Transparent Encryption for IoT Using Offline Key Exchange over Public Blockchains

Mamun Abu-Tair,Unsub Zia,Jamshed Memon,Bryan Scotney,Jorge Martinez Carracedo,Ali Sajjad
DOI: https://doi.org/10.1007/978-3-031-57916-5_26
2024-01-01
Abstract:Internet of Things (IoTs) framework involves of a wide range of computing devices that rely on cloud storage for various applications. For instance, monitoring, analytics, surveillance and storing data for later processing within other applications. Due to compliance with security standards and trust issues with third-party cloud storage servers, the IoT data has to be encrypted before moving it to cloud server for storage. However, a major concern with uploading encrypted IoT data to cloud is the management of encryption keys and managing access policies to data. There are several techniques that can be used for storing cryptographic keys used for encryption/decryption of data. For instance, the keys can be stored with encrypted data on the cloud, a third-party key storage vault can be used for storing keys or the keys can stay with client so that they could download and decrypt the data by themselves. In case of encryption keys leakage, the data stored on the cloud storage could be compromised. To resolve the challenge of key management and secure access to data in third-party cloud storage, an end-to-end transparent encryption model has been proposed that securely publishes the cryptographic keys in a blockchain ledger. The data is encrypted at edge gateway before it is transmitted to cloud for storage. The user does not require cryptographic keys to access data; a seamless process involves the client proving their identity to a crypto proxy agent built upon zero trust security principles, ensuring continuous verification.
What problem does this paper attempt to address?