Attribute-Based Encryption (ABE) is an emerging cryptographic technique that allows one to embed a fine-grained access control mechanism into encrypted data. In this paper we propose a novel ABE scheme called SEA-BREW (Scalable and Efficient Abe with Broadcast REvocation for Wireless networks), which is suited for Internet of Things (IoT) and Industrial IoT (IIoT) applications. In contrast to state-of-the-art ABE schemes, ours is capable of securely performing key revocations with a single short broadcast message, instead of a number of unicast messages that is linear with the number of nodes. This is desirable for low-bitrate Wireless Sensor and Actuator Networks (WSANs) which often are the heart of (I)IoT systems. In SEA-BREW, sensors, actuators, and users can exchange encrypted data via a cloud server, or directly via wireless if they belong to the same WSAN. We formally prove that our scheme is secure also in case of an untrusted cloud server that colludes with a set of users, under the generic bilinear group model. We show by simulations that our scheme requires a constant computational overhead on the cloud server with respect to the complexity of the access control policies. This is in contrast to state-of-the-art solutions, which require instead a linear computational overhead.

基于属性的加密（ABE）是一种新兴的加密技术，它允许人们将细粒度的访问控制机制嵌入加密的数据中。在本文中，我们提出了一种新颖的ABE方案，称为SEA-BREW（用于无线网络的具有广播撤销的可伸缩高效Abe），适用于物联网（IoT）和工业IoT（IIoT）应用。与最新的ABE方案相比，我们的解决方案能够通过一条短广播消息（而不是与节点数量成线性关系的单播消息）安全地执行键撤销。对于通常是（I）IoT系统核心的低比特率无线传感器和执行器网络（WSAN），这是理想的。在SEA-BREW中，传感器，执行器和用户可以通过云服务器交换加密数据，或者如果它们属于同一WSAN，则直接通过无线方式。在通用双线性组模型下，我们正式证明了在不受信任的云服务器与一组用户合谋的情况下，我们的方案也是安全的。通过仿真显示，就访问控制策略的复杂性而言，我们的方案要求云服务器上的计算开销恒定。这与最新的解决方案相反，后者需要线性计算开销。