Xiong Li,Tian Liu,Chaoyang Chen,Qingfeng Cheng,Xiaosong Zhang,Neeraj Kumar

DOI: https://doi.org/10.1109/jiot.2022.3165576

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:As an extension of cloud computing, edge computing has attracted the attention of academia and industry because of its characteristics of low latency, high bandwidth, and low energy consumption. However, due to limited terminal resources and insufficient security design, the edge computing environment still faces many challenges in terms of data security and privacy protection. Among them, how to effectively control access to outsourced data is one of the main issues. In this article, we propose a lightweight and verifiable ciphertext-policy attribute-based encryption (CP-ABE)-based multiauthority access control scheme for edge computing-assisted Internet of Things (IoT), which adopts the method of outsourcing decryption to mitigate the computational cost of data users with limited resources. In addition, our scheme realizes the feature of attribute revocation, and the design of the multiauthority mechanism enables our scheme to avoid the problem of key escrow. Therefore, our proposed scheme not only ensures data confidentiality but also can resist the collusion attack. Besides, our scheme is secure against the chosen plaintext attack in the random oracle model under the decision $q$ -BDHE assumption. Finally, we compared our scheme with some related work in performance, and the results demonstrate that our scheme is efficient in computation and communication. Because our scheme greatly mitigates the overhead of data users, it is very suitable for edge computing supported IoT applications with restricted computation resources.

Yang Kan,Jia Xiaohua,Ren Kui

DOI: https://doi.org/10.1109/TPDS.2014.2380373

IF: 5.3

2015-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Due to the high volume and velocity of big data, it is an effective option to store big data in the cloud, as the cloud has capabilities of storing big data and processing high volume of user access requests. Attribute-based encryption (ABE) is a promising technique to ensure the end-To-end security of big data in the cloud. However, the policy updating has always been a challenging issue when ABE is used to construct access control schemes. A trivial implementation is to let data owners retrieve the data and re-encrypt it under the new access policy, and then send it back to the cloud. This method, however, incurs a high communication overhead and heavy computation burden on data owners. In this paper, we propose a novel scheme that enabling efficient access control with dynamic policy updating for big data in the cloud. We focus on developing an outsourced policy updating method for ABE systems. Our method can avoid the transmission of encrypted data and minimize the computation work of data owners, by making use of the previously encrypted data with old access policies. Moreover, we also propose policy updating algorithms for different types of access policies. Finally, we propose an efficient and secure method that allows data owner to check whether the cloud server has updated the ciphertexts correctly. The analysis shows that our policy updating outsourcing scheme is correct, complete, secure and efficient. © 1990-2012 IEEE.

Ti Wang,Yongbin Zhou,Hui Ma,Rui Zhang

DOI: https://doi.org/10.1093/comjnl/bxac024

2023-01-01

Abstract:As a promising service paradigm, cloud computing has attracted lots of enterprises and individuals to outsource big data to public cloud. To facilitate secure data using and sharing, ciphertext-policy attribute-based encryption (CP-ABE) is a suitable solution, which can provide fine-grained access control and encryption functionalities simultaneously. However, some serious challenges are still remaining toward achieving flexible and controllable access policy update in CP-ABE, which essentially impede the powerful access control ability of CP-ABE from long-term and large-scale deployment in real systems. In this work, we propose a novel scheme named policy updatable CP-ABE for encrypted data sharing scenes. The proposed scheme features the following achievements: (i) it supports fine-grained update algorithms with no restriction on update time; (ii) the cloud server can effectively verify update ciphertexts, so the integrity of original data would not be compromised intentionally or accidentally during the update and (iii) most operations of encryption and policy update are securely outsourced to cloud servers, leaving extremely low overheads for data owners and users. We formally define its security model and prove it is adaptively secure. Also, we implement the proposed scheme using the Charm framework. The experiment results demonstrate that it is efficient and practical.

Jianqiang Li,Shulan Wang,Yuan Li,Haiyan Wang,Huiwen Wang,Huihui Wang,Jianyong Chen,Zhuhong You

DOI: https://doi.org/10.1109/tii.2019.2931156

IF: 12.3

2019-01-01

IEEE Transactions on Industrial Informatics

Abstract:Recently, more and more users and enterprises have entrusted data storage and platform construction to proxy cloud service provider (PCSP) through cloud technology. Under this background, the attribute-based encryption (ABE) mechanism is an alternative to fill the drawbacks of the traditional encryption through flexible fine-grained access policy and collusion prevention. However, there exist some security issues when the access policy and file need to be updated in practical applications. And the ABE has the problems of excessive computation and storage costs. In this article, an efficient ciphertext-policy ABE scheme with policy update and file update is proposed in cloud computing. The ciphertext components generated by first encryption can be shared when the policy update and file update happens. It reduces the storage and communication costs of the client, and the computational cost of the PCSP. Moreover, the proposed scheme is proved to be secure under the assumption of decision q-parallel bilinear Diffie–Hellman exponent (BDHE). Finally, experimental simulation shows that the proposed scheme is highly efficient in terms of policy update and file update.

Hong Zhong,Yiyuan Zhou,Qingyang Zhang,Yan Xu,Jie Cui

DOI: https://doi.org/10.1016/j.future.2020.09.021

IF: 7.307

2020-01-01

Future Generation Computer Systems

Abstract:In recent years, the continuous development of smart healthcare has brought substantial convenience to our lives, especially for emerging edge-enabled smart healthcare systems that transmit and store a large amount of medical data. However, if private health data of users are leaked or tampered with, it will cause enormous damage to users’ rights, even threatening the safety of their lives. Traditionally, attribute-based encryption (ABE) is used to encrypt data and implement fine-grained access control for such sensitive information. However, the computing overhead of traditional ABE is relatively large, and in an edge-enabled environment, the outsourcing part of encryption and decryption to the edge node can reduce the computing cost of resource-constrained devices for edge-enabled smart healthcare. However, current schemes are not efficient for resource-constrained devices and edge nodes. Therefore, an efficient ABE scheme is proposed that outsources part of the encryption and decryption to the edge nodes as well as supports attribute updates, enabling flexible right control. A formal security proof is provided, verifying that our scheme is secure under the Decisional Bilinear Diffie–Hellman assumption. The performance of our scheme is evaluated at different security levels, and the experimental results demonstrate that our scheme is more efficient for resource-constrained devices than the traditional ABE.

Kan Yang,Xiaohua Jia,Kui Ren,Ruitao Xie

DOI: https://doi.org/10.1109/INFOCOM.2014.6848142

2014-01-01

Abstract:Due to the high volume and velocity of big data, it is an effective option to store big data in the cloud, because the cloud has capabilities of storing big data and processing high volume of user access requests. Attribute-Based Encryption (ABE) is a promising technique to ensure the end-to-end security of big data in the cloud. However, the policy updating has always been a challenging issue when ABE is used to construct access control schemes. A trivial implementation is to let data owners retrieve the data and re-encrypt it under the new access policy, and then send it back to the cloud. This method incurs a high communication overhead and heavy computation burden on data owners. In this paper, we propose a novel scheme that enabling efficient access control with dynamic policy updating for big data in the cloud. We focus on developing an outsourced policy updating method for ABE systems. Our method can avoid the transmission of encrypted data and minimize the computation work of data owners, by making use of the previously encrypted data with old access policies. Moreover, we also design policy updating algorithms for different types of access policies. The analysis show that our scheme is correct, complete, secure and efficient.

Hu Xiong,Yanan Zhao,Li Peng,Hao Zhang,Kuo-Hui Yeh

DOI: https://doi.org/10.1016/j.future.2019.03.008

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:The rapid growth of data has successfully promoted the development of edge computing, which is used for processing the data at the edge of network. The emergence of edge computing compensates for the network delay caused by massive data uploads to the cloud. However, the issues of data security and privacy protection still need to be resolved. In this paper, we propose an efficient ciphertext-policy attribute-based encryption (CP-ABE) scheme that for the first time simultaneously achieves partially hidden policy, direct revocation, and verifiable outsourced decryption. Specifically, in our scheme, the concept of partially hidden policy is introduced to protect private information in an access policy. In addition, after a revocation is successfully executed, the revoked users will not be able to access the message without affecting any other non-revoked users. Our new scheme leverages the outsourcing technique to minimize the overhead required of the user. We demonstrate that our scheme is secure under the Decisional (q−1) Diffie–Hellman assumption and the Decisional Bilinear Diffie–Hellman assumption, as well as evaluating its performance using simulations.

Wenying Zheng,Bing Chen,Debiao He

DOI: https://doi.org/10.1016/j.csi.2022.103640

IF: 3.721

2022-01-01

Computer Standards & Interfaces

Abstract:Access control is an essential mechanism in collaborative environments, which guarantees the security of shared resources. With the intertwinement of emerging technologies likes edge computing, cloud, Artificial Intelligence (AI), and Internet of Things (IoT), access control will encounter its innovation and development shortly. Whereas, traditional access control did not consider the adaptive and fine-grained requirements in edge computing. In addition, the integrity of the accessed data is not considered in the traditional access control scheme. In this paper, inspired by the technologies in AI and cloud, an adaptive access control scheme based on trust degrees is proposed. The trust degrees of users and the quality of data are defined. On this basis, the trust degrees-based adaptive access control framework is proposed. Moreover, in the proposed scheme, technologies in AI and cryptography are converged. In particular, the ciphertext policy attribute-based encryption (CP-ABE) is integrated with the classification and recommendation algorithms in AI, thereby providing adaptive and finegrained properties for access control in edge computing. Moreover, the integrity of the accessed data is guaranteed by the auditing technique in cryptography. Finally, the proposed access control scheme is implemented by using the PBC library. For supporting the efficient computation in edge computing, all types of elliptic curves provided by the PBC library are tested. The experimental result shows that Type D curve is the most efficient in implementing the proposed scheme.

Marco Aiello,E. Johnsen,S. Dustdar,Ilche Georgievski

DOI: https://doi.org/10.1007/978-3-319-44482-6

2016-01-01

Abstract:Policy update management is one of the key problems in the ciphertext policy-attribute-based encryption (CP-ABE) supporting access control in data outsourcing scenario. The problem is that the policy is tightly coupled with the encryption itself. Hence, if the policy is updated, the data owner needs to re-encrypt files and sends them back to the cloud. This incurs overheads including computation, communication, and maintenance cost at data owner side. The computation and communication overheads are even more costly if there are frequent changes of access control elements such as users, attributes and access rules. In this paper, we extend the capability of our access control scheme: C-CP-ARBE to be capable to support secure and flexible policy updating in data outsourcing environment. We propose a policy updating method and exploit a very lightweight proxy re-encryption (VL-PRE) technique to enable policies to be dynamically and effectively updated in the cloud. Finally, we demonstrate the efficiency and performance of our proposed scheme through our evaluation and implementation.

Kaifa Zheng,Caiyang Ding,Jinchen Wang

DOI: https://doi.org/10.3390/electronics12122737

IF: 2.9

2023-06-20

Electronics

Abstract:The node–edge–cloud collaborative computation paradigm has introduced new security challenges to data sharing. Existing data-sharing schemes suffer from limitations such as low efficiency and inflexibility and are not easily integrated with the node–edge–cloud environment. Additionally, they do not provide hierarchical access control or dynamic changes to access policies for data privacy preservation, leading to a poor user experience and lower security. To address these issues, we propose a data-sharing scheme using attribute-based encryption (ABE) that supports node–edge–cloud collaborative computation (DS-ABE-CC). Our scheme incorporates access policies into ciphertext, achieving fine-grained access control and data privacy preservation. Firstly, considering node–edge–cloud collaborative computation, it outsources the significant computational overhead of data sharing from the owner and user to the edge nodes and the cloud. Secondly, integrating deeply with the "node–edge–cloud" scenario, the key distribution and agreement between all entities embedded in the encryption and decryption process, with a data privacy-preserving mechanism, improve the efficiency and security. Finally, our scheme supports flexible and dynamic access control policies and realizes hierarchical access control, thereby enhancing the user experience of data sharing. The theoretical analysis confirmed the security of our scheme, while the comparison experiments with other schemes demonstrated the practical feasibility and efficiency of our approach in node–edge–cloud collaborative computation.

engineering, electrical & electronic,computer science, information systems,physics, applied

Kai Fan,Tingting Liu,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.jpdc.2019.09.008

IF: 4.542

2020-01-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the development of computer technology, it makes malicious users more easily get data stored in cloud. However, these data are always related to users' privacy, and it is harmful when the data are acquired by attackers. Ciphertext-policy attribute-based encryption (CP-ABE) is suitable to achieve privacy and security in cloud. In this paper, we put forward a secure and efficient outsourced computation algorithm on data sharing scheme for privacy computing. Existing schemes only outsource decryption computation to the cloud, users still have heavy burden in encryption. In order to reduce the computing burden of users, most encryption and decryption computations are outsourced to the cloud service provider in our construction. At the same time, to apply in practice, we propose efficient user and attribute revocation. Finally, the security analysis and simulation results show that our scheme is secure and efficient compared with existing schemes.</p>

computer science, theory & methods

Kai Fan,Junxiong Wang,Xin Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.3390/s17071695

IF: 3.9

2017-01-01

Sensors

Abstract:With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

Jie Cui,Bei Li,Hong Zhong,Geyong Min,Yan Xu,Lu Liu

DOI: https://doi.org/10.1109/TPDS.2021.3094126

IF: 5.3

2022-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:The cloud computing paradigm provides numerous tempting advantages, enabling users to store and share their data conveniently. However, users are naturally resistant to directly outsourcing their data to the cloud since the data often contain sensitive information. Although several fine-grained access control schemes for cloud-data sharing have been proposed, most of them focus on the access control of the encrypted data (e.g., restricting the decryption capabilities of the receivers). Distinct from the existing work, this article aims to address this challenging problem by developing a more practical bidirectional fine-grained access control scheme that can restrict the capabilities of both senders and receivers. To this end, we systematically investigate the access control for cloud data sharing. Inspired by the access control encryption (ACE), we propose a novel data sharing framework that combines the cloud side and the edge side. The edge server is located in the middle of all the communications, checking and preventing illegal communications according to the predefined access policy. Next, we develop an efficient access control algorithm by exploiting the attribute-based encryption and proxy re-encryption for the proposed framework. The experimental results show that our scheme exhibits superior performance in the encryption and decryption compared to the prior work.

XueYan Liu,LiJuan Huan,RuiRui Sun,Jing Wang

DOI: https://doi.org/10.1155/2023/1701874

IF: 1.968

2023-01-01

Security and Communication Networks

Abstract:Edge computing, as an extension of cloud computing, outsources encrypted sensitive data to edge nodes to decrease latency and improve broadband efficiency. Although attribute-based keyword search (ABKS) can ensure the security of outsourced data and promote fine-grained access control of data, deficiencies still exist under the general ABKS scheme in the cloud, as follows: shared files owned by a single data owner, inflexible access control, key escrow problem, and high computational overhead. We propose an attribute-based multidata owner searchable encryption scheme in cloud-edge computing with effective policy update to address these problems. The two-level access control is used to realize the common management and fine-grained sharing of data by the multidata owner. All user keys are jointly generated by the central authority and attribute authority, and a key escrow is no longer required. Moreover, partial encryption and decryption calculations are shifted from resource-constrained data owners and users to edge nodes. Furthermore, our scheme not only supports policy update but also realizes the dynamic updating of the index. The security proof and performance analysis show that the scheme has strong security and practicality in the edge computing environment.

Jin Li,Xiaofeng Chen,Jingwei Li,Chunfu Jia,Jianfeng Ma,Wenjing Lou

DOI: https://doi.org/10.3233/jcs-150533

2015-01-01

Journal of Computer Security

Abstract:As cloud computing becomes prevalent, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for outsourced data security and privacy. Attribute-based encryption (ABE) is a promising cryptographic primitive, which has been widely applied to design fine-grained access control system recently. However, ABE is criticized for its high scheme overhead as the computational cost grows with the complexity of the access formula. This disadvantage becomes more serious for mobile devices with constrained computing resources. Aiming at tackling the challenge above, we present a generic and efficient solution to implement attribute-based access control system by introducing secure outsourcing techniques into ABE. More precisely, two cloud service providers (CSPs), namely key generation-cloud service provider (KG-CSP) and decryption-cloud service provider (D-CSP) are introduced to perform the outsourced key-issuing and decryption on behalf of attribute authority and users respectively. In order to outsource heavy computation to both CSPs without private information leakage, we formalize an underlying primitive called outsourced ABE (OABE) and propose several constructions with outsourced decryption and key-issuing. Finally, extensive experiment demonstrates that with the help of KG-CSP and D-CSP, efficient key-issuing and decryption are achieved in our constructions.

Hao Wang,Debiao He,Jian Shen,Zhihua Zheng,Chuan Zhao,Minghao Zhao

DOI: https://doi.org/10.1007/s00500-016-2271-2

IF: 3.732

2016-01-01

Soft Computing

Abstract:In the attribute-based encryption (ABE) systems, users can encrypt and decrypt messages based on their attributes. Because of the flexibility of ABE, it is more and more widely used in various network environments. However, complex functionality of ABE may cause an enormous computational cost. This reason greatly restricts the application of ABE in practice. In order to minimize the local computation of ABE, we introduce the concept of verifiable outsourced ABE system, in which key generation center, encryptor and decryptor, are able to outsource their computing tasks to the corresponding service providers, respectively, to reduce the local load. In addition, they are also able to verify the correctness of outsourcing calculation efficiently by using the outsourcing verification services. This is useful to save local computational resources, especially for mobile devices. Then, we propose a specific verifiable outsourced ABE scheme and prove its adaptive security in the standard model using the dual-system encryption method. Finally, we introduce how to deploy our outsourced CP-ABE scheme in cloud computing environment.

Jian Wang,Chunxiao Ye,Yangfei Ou

DOI: https://doi.org/10.1109/hpcc/smartcity/dss.2019.00092

2019-01-01

Abstract:Cloud computing have brought a lot of advantages, such as reducing the hardware cost and providing a convenient cloud storage service. More and more people choose to put their private data in the cloud. However, due to data outsourcing and seminal-trusted cloud servers, data access control has becoming a challenging issue. To protect data security and privacy, some ciphertext policy attribute-based encryption (CP-ABE) schemes have been applied to cloud data access control. However, there are two dynamic issues, namely attribute revocation and policy updating, that need to be solved in the existing CP-ABE schemes. In this paper, we propose a fine-grained dynamic multi-authority cloud data access control scheme, which can solve the above two problems. Besides, our scheme can also support user revocation, which make it more practical. The analysis and simulation results show that our scheme is secure in the random oracle model and is efficient.

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/INFCOM.2010.5462174

2010-01-01

Abstract:Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine-grained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.

Guangcan Yang,Peixuan Li,Ke Xiao,Yunhua He,Gang Xu,Chao Wang,Xiubo Chen

DOI: https://doi.org/10.3390/electronics12204237

IF: 2.9

2023-01-01

Electronics

Abstract:As an increasing number of people and corporations move their data to the cloud side, how to ensure efficient and secure access to data stored on the cloud side has become a key focus of current research. Attribute-Based Encryption (ABE) is largely recognized as the best access control method for safeguarding the cloud storage environment, and numerous solutions based on ABE have been developed successively. However, the majority of current research is conducted within a single cloud provider, and only the limited number of schemes for the multi-cloud environment also fail to support the data security classification on the cloud side. Therefore, we propose an efficient attribute-based encryption scheme with data security classification in the multi-cloud environment. In our scheme, the data owner’s data are divided into two security levels and stored in different cloud providers, which improves the security of outsourcing data. Moreover, based on Ciphertext-Policy Attribute-Based Encryption (CP-ABE), our scheme can not only provide a fine-grained access control for the data user, but also completely exploit the cloud side to facilitate outsourcing decryption to lighten the data user’s computing load. The security analysis showed that our scheme is effective against selective-attribute plaintext attack, as well as protects the privacy of the data. The experimental results also demonstrated that the computational overhead is obviously less than other existing schemes.

Qingshui Xue,Chenyang Wang,Zhen Xue

DOI: https://doi.org/10.1109/iceitsa57468.2022.00054

2022-01-01

Abstract:The traditional ciphertext-policy attribute-based encryption (CP-ABE) has the problems of poor security of key distribution by a single attribute authorization center and too much calculation on the client in the process of encryption and decryption. A CP-ABE scheme that can outsource encryption and decryption and support multi-authorization centers is introduced to solve the above two problems. In the key generation stage, the user's private key is generated by the attribute authorization center and the key generation center jointly executing the two-party secure computing protocol; In the encryption and decryption stage, the cloud encryption server and cloud storage server are used to handle most of the computing work. Security proof and performance analysis show that the scheme not only can effectively make up for the defect of all key leakage when the attribute authorization center is broken, but also can enhance the security of the system; Moreover, after using the cloud server to process data, users only need to perform a simple calculation on the client to complete encryption or decryption, thus reducing the user's computing workload.