Outsourcing of IoT-data is a common concept when using third-party services, e.g. an external building management service is given access to the building's sensor measurements. However, the measurements captured from building systems often need to be protected from unauthorized access, because they are linked to persons, processes or business secrets, and therefore data protection requirements apply. Nevertheless, due to the large data volumes, external storage is desirable from a business perspective. We propose the concept of a Security Broker based on symmetric encryption schemes. It offers a key management scheme to flexibly create short decryption keys for time intervals or specific ranges of measurement values. We further show how the scheme can be generalized or a combination of the schemes can be applied. We implemented a prototype in Java and analyzed its performance. The evaluation proved the mechanism's applicability for mainstream applications running on off-the-shelf computing equipment.
展开▼
