A Verifiable and Flexible Data Sharing mechanism for Information-Centric IoT

Abstract

In an Information-Centric Internet of Things (ICIoT) environment for big data sharing, IoT data can be cached throughout the network. Such distributed data caching poses a challenge on flexible authorization and identity verification. For fine-grained data access authorization in a distributed manner, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has been identified as a promising approach. However in the existing CP-ABE based scheme, each publisher would need to retrieve the attributes from the centralized server for encrypting data, resulting in high communication overhead. Moreover, valid authorization period and distributed authentication are still not addressed and seamlessly incorporated. In this paper, we propose a Verifiable and Flexible Data Sharing (VFDS) mechanism for ICIoT, which exploits CP-ABE for authorization and Identity-Based Signature (IBS) for the distributed verification of the identities. In VFDS, publishers retrieve the attributes from the nearby cache holders. In addition, the Attribute Manifest (AM) and the Automatic Attribute Update (AAU) realize efficient attribute updates within the distributed caches to achieve valid authorization period. Meanwhile, VFDS provides the public parameters of IBS in local domain, which enables the efficient identity verifications. Our system evaluations show that the VFDS can achieve lower bandwidth cost compared to the existing schemes for both authentication and flexible authorization.