REEDS: An Efficient Revocable End-to-End Encrypted Message Distribution System for IoT

To address the confidentiality concerns of malicious adversaries that fully compromise the message broker in pub/sub based IoT systems, several researchers use proxy re-encryption (PRE) to realize end-to-end encrypted message distribution (from publisher to subscriber). However, the all-or-nothing share feature of PRE poses a problem that the share cannot be efficiently revoked. The only way for publishers to revoke the access rights of subscribers is to pick a new public-private key pair and re-generate the re-encryption keys for all the remaining subscribers, which hampers the scalability in practice. To realize efficient user revocation, we present REEDS, an efficient revocable end-to-end encrypted message distribution system for IoT. The core of REEDS is a novel proxy-aided identity-based conditional proxy re-encryption (PIB-CPRE) scheme. Essentially, we use a binary-tree structure to organize re-encryption keys, so that the update of re-encryption keys is reduced from linear to logarithmic in the number of subscribers. We show that REEDS satisfies confidentiality, efficient immediate revocation, decentralized authorization, and maintains low overhead for publishers and subscribers. The prototype system is implemented and its performance is evaluated. The results show that REEDS is not only easy to deploy over existing message brokers but also highly efficient.