Attribute-based encryption could offer huge benefits to the IIoT
It’s difficult to overstate the importance of strong security in the industrial IoT. Without robust cybersecurity measures, hackers can shut down factory lines, interrupt sensor data flows, or cause major disruptions to supply chains.
Security experts have long recognized encryption as a vital piece of cybersecurity readiness across a variety of situations, including the IIoT. But like most security tools, encryption must evolve to keep up with the threats.
In recent years, researchers have described an emerging way of using public-key encryption to improve the security of the underlying data. With so-called attribute-based encryption, decryption of the data only occurs when a defined set of attributes of the user matches those of the cipher text.
This means that the person – or machine – controlling the data can set conditions for the receiving people – or machines – to decrypt the data. For example, the data could only be decrypted on a specific date, during a specific timeframe, or in a specific location. In other cases, the data might only be decrypted if the receiving person has a high-level security clearance.
Attribute-based encryption offers several advantages over conventional cryptographic algorithms, particularly its fine-grained and flexible access controls. It also doesn’t depend on key sharing or key management algorithms, and it may guard against a collusion attacks, a way to compromise encryption. Attribute-based encryption also allows for an easy way to scale the sharing of data, while allowing access only to those recipients that meet the pre-defined attributes.
Attribute-based encryption was first described in papers in the early 2000s, and it’s largely remained a concept, rather than being put into use, since then. But the idea has great potential for use in the IIoT.
While some researchers have talked about attribute-based encryption as resource intensive, a 2016 paper tested it on common IoT platforms like the Intel Galileo Gen 2 and various Raspberry Pi models and found it to be feasible.
Using attribute-based encryption, a camera sensor might encrypt the raw image data then give the ciphertext certain attributes, such as the GPS location of the image that was taken or the time it was taken. Then later, someone could be granted to the images based on limited conditions. For example, a user might be able to decrypt all images taken in the Chicago area between May and October 2019.
With a medical device, attribute-based encryption could allow access to the device readings to a small number of people during a limited timeframe. And in a factory setting, access to sensor data might be limited to users who meet pre-defined job roles.
The possibilities for the use of attribute-based encryption in the industrial IoT are nearly endless. As one of the founders of attribute-based encryption; Dr. Brent Waters, distinguished scientist and professor of computer science, explains, “The spirit and concepts of attribute-based encryption have inspired us to rethink encryption in even bigger and grander ways.” The potential for adding a new level of fine-grained and flexible encrypted access for IIoT networks are worth exploring. The whole industry can benefit from more secure sharing of data.
This article was written by Chris Shaw. He is Vice President of Global Marketing at NTT Research. He is responsible for the strategy and direction of all internal and external marketing and communications. Prior to his role at NTT Research, Chris founded Central Coast agency, a Creative Think Tank for Advertising, Content, User Experience and Design. Under his leadership, the team developed and implemented global social media campaigns, built brand identities and implemented proven, effective campaigns.