ESIoT: Enabling Secure Management of the Internet of Things

The Internet of Things (IoT) is an emerging paradigm, where the ubiquitous devices can form the networks and connect to Internet. Security and management of devices remain open challenges for the IoT. We adopt the management framework of industry consortium THREAD, where a group of devices cooperating to accomplish the same task (called policy) are administrated by a designated device called commissioner and together they form a policy group. All these policy groups are further managed by a centralized server. In this hierarchical network structure, the secure distribution of the policy information, access control, and group key from the centralized server to commissioner and its peers become challenging given the pervasive, complex and heterogeneous properties of devices. To solve this, we propose protocols/mechanisms along with a variant of Broadcast Encryption called Secure Identity-Based Broadcast Encryption (SIBBE) and demonstrate the feasibility for secure distribution of information to the IoT devices from centralized server. Most of the related work is based on the Attribute-based Encryption (ABE) for IoT devices, which has scalability issues with the number of attributes. Our experimental and simulation evaluations show that our scheme outperforms the existing schemes in terms of scalability, latency, and communication overhead.