Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Jin Sun,Xiaojing Wang,Shangping Wang,Lili Ren

DOI: https://doi.org/10.1371/journal.pone.0207543

IF: 3.7

2018-11-29

PLoS ONE

Abstract:Fog computing can extend cloud computing to the edge of the network so as to reduce latency and network congestion. However, existing encryption schemes were rarely used in fog environment, resulting in high computational and storage overhead. Aiming at the demands of local information for terminal device and the shortcomings of cloud computing framework in supporting mobile applications, by taking the hospital scene as an example, a searchable personal health records framework with fine-grained access control in cloud-fog computing is proposed. The proposed framework combines the attribute-based encryption (ABE) technology and search encryption (SE) technology to implement keyword search function and fine-grained access control ability. When keyword index and trapdoor match are successful, the cloud server provider only returns relevant search results to the user, thus achieving a more accurate search. At the same time, the scheme is multi-authority, and the key leakage problem is solved by dividing the user secret key distribution task. Moreover, in the proposed scheme, we securely outsource part of the encryption and decryption operations to the fog node. It is effective both in local resources and in resource-constrained mobile devices. Based on the decisional q-parallel bilinear Diffie-Hellman exponent (q-DBDHE) assumption and decisional bilinear Diffie-Hellman (DBDH) assumption, our scheme is proven to be secure. Simulation experiments show that our scheme is efficient in the cloud-fog environment.

Jianghua Liu,Jian Yang,Wei Wu,Xinyi Huang,Yang Xiang

DOI: https://doi.org/10.1109/tc.2022.3207138

IF: 3.183

2023-04-08

IEEE Transactions on Computers

Abstract:Recent advancements in the Internet of Things (IoT) and cloud computing technologies have accelerated the development of various practical applications, including healthcare systems. Adequately revealing the collected healthcare data in a cloud-assisted healthcare IoT system brings a huge potential for improving the safety, quality, and efficiency of healthcare services. However, often the data collected in a healthcare IoT system is vital and sensitive. The dissemination of such data is also vulnerable to malicious attacks such as tampering, eavesdropping, and forgery. Thus, disseminated data's integrity, authenticity, and privacy are elementary security demands to end-users and owners. Also, the resource-constrained nature of healthcare IoT devices invalidates the existing solutions. To address the above challenges, we propose a lightweight and secure redactable signature scheme with coarse-grained additional redaction control (CRS) for secure dissemination of healthcare data in a cloud-assisted healthcare IoT system. The security analysis indicates our CRS is secure against signature forgery, additional redaction attacks, and redacted version linkability. Compared to other existing solutions, our scheme can achieve some level of security but less computational complexity and communication overhead.

engineering, electrical & electronic,computer science, hardware & architecture

Yu Zhang,Jing Chen,Ruiying Du,Lan Deng,Yang Xiang,Qing Zhou

DOI: https://doi.org/10.1109/TrustCom.2014.42

2014-01-01

Abstract:In the past few years, cloud computing has emerged as one of the most influential paradigms in the IT industry. As promising as it is, this paradigm brings forth many new challenges for data security because users have to outsource sensitive data on untrusted cloud servers for sharing. In this paper, to guarantee the confidentiality and security of data sharing in cloud environment, we propose a Flexible and Efficient Access Control Scheme (FEACS) based on Attribute-Based Encryption, which is suitable for fine-grained access control. Compared with existing state-of-the-art schemes, FEACS is more practical by following functions. First of all, considering the factor that the user membership may change frequently in cloud environment, FEACS has the capability of coping with dynamic membership efficiently. Secondly, full logic expression is supported to make the access policy described accurately and efficiently. Besides, we prove in the standard model that FEACS is secure based on the Decisional Bilinear Diffie-Hellman assumption. To evaluate the practicality of FEACS, we provide a detailed theoretical performance analysis and a simulation comparison with existing schemes. Both the theoretical analysis and the experimental results prove that our scheme is efficient and effective for cloud environment.

Mehedi Masud,Gurjot Singh Gaba,Karanjeet Choudhary,Roobaea Alroobaea,M Shamim Hossain

DOI: https://doi.org/10.1007/s12083-021-01162-x

Abstract:Traditional healthcare services have transitioned into modern healthcare services where doctors remotely diagnose the patients. Cloud computing plays a significant role in this change by providing easy access to patients' medical records to all stakeholders, such as doctors, nurses, patients, life insurance agents, etc. Cloud services are scalable, cost-effective, and offer a broad range of mobile access to patients' electronic health record (EHR). Despite the cloud's enormous benefits like real-time data access, patients' EHR security and privacy are major concerns. Since the information about patients' health is highly sensitive and crucial, sharing it over the unsecured wireless medium brings many security challenges such as eavesdropping, modifications, etc. Considering the security needs of remote healthcare, this paper proposes a robust and lightweight, secure access scheme for cloud-based E-healthcare services. The proposed scheme addresses the potential threats to E-healthcare by providing a secure interface to stakeholders and prohibiting unauthorized users from accessing information stored in the cloud. The scheme makes use of multiple keys formed through the key derivation function (KDF) to ensure end-to-end ciphering of information for preventing misuse. The rights to access the cloud services are provided based on the identity and the association between stakeholders, thus ensuring privacy. Due to its simplicity and robustness, the proposed scheme is the best fit for protecting data security and privacy in cloud-based E-healthcare services.

Xiyu Liang,Yali Liu,Jianting Ning

DOI: https://doi.org/10.1109/JBHI.2024.3391218

Abstract:IoT and 5G-enabled smart healthcare allows medical practitioners to diagnose patients from any location via electronic health records (EHRs) by wireless body area network (WBAN) devices. Privacy, including the medical practitioner's identity and the patient's EHR, can easily be leaked from hospitals or cloud servers, and secret keys used to access EHRs must be revoked after diagnosis. In response to the challenges associated with user authentication and secret key revocation, this paper proposes an access control scheme with privacy-preserving authentication and flexible revocation for smart healthcare using attribute-based encryption (ABE), named PAFR-ABE, which provides access control to prevent malicious users from decrypting EHRs. Meanwhile, PAFR-ABE ensures privacy-preserving authentication for users during secret key generation, which safeguards users' identities and prevents unauthorized requests for secret keys. In addition, PAFR-ABE achieves flexible revocation and recovery of secret keys, which eliminates the need to update secret keys for unrevoked users. Security analysis indicates that PAFR-ABE meets the security requirements of an access control scheme for smart healthcare, especially in terms of forward security and backward security. Performance analysis shows that PAFR-ABE is efficient in the key generation and revocation algorithms compared with typical access control schemes.

qiuxiang dong,zhi guan,kunlun gao,zhong chen

DOI: https://doi.org/10.1155/2015/392439

IF: 1.938

2015-01-01

International Journal of Distributed Sensor Networks

Abstract:With the growing need for the remote caring at home and the everincreasing popularity of mobile devices, more and more applications are being developed to enable remote health monitoring. Combining cloud computing with mobile technologies has enabled the healthcare service provider to offer continuous health data collection and physicians to conveniently monitor and assess users' health while they are at home. However, users' health data contain highly confidential information, and servers in the cloud are out of users' trusted domain. Therefore, users may be reluctant to take advantage of remote health monitoring systems before they make sure their data are properly protected. In this paper, we propose a secure continuous remote health monitoring system named SCRHM with the main component, a searchable encryption scheme supporting range searches for remote health monitoring system. With this scheme, remote health monitoring service provider is able to detect outliers over encrypted health parameters. Using analysis, we prove the correctness and security of the proposed scheme on privacy protection of users' health data. Via simulation experiments, we validate the performance of the proposed scheme in terms of computation and communication overhead.

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/INFCOM.2010.5462174

2010-01-01

Abstract:Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine-grained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.

Heng Pan,Yaoyao Zhang,Xueming Si,Zhongyuan Yao,Liang Zhao

DOI: https://doi.org/10.3390/sym14122479

2022-01-01

Symmetry

Abstract:The Internet of Things (IoT) and cloud technologies have significantly facilitated healthcare. In such a context, medical data are collected by the terminals from the patients, manipulated, and stored on the cloud by hospitals (doctors). This brings asymmetry problems in medical data access control, processing, and storage between doctors and patients, which results in medical data sharing face many challenges such as privacy leakage and malicious feedback from cloud servers on queries. To solve these asymmetry problems, this paper proposes a medical data sharing scheme with cloud-chain cooperation and policy fusion in the IoT. Regarding asymmetrical access control rights, a conflict resolution and fusion algorithm that enables co-authorization of medical data by the doctor and the patient is introduced. To balance the symmetry of medical data storage and processing, a cloud-chain cooperation ciphertext retrieval method is proposed by means of two-stage joint searching from cloud servers and the blockchain, which can not only detect malicious medical data feedback from cloud servers, but also improve the data search efficiency. The security analysis showed that this scheme satisfies the confidentiality and verifiability of the retrieved information, and the feasibility of the proposed scheme was demonstrated through experiments.

Dongfeng Fang,Yi Qian,Rose Qingyang Hu

DOI: https://doi.org/10.1109/jiot.2020.2970974

IF: 10.6

2020-04-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) applications have been rapidly deployed into pervasive environment, where both challenges and opportunities abound. On the one hand, a large number of IoT devices and their rich functions contribute significant volumes of data, which has brought tremendous convenience to the daily lives of end users. On the other hand, the heterogeneous IoT devices and a large amount of private information transmitted through networks also bring serious security and privacy issues. It is a big challenge to model IoT systems and trust relationships between different entities with a large number of heterogeneous IoT devices. In this article, we study a general IoT system architecture with consideration of heterogeneous IoT devices. Different trust models are proposed and analyzed based on the trust relationships between different entities in the IoT system. We propose a flexible and efficient authentication scheme with a consideration of heterogeneous IoT devices based on the least trust-required model. The proposed scheme provides security and privacy to resource-limited IoT devices flexibly and efficiently by utilizing IoT devices with better storage and computational ability. Moreover, secure data transmission is presented with contextual privacy and data integrity services. The proposed scheme achieves not only the mutual authentication, initial session key agreement, and data integrity but also anonymity, contextual privacy, forward security, end-to-end security, and key escrow resilience. Security analysis is presented to provide verification of the proposed protocol and security objectives. Moreover, performance evaluation is presented with comparison to the other schemes in terms of security features, computational overhead, and communication overhead. The performance comparisons show that our proposed scheme provides flexible and efficient security by consideration of heterogeneous IoT devices. With the higher proportion of resource-limited IoT devic-s, our proposed scheme outperforms other similar schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yang, Xiaodong,Wei, Lizhen,Li, Songyu,Wang, Caifen

DOI: https://doi.org/10.1007/s12083-024-01769-w

IF: 3.488

2024-07-26

Peer-to-Peer Networking and Applications

Abstract:To enhance the security of medical data, the government and healthcare institutions must collect and analyze vast amounts of information, enabling the prompt detection of irregular patterns and timely issuance of accurate warnings. This is crucial for preventing and containing potential threats to medical data security. However, securely sharing and converting these data poses a significant challenge, particularly in open wireless access networks within healthcare settings. Proxy re-signature (PRS) offers not only signature conversion capabilities but also anonymity, safeguarding data reliability and authenticity. Nonetheless, current proxy re-signature techniques overlook the potential for algorithm substitution attacks (ASA). Therefore, we introduce a novel proxy re-signature scheme, leveraging cryptographic reverse firewall (CRF) technology, tailored specifically for the medical domain. Furthermore, we conducted rigorous security analysis and simulation experiments to validate the practical effectiveness of our scheme. This approach addresses the need for secure data sharing among various entities, including medical institutions, management centers, and research facilities, ensuring the integrity and confidentiality of critical medical information.

computer science, information systems,telecommunications

Jialu Hao,Wenjuan Tang,Cheng Huang,Jian Liu,Huimei Wang,Ming Xian

DOI: https://doi.org/10.1109/tetc.2021.3052377

2022-01-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Cloud-assisted Internet of Medical Things (IoMT) is becoming an emerging paradigm in the healthcare domain, which involves collection, storage and usage of the medical data. Considering the confidentiality and accessibility of the outsourced data, secure and fine-grained data sharing is a crucial requirement for the patients. Attribute-based encryption (ABE) is a promising solution to deal with this issue, but considering its property of each attribute sharing with multiple users, how to flexibly and efficiently update access privileges of certain users without affecting others is still a serious challenge. In this article, we propose a secure and fine-grained data sharing scheme with flexible user access privilege update in cloud-assisted IoMT environment. Specifically, we take ABE as the basic building block, and utilize proxy re-encryption and key blinding techniques to empower the cloud server to re-encrypt the ciphertext affected by revocation and update keys for unrevoked users. In addition, adding attributes for users to extend their access rights is realized only based on few key components stored in cloud without entirely re-computing and re-issuing keys for them. As a result, the patients are able to flexibly and efficiently share their data and manage users’ privileges. Formal proof and detailed performance evaluation demonstrate the security and efficiency of the proposed scheme.

Ye Lu,Tao Feng,Chunyan Liu,Wenbo Zhang

DOI: https://doi.org/10.32604/cmc.2023.046106

2024-01-01

Abstract:The Access control scheme is an effective method to protect user data privacy. The access control scheme based on blockchain and ciphertext policy attribute encryption (CP–ABE) can solve the problems of single—point of failure and lack of trust in the centralized system. However, it also brings new problems to the health information in the cloud storage environment, such as attribute leakage, low consensus efficiency, complex permission updates, and so on. This paper proposes an access control scheme with fine-grained attribute revocation, keyword search, and traceability of the attribute private key distribution process. Blockchain technology tracks the authorization of attribute private keys. The credit scoring method improves the Raft protocol in consensus efficiency. Besides, the interplanetary file system (IPFS) addresses the capacity deficit of blockchain. Under the premise of hiding policy, the research proposes a fine-grained access control method based on users, user attributes, and file structure. It optimizes the data-sharing mode. At the same time, Proxy Re-Encryption (PRE) technology is used to update the access rights. The proposed scheme proved to be secure. Comparative analysis and experimental results show that the proposed scheme has higher efficiency and more functions. It can meet the needs of medical institutions.

computer science, information systems,materials science, multidisciplinary

Chin-Ling Chen,Po-Tsun Huang,Yung-Yuan Deng,Hsing-Chung Chen,Yun-Ciao Wang

DOI: https://doi.org/10.1186/s13673-020-00221-1

2020-05-07

Abstract:Abstract As cloud computing technology matures, along with an increased application of distributed networks, increasingly larger amounts of data are being stored in the cloud, and are thus available for pervasive application. At the same time, current independent medical record systems tend to be inefficient, and most previous studies in this field fail to meet the security requirements of anonymity and unlinkability. Some proposed schemes are even vulnerable to malicious impersonation attacks. The scheme proposed in this study, therefore, combines public and private clouds in order to more efficiently and securely preserve and manage electronic medical records (EMR). In this paper, a new secure EMR authorization system is proposed, which uses elliptic curve encryption and public-key encryption, providing a health care system with both public and private cloud environments with a message authentication mechanism, allowing the secure sharing of medical resources. The analysis shows that the proposed scheme prevents known attacks, such as replay attacks, man-in-the-middle attacks and impersonation attacks, and provides user anonymity, unlinkability, integrity, non-repudiation, forward and backward security.

computer science, information systems

Liang Yan,Lina Ge,Zhe Wang,Guifen Zhang,Jingya Xu,Zheng Hu

DOI: https://doi.org/10.1186/s13677-023-00444-4

2023-04-19

Journal of Cloud Computing

Abstract:With the rapid development of cloud computing technology, how to achieve secure access to cloud data has become a current research hotspot. Attribute-based encryption technology provides the feasibility to achieve the above goal. However, most of the existing solutions have high computational and trust costs. Furthermore, the fairness of access authorization and the security of data search can be difficult to guarantee. To address these issues, we propose a novel access control scheme based on blockchain and attribute-based searchable encryption in cloud environment. The proposed scheme achieves fine-grained access control with low computation consumption by implementing proxy encryption and decryption, while supporting policy hiding and attribute revocation. The encrypted file is stored in the IPFS and the metadata ciphertext is stored on the blockchain, which ensures data integrity and confidentiality. Simultaneously, the scheme enables the secure search of ciphertext keyword in an open and transparent blockchain environment. Additionally, an audit contract is designed to constrain user access behavior to dynamically manage access authorization. Security analysis proves that our scheme is resistant to chosen-plaintext attacks and keyword-guessing attacks. Theoretical analysis and experimental results show that our scheme has high computational and storage efficiency, which is more advantageous than other schemes.

Xingmiao Wang,Kai Fan,Kan Yang,Xiaochun Cheng,Qingkuan Dong,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.comcom.2022.01.014

IF: 5.047

2022-03-01

Computer Communications

Abstract:The widespread application of Radio Frequency Identification (RFID) technology in smart living, especially in smart healthcare, has greatly facilitated patient management, reduced the labour cost of medical services, and provided patients with better medical services. However, improper use of RFID tags is highly likely to threaten the safety and privacy of hospitals and even patients, which may not only cause physical and mental harm to patients but also damage the reputation of hospitals. Medical monitoring system based on RFID technology plays a significant role in guaranteeing the security of medical records as well as the privacy of patients. Nevertheless, due to the resource constraint of RFID tags/readers, it is also challenging to design an efficient and effective authentication protocol for RFID medical monitoring system. Aiming to reduce the resource overhead and meet security requirements of the RFID system, in this paper, we propose an ultra-lightweight RFID security authentication protocol utilizing a cloud server named CRUSAP, which is based on Bit-Crossing XOR rearrangement operations that can effectively resist forgery attacks, replay attacks, desynchronization attacks, and denial of service attacks while certifying the cloud server. The formal logic of BAN proves the safety and feasibility of the protocol. Additionally, the security analysis and experimental results show that the proposed authentication protocol can realize higher security goals at a lower cost and is more suitable for scaling to large-scale authentication.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiahao Li,Dongmei Li,Xiaomei Zhang

DOI: https://doi.org/10.1109/jiot.2023.3268278

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:IoT-based smart healthcare system allows doctors to monitor and diagnose patients remotely, which can greatly ease overcrowding in the hospitals and disequilibrium of medical resources, especially during the rage of COVID-19. However, the smart healthcare system generates enormous data which contains sensitive personal information. To protect patients’ privacy, we propose a secure blockchain-assisted access control scheme for smart healthcare system in fog computing. All the operations of users are recorded on the blockchain by smart contract in order to ensure transparency and reliability of the system. We present a blockchain-assisted Multi-Authority Attribute-Based Encryption (MA-ABE) scheme with keyword search to ensure the confidentiality of the data, avoid single point of failure and implement fine-grained access control of the system. IoT devices are limited in resources, therefore it is not practical to apply the blockchain-assisted MA-ABE scheme directly. To reduce the burdens of IoT devices, We outsource most of the computational tasks to fog nodes. Finally, the security and performance analysis demonstrate that the proposed system is reliable, practical, and efficient.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rui Lian,Yifeng Zheng,Cong Wang

DOI: https://doi.org/10.1109/tsc.2024.3377158

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Enforcing end-to-end data encryption is vital for protecting the interests of requesters in crowdsourcing services, who initiate crowdsourcing tasks and need to pay the service provider and reward workers for the crowdsourced data. It ensures that the data encrypted by workers can be decrypted by the requester only. This yet makes it challenging to protect workers in getting rewards as the data is now only accessible to the requester, who may falsely report workers' data quality. There is thus an urgent call for enforcing end-to-end data encryption while achieving robustness against such false-reporting. However, this is not yet sufficient for worker protection because most platforms with quality awareness involve a screening process for worker selection in advance, which requires collecting personal worker profiles for assessment against task requirements and raises privacy concerns. In light of the above, we propose PrivRo, a new system framework for privacy-preserving crowdsourcing service with robust quality awareness. PrivRo supports private profile matching for secure screening as well as secure data collection with verifiable quality reporting through custom secure protocols. To our best knowledge, no prior work has simultaneously and adequately supported the secure functionalities compared to PrivRo. Extensive experiments demonstrate the practical efficiency of PrivRo.

computer science, information systems, software engineering

Arthur S. Voundi Koe,Qi Chen,Juan Tang,Shan Ai,Hongyang Yan,Shiwen Zhang,Duncan S. Wong

DOI: https://doi.org/10.1002/int.23009

IF: 8.993

2022-09-09

International Journal of Intelligent Systems

Abstract:With recent advances in cloud computing, mobile devices are increasingly being used to record patient physiological parameters, and transfer them to a cloud‐based hospital information system, for access control mediation over a variety of stakeholders. In such a cloud‐based architecture, the patient must specify an access policy for a group of authorized parties towards its outsourced data. Multiauthority ciphertext‐policy attribute‐based encryption (CP‐ABE) was provided as an innovative cloud‐based access control cryptographic primitive to tackle the key escrow issue in a centralized architecture, and boost flexibility through cross‐domain attributes management. Existing works, however, still have glaring drawbacks. First, they still rely on a trusted authority to generate and distribute user secret keys. Second, they do not simultaneously provide encryption, decryption, or revocation outsourcing, resulting in high processing and communication cost for both the data sender and the data receiver. Third, they do not support both user and attribute revocation, and the integrity of ciphertext downloaded from the cloud is not always verified at the user end. As a result, this paper exploits the dummy attribute technique and introduces a novel, efficient, and secure multiauthority ciphertext‐policy ABE method for mediating access control over medical data, in the mobile cloud. The ciphertext access policy enforcement, partial ciphertext decryption, and both the user and attribute indirect revocation updates are safely outsourced to the cloud server in this study. Theoretical analysis demonstrates that our scheme is efficient and verifiable, and we prove that our construction is secure under the decisional bilinear Diffie‐Hellman assumption.

computer science, artificial intelligence

Minyu Teng,Jingxuan Han,Jintao Xie,Jiayao Gao,Jiangfeng Li,Yang Shi

DOI: https://doi.org/10.1145/3687127

2024-09-20

ACM Transactions on Sensor Networks

Abstract:With the rapid growth of wireless sensor networks, secure data transmission, storage, and distribution in such networks has become an urgent demand. To defend against security risks such as data leakage, key compromise, and unauthorized misuse of data simultaneously, we propose a novel obfuscatable ciphertext-policy attribute-based re-encryption scheme with a specially designed obfuscator. The proposed scheme leverages program obfuscation to transform the re-encryption program codes into an unintelligible form and embed the private keys into the obfuscated implementation. Consequently, the proposed scheme protects data confidentiality and keeps the secrecy of the private key while providing fine-grained access control. Formal proofs for the security of the proposed re-encryption scheme and the obfuscator are provided. Extensive experiments have been conducted on representative platforms, including cloud servers, workstations, and embedded devices, to evaluate the computational efficiency and energy consumption of the scheme. Experimental results indicate that the scheme achieves high efficiency on various platforms and economical energy consumption on typical embedded devices with constrained resources.

computer science, information systems,telecommunications