Efficient Identity-Based Encryption With Revocation for Data Privacy in Internet of Things
Yinxia Sun, Pushpita Chatterjee, Yi Chen, Yudong Zhang
Abstract
The Internet of Things (IoT) is making the world around us smarter and more convenient. However, its extensive application has rendered security problems, such as the privacy of sensitive data, increasingly serious. Encryption provides an effective and important means of protecting data privacy in the IoT. Because of resource limitations, to achieve high efficiency IoT devices require an encryption scheme that ensures that the encryption phase does not incur a heavy data transmission overhead. By virtue of its many advantages, the use of public-key encryption in current applications is widespread. Identity-based public-key encryption (IBE) removes the obstacle raised by the sophisticated certificate management required by other schemes, and its efficiency renders it more suitable for application in the IoT. However, a problem that needs to be solved in IBE is the revocation of a user whose private key may have been exposed. In this article, we present an efficient and practical IBE scheme having a revocation functionality to preserve data privacy in IoT applications. Elements in the system, such as sensors and actuators, can exchange encrypted data directly or via a cloud server. If a private key is compromised, the private key generator can revoke its user. The security of our proposed scheme can be proved based on SM9 encryption and the bilinear Diffie–Hellman problem.