End to End Secure Data Exchange in Value Chains with Dynamic Policy Updates

TL;DR

This paper proposes a flexible, secure data exchange system for value chains using CP-ABE that ensures end-to-end security and supports dynamic policy updates, suitable for resource-constrained IIoT devices.

Contribution

It introduces a CP-ABE-based system enabling secure, policy-updatable data sharing in value chains, addressing security, flexibility, and resource constraints.

Findings

Feasibility demonstrated on IIoT platforms

Supports dynamic access policy updates without security breaches

Protects sensitive data in value chain environments

Abstract

Data exchange among value chain partners provides them with a competitive advantage, but the risk of exposing sensitive data is ever-increasing. Information must be protected in storage and transmission to reduce this risk, so only the data producer and the final consumer can access or modify it. End-to-end (E2E) security mechanisms address this challenge, protecting companies from data breaches resulting from value chain attacks. Moreover, value chain particularities must also be considered. Multiple entities are involved in dynamic environments like these, both in data generation and consumption. Hence, a flexible generation of access policies is required to ensure that they can be updated whenever needed. This paper presents a CP-ABE-reliant data exchange system for value chains with E2E security. It considers the most relevant security and industrial requirements for value chains. The proposed solution can protect data according to access policies and update those policies without breaking E2E security or overloading field devices. In most cases, field devices are IIoT devices, limited in terms of processing and memory capabilities. The experimental evaluation has shown the proposed solution's feasibility for IIoT platforms.