Broadcast encryption schemes allow senders to distribute data to selected receivers securely. Broadcast encryption schemes have been widely used in designing revocation protocols in publish-subscribe systems. However, existing broadcast encryption schemes do not support delegation, which is essential for secure communication in IoT systems. We extend tree-based broadcast encryption schemes to support delegation, which allows subscribers to delegate their keys to other subscribers in a fine-grained, distributed way. We design a revocation protocol for IoT systems based on the delegable broadcast encryption scheme. By incorporating our revocation protocols and other designs, we propose JEDI [49] (Joining Encryption and Delegation for IoT), a many-to-many end-to-end encryption protocol for IoT. JEDI encrypts and signs messages end-to-end while conforming to the decoupled communication model typical of IoT systems. This report only focuses on the part of the JEDI design that includes the delegable broadcast encryption and the revocation protocol. Please refer to the JEDI paper [49] for more details.




Download Full History