About CACIC

CACIC is an architecture that allows clients to customize access permissions for its IoT data in clouds. By leveraging isolated memory enclaves, CACIC can achieve security even if the operating system or cloud administrator try to act maliciously. In CACIC, each client has its public ID and 128-bit secret key (CK), shared with an enclave after attesting its security.

_images/arquitetura_ingles.png

Publication messages

Publication messages have the following format:

M[publication]=[time|ID|type|size|CK(ID|pub_req|perm|nonce)]

They contain a publication request (req) and a list of identifications (IDs) from users who can access the published data (perm). Both the message and the list are encrypted with the CK. Depending on the publication request type (type), the server core either publishes a new sample or performs a processing task before publishing the result. The result is stored encrypted along with the list of access permissions. Even though the server core may query additional data from the database, the access is only granted if the stored permissions include the requesting client.

Query messages

Query messages have the following format:

M[query]=[ID|size|que_req|CK(ID|nonce)]

The que_req identifies the data for being queried from the database. The server decrypts the stored data and forwards it to the client only if the access permission list, stored with the data, includes the querier ID.