Paper 2021/140

Practical and Scalable Access Control Mechanism for the Internet of Things using Time-bound Attribute-based Encryption

Clémentine Gritti
Emanuel Regnath
Sebastian Steinhorst

Internet of Things (IoT) promises a strong connection between digital and physical environments. Nevertheless, such framework comes with huge security vulnerabilities, due to the heterogeneous nature of devices and of the diversity of their provenance. Furthermore, the resource constraints of weaker devices, such as sensors, require a lightweight design of security protocols. In 2018, Liu et al. presented a new system with access control key updates and direct user revocation, that are beneficial features in IoT. Access control is done using Ciphertext-Policy Attribute-Based Encryption where attributes represent roles of devices within their networks and time validity ranges. In this paper, we propose an extension of this system by enabling several authorities to allocate those role attributes, to mitigate the key escrow problem. Moreover, we devise a novel approach, based on a binary tree, to append the time credentials. This allows us to find an interesting trade-off between key update frequency and user revocation list length, for stressing time-sensitive data exchanged in IoT environments. We adapt the security model to follow the multi-authority setting and prove our scheme secure under the Decisional Bilinear Diffie-Hellman Exponent assumption. Finally, we implement and evaluate of our solution, in order to confirm that the latter is fully deployable in IoT networks.

Note: more inputs in the revised version

Available format(s)
Cryptographic protocols
Publication info
time-based key updateuser revocation
Contact author(s)
clementine gritti @ eurecom fr
emanuel regnath @ siemens com
sebastian steinhorst @ tum de
2024-01-25: revised
2021-02-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Clémentine Gritti and Emanuel Regnath and Sebastian Steinhorst},
      title = {Practical and Scalable Access Control Mechanism for the Internet of Things using Time-bound Attribute-based Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2021/140},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.