Implemented on HiveMQ, an open-source MQTT platform, our prototype system demonstrates significant enhancements. Comparison to the state-of-the-art end-to-end encryption work, encryption overhead of our scheme is comparable to it, and the decryption cost is approximately half of it. Moreover, our solution significantly improves overall security without compromising the asynchronous communication and decentralized authorization foundational to the publish-subscribe model.
鉴于物联网发布-订阅系统中存在的安全漏洞,我们的研究引入了一种使用条件代理重加密的改进型端到端加密方法。该方法不仅克服了与依赖可信机构相关的限制以及先前代理重加密框架中可靠撤销用户的挑战,还增强了数据隐私,防止代理与订阅者之间可能的勾结。通过我们创新的加密协议,有效防止了代理进行未经授权的重新加密,增强了发布者与订阅者之间的安全通信。在开源MQTT平台HiveMQ上实现的我们的原型系统展示了显著的改进。与最先进的端到端加密工作相比,我们方案的加密开销与之相当,而解密成本约为其一半。此外,我们的解决方案在不损害发布-订阅模型所基于的异步通信和去中心化授权的前提下,显著提高了整体安全性。
