Shanshan Tu,Fengming Huang,Shengju Zhang,Akhtar Badshah,Hisham Alasmary,Muhammad Waqas

DOI: https://doi.org/10.1109/cits55221.2022.9832996

2022-01-01

Abstract:Securing Internet of Things (IoT) devices in fog computing systems can be challenging due to the inherent limitations of IoT devices. For instance, cryptographic primitives, such as attribute-based encryption (ABE) schemes, are computationally expensive for deployment on IoT devices. Thus, ABE is not realistic in facilitating real-time updates in various applications of IoT. Therefore, attribute-based and multi-authority encryption schemes are designed that help attribute revocation and computation outsourcing from IoT devices to fog computing servers. The attribute revocation scheme is based on the ciphertext-policy attribute-based encryption (CP-ABE) technique. The CP-ABE scheme allows secret keys between IoT devices and fog nodes to be dynamically generated by incorporating the attribute group keys. Then, the encryption and decryption functions for IoT devices are outsourced to fog nodes, which present the CP-ABE validation.

Kai Fan,Huiyue Xu,Longxiang Gao,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.future.2019.04.003

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:The fog-to-things paradigm is introduced to mitigate the heavy burden on the edge of cloud-based network due to the centralized processing and storing of the massive volume of IoT data. Fog-enabled IoT architectures ensure small latency and enough computing resource that enables real time devices and applications. However, there still exist security and privacy challenges on data access control for fog-enabled IoT. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in cloud-fog computing systems. In this paper, we propose an efficient and privacy preserving outsourced multi-authority access control scheme, named PPO-MACS. All attributes of users are transformed to be anonymous and authenticable to realize privacy preserving. And the verifiable outsourced decryption is introduced to reduce computation overheads on the end user side. Meanwhile, an efficient user revocation method is proposed. Security and performance analysis show that our scheme is secure and highly efficient.

Arwa Alrawais,Abdulrahman Alhothaily,Chunqiang Hu,Xiaoshuang Xing,Xiuzhen Cheng

DOI: https://doi.org/10.1109/access.2017.2705076

IF: 3.9

2017-01-01

IEEE Access

Abstract:Fog computing is deemed as a highly virtualized paradigm that can enable computing at the Internet of Things devices, residing in the edge of the network, for the purpose of delivering services and applications more efficiently and effectively. Since fog computing originates from and is a non-trivial extension of cloud computing, it inherits many security and privacy challenges of cloud computing, causing the extensive concerns in the research community. To enable authentic and confidential communications among a group of fog nodes, in this paper, we propose an efficient key exchange protocol based on ciphertext-policy attribute-based encryption (CP-ABE) to establish secure communications among the participants. To achieve confidentiality, authentication, verifiability, and access control, we combine CP-ABE and digital signature techniques. We analyze the efficiency of our protocol in terms of security and performance. We also implement our protocol and compare it with the certificate-based scheme to illustrate its feasibility.

Kai Fan,Junxiong Wang,Xin Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.3390/s17071695

IF: 3.9

2017-01-01

Sensors

Abstract:With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

Jiguo Yu,Suhui Liu,Shengling Wang,Yinghao Xiao,Biwei Yan

DOI: https://doi.org/10.1109/jiot.2020.2992288

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:One of the best ways to deal with the massive data generated by the Internet of Things (IoT) is storing them in the cloud. However, outsourced storage raises some security and privacy issues, such as data leaking and illegal access. The attribute-based signcryption (ABSC) is one of the most promising approaches which can ensure the confidentiality and authenticity of data simultaneously. Nonetheless, it not only inherits the fine-grained access control but also the heavy computational cost which is intolerable for most resource-limited IoT devices. In this article, we propose lightweight hybrid-policy ABSC (LH-ABSC), a lightweight ABSC scheme which adopts ciphertext-policy encryption (CPABE) and key-policy attribute-based signature (KPABS). Ciphertext-policy attribute-based signature leads the decision making that who can decrypt to the data owners directly. Meanwhile, the signature is related with data owners' attribute set which can be used to testify the authenticity of data. In particular, LH-ABSC has constant signature size and satisfies public verification which is deeply important for IoT devices. Moreover, LH-ABSC outsources most computing overhead to fog nodes, including signature, verify, and decryption. Comprehensive theoretical analyses, such as confidentiality, unforgeability, and verifiability, are provided. Also, the selective chosen ciphertext security, the selective chosen message security, and signers anonymity are achieved.

Jialu Hao,Cheng Huang,Jianbing Ni,Hong Rong,Ming Xian,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1016/j.comnet.2019.02.008

IF: 5.493

2019-01-01

Computer Networks

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is a promising approach to achieve fine-grained access control over the outsourced data in Internet of Things (IoT). However, in the existing CP-ABE schemes, the access policy is either appended to the ciphertext explicitly or only partially hidden against public visibility, which results in privacy leakage of the underlying ciphertext and potential recipients. In this paper, we propose a fine-grained data access control scheme supporting expressive access policy with fully attribute hidden for cloud-based IoT. Specifically, the attribute information is fully hidden in access policy by using randomizable technique, and a fuzzy attribute positioning mechanism based on garbled Bloom filter is developed to help the authorized recipients locate their attributes efficiently and decrypt the ciphertext successfully. Security analysis and performance evaluation demonstrate that the proposed scheme achieves effective policy privacy preservation with low storage and computation overhead. As a result, no valuable attribute information in the access policy will be disclosed to the unauthorized recipients.

Shengmin Xu,Guomin Yang,Yi Mu,Ximeng Liu

DOI: https://doi.org/10.1016/j.future.2019.02.051

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:Internet of Things (IoT) cloud provides a practical and scalable solution to accommodate the data management in large-scale IoT systems by migrating the data storage and management tasks to cloud service providers (CSPs). However, there also exist many data security and privacy issues that must be well addressed in order to allow the wide adoption of the approach. To protect data confidentiality, attribute-based cryptosystems have been proposed to provide fine-grained access control over encrypted data in IoT cloud. Unfortunately, the existing attributed-based solutions are still insufficient in addressing some challenging security problems, especially when dealing with compromised or leaked user secret keys due to different reasons. In this paper, we present a practical attribute-based access control system for IoT cloud by introducing an efficient revocable attribute-based encryption scheme that permits the data owner to efficiently manage the credentials of data users. Our proposed system can efficiently deal with both secret key revocation for corrupted users and accidental decryption key exposure for honest users. We analyze the security of our scheme with formal proofs, and demonstrate the high performance of the proposed system via experiments.

Jiguo Li,Yichen Zhang,Jianting Ning,Xinyi Huang,Geong Sen Poh,Debang Wang

DOI: https://doi.org/10.1109/tcc.2020.2975184

IF: 5.697

2020-01-01

IEEE Transactions on Cloud Computing

Abstract:The pervasive, ubiquitous, and heterogeneous properties of IoT make securing IoT systems a very challenging task. More so when access and storage are performed through a cloud-based IoT system. IoT data stored on cloud should be encrypted to ensure data privacy. It is also crucial to allow only authorized entities to access and decrypt the encrypted data. In this article, we propose a ciphertext-policy attribute-based encryption (CP-ABE) scheme that enables fine-grained access control of encrypted IoT data on cloud. CP-ABE is regarded as a highly promising approach to provide flexible and fine-grained access control, which is quite suited to secure cloud based IoT systems. We first present an access control system model of CloudIoT platform based on ABE. Based on the presented system model, we construct a ciphertext-policy hiding CP-ABE scheme, which guarantees the privacy of the users. We further construct a white-box traceable CP-ABE scheme with accountability in order to address the user key abuse and authorization center key abuse. Experiment illustrates the proposed systems are efficient.

computer science, information systems, theory & methods

Xiong Li,Tian Liu,Chaoyang Chen,Qingfeng Cheng,Xiaosong Zhang,Neeraj Kumar

DOI: https://doi.org/10.1109/jiot.2022.3165576

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:As an extension of cloud computing, edge computing has attracted the attention of academia and industry because of its characteristics of low latency, high bandwidth, and low energy consumption. However, due to limited terminal resources and insufficient security design, the edge computing environment still faces many challenges in terms of data security and privacy protection. Among them, how to effectively control access to outsourced data is one of the main issues. In this article, we propose a lightweight and verifiable ciphertext-policy attribute-based encryption (CP-ABE)-based multiauthority access control scheme for edge computing-assisted Internet of Things (IoT), which adopts the method of outsourcing decryption to mitigate the computational cost of data users with limited resources. In addition, our scheme realizes the feature of attribute revocation, and the design of the multiauthority mechanism enables our scheme to avoid the problem of key escrow. Therefore, our proposed scheme not only ensures data confidentiality but also can resist the collusion attack. Besides, our scheme is secure against the chosen plaintext attack in the random oracle model under the decision $q$ -BDHE assumption. Finally, we compared our scheme with some related work in performance, and the results demonstrate that our scheme is efficient in computation and communication. Because our scheme greatly mitigates the overhead of data users, it is very suitable for edge computing supported IoT applications with restricted computation resources.

Suhui Liu,Jiguo Yu,Chunqiang Hu,Mengmeng Li

DOI: https://doi.org/10.1155/2021/6682580

2021-01-01

Wireless Communications and Mobile Computing

Abstract:Cloud-assisted Internet of Things (IoT) significantly facilitate IoT devices to outsource their data for high efficient management. Unfortunately, some unsettled security issues dramatically impact the popularity of IoT, such as illegal access and key escrow problem. Traditional public-key encryption can be used to guarantees data confidentiality, while it cannot achieve efficient data sharing. The attribute-based encryption (ABE) is the most promising way to ensure data security and to realize one-to-many fine-grained data sharing simultaneously. However, it cannot be well applied in the cloud-assisted IoT due to the complexity of its decryption and the decryption key leakage problem. To prevent the abuse of decryption rights, we propose a multiauthority ABE scheme with white-box traceability in this paper. Moreover, our scheme greatly lightens the overhead on devices by outsourcing the most decryption work to the cloud server. Besides, fully hidden policy is implemented to protect the privacy of the access policy. Our scheme is proved to be selectively secure against replayable chosen ciphertext attack (RCCA) under the random oracle model. Some theory analysis and simulation are described in the end.

Dawei Li,Jianwei Liu,Qianhong Wu,Zhenyu Guan

DOI: https://doi.org/10.1109/access.2019.2890976

IF: 3.9

2019-01-01

IEEE Access

Abstract:Fog computing enables computation, storage, applications, and network services between the Internet of Things and the cloud servers by extending the Cloud Computing paradigm to the edge of the network. When protecting information security in Fog computing, advanced security with low latency, wide-spread geographical distribution support, and high flexibility should be taken in to considertion first, because of its huge number of nodes. In this paper, we propose a new cryptographic primitive, named CCA2 secure publicly-verifiable revocable large-universe multi-authority attribute-based encryption (CCA2-PV-R-LU-MA-ABE), to achieve flexible fine-grained access control in Fog computing. In this primitive, end nodes in fogs generate private keys from multiple authorities that might be differentiated by their geographical locations or functions, and their attributes can be denoted by any strings in the large universe, which meets diverse needs in practical Fog applications. In addition, the accessibility of nodes can be revoked efficiently even by resource-limited devices. To ensure the validity of ciphertext, this primitive supports public verification and only valid ciphertext can be stored or transmitted. Based on the primitive and the feature of Fog computing, we construct a concrete CCA2-PV-R-LU-MA-ABE scheme. We define the security model of this primitive, which is much more secure than the CPA-secure scheme. Finally, we compare the efficiency of the proposed concrete scheme with that of the existing CPA-secure scheme by both theoretical and experimental analysis, and the results show that the extra consumption of efficiency to improving CPA to CCA2 is considerably low. The proposed scheme is highly secure, flexible, and efficient enough to be deployed in practical Fog computing.

Shengmin Xu,Jianting Ning,Jinhua Ma,Xinyi Huang,HweeHwa Pang,Robert H. Deng

DOI: https://doi.org/10.1145/3450569.3463561

2021-01-01

Abstract:As a versatile system architecture, cloud-fog Internet-of-Things~(IoT) enables multiple resource-constrained devices to communicate and collaborate with each other. By outsourcing local data and immigrating expensive workloads to cloud service providers and fog nodes (FNs), resource-constrained devices can enjoy data services with low latency and minimal cost. To protect data security and privacy in the untrusted cloud-fog environment, many cryptographic mechanisms have been invented. Unfortunately, most of them are impractical when directly applied to cloud-fog IoT computing, mainly due to the large number of resource-constrained end-devices (EDs). In this paper, we present a secure cloud-fog IoT data sharing system with bilateral access control based on a new cryptographic tool called lightweight matchmaking encryption. Our system enforces both sender access control and receiver access control simultaneously and adapts to resource-constrained EDs by outsourcing costly workloads to FNs. We conduct extensive experiments to demonstrate the superior performance of our system to the most relevant solutions in the literature.

Xiang Li,Hui Tian,Jianting Ning

DOI: https://doi.org/10.1007/978-3-030-31919-9_22

2019-01-01

Abstract:To ensure the security of mass data sharing in the Internet of Things, the cloud computing platform is supposed to provide data-storage services. The ciphertext-policy attribute-based encryption (CP-ABE) schemes has attracted wide-scale attention since users can access the cloud platform in a fine-grained manner. However, there are still some problems in the existing CP-ABE schemes when directly applied in the Internet of Things environment. The problem of simultaneously achieves large computational cost in the encryption and decryption. Moreover, the privacy of access control policy actually still remains unresolved. To fill the gap of the existing schemes, this paper proposes a suitable data sharing scheme for IoT devices which can’t always be online. We use the online/offline CP-ABE technology with privacy, while hiding the access control structure and reducing the computational cost of the devices when they are online. The asymptotic complexity comparison also shows that our scheme achieves high computation efficiency.

Jie Chen,Jiaxu Niu,Hao Lei,Li Lin,Yunhao Ling

DOI: https://doi.org/10.1016/j.comnet.2023.109844

IF: 5.493

2023-01-01

Computer Networks

Abstract:Fog computing is considered an important development in cloud computing, with shorter response times, less data transfer load and a more secure distributed service architecture that can be accessed by a wide range of end devices. As with cloud computing, it also faces the challenge of how to securely distribute sensitive data. Ciphertext-Policy Attribute-based Broadcast Encryption (CP-ABBE) can protect sensitive data and provide fine-grained access control with user revocation. However, existing CP-ABBE schemes suffer many limitations when implemented in a fog computing environment: a single authority performs poorly in handling requests or data from many IoT devices, leading to system delays or limited functionality; expensive decryption costs make the computation and storage overheads unfriendly to devices with limited resources; these schemes are only proven selectively secure, meaning that security was proven in a weaker model. In this paper, using threshold secret sharing and decryption delegation, we propose an adaptively secure attribute-based multi-authority broadcast encryption (MA-ABBE) scheme that breaks through these limitations. The comparison and analysis results show that our scheme is practical and achieves adaptive security, enables user-side fast decryption and low storage overhead, and provides a secure and efficient option for protecting sensitive data in fog computing environments.

Hua Tong,Jie Huang,Chunyang Qi

DOI: https://doi.org/10.1145/3444370.3444601

2020-01-01

Abstract:Aiming at the problem that the security of large and diverse types of IoT data is difficult to ensure when exchanging and sharing, a standardized method based on IoT multiple data types is proposed, and a lightweight CK-CPABE (Constant Key-Size Ciphertext-Policy Attribute-Based Encryption) cryptographic algorithm based on attribute-based encryption is designed, which realizes the rapid encryption and decryption of IoT data, ensuring the secure exchange, sharing and extended control of diverse IoT data. The results of simulation experiments verify that the algorithm designed in this article has security and reliability in IoT. Compared with the current CP-ABE algorithm, the encryption and decryption time of the algorithm is reduced by 0.46 seconds and 0.12 seconds on average.

Jiale Zhang,Zhen Cheng,Xiang Cheng,Bing Chen

DOI: https://doi.org/10.1080/09540091.2020.1841096

2020-01-01

Connection Science

Abstract:Fog computing is recently a novel distributed computing paradigm that performs a significant achievement in the latency-sensitive smart Internet of Things (IoT) applications. However, the security and privacy issues, such as data leakage, still challenge the wide deployment of fog computing infrastructure. To guarantee data confidentiality and meanwhile achieving fine-grained access control, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) promises to provide a flexible access policy for securely sharing data among users, fog nodes, and cloud center. However, due to the complicated cryptographic operations, CP-ABE has met a significant drawback that requires heavy computation resources on the user-side. In this paper, we propose an outsourced access control scheme with hidden access structures, named OAC-HAS, in fog-enhanced IoT systems. The contributions of our OAC-HAS scheme are three-folds. Firstly, we introduce a fog-cloud computing (FCC) environment which has the outsourcing capability. Then, we design an outsource verification mechanism to guarantee the correctness of executing cryptographic operations on the fog nodes. Finally, we also provide a privacy guarantee that prevents information leakage from the access structures. Security analysis and experimental results show that the proposed OAC-HAS scheme achieves flexible access policy, privacy-preserving, and high efficiency in fog-enhanced IoT systems.

Kai Fan,Junxiong Wang,Xin Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1007/s12083-017-0562-8

IF: 3.488

2017-01-01

Peer-to-Peer Networking and Applications

Abstract:With the rapid development of vehicular networks, the problem of data sharing in vehicular networks has attached much attention. However, existing data access control schemes in cloud computing cannot be applied to the scenario of vehicular networks, because cloud computing paradigm cannot satisfy the rigorous requirement posed by latency-sensitive mobile application. Fog Computing is a paradigm that extends Cloud computing and services to the edge of the network. The vehicular fog is the ideal platform to achieve data sharing in vehicular networks. In this paper, we propose a revocable data sharing scheme for vehicular fogs. We construct a new multi-authority ciphertext policy attribute-based encryption (CP-ABE) scheme with efficient decryption to realize data access control in vehicular network system, and design an efficient user and attribute revocation method for it. The analysis and the simulation results show that our scheme is secure and highly efficient.

Rui Guo,Geng Yang,Huixian Shi,Yinghui Zhang,Dong Zheng

DOI: https://doi.org/10.1109/jiot.2021.3055541

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:With the processes of collecting, analyzing, and transmitting the data in the Internet of Things (IoT), the Internet of Medical Things (IoMT) comprises the medical equipment and applications connected to the healthcare system and offers an entity with real time, remote measurement, and analysis of healthcare data. However, the IoMT ecosystem deals with some great challenges in terms of security, such as privacy leaking, eavesdropping, unauthorized access, delayed detection of life-threatening episodes, and so forth. All these negative effects seriously impede the implementation of the IoMT ecosystem. To overcome these obstacles, this article presents an efficient, outsourced online/offline revocable ciphertext policy attribute-based encryption scheme with the aid of cloud servers and blockchains in the IoMT ecosystem. Our proposal achieves the characteristics of fine-grained access control, fast encryption, outsourced decryption, user revocation, and ciphertext verification. It is noteworthy that based on the chameleon hash function, we construct the private key of the data user with collision resistance, semantically secure, and key-exposure free to achieve revocation. To the best of our knowledge, this is the first protocol for a revocation mechanism by means of the chameleon hash function. Through formal analysis, it is proven to be secure in a selectively replayable chosen-ciphertext attack (RCCA) game. Finally, this scheme is implemented with the Java pairing-based cryptography library, and the simulation results demonstrate that it enables high efficiency and practicality, as well as strong reliability for the IoMT ecosystem.

Yi Wu,Wei Zhang,Hu Xiong,Zhiguang Qin,Kuo-Hui Yeh

DOI: https://doi.org/10.1007/s11042-021-11286-0

IF: 2.577

2021-01-01

Multimedia Tools and Applications

Abstract:With the universality and availability of Internet of Things (IoT), data privacy protection in IoT has become a hot issue. As a branch of attribute-based encryption (ABE), ciphertext policy attribute-based encryption (CP-ABE) is widely used in IoT to offer flexible one-to-many encryption. However, in IoT, different mobile devices share messages collected, transmission of large amounts of data brings huge burdens to mobile devices. Efficiency is a bottleneck which restricts the wide application and adoption of CP-ABE in Internet of things. Besides, the decryption key in CP-ABE is shared by multiple users with the same attribute, once the key disclosure occurs, it is non-trivial for the system to tell who maliciously leaked the key. Moreover, if the malicious mobile device is not revoked in time, more security threats will be brought to the system. These problems hinder the application of CP-ABE in IoT. Motivated by the actual need, a scheme called traceable and revocable ciphertext policy attribute-based encryption scheme with constant-size ciphertext and key is proposed in this paper. Compared with the existing schemes, our proposed scheme has the following advantages: (1) Malicious users can be traced; (2) Users exiting the system and misbehaving users are revoked in time, so that they no longer have access to the encrypted data stored in the cloud server; (3) Constant-size ciphertext and key not only improve the efficiency of transmission, but also greatly reduce the time spent on decryption operation; (4) The storage overhead for traceability is constant. Finally, the formal security proof and experiment has been conducted to demonstrate the feasibility of our scheme.

Shanshan Tu,Muhammad Waqas,Fengming Huang,Ghulam Abbas,Ziaul Haq Abbas

DOI: https://doi.org/10.1016/j.comnet.2021.108196

IF: 5.493

2021-01-01

Computer Networks

Abstract:Fog computing is a revolutionary technology for the next generation to bridge the gap between cloud data centers and end-users. Fog computing is not a counterfeit for cloud computing but a persuasive counterpart. It also accredits by utilizing the network edge while still rendering the possibility to interact with the cloud. Nevertheless, the features of fog computing are encountering several security challenges. The security of end-users and/or fog servers brings a significant dilemma in implementing fog computing. Moreover, in conventional cloud computing, the attribute-based encryption (ABE) technology is not appropriate for end-users due to restricted computing resources, i.e., limited resources, high end-to-end delay, and transmission capability. Hence, the revocation and outsourcing mechanisms become inappropriate between end-users and cloud servers. In this regard, this paper recommends a multi-authority attribute-based encryption (MA-ABE) technique to support revocation and outsource the attributes to fog computation. We present an attribute revocation scheme based on cipher-text attribute-based encryption by introducing the attribute group keys. In this process, the secret keys are dynamically altered and realized the requirement of immediate attribute revocations. Hence, we provide the complete encryption and decryption process for end-users and fog servers based on multi-authority, attribute revocation, and outsourcing computation, while most of the existing scheme lack to incorporate all these parameters. Our scheme also outsources the complicated encryption and decryption tasks to the fog server that significantly improves the overall computation efficiency compared to the state-of-the-art work.