SHERLOC: a privacy-preserving smart home system with secure message routing and privilege control
摘要
Smart home platforms predominantly adopt the broker-mediated publish/subscribe model (e.g., MQTT) for seamless device-app coordination. However, this architecture introduces a fundamental privacy-functionality conflict: the broker requires plaintext metadata (topic strings) for message routing, which inadvertently exposes fine-grained user behavioral patterns to semi-trusted service providers. Furthermore, existing systems lack rigorous cryptographic enforcement for app permissions, leaving the ecosystem vulnerable to over-privileged or malicious apps. While conventional Attribute-Based Encryption (ABE) provides fine-grained read-side access control, it cannot enforce writer-bound policies and remains computationally prohibitive for resource-constrained IoT nodes. In this paper, we propose SHERLOC, a practical and privacy-preserving framework that reconciles secure message routing with fine-grained privilege control. SHERLOC introduces two core primitives: (1) Secret Queue Telemetry Transport (SQTT), which leverages a novel trapdoor-based matching mechanism to support multi-level wildcard routing while ensuring topic indistinguishability and resistance against inside keyword-guessing attacks (IKGA); and (2) Outsourced Inner-Product Access Control Encryption (OS-IPACE), an attribute-hiding scheme that enforces dual no-read and no-write security for apps by offloading intensive pairing operations to a local hub without compromising data secrecy. We provide formal security proofs reducing SHERLOC’s privacy guarantees to the SXDH assumption. Experimental results from a full-scale prototype, comprising ESP32-based devices and Android apps, demonstrate that SHERLOC incurs millisecond-level latency and maintains compatibility with legacy MQTT brokers without altering protocol semantics, making it a robust and deployable solution for modern smart home environments.