A Secure and Robust Scheme for Sharing Confidential Information in IoT Systems

A Secure and Robust Scheme for Sharing Confidential Information in IoT Systems

Ad Hoc Networks, vol. 92, 2019 - Special Issue on Security of IoT-enabled Infrastructures in Smart Cities In Internet of Things (IoT) systems with security demands, there is often a need to distribute sensitive information (such as encryption keys, digital signatures, or login credentials, etc.) amo...

Full description

Saved in:
Bibliographic Details
Main Authors: Bu, Lake, Isakov, Mihailo, Kinsy, Michel A
Format: Journal Article
Language:English
Published: 27-11-2019
Subjects:
Computer Science - Cryptography and Security
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Ad Hoc Networks, vol. 92, 2019 - Special Issue on Security of IoT-enabled Infrastructures in Smart Cities In Internet of Things (IoT) systems with security demands, there is often a need to distribute sensitive information (such as encryption keys, digital signatures, or login credentials, etc.) among the devices, so that it can be retrieved for confidential purposes at a later moment. However, this information cannot be entrusted to any one device, since the failure of that device or an attack on it will jeopardize the security of the entire network. Even if the information is divided among devices, there is still the danger that an attacker can compromise a group of devices and expose the sensitive information. In this work, we design and implement a secure and robust scheme to enable the distribution of sensitive information in IoT networks. The proposed approach has two important properties: (1) it uses Threshold Secret Sharing (TSS) to split the information into pieces distributed among all devices in the system - and so the information can only be retrieved collaboratively by groups of devices; and (2) it ensures the privacy and integrity of the information, even when attackers hijack a large number of devices and use them in concert - specifically, all the compromised devices can be identified, the confidentiality of information is kept, and authenticity of the secret can be guaranteed.
DOI:10.48550/arxiv.1911.11934