Browsing by Author "Touati, Lyes"

Now showing 1 - 4 of 4
  • Thumbnail Image
    Item
    Activity-Based Access Control for IoT
    (ACM, 2015-09) Touati, Lyes; Challal, Yacine
    In traditional access control systems, a process is granted or not the access to a resource following a control on a single action without taking into consideration user and/or system context. In this paper we introduce a novel concept and a generalized version of context-aware access control in the Internet of Things that we name Activity Control. Our approach is aimed to be aware of the user’s context and the overall system’s one to make decision on granting or denying the requested action. To implement our concept we used a finite-state machine and the asymmetric encryption mechanism called Ciphertext-Policy Attribute-Based Encryption to achieve a real-time access policy adaptation following user’s and/or system’s context evolution.
  • Thumbnail Image
    Item
    Collaborative KP-ABE for Cloud-Based Internet of Things Applications
    (IEEE, 2016-05-23) Touati, Lyes; Challal, Yacine
    KP-ABE mechanism emerges as one of the most suitable security protocol for asymmetric encryption. It has been widely used to implement access control solutions. However, due to its expensive overhead, it is difficult to consider this protocol in resource-limited networks, such as the IoT. As the cloud has become a key infrastructural support for IoT applications, it is interesting to exploit cloud resources to perform heavy operations. In this paper, a collaborative variant of KP-ABE named C-KP-ABE for cloud-based IoT applications is proposed. Our proposal is based on the use of computing power and storage capacities of cloud servers and trusted assistant nodes to run heavy operations. A performance analysis is conducted to show the effectiveness of the proposed solution.
  • Thumbnail Image
    Item
    Efficient CP-ABE Attribute/Key Management for IoT Applications
    (IEEE, 2015-10) Touati, Lyes; Challal, Yacine
    Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a promising cryptographic mechanism for fine-grained access control to shared data. Attribute/Key management is a keystone issue in CP-APE because of low efficiency of existing attribute revocation techniques. Indeed, existing solutions induce great side effect after each attribute revocation. The side effect induces rekeying and/or re-assignment of attributes to all users. In this paper, we propose a solution which does not require extra entities like proxies to re-encrypt data after every access policy change. Moreover, our solution does not imply latencies following access grants and revocations. We compare our solution with the batch-based CP-ABE attribute management technique and we show that our solution outperforms existing rekeying/revocation techniques in terms of overhead.
  • Thumbnail Image
    Item
    Instantaneous Proxy-Based Key Update for CP-ABE
    (IEEE, 2016-11-07) Touati, Lyes; Challal, Yacine
    Attribute Based Encryption (ABE) scheme has been proposed to implement cryptographic fine grained access control to shared information. It allows to achieve information sharing of type one-to-many users, without considering the number of users and their identities. However, original ABE systems suffer from the non-efficiency of their attribute/key revocation mechanisms. Based on Ciphertext-Policy ABE (CP-ABE) scheme, we pro- pose an efficient proxy-based immediate private key update which does require neither re-encrypting cipher-texts, nor affect other users’ secret keys. The semi-trusted proxy, we have introduced, assists nodes during the decryption process without having ability to decrypt nodes’ data. Moreover, the proxy eliminates the 1- effects-n phenomenon from which suffer existing solutions when it comes to revoke nodes attributes. Finally, we analyze the security of our scheme and demonstrate that the proposed solution outperforms existing ones in terms of generated overheard.