Xiaodan Yan,Shanshan Tu,Hisham Alasmary,Fengming Huang

DOI: https://doi.org/10.3390/app132011269

2023-01-01

Applied Sciences

Abstract:Fog computing accredits by utilizing the network edge while still rendering the possibility to interact with the cloud. Nevertheless, the features of fog computing are encountering several security challenges. The security of end users and/or fog servers brings a significant dilemma in implementing fog computing. The computational power of the resources constrains Internet of Things (IoT) devices in the fog-computing environment. Therefore, an attacker can easily attack. The traditional methods like attribute-based encryption (ABE) techniques are inappropriate for resource-constraint devices with protracted computing and limited computational capabilities. In this regard, we investigate a multiauthority ciphertext policy-attribute-based encryption (MA-CP-ABE) method that enables multiauthority attribute revocation and computation outsourcing. Moreover, the encryption and decryption processes of resource-constraint IoT devices are outsourced to the fog nodes. In this way, it also reduces the computational burden of the resource-constraint IoT devices. Hence, we propose MA-CP-ABE for encryption and decryption, attribute revocation and outsourcing by reducing the computational burden and securing the system. We compare the computational offloading approach with the existing techniques to prove that the proposed approach outperforms the existing approaches. The proposed method reduces the operation time for the encryption and decryption process. We outsource cryptography operations to the fog node, reducing the end user's computational cost. Eventually, simulated outcomes are used to assess the algorithm's computational cost.

Kai Fan,Junxiong Wang,Xin Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.3390/s17071695

IF: 3.9

2017-01-01

Sensors

Abstract:With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

Haiyang He,Jingsha He

DOI: https://doi.org/10.1109/icceic60201.2023.10426701

2023-01-01

Abstract:As a new computing paradigm, fog computing extends the ability of cloud computing to the edge of the network and is widely used in the Internet of Things scenario. However, with the rapid development of fog computing, the problem of data security is becoming more and more obvious. It is very important to establish an efficient access control mechanism in fog computing. CP-ABE is an effective encryption mechanism, which is very suitable for fine-grained access control in distributed scenarios. However, in the process of applying CPABE to fog computing, there are problems such as low computational efficiency and complex attribute management. According to the characteristics of fog computing scenarios, this paper makes theoretical research and algorithm improvement on the access control mechanism based on CP-ABE, and proposes an outsourced attribute-based encryption scheme supporting attribute semantic mapping. The scheme is established in the environment of multiple attribute authorization agencies, and realizes outsourcing encryption and outsourcing decryption, which greatly improves the computational efficiency of the terminal. In addition, semantic technology is used to manage the attributes in the system, and the user 's attribute key is semantically enhanced to realize the semantic mapping of attributes. Security and performance analysis show that the scheme is secure under the DBDH assumption and has high computational performance.

Qian Xu,Chengxiang Tan,Zhijie Fan,Wenye Zhu,Ya Xiao,Fujia Cheng

DOI: https://doi.org/10.3390/s18051609

IF: 3.9

2018-01-01

Sensors

Abstract:Nowadays, fog computing provides computation, storage, and application services to end users in the Internet of Things. One of the major concerns in fog computing systems is how fine-grained access control can be imposed. As a logical combination of attribute-based encryption and attribute-based signature, Attribute-based Signcryption (ABSC) can provide confidentiality and anonymous authentication for sensitive data and is more efficient than traditional "encrypt-then-sign" or "sign-then-encrypt" strategy. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention recently. However, in many existing ABSC systems, the computation cost required for the end users in signcryption and designcryption is linear with the complexity of signing and encryption access policy. Moreover, only a single authority that is responsible for attribute management and key generation exists in the previous proposed ABSC schemes, whereas in reality, mostly, different authorities monitor different attributes of the user. In this paper, we propose OMDAC-ABSC, a novel data access control scheme based on Ciphertext-Policy ABSC, to provide data confidentiality, fine-grained control, and anonymous authentication in a multi-authority fog computing system. The signcryption and designcryption overhead for the user is significantly reduced by outsourcing the undesirable computation operations to fog nodes. The proposed scheme is proven to be secure in the standard model and can provide attribute revocation and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation.

Jing Zhao,Peng Zeng,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/access.2021.3052247

IF: 3.9

2021-01-01

IEEE Access

Abstract:Fog computing is increasingly popular partly due to its capability to minimize data transfer and latency requirements, for example by moving some of the computational operations away from the cloud servers and closer to the users. To achieve fine-grained access control in fog-enabled application scenarios to guarantee data security and user privacy, one could use ciphertext-policy attribute-based encryption (CP-ABE). However, the lack of an effective mechanism to carry out access right revocation in conventional CP-ABE schemes limits the deployment of such schemes in practice. Thus, we propose an efficient CP-ABE scheme with attribute revocation capability, designed to construct a fine-grained access control system in fog-enabled E-health (referred to as AC-FEH). In our AC-FEH system, fog nodes undertake data encryption and decryption operations; thus, computational costs for data owners and users are minimized. In comparison to several other competing access control schemes based on CP-ABE, our AC-FEH system reduces the computational costs associated with encryption and decryption. We also prove the selective security of the underlying CP-ABE scheme under the intractability assumption of the $q$ -parallel BDHE problem.

Shanshan Tu,Fengming Huang,Shengju Zhang,Akhtar Badshah,Hisham Alasmary,Muhammad Waqas

DOI: https://doi.org/10.1109/cits55221.2022.9832996

2022-01-01

Abstract:Securing Internet of Things (IoT) devices in fog computing systems can be challenging due to the inherent limitations of IoT devices. For instance, cryptographic primitives, such as attribute-based encryption (ABE) schemes, are computationally expensive for deployment on IoT devices. Thus, ABE is not realistic in facilitating real-time updates in various applications of IoT. Therefore, attribute-based and multi-authority encryption schemes are designed that help attribute revocation and computation outsourcing from IoT devices to fog computing servers. The attribute revocation scheme is based on the ciphertext-policy attribute-based encryption (CP-ABE) technique. The CP-ABE scheme allows secret keys between IoT devices and fog nodes to be dynamically generated by incorporating the attribute group keys. Then, the encryption and decryption functions for IoT devices are outsourced to fog nodes, which present the CP-ABE validation.

Arwa Alrawais,Abdulrahman Alhothaily,Chunqiang Hu,Xiaoshuang Xing,Xiuzhen Cheng

DOI: https://doi.org/10.1109/access.2017.2705076

IF: 3.9

2017-01-01

IEEE Access

Abstract:Fog computing is deemed as a highly virtualized paradigm that can enable computing at the Internet of Things devices, residing in the edge of the network, for the purpose of delivering services and applications more efficiently and effectively. Since fog computing originates from and is a non-trivial extension of cloud computing, it inherits many security and privacy challenges of cloud computing, causing the extensive concerns in the research community. To enable authentic and confidential communications among a group of fog nodes, in this paper, we propose an efficient key exchange protocol based on ciphertext-policy attribute-based encryption (CP-ABE) to establish secure communications among the participants. To achieve confidentiality, authentication, verifiability, and access control, we combine CP-ABE and digital signature techniques. We analyze the efficiency of our protocol in terms of security and performance. We also implement our protocol and compare it with the certificate-based scheme to illustrate its feasibility.

Jie Chen,Jiaxu Niu,Hao Lei,Li Lin,Yunhao Ling

DOI: https://doi.org/10.1016/j.comnet.2023.109844

IF: 5.493

2023-01-01

Computer Networks

Abstract:Fog computing is considered an important development in cloud computing, with shorter response times, less data transfer load and a more secure distributed service architecture that can be accessed by a wide range of end devices. As with cloud computing, it also faces the challenge of how to securely distribute sensitive data. Ciphertext-Policy Attribute-based Broadcast Encryption (CP-ABBE) can protect sensitive data and provide fine-grained access control with user revocation. However, existing CP-ABBE schemes suffer many limitations when implemented in a fog computing environment: a single authority performs poorly in handling requests or data from many IoT devices, leading to system delays or limited functionality; expensive decryption costs make the computation and storage overheads unfriendly to devices with limited resources; these schemes are only proven selectively secure, meaning that security was proven in a weaker model. In this paper, using threshold secret sharing and decryption delegation, we propose an adaptively secure attribute-based multi-authority broadcast encryption (MA-ABBE) scheme that breaks through these limitations. The comparison and analysis results show that our scheme is practical and achieves adaptive security, enables user-side fast decryption and low storage overhead, and provides a secure and efficient option for protecting sensitive data in fog computing environments.

Zoe L. Jiang,Ruoqing Zhang,Zechao Liu,S. M. Yiu,Lucas C. K. Hui,Xuan Wang,Junbin Fang

DOI: https://doi.org/10.1007/978-3-319-69605-8_14

2017-01-01

Abstract:Attribute-Based Encryption (ABE) is a generalized cryptographic primitive from normal public key encryption. It provides an access control mechanism over encrypted message using access policies and ascribed attributes. This scheme can solve the privacy issue when data is outsourced to cloud for storage well. However, there are some practical issues which must be fixed before ABE becomes applicable. One is that both the ciphertext size and the decryption time grows with the complexity of the access policy, which brings pressure to mobile devies. The other is that, from practical point of view, some users might be disabled for some attributes or be removed from the system. It demands on flexible revocation mechanism supporting both user and attribute granularities. In this research, we propose a solution adopting techniques on secure outsourcing of pairings to support outsourcing computation and adopting some techniques based on the tree-based scheme to solve user revocation and attribute revocation. We also give its security model and proof.

Hongwei Liu,Ping Zhu,Zehong Chen,Peng Zhang,Zoe L. Jiang

DOI: https://doi.org/10.1109/CSE-EUC.2017.103

2017-01-01

Abstract:Aiming to reduce the user's computational overhead and tackle the attribute revocation issue, an attribute-based encryption scheme supporting decryption outsourcing and attribute revocation is proposed in this paper. The proposed scheme outsources some decryption computational tasks to a cloud server such that the computational overhead on the user is simple and constant. We also propose an efficient attribute revocation method which concentrates on the update of the ciphertexts and users' secret keys associated with the corresponding revoked attributes. Moreover, the security analysis indicates that the proposed scheme can resist collusion attacks, and ensure forward and backward secrecy. Experiment results show that our scheme is more efficient compared with other scheme in the literature.

Qi Li,Jianfeng Ma,Rui Li,Ximeng Liu,Jinbo Xiong,Danwei Chen

DOI: https://doi.org/10.1016/j.cose.2016.02.002

IF: 5.105

2016-01-01

Computers & Security

Abstract:Multi-Authority Attribute-Based Encryption (MA-ABE) is an emerging cryptographic primitive for enforcing fine-grained attribute-based access control on the outsourced data in cloud storage. However, most of the previous multi-authority attribute-based systems are either proven to be secure in a weak model or lack of efficiency in user revocation. In this paper, we propose MAACS (Multi-Authority Access Control System), a novel multi-authority attribute-based data access control system for cloud storage. We construct a new multi-authority ciphertext-policy ABE (MA-CP-ABE) scheme with decryption outsourcing. The decryption overhead for users is largely eliminated by outsourcing the undesirable bilinear pairing operations to the cloud servers. The proposed MA-CP-ABE scheme is proven adaptively secure in the standard model and supports any monotone access policy. We also design an efficient attribute-level user revocation approach with less computation cost. The security analysis, numerical comparisons and implementation results indicate that our MAACS is secure, efficient and scalable.

Jin Li,Xiaofeng Chen,Jingwei Li,Chunfu Jia,Jianfeng Ma,Wenjing Lou

DOI: https://doi.org/10.3233/jcs-150533

2015-01-01

Journal of Computer Security

Abstract:As cloud computing becomes prevalent, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for outsourced data security and privacy. Attribute-based encryption (ABE) is a promising cryptographic primitive, which has been widely applied to design fine-grained access control system recently. However, ABE is criticized for its high scheme overhead as the computational cost grows with the complexity of the access formula. This disadvantage becomes more serious for mobile devices with constrained computing resources. Aiming at tackling the challenge above, we present a generic and efficient solution to implement attribute-based access control system by introducing secure outsourcing techniques into ABE. More precisely, two cloud service providers (CSPs), namely key generation-cloud service provider (KG-CSP) and decryption-cloud service provider (D-CSP) are introduced to perform the outsourced key-issuing and decryption on behalf of attribute authority and users respectively. In order to outsource heavy computation to both CSPs without private information leakage, we formalize an underlying primitive called outsourced ABE (OABE) and propose several constructions with outsourced decryption and key-issuing. Finally, extensive experiment demonstrates that with the help of KG-CSP and D-CSP, efficient key-issuing and decryption are achieved in our constructions.

Junwei Zhou,Hui Duan,Kaitai Liang,Qiao Yan,Fei Chen,F. Richard Yu,Jieming Wu,Jianyong Chen

DOI: https://doi.org/10.1093/comjnl/bxx017

2017-01-01

Abstract:Data outsourcing is a promising service for data owners, where their data are stored on a cloud storage provider. Since the cloud is not fully trusted, data access control has become a challenging issue in the Cloud Storage System (CSS). Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a feasible technique for ensuring access control in the CSS, where an attribute authority is responsible to manage attributes and distribute keys. In this paper, we propose a novel revocable Multi-Authority CP-ABE scheme, in which the access policy can be constructed as an arbitrary tree rather than a matrix used by existing schemes. The tree-like policy makes our scheme more flexible. Consequently, the encryption, decryption and attribute revocation operations are also more efficient. Our scheme is also proved to be secure under the standard assumption. It can resist user collusion attack, while the attribute revocation operation also achieves both forward security and backward security. Simulation results show that our scheme is highly efficient.

Jing Li,Xiong Li,Licheng Wang,Debiao He,Haseeb Ahmad,Xinxin Niu

DOI: https://doi.org/10.1007/s00500-017-2482-1

IF: 3.732

2018-01-01

Soft Computing

Abstract:Attributed-based encryption (ABE) is a promising cryptographic access control mechanism with a rich expressiveness of ABE policies. Due to the high complexities of encryption and decryption, users are burdened with large computation cost. Fortunately, outsourcing technologies can be used to reduce the computation overhead for the ABE schemes. In the recent decade, the achievements of the outsourced ciphertext-policy ABE (CP-ABE) schemes are inspiring. But, the outsourcing encryption algorithms for CP-ABE schemes are not addressed properly since the encryption exponents are dynamic. In this paper, we present an efficient outsourced CP-ABE scheme with checkability, where the number of the exponential operations in the encryption can be reduced to a constant by introducing a blinding algorithm. Meanwhile, the ciphertext size is not increased. Furthermore, to guarantee the correctness of our scheme, we provide the verification mechanism based on a collision-resistance hash function, which allows the users to efficiently check the validity of messages and outsourced computation results. Besides, the proposed scheme is secure against replayable chosen ciphertext attacks based on Green’s outsourcing security model. Intensive experiments are carried out to illustrate the efficiency of the proposed scheme.

Jiaye Shao,Yanqin Zhu,Qijin Ji

DOI: https://doi.org/10.1109/ispa/iucc.2017.00067

2017-01-01

Abstract:Multi-authority attribute-based encryption (ABE) is regarded as one of the most promising techniques to handle the problem of the access control of shared data because it provides fine-grained access control of encrypted data in cloud storge. However, most existing multi-authority ABE schemes suffer from expensive computational cost on the user side, which increases with the complexity of access structures. In this paper, we present a novel large universe decentralized ABE scheme with outsourced encryption and decryption based on the multi-authority system for mobile cloud computing. A majority of complex and expensive computation operations are migrated to the encryption and decryption proxy server respectively, so we can minimize the computation overhead for the data users simultaneously. The theoretical analysis indicates that our scheme is correct with static security in the random oracle model. Furthermore, the analytical comparison and extensive experimental results demonstrate that our scheme is efficient.

Hao Wang,Debiao He,Jian Shen,Zhihua Zheng,Chuan Zhao,Minghao Zhao

DOI: https://doi.org/10.1007/s00500-016-2271-2

IF: 3.732

2016-01-01

Soft Computing

Abstract:In the attribute-based encryption (ABE) systems, users can encrypt and decrypt messages based on their attributes. Because of the flexibility of ABE, it is more and more widely used in various network environments. However, complex functionality of ABE may cause an enormous computational cost. This reason greatly restricts the application of ABE in practice. In order to minimize the local computation of ABE, we introduce the concept of verifiable outsourced ABE system, in which key generation center, encryptor and decryptor, are able to outsource their computing tasks to the corresponding service providers, respectively, to reduce the local load. In addition, they are also able to verify the correctness of outsourcing calculation efficiently by using the outsourcing verification services. This is useful to save local computational resources, especially for mobile devices. Then, we propose a specific verifiable outsourced ABE scheme and prove its adaptive security in the standard model using the dual-system encryption method. Finally, we introduce how to deploy our outsourced CP-ABE scheme in cloud computing environment.

ZHANG Liang-xuan,LI Hui

DOI: https://doi.org/10.11959/j.issn.2096-109x.2016.00023

2016-01-01

Abstract:An efficient user revocable multi-authority ABE scheme was proposed, a“hybrid decryption key”for each user isused to achieve efficient user revocation. Comparing with the existing schemes, this scheme is more effective in user revocation. In addition, the scheme can also achieve user dynamic privileges management, partial data outsource encryption and ciphertext partially decrypted in the cloud server and shared data self-destruction after expiration.

Zhishuo Zhang,Guanjie Huang,Sunqiang Hu,Wei Zhang,Yi Wu,Zhiguang Qin

DOI: https://doi.org/10.1109/icccs52626.2021.9449093

2021-01-01

Abstract:Attribute-based encryption (ABE) is an emergent cryptographic primitive introduced in recent years. Due to its fine-grained access policy, ABE has been widely used in cloud security to build an attribute-based access control architecture. As a promising edge technology, Mobile Edge Computing (MEC), introduced for the Internet of Mobile Things (IoMT), provides the high quality services for the end-users with mobile IoT devices. In MEC, the data is stored and processed isolately and independently in fog nodes or cloudlets located at the edge of the Internet in the vicinity of the mobile users. But in most existing ABE schemes, researchers only consider there is a single data storage in the system. So this makes the existing ABE scheme not applicable for the MEC with distributed micro data storages. To solve this prominent challenge in traditional ABE, in this paper, we propose a fully decentralized outsourced ABE scheme (FDO-ABE) acted as the access control architecture for the MEC. Our FDO-ABE scheme, based on the non-interactive multi-authority ABE (NI-MA-ABE) scheme, not only supports the multi attribute authorities (AAs) in generating the multi attribute-based private keys for user, but also provides the independent and isolated ciphertext storage for the distributed cloudlets or fog nodes. What's more, to offload the computational intensive tasks from mobile devices, we design an efficient outsourced decryption (oDec) algorithm for our FDO-ABE scheme. By using our oDec algorithm, the complex operations in decryption phase can be transmitted from mobile IoT devices to the cloudlets. Summing up, our FDO-ABE scheme is more suitable as an access control model for MEC.

Jiaye Shao,Yanqin Zhu,Qijin Ji

DOI: https://doi.org/10.1109/icis.2017.7960007

2017-01-01

Abstract:Attribute based encryption(ABE) is an efficient technique that exploits attributes and access policies to achieve fine-grained access control in cloud computing. Besides, outspread ABE schemes with multiple authorities(multi-authority ABE) are more suitable for practical applications than basic single-authority ABE schemes. Nevertheless, existing multi-authority ABE schemes either can't preserve access policies' privacy or sustain expensive computational cost of encryption and decryption phases. In this paper, to tackle the above challenges, we propose an online/offline and outsourced multi-authority ABE scheme with policy protection. Roughly speaking, our main idea is to alleviate the online computation overhead for owners by splitting the encryption algorithm to the online encryption and offline encryption. During the decryption phase, users outsource massive decryption operations to the proxy server via the technique of transformation key. We can demonstrate that our scheme is secure and also protects the privacy of access policies according to security analysis. Furthermore, performance analysis shows that our scheme can lighten the computation burden for both owners and users and is quite appropriate for resource-limited devices in the multi-authority systems.

Jianwei Chen,Huadong Ma

DOI: https://doi.org/10.1109/icc.2014.6883910

2014-01-01

Abstract:Cloud storage access control is very important for the security of outsourced data, where Attribute-based Encryption (ABE) is regarded as one of the most promising technologies. Current researches mainly focus on decentralized ABE, a variant of multi-authority ABE scheme, because conventional ABE schemes depend on a single authority to issue secret keys for all of users, which is very impractical in a large-scale cloud. A decentralized ABE scheme should not rely on a central authority and can eliminate the need for collaborative computation. However, constructing such an efficient and practical decentralized ABE scheme remains a challenging research problem. In this study, we design a new decentralized ciphertext-policy attribute-based encryption access control scheme for cloud storage systems. Firstly, our scheme dose not require any central authority and global coordination among multiple authorities. Then, it supports any LSSS access structure and thus can encrypt data in terms of any boolean formula. In addition, we also utilize Proxy Re-encryption technique to overcome the user revocation problem in decentralized ABE schemes, thus making our scheme more practical. Our security and performance analysis demonstrate the presented scheme's security strength and efficiency in terms of flexibility and computation.