FPGA-Based Symmetric Re-Encryption Scheme to Secure Data Processing for Cloud-Integrated Internet of Things

A new scheme using field programmable gate arrays (FPGAs) to secure Internet of Things (IoT) data processing in public clouds against various attacks (including attacks from insiders) is proposed. The proposed scheme supports various business models involving multiple parties and allow the data owner to give temporary access to IoT data to specific clients at a public market place (the cloud). The scheme achieves perfect forward secrecy, provides FPGA authentication, a secure way to establish a symmetric session key between the on-cloud FPGA, the IoT device and the client, and allows user's configuration integrity check while running in the cloud FPGA. A symmetric proxy re-encryption (PRE) scheme is used to support the publish/subscribe mode of operation of IoT. A complete prototype has been implemented to show the feasibility of the proposed scheme. Formal verification of the proposed protocol verified that it does not have any vulnerabilities. Experimental results showed that an FPGA implementation of the proposed PRE was 6x faster than the SW implementation in transforming a ciphertext of size 1 GB.