Shengmin Xu,Jianting Ning,Yingjiu Li,Yinghui Zhang,Guowen Xu,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/tdsc.2020.3001557

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Cloud-fog computing is a novel paradigm to extend the functionality of cloud computing to provide a variety of on-demand data services via the edge network. Many cryptographic tools have been introduced to preserve data confidentiality against the untrustworthy network and cloud servers. However, how to efficiently identify and retrieve useful data from a large number of ciphertexts without a costly decryption mechanism remains a challenging problem. In this article, we introduce a cloud-fog-device data sharing system (CFDS) with data confidentiality and data source identification simultaneously based on a new cryptographic primitive named matchmaking attribute-based encryption (MABE) by extending matchmaking encryption in CRYPTO'19. Our solution offers a secure fine-grained bilateral access control that includes (1) fine-grained sender access control, (2) fine-grained receiver access control, (3) sender privacy, and (4) performance optimization via outsourcing data source identification to fog nodes. We give the formal definition and security models of MABE, and present a concrete construction with formal security proofs. We also offer a detailed security analysis of our proposed CFDS against real-world security threats. The extensive comparison and experimental simulation demonstrate that, by immigrating heavy workload to fog nodes, our scheme has better functionalities and performances than the most related solutions.

Shengmin Xu,Jianting Ning,Xinyi Huang,Jianying Zhou,Robert H. Deng

DOI: https://doi.org/10.1109/tifs.2021.3113516

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:As a versatile technique, cloud-fog computing extends the traditional cloud server to offer various on-demand data services. Maintaining data confidentiality is one of the most crucial requirements for data services, many cryptosystems have been proposed to reserve information privacy against such an untrusted environment. However, in cloud-fog computing, how to confidentially and efficiently share data and fetch desirable data without expensive data decryption for resource-constrained end-devices is challenging. In this paper, we propose a cloud-fog system for the Internet-of-Things (IoT) ecosystem by introducing a cryptographic primitive called server-aided revocable bilateral attribute-based encryption (SRB-ABE). Our solution is a secure and lightweight bilateral access control system with dynamic user groups, including (1) fine-grained data user and data owner access control simultaneously; (2) outsourced data source identification; (3) server-aided user revocation with publicly updatable ciphertexts; and (4) lightweight data decryption mechanism with one exponentiation computation. We present the formal definition and concrete construction of SRB-ABE with security proofs to build cloud-fog systems. The extensive comparison and experimental analysis demonstrate that our construction has superior functionality and comparable performance than the most relevant solutions.

Lintao Dang,Mianxiong Dong,Kaoru Ota,Jun Wu,Jianhua Li,Gaolei Li

DOI: https://doi.org/10.1109/icc.2018.8422844

2018-01-01

Abstract:Recently, an accelerating number of studies are dedicated to deploying various IoT applications in the information centric network paradigm which has lower system complexity than traditional network architectures. However, such a paradigm poses a number of security challenges especially when it is applied in real-time e-health applications. Firstly, it is difficult to ensure security of sensitive data in such a distributed data caching environment because after the data is published in the form of a packet to the information centric network (ICN), it is no longer controlled by the data publisher. Secondly, in some real-time e-health applications, terminal medical sensors are usually resource-constrained, limiting the direct adoption of expensive cryptographic primitives. In order to address these challenges, a resource-efficient secure data sharing scheme in information centric e-health system is proposed, one that utilizes ciphertext-policy attribute based encryption (CP-ABE) and adapts it to the above-mentioned system with respect to necessary security requirements. It also exploits computation resources of fog nodes and employs outsourcing cryptography to improve system efficiency.The evaluation demonstrates that the scheme can significantly reduce the computation overheads of the resource-constrained terminal medical devices, and can better support the real-time e-health applications.

Kai Fan,Junxiong Wang,Xin Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.3390/s17071695

IF: 3.9

2017-01-01

Sensors

Abstract:With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

Kai Fan,Huiyue Xu,Longxiang Gao,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.future.2019.04.003

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:The fog-to-things paradigm is introduced to mitigate the heavy burden on the edge of cloud-based network due to the centralized processing and storing of the massive volume of IoT data. Fog-enabled IoT architectures ensure small latency and enough computing resource that enables real time devices and applications. However, there still exist security and privacy challenges on data access control for fog-enabled IoT. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in cloud-fog computing systems. In this paper, we propose an efficient and privacy preserving outsourced multi-authority access control scheme, named PPO-MACS. All attributes of users are transformed to be anonymous and authenticable to realize privacy preserving. And the verifiable outsourced decryption is introduced to reduce computation overheads on the end user side. Meanwhile, an efficient user revocation method is proposed. Security and performance analysis show that our scheme is secure and highly efficient.

Jiale Zhang,Zhen Cheng,Xiang Cheng,Bing Chen

DOI: https://doi.org/10.1080/09540091.2020.1841096

2020-01-01

Connection Science

Abstract:Fog computing is recently a novel distributed computing paradigm that performs a significant achievement in the latency-sensitive smart Internet of Things (IoT) applications. However, the security and privacy issues, such as data leakage, still challenge the wide deployment of fog computing infrastructure. To guarantee data confidentiality and meanwhile achieving fine-grained access control, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) promises to provide a flexible access policy for securely sharing data among users, fog nodes, and cloud center. However, due to the complicated cryptographic operations, CP-ABE has met a significant drawback that requires heavy computation resources on the user-side. In this paper, we propose an outsourced access control scheme with hidden access structures, named OAC-HAS, in fog-enhanced IoT systems. The contributions of our OAC-HAS scheme are three-folds. Firstly, we introduce a fog-cloud computing (FCC) environment which has the outsourcing capability. Then, we design an outsource verification mechanism to guarantee the correctness of executing cryptographic operations on the fog nodes. Finally, we also provide a privacy guarantee that prevents information leakage from the access structures. Security analysis and experimental results show that the proposed OAC-HAS scheme achieves flexible access policy, privacy-preserving, and high efficiency in fog-enhanced IoT systems.

Hong Zhao,Guowei Sun,Weiheng Li,Peiliang Zuo,Zhaobin Li,Zhanzhen Wei

DOI: https://doi.org/10.3390/sym15050974

2023-04-25

Symmetry

Abstract:The application of fog Internet of Things (IoT) technology helps solve the problem of weak computing power faced by IoT terminals. Due to asymmetric differences in communication methods, sensing data offloading from IoT terminals to fog and cloud layers faces different security issues, and both processes should be protected through certain data transmission protection measures. To take advantage of the relative asymmetry between cloud, fog, and sensing layers, this paper considers using physical layer security technology and encryption technology to ensure the security of the sensing data unloading process. An efficient resource allocation method based on deep reinforcement learning is proposed to solve the problem of channel and power allocation in fog IoT scenarios, as well as the selection of unloading destinations. This problem, which is NP-hard, belongs to the attribute of mixed integer nonlinear programming. Meanwhile, the supporting parameters of the method, including state space, action space, and rewards, are all adaptively designed based on scene characteristics and optimization goals. The simulation and analysis show that the proposed method possesses good convergence characteristics. Compared to several heuristic methods, the proposed method reduces latency by at least 18.7% on the premise that the transmission of sensing data is securely protected.

multidisciplinary sciences

Shengmin Xu,Yingjiu Li,Robert H. Deng,Yinghui Zhang,Xiangyang Luo,Ximeng Liu

DOI: https://doi.org/10.1109/TCC.2019.2936481

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Healthcare Internet-of-Things (IoT) is an emerging paradigm that enables embedded devices to monitor patients vital signals and allows these data to be aggregated and outsourced to the cloud. The cloud enables authorized users to store and share data to enjoy on-demand services. Nevertheless, it also causes many security concerns because of the untrusted network environment, dishonest cloud service providers and resource-limited devices. To preserve patients' privacy, existing solutions usually apply cryptographic tools to offer access controls. However, fine-grained access control among authorized users is still a challenge, especially for lightweight and resource-limited end-devices. In this paper, we propose a novel healthcare IoT system fusing advantages of attribute-based encryption, cloud and edge computing, which provides an efficient, flexible, secure fine-grained access control mechanism with data verification in healthcare IoT network without any secure channel and enables data users to enjoy the lightweight decryption. We also define the formal security models and present security proofs for our proposed scheme. The extensive comparison and experimental simulation demonstrate that our scheme has better performance than existing solutions.

Ping Yu,Wei Ni,Hua Zhang,Ren Ping Liu,Qiaoyan Wen,Wenmin Li,Fei Gao

DOI: https://doi.org/10.1093/comjnl/bxab031

2021-01-01

The Computer Journal

Abstract:The ability of Fog computing to admit and process huge volumes of heterogeneous data is the catalyst for the fast expansion of Internet of things (IoT). The critical challenge is secure and differentiated access to the data, given limited computation capability and trustworthiness in typical IoT devices and Fog servers, respectively. This paper designs and develops a new approach for secure, efficient and differentiated data access. Secret sharing is decoupled to allow the Fog servers to assist the IoT devices with attribute-based encryption of data while preventing the Fog servers from tampering with the data and the access structure. The proposed encryption supports direct revocation and can be decoupled among multiple Fog servers for acceleration. Based on the decisional $q$-parallel bilinear Diffie–Hellman exponent assumption, we propose a new extended $q$-parallel bilinear Diffie–Hellman exponent (E$q$-PBDHE) assumption and prove that the proposed approach provides ‘indistinguishably chosen-plaintext attacks secure’ data access for legitimate data subscribers. As numerically and experimentally verified, the proposed approach is able to reduce the encryption time by 20% at the IoT devices and by 50% at the Fog network using parallel computing as compared to the state of the art .

Yili Jiang,Kuan Zhang,Yi Qian,Liang Zhou

DOI: https://doi.org/10.1109/vtc2020-fall49728.2020.9348516

2020-01-01

Abstract:The cloud-based Internet-of-Things (IoT) has been applied to support ubiquitous data collection and centralized data processing among various applications. Equipped with powerful resources, a semi-trusted cloud is able to deduce private information by launching inference attack. Homomorphic Encryption (HE) has been proposed as an effective way to preserve privacy from inference attack while allowing certain computation over ciphertext. However, HE leads to longer latency due to additional communication and computation overheads. In this paper, we propose an optimization framework in privacy-preserving access control under cloud-fog computing systems. The optimization goal is to maximize the average user satisfaction in the system, where cost and latency serve as key metrics measuring user satisfaction. Due to the NP-hardness of the formulated problem, we propose a low-complexity suboptimal algorithm to solve it, where the access offloading decision making, user cooperation, and resource allocation are considered. Simulation results are presented to show the advantages of our proposed algorithm in terms of the average USI (User Satisfaction Index) and the number of users with zero USI.

Jiawei Zhang,Teng Li,Zuobin Ying,Jianfeng Ma

DOI: https://doi.org/10.1109/tcc.2022.3147226

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Cloud-Fog-Assisted Internet-of-Things (IoT) is a convincing paradigm to provide users with on-demand and low-latency services through Fog nodes in the edge of multiple clouds (Multi-Cloud). Multi-Cloud is a scalable multi-domain service-oriented net-centric system and can respond to complicated user requirements leveraging Multi-Cloud Service Composition (MCSC). However, in MCSC, user security can be easily compromised by untrusted and curious cloud service providers that may collect and violate the privacy and other essential assets of cloud users. Although many trust-based MCSC solutions have been proposed to seek a trustworthy composite service with highest trust level, most of them are vulnerable to malicious users intending to break through the clouds and inflict serious data leakage or asset damage. Considering these security concerns on both malicious users and untrusted service providers, in this article, we present a trust-based secure multi-cloud collaboration framework for Cloud-Fog-Assisted IoT systems. Specifically, to guarantee the security of users, we develop a role-based trust evaluation method to enhance the trustworthiness of MCSC. To preserve the security of services, we design an efficient user authentication scheme and a secure collaboration scheme to provide collaborative user authentication and access control mechanism for MCSC. We develop a proof of concept implementation for our framework and demonstrate its practicability by performance evaluation with extensive experiments.

computer science, information systems, theory & methods

Xiaofan Wang,Lei Wang,Yujun Li,Keke Gai

DOI: https://doi.org/10.1109/access.2018.2856896

IF: 3.9

2018-01-01

IEEE Access

Abstract:The recent development of cloud computing has empowered the Internet-based services, which enable users to gain a broad scope of access to their applications, such as Internet of Medical Things (IoMT). Considering the efficiency performance, the privacy protection is often kept at a lower level in order to ensure the application can offer a higher level performance. However, this mechanism also causes a serious concern of privacy hazards due to the information over collections operated by apps/applications. Addressing this privacy issue, this paper proposes an approach that is designed to provide high-level privacy protection without lowering down the efficiency in cloud/fog computing (especially in biological systems of IoMT). The proposed model is called fog-based access control model. The fine-grained data access control is combined with the implementation of fog computing in the proposed approach. Our simulation experiment has shown that our approach could offer high-level privacy protection within a shortened execution time, thus it can be useful for IoMT-based applications.

Hui Li,Tao Jing

DOI: https://doi.org/10.1016/j.procs.2020.06.080

2020-01-01

Procedia Computer Science

Abstract:In large scale Internet of Things (IoT) systems, IoT-Cloud is a scalable and practical method to achieve high-efficiency data management accommodation through delegating the data storage and management tasks to the cloud service providers (CSPs). To cope with the low-computability and limited-resource of IoT devices and the response-latency of CSPs, recent works introduce an IoT-Fog-Cloud architecture. Yet, the existing attribute-based data sharing solutions with high computation requirements are no longer suitable for this new architecture. In this paper, we propose a ciphertext-policy attribute-based encryption scheme for the architecture to address the above challenges. The expensive offline encryption is delegated to the fog by constructing an intermediate ciphertext pool with the help of a Chameleon hash function. A public verification is performed to filter the illegitimate ciphertexts before executing the decryption operation. We provide a formal proof of the security and extensive performance analyses. These demonstrate that the scheme is suitable for resource-constrained IoT devices.

Jianfei Sun,Yu Yuan,MingJian Tang,Xiaochun Cheng,Xuyun Nie,Muhammad Umar Aftab

DOI: https://doi.org/10.1109/tii.2021.3133345

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:The expeditious development in cloud-enabled industrial Internet of Things (IIoT) healthcare has significantly reduced the costs to monitor and protect people at home while notably improving the quality of human healthcare. Despite its considerable convenience and benefits, it confronts some security and privacy challenges in the aspects of bilateral fine-grained access control, the authenticity and tamper resistance of shared health data. To tackle these constraints, a secure privacy-preserving bilateral access control scheme with fine granularity (PBAC-FG) is proposed in this article. Our PBAC-FG exploits fine-grained access control and matchmaking encryption technologies to ensure both participants (e.g., patients and healthcare providers) can specify their respective fine-grained access control over the encrypted health data, such that only authorized counterparts can efficiently access the health data. Besides, the correct rigorous security proofs are indicated to verify that our PBAC-FG is indeed secure. We carry out comprehensive performance evaluations and comparisons to demonstrate the efficiency and practicality of the PBAC-FG for IIoT healthcare applications.

Jin Sun,Xiaojing Wang,Shangping Wang,Lili Ren

DOI: https://doi.org/10.1371/journal.pone.0207543

IF: 3.7

2018-11-29

PLoS ONE

Abstract:Fog computing can extend cloud computing to the edge of the network so as to reduce latency and network congestion. However, existing encryption schemes were rarely used in fog environment, resulting in high computational and storage overhead. Aiming at the demands of local information for terminal device and the shortcomings of cloud computing framework in supporting mobile applications, by taking the hospital scene as an example, a searchable personal health records framework with fine-grained access control in cloud-fog computing is proposed. The proposed framework combines the attribute-based encryption (ABE) technology and search encryption (SE) technology to implement keyword search function and fine-grained access control ability. When keyword index and trapdoor match are successful, the cloud server provider only returns relevant search results to the user, thus achieving a more accurate search. At the same time, the scheme is multi-authority, and the key leakage problem is solved by dividing the user secret key distribution task. Moreover, in the proposed scheme, we securely outsource part of the encryption and decryption operations to the fog node. It is effective both in local resources and in resource-constrained mobile devices. Based on the decisional q-parallel bilinear Diffie-Hellman exponent (q-DBDHE) assumption and decisional bilinear Diffie-Hellman (DBDH) assumption, our scheme is proven to be secure. Simulation experiments show that our scheme is efficient in the cloud-fog environment.

Jie Cui,Bei Li,Hong Zhong,Geyong Min,Yan Xu,Lu Liu

DOI: https://doi.org/10.1109/TPDS.2021.3094126

IF: 5.3

2022-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:The cloud computing paradigm provides numerous tempting advantages, enabling users to store and share their data conveniently. However, users are naturally resistant to directly outsourcing their data to the cloud since the data often contain sensitive information. Although several fine-grained access control schemes for cloud-data sharing have been proposed, most of them focus on the access control of the encrypted data (e.g., restricting the decryption capabilities of the receivers). Distinct from the existing work, this article aims to address this challenging problem by developing a more practical bidirectional fine-grained access control scheme that can restrict the capabilities of both senders and receivers. To this end, we systematically investigate the access control for cloud data sharing. Inspired by the access control encryption (ACE), we propose a novel data sharing framework that combines the cloud side and the edge side. The edge server is located in the middle of all the communications, checking and preventing illegal communications according to the predefined access policy. Next, we develop an efficient access control algorithm by exploiting the attribute-based encryption and proxy re-encryption for the proposed framework. The experimental results show that our scheme exhibits superior performance in the encryption and decryption compared to the prior work.

Xiaoying Jia,Debiao He,Neeraj Kumar,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1007/s11276-018-1759-3

IF: 2.701

2018-01-01

Wireless Networks

Abstract:The convergence of cloud computing and Internet of Things (IoT) is partially due to the pragmatic need for delivering extended services to a broader user base in diverse situations. However, cloud computing has its limitation for applications requiring low-latency and high mobility, particularly in adversarial settings (e.g. battlefields). To some extent, such limitations can be mitigated in a fog computing paradigm since the latter bridges the gap between remote cloud data center and the end devices (via some fog nodes). However, fog nodes are often deployed in remote and unprotected places. This necessitates the design of security solutions for a fog-based environment. In this paper, we investigate the fog-driven IoT healthcare system, focusing only on authentication and key agreement. Specifically, we propose a three-party authenticated key agreement protocol from bilinear pairings. We introduce the security model and present the formal security proof, as well as security analysis against common attacks. We then evaluate its performance, in terms of communication and computation costs.

Kaiping Xue,Jianan Hong,Yongjin Ma,David S. L. Wei,Peilin Hong,Nenghai Yu

DOI: https://doi.org/10.1109/mnet.2018.1700341

IF: 10.294

2018-01-01

IEEE Network

Abstract:VCC is an emerging computing paradigm developed for providing various services to vehicle drivers, and has attracted more and more attention from researchers and practitioners over the last few years. However, privacy preserving and secure data sharing has become a very challenging and important issue in VCC. Unfortunately, existing secure access control schemes consume too many computation resources, which prevents them from being performed on computing resource constrained vehicle onboard devices. Also, these cloud-based schemes suffer large latency and jitter due to their centralized resource management, and thus may not be suitable for real-time applications in VANETs. In this article, we thus propose a novel fog-to-cloud-based architecture for data sharing in VCC. Our scheme is a cryptography-based mechanism that conducts fine-grained access control. In our design, the complicated computation burden is securely out-sourced to fog and cloud servers with confidentiality and privacy preservation. Meanwhile, with the prediction of a vehicle's mobility, pre-pushing data to specific fog servers can further reduce response latency with no need to consume more resources of the fog server. In addition, with the assumption of no collusion between different providers for the cloud and fog servers, our scheme can provide verifiable auditing of fog servers' reports. The scheme is proved secure against existing adversaries and newborn security threats. Experimental test shows significant performance improvement in edge devices' overhead saving and response delay reduction.

Zuoxia Yu,Man Ho Au,Qiuliang Xu,Rupeng Yang,Jinguang Han

DOI: https://doi.org/10.1016/j.future.2017.01.025

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Fog Computing, a technology that takes advantage of both the paradigms of Cloud Computing and the Internet of Things, has a great advantage in reducing the communication cost. Since its introduction, fog computing has found a lot of applications, including, for instance, connected vehicles, wireless sensors, smart cities and etc. One prominent problem in fog computing is how fine-grained access control can be imposed. Functional encryption, a new cryptographic primitive, is known to support fine-grained access control. However, when it comes to some new threats in the fog computing scenario, such as side channel attacks, functional encryption cannot maintain its security. Therefore, we need new cryptographic primitives that not only provide a way to securely share data with a fine-grained access control but also are able to resist those new threats.

Yanhui Liu,Jianbiao Zhang,Jing Zhan

DOI: https://doi.org/10.1007/s10586-020-03190-3

2020-10-15

Cluster Computing

Abstract:Abstract With the development of the Internet of Things (IoT) field, more and more data are generated by IoT devices and transferred over the network. However, a large amount of IoT data is sensitive, and the leakage of such data is a privacy breach. The security of sensitive IoT data is a big issue, as the data is shared over an insecure network channel. Current solutions include symmetric encryption and access controls to secure the data transfer, but they have some drawbacks such as a single point of failure. Blockchain is a promising distributed ledger technology that can prevent the malicious tampering of data, offering reliable data storage. This paper proposes a distributed access control system based on blockchain technology to secure IoT data. The proposed mechanism is based on fog computing and the concept of the alliance chain. This method uses mixed linear and nonlinear spatiotemporal chaotic systems (MLNCML) and the least significant bit (LSB) to encrypt the IoT data on an edge node and then upload the encrypted data to the cloud. The proposed mechanism can solve the problem of a single point of failure of access control by providing the dynamic and fine-grained access control for IoT data. The experimental results of this method demonstrated that it can protect the privacy of IoT data efficiently.