Publication Details
Placide Shabisha



The Internet of Things (IoT) and its applications have literally invaded our environment, home, cars, cities, etc. and there could be more than 40 billion IoT devices generating around 80 zettabytes of data in 2025. Most of the generated IoT data are stored on the cloud from where they can be securely downloaded by users. For real-time IoT applications which require highly efficient mechanisms, fog computing offers better performance than cloud computing. For both cloud data storage and IoT applications relying on fog computing, we need to provide end-to-end security. Security includes, besides confidentiality of the data between sender and legitimate receiver, also integrity of the data and authentication of the entities participating in the process. In addition, anonymity and unlinkability of the sender are included as important requirements to ensure privacy. We have studied dedicated security mechanisms with a focus on efficiency since the IoT devices are assumed to be constrained devices and require a highly scalable approach due to their large amount. Fog-based architectures are nowadays popular as they are efficient in terms of location awareness, hardware size, easy deployment, decentralized and simplified operations, time criticalness, internet connectivity and bandwidth usage, etc. To address security issues in fog computing, we proposed two solutions. In the first scheme, a new key agreement protocol is designed for an architecture model with one sensor device, a fog node, and the cloud server. The scheme relies on lightweight cryptographic operation to construct a symmetric key. In the second solution, the proposed protocol is suitable for a group of devices, a fog and a server providing authentication alongside anonymity to the participants and use Elliptic Curve Cryptography to construct a group key. We also focused on security primitives enabling secure data transmission from the cloud service provider to the end-users. The cloud service provider is considered as an honest-but-curious entity, who executes the required steps but could be interested in retrieving the data for its own purpose. The confidentiality of the data should therefore be protected towards the cloud. Hence, a symmetric key based mechanism was proposed to enable proxy re- encryption. In proxy re-encryption schemes, a second encryption is performed by the cloud before the re-encrypted data are forwarded to the end-user. We avoided computationally intensive operations and used lightweight cryptographic operations such as bitwise XOR, concatenation and hash instead. This approach is highly efficient in terms of computation cost. The developed schemes were verified using formal verification methods and informal analysis. This PhD thesis contributes to the development of efficient security primitives providing end-to-end security solutions between IoT devices and different legitimate receivers.