<p>The publish-subscribe paradigm has become the mainstream communication model for large-scale Internet of Things (IoT) systems. However, existing end-to-end encryption solutions based on Conditional Proxy Re-Encryption (CPRE) suffer from limitations in supporting dynamic and fine-grained access control policies. This paper proposes a dynamic policy-aware CPRE system that extends traditional CPRE with multi-dimensional condition support and policy hiding capabilities. Our system introduces a JSON-based policy language to define complex access control rules incorporating temporal, spatial, role-based, and device status conditions. We design a policy matching engine that enables fine-grained authorization while preserving policy privacy. The proposed scheme is implemented as an extension to the HiveMQ MQTT broker and evaluated comprehensively. Experimental results demonstrate that our system achieves enhanced security with acceptable performance overhead, providing only 5–15% increase in encryption time while supporting rich dynamic policies compared to the original CPRE scheme.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A dynamic policy-aware conditional proxy re-encryption system for fine-grained access control in IoT pub/sub systems

  • Shi Lin,
  • Niu Ke,
  • Hu Jun Ru,
  • Li Cui

摘要

The publish-subscribe paradigm has become the mainstream communication model for large-scale Internet of Things (IoT) systems. However, existing end-to-end encryption solutions based on Conditional Proxy Re-Encryption (CPRE) suffer from limitations in supporting dynamic and fine-grained access control policies. This paper proposes a dynamic policy-aware CPRE system that extends traditional CPRE with multi-dimensional condition support and policy hiding capabilities. Our system introduces a JSON-based policy language to define complex access control rules incorporating temporal, spatial, role-based, and device status conditions. We design a policy matching engine that enables fine-grained authorization while preserving policy privacy. The proposed scheme is implemented as an extension to the HiveMQ MQTT broker and evaluated comprehensively. Experimental results demonstrate that our system achieves enhanced security with acceptable performance overhead, providing only 5–15% increase in encryption time while supporting rich dynamic policies compared to the original CPRE scheme.