Kaiqing Huang,Xueli Wang,Zhiqiang Lin

DOI: https://doi.org/10.1155/2021/8872699

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:With the assistance of edge computing which reduces the heavy burden of the cloud center server by using the network edge servers, the Internet of Things (IoTs) architectures enable low latency for real-time devices and applications. However, there still exist security challenges on data access control for the IoT. Multiauthority attribute-based encryption (MA-ABE) is a promising technique to achieve access control over encrypted data in cross-domain applications. Based on the characteristics and technical requirements of the IoT, we propose an efficient fine-grained revocable large universe multiauthority access control scheme. In the proposed scheme, the most expensive encryption operations have been executed in the user’s initialization phase by adding a reusable ciphertext pool besides splitting the encryption algorithm to online encryption and offline encryption. Massive decryption operations are outsourced to the near-edge servers for reducing the computation overhead of decryption. An efficient revocation mechanism is designed to change users’ access privileges dynamically. Moreover, the scheme supports ciphertext verification. Only valid ciphertext can be stored and transmitted, which saves system resources. With the help of the chameleon hash function, the proposed scheme is proven CCA2-secure under the q-DPBDHE2 assumption. The performance analysis results indicate that the proposed scheme is efficient and suitable in edge computing for the IoT.

Yue Guan,Songtao Guo,Pan Li,Yuanyuan Yang

DOI: https://doi.org/10.1109/icpads51040.2020.00060

2020-01-01

Abstract:Edge computing means that computing tasks are executed on edge devices closer to the data source. It can effectively improve system response speed and reduce the risk of user data leakage. However, current data access control schemes usually focus on cloud computing and rarely on edge computing. Although attribute-based encryption (ABE) scheme can realize flexible and reliable access control, computing cost is too high with the increase of access policy complexity. Therefore, combining computation outsourcing technology with dynamic policy updating technology, we propose a data, access control scheme based on ciphertext-policy ABE (CP-ABE) for edge computing. We outsource part of storage service and part of decryption computing to edge nodes, effectively reducing the computing pressure of users. When data owner requires a new access policy, policy update key is generated timely and transmitted to cloud service provider, which is used to update the access policy, reducing the risk of bandwidth consumption and leakage of the ciphertext back and forth transmission. Finally, security analysis and experiment results verify the safety and effectiveness of our scheme.

Zhishuo Zhang,Wei Zhang,Zhiguang Qin

DOI: https://doi.org/10.1155/2021/6676862

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:In recent years, ciphertext-policy attribute-based encryption (CP-ABE) has been recognized as a solution to the challenge of the information privacy and data confidentiality in cloud-assisted Internet-of-Things (IoT). Since the devices in cloud-assisted IoT are generally resource-constrained, the lightweight CP-ABE is more suitable for the cloud-assisted IoT. So how to construct the lightweight CP-ABE for the cloud-assisted IoT to achieve the fine-grained access control and ensure the privacy and confidentiality simultaneously is a prominent challenge. Thus, in this paper, we propose a constant-size CP-ABE scheme with outsourced decryption for the cloud-assisted IoT. In our scheme, the ciphertexts and the attribute-based private keys for users are both of constant size, which can alleviate the transmission overhead and reduce the occupied storage space. Our outsourced decryption algorithm is privacy-protective, which means the proxy server cannot know anything about the access policy of the ciphertext and the attributes set of the user during performing the online partial decryption algorithm. This will prevent the privacy from leaking out to the proxy server. And we rigorously prove that our scheme is selectively indistinguishably secure under the chosen ciphertext attacks (IND-CCA) in the random oracle model (ROM). Finally, by evaluating and implementing our scheme as well as other CP-ABE schemes, we can observe that our scheme is more suitable and applicable for cloud-assisted IoT.

Rui Cheng,Kehe Wu,Yuling Su,Wei Li,Wenchao Cui,Jie Tong

DOI: https://doi.org/10.3390/pr9071176

IF: 3.5

2021-07-06

Processes

Abstract:The rapid development of the power Internet of Things (IoT) has greatly enhanced the level of security, quality and efficiency in energy production, energy consumption, and related fields. However, it also puts forward higher requirements for the security and privacy of data. Ciphertext-policy attribute-based encryption (CP-ABE) is considered a suitable method to solve this issue and can implement fine-grained access control. However, its internal bilinear pairing operation is too expensive, which is not suitable for power IoT with limited computing resources. Hence, in this paper, a novel CP-ABE scheme based on elliptic curve cryptography (ECC) is proposed, which replaces the bilinear pairing operation with simple scalar multiplication and outsources most of the decryption work to edge devices. In addition, time and location attributes are combined in the proposed scheme, allowing the data users to access only within the range of time and locations set by the data owners to achieve a more fine-grained access control function. Simultaneously, the scheme uses multiple authorities to manage attributes, thereby solving the performance bottleneck of having a single authority. A performance analysis demonstrates that the proposed scheme is effective and suitable for power IoT.

engineering, chemical

Suhui Liu,Jiguo Yu,Chunqiang Hu,Mengmeng Li

DOI: https://doi.org/10.1155/2021/6682580

2021-01-01

Wireless Communications and Mobile Computing

Abstract:Cloud-assisted Internet of Things (IoT) significantly facilitate IoT devices to outsource their data for high efficient management. Unfortunately, some unsettled security issues dramatically impact the popularity of IoT, such as illegal access and key escrow problem. Traditional public-key encryption can be used to guarantees data confidentiality, while it cannot achieve efficient data sharing. The attribute-based encryption (ABE) is the most promising way to ensure data security and to realize one-to-many fine-grained data sharing simultaneously. However, it cannot be well applied in the cloud-assisted IoT due to the complexity of its decryption and the decryption key leakage problem. To prevent the abuse of decryption rights, we propose a multiauthority ABE scheme with white-box traceability in this paper. Moreover, our scheme greatly lightens the overhead on devices by outsourcing the most decryption work to the cloud server. Besides, fully hidden policy is implemented to protect the privacy of the access policy. Our scheme is proved to be selectively secure against replayable chosen ciphertext attack (RCCA) under the random oracle model. Some theory analysis and simulation are described in the end.

Xuanxia Yao,Jinyuan Zhou,Xiaojiang Du,Shurong Zhang

DOI: https://doi.org/10.1109/jiot.2024.3456553

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Nowadays, we are living in an open network environment with varieties of smart devices, which makes individual privacy face unprecedented threats. For one thing, a plenty of sensitive information may be gathered without the owners knowledge. For the other, the Internet of Things (IoT) based services and various intelligent applications require a large amount of perceptual data. And in practice, these data are usually encrypted and stored in storage providers like cloud for security and cost saving. To fully harness the productivity value of data and protect privacy, ciphertext-policy attribute-based encryption (CP-ABE) is widely used. Nevertheless, most existing CP-ABE schemes cannot work well for IoT because of the heavy overhead and the open and distributed environment. To lower the cost, a lightweight ciphertext-policy attribute-based encryption scheme without pairing is proposed and proved in the set-selective mode. Both the theoretical analysis and experiments show its advantages in computation, communication and storage overhead. For flexible access control in IoT, we attempt to employ the Masked Authenticated Message (MAM) mechanism of the IOTA to manage authorization for our CP-ABE scheme. Comparisons with similar schemes show that it can overcome the low throughput and monetary cost in other distributed ledger based access control schemes.

Kai Fan,Junxiong Wang,Xin Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.3390/s17071695

IF: 3.9

2017-01-01

Sensors

Abstract:With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

Guan Zhitao,Yang Wenti,Zhu Liehuang,Wu Longfei,Wang Ruimiao

DOI: https://doi.org/10.1007/s11432-020-2957-5

2021-01-01

Science China Information Sciences

Abstract:The Internet of things(IoT) technology has been used in a wide range of fields, ranging from industrial manufacturing to daily lives. The IoT system contains numerous resource-constrained lightweight devices such as wireless sensors and radio frequency identification(RFID) tags. A massive amount of sensitive data is generated and transmitted by these devices to a variety of users. The complexity of the IoT system places a high demand on security. Therefore, it is necessary to develop an encryption scheme with access control to provide flexible and secure access to the sensitive data. The ciphertext policy attribute-based encryption(CP-ABE) scheme is a potential solution. However, the long ciphertext as well as the slow encryption and decryption operations in traditional ABE schemes make it inappropriate for most IoT systems,which require low latency and contain many devices with limited memory size and computing capability. In this paper, we propose a modified CP-ABE scheme with constant length of ciphertext and low computation overhead in the encryption and decryption phases. Additionally, our scheme is proven to be adaptively secure under the standard model. Moreover, two enhanced schemes are developed to prevent authorized users from leaking data and protect the privacy of data owners by combining chameleon hash, bloom filters and CP-ABE, respectively. Finally, the experimental evaluation and analysis prove the feasibility of our scheme.

Yi Wu,Wei Zhang,Hu Xiong,Zhiguang Qin,Kuo-Hui Yeh

DOI: https://doi.org/10.1007/s11042-021-11286-0

IF: 2.577

2021-01-01

Multimedia Tools and Applications

Abstract:With the universality and availability of Internet of Things (IoT), data privacy protection in IoT has become a hot issue. As a branch of attribute-based encryption (ABE), ciphertext policy attribute-based encryption (CP-ABE) is widely used in IoT to offer flexible one-to-many encryption. However, in IoT, different mobile devices share messages collected, transmission of large amounts of data brings huge burdens to mobile devices. Efficiency is a bottleneck which restricts the wide application and adoption of CP-ABE in Internet of things. Besides, the decryption key in CP-ABE is shared by multiple users with the same attribute, once the key disclosure occurs, it is non-trivial for the system to tell who maliciously leaked the key. Moreover, if the malicious mobile device is not revoked in time, more security threats will be brought to the system. These problems hinder the application of CP-ABE in IoT. Motivated by the actual need, a scheme called traceable and revocable ciphertext policy attribute-based encryption scheme with constant-size ciphertext and key is proposed in this paper. Compared with the existing schemes, our proposed scheme has the following advantages: (1) Malicious users can be traced; (2) Users exiting the system and misbehaving users are revoked in time, so that they no longer have access to the encrypted data stored in the cloud server; (3) Constant-size ciphertext and key not only improve the efficiency of transmission, but also greatly reduce the time spent on decryption operation; (4) The storage overhead for traceability is constant. Finally, the formal security proof and experiment has been conducted to demonstrate the feasibility of our scheme.

Shuming Xiong,Qiang Ni,Liangmin Wang,Qian Wang

DOI: https://doi.org/10.1109/jiot.2020.2963899

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Data access control in a cloud storage system is regarded as a promising technique for enhanced efficiency and security utilizing a ciphertext-policy attribute-based encryption (CP-ABE) approach. However, due to a large number of data users as well as limited resources and heterogeneity of data devices in Internet of Things (IoT), existing access control schemes for the cloud storage are not effectively applicable to IoT applications. In this article, we construct a new CP-ABE-based storage model for data storing and secure access in a cloud for IoT applications. Our new framework introduces an attribute authority management (AAM) module in the cloud storage system functioned as an agent that provides a user-friendly access control and highly reduces the storage overhead of public keys. Then, we propose a novel secure and efficient multiauthority access control scheme of the cloud storage system for IoT, namely, SEM-ACSIT, which obtains both backward security and forward security when an attribute of a user is revoked. By exploiting encryption outsourcing, simplified key structuring and the AAM module, the computational overhead of a user is immensely decreased. Moreover, a user access control list (UACL) in the cloud server is constructed newly to support authorization access for a specific user. The analysis and simulation results demonstrate that our SEM-ACSIT scheme achieves powerful security with less computational overhead and lower storage costs than the existing schemes.

Jie Cui,Fengyu Bian,Hong Zhong,Qingyang Zhang,Sheng Xu,Chengjie Gu,Lu Liu

DOI: https://doi.org/10.1109/jsyst.2022.3189219

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:With the application of the Internet of Things and intelligent technologies in industrial systems, the manufacturing efficiency and product quality have been improved, leading to the development of the Industrial Internet of Things (IIoT). Uploading private data to the cloud may lead to data leakage without security protection. Thus, attribute-based encryption (ABE) is widely used to ensure data security and implement data access control, and some multiauthority ABE schemes are proposed to meet the requirement of attributes from different authorities, such as factory and government, which is more suitable for the IIoT system. However, the current multiauthority ABE schemes are with privacy leakage problems on attributes and low-efficiency issues. To address these problems, we propose a multiauthority ABE scheme, which protects users’ privacy by anonymizing attributes in authentication, reduces the computing burden of IIoT devices by adapting online/offline technique and outsourcing decryption to edge devices, and realizes effective attribute revocation. A formal security proof is presented that our scheme is replayable chosen ciphertext attack secure. Finally, we implement the proposed scheme, and experimental results show that our scheme is more efficient than the existing schemes.

Chao Ma,Xiaojun Jin,Song Luo,Yifei Wei,Xiaojun Wang

DOI: https://doi.org/10.3837/tiis.2023.07.011

2023-01-01

KSII Transactions on Internet and Information Systems

Abstract:The arrival of the Internet of Things and 5G technology enables users to rely on edge computing platforms to process massive data. Data sharing based on edge computing refines the efficiency of data collection and analysis, saves the communication cost of data transmission back and forth, but also causes the privacy leakage of a lot of user data. Based on attribute-based encryption and blockchain technology, we design a fine-grained access control scheme for data in edge computing, which has the characteristics of verifiability, support for outsourcing decryption and user attribute revocation. User attributes are authorized by multi-attribute authorization, and the calculation of outsourcing decryption in attribute encryption is completed by edge server, which reduces the computing cost of end users. Meanwhile, We implemented the user's attribute revocation process through the dual encryption process of attribute authority and blockchain. Compared with other schemes, our scheme can manage users' attributes more flexibly. Blockchain technology also ensures the verifiability in the process of outsourcing decryption, which reduces the space occupied by ciphertext compared with other schemes. Meanwhile, the user attribute revocation scheme realizes the dynamic management of user attribute and protects the privacy of user attribute.

Jianfei Sun,Hu Xiong,Ximeng Liu,Yinghui Zhang,Xuyun Nie,Robert H. Deng

DOI: https://doi.org/10.1109/JIOT.2020.2974257

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:With the booming of Internet of Things (IoT), smart health (s-health) is becoming an emerging and attractive paradigm. It can provide an accurate prediction of various diseases and improve the quality of healthcare. Nevertheless, data security and user privacy concerns still remain issues to be addressed. As a high potential and prospective solution to secure IoT-oriented s-health applications, ciphertext policy attribute-based encryption (CP-ABE) schemes raise challenges, such as heavy overhead and attribute privacy of the end users. To resolve these drawbacks, an optimized vector transformation approach is first proposed to efficiently transform the access policy and user attribute set into respective vectors of shorter length while other approaches result in redundant and longer vectors. Our transformation approach can greatly relieve the costly overheard of key generation, encryption, and decryption phases. Then, based on the transformation approach and the offline/online computation technology, we propose a lightweight policy-hiding CP-ABE scheme for the IoT-oriented s-health application. With our proposed scheme, data users in the s-health system can perform lightweight encryption and decryption without leaking any sensitive privacy about the attributes of the user. Finally, the formal security analysis, the theoretic performance evaluation and experiment results indicate that the solution is secure and efficient.

Na Wang,Wen Zhou,Qingyun Han,Jianwei Liu,Weilue Liao,Junsong Fu

DOI: https://doi.org/10.1109/tcc.2024.3461732

IF: 5.697

2024-01-01

IEEE Transactions on Cloud Computing

Abstract:With the rapid development of cloud computing and Internet of Things (IoT) technologies, large amounts of data collected from IoT devices are encrypted and outsourced to cloud servers for storage and sharing. However, traditional ciphertext retrieval schemes impose high computation and storage overhead on end users. Meanwhile, IoT devices with limited resources are difficult to adapt to large amounts of data computation and transmission, which leads to transmission delay and poor user experience. In this paper, we propose a lightweight privacy-preserving ciphertext retrieval scheme based on edge computing (LPCR) by extending searchable encryption (SE) and ciphertext policy attribute-based encryption (CP-ABE) techniques. First, to avoid network delay and paralysis, we introduce edge servers into LPCR and design a collaboration mechanism between the user side and the edge servers. The user side only needs to accomplish lightweight computation and storage tasks, which greatly reduces their resource consumption. Second, we extend the basic ciphertext policy attribute-based keyword search (CP-ABKS) technique and design the Linear Secret Sharing Scheme (LSSS) access control algorithm with attribute values to hide access policies and attributes. In addition, to improve the retrieval accuracy, the document indexes and query trapdoors are set up by conjunctive keywords to help the cloud server locate exactly the data that the user wishes to query. Formal security analysis verifies that LPCR can achieve the security of chosen plaintext attack (CPA) and chosen keyword attack (CKA), and resist collusion attack. Simulation experiments prove that LPCR is lightweight and feasible.

Xiang Li,Hui Tian,Jianting Ning

DOI: https://doi.org/10.1007/978-3-030-31919-9_22

2019-01-01

Abstract:To ensure the security of mass data sharing in the Internet of Things, the cloud computing platform is supposed to provide data-storage services. The ciphertext-policy attribute-based encryption (CP-ABE) schemes has attracted wide-scale attention since users can access the cloud platform in a fine-grained manner. However, there are still some problems in the existing CP-ABE schemes when directly applied in the Internet of Things environment. The problem of simultaneously achieves large computational cost in the encryption and decryption. Moreover, the privacy of access control policy actually still remains unresolved. To fill the gap of the existing schemes, this paper proposes a suitable data sharing scheme for IoT devices which can’t always be online. We use the online/offline CP-ABE technology with privacy, while hiding the access control structure and reducing the computational cost of the devices when they are online. The asymptotic complexity comparison also shows that our scheme achieves high computation efficiency.

Kai Fan,Huiyue Xu,Longxiang Gao,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.future.2019.04.003

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:The fog-to-things paradigm is introduced to mitigate the heavy burden on the edge of cloud-based network due to the centralized processing and storing of the massive volume of IoT data. Fog-enabled IoT architectures ensure small latency and enough computing resource that enables real time devices and applications. However, there still exist security and privacy challenges on data access control for fog-enabled IoT. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in cloud-fog computing systems. In this paper, we propose an efficient and privacy preserving outsourced multi-authority access control scheme, named PPO-MACS. All attributes of users are transformed to be anonymous and authenticable to realize privacy preserving. And the verifiable outsourced decryption is introduced to reduce computation overheads on the end user side. Meanwhile, an efficient user revocation method is proposed. Security and performance analysis show that our scheme is secure and highly efficient.

Jie Zhang,Lingyun Yuan,Shanshan Xu

DOI: https://doi.org/10.48550/arXiv.2111.06544

2021-11-17

Abstract:In view of the security issues of the Internet of Things (IoT), considered better combining edge computing and blockchain with the IoT, integrating attribute-based encryption (ABE) and attribute-based access control (ABAC) models with attributes as the entry point, an attribute-based encryption and access control scheme (ABE-ACS) has been proposed. Facing Edge-Iot, which is a heterogeneous network composed of most resource-limited IoT devices and some nodes with higher computing power. For the problems of high resource consumption and difficult deployment of existing blockchain platforms, we design a lightweight blockchain (LBC) with improvement of the proof-of-work consensus. For the access control policies, the threshold tree and LSSS are used for conversion and assignment, stored in the blockchain to protect the privacy of the policy. For device and data, six smart contracts are designed to realize the ABAC and penalty mechanism, with which ABE is outsourced to edge nodes for privacy and integrity. Thus, our scheme realizing Edge-Iot privacy protection, data and device controlled access. The security analysis shows that the proposed scheme is secure and the experimental results show that our LBC has higher throughput and lower resources consumption, the cost of encryption and decryption of our scheme is desirable.

Cryptography and Security,Computers and Society

Jiguo Yu,Suhui Liu,Shengling Wang,Yinghao Xiao,Biwei Yan

DOI: https://doi.org/10.1109/jiot.2020.2992288

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:One of the best ways to deal with the massive data generated by the Internet of Things (IoT) is storing them in the cloud. However, outsourced storage raises some security and privacy issues, such as data leaking and illegal access. The attribute-based signcryption (ABSC) is one of the most promising approaches which can ensure the confidentiality and authenticity of data simultaneously. Nonetheless, it not only inherits the fine-grained access control but also the heavy computational cost which is intolerable for most resource-limited IoT devices. In this article, we propose lightweight hybrid-policy ABSC (LH-ABSC), a lightweight ABSC scheme which adopts ciphertext-policy encryption (CPABE) and key-policy attribute-based signature (KPABS). Ciphertext-policy attribute-based signature leads the decision making that who can decrypt to the data owners directly. Meanwhile, the signature is related with data owners' attribute set which can be used to testify the authenticity of data. In particular, LH-ABSC has constant signature size and satisfies public verification which is deeply important for IoT devices. Moreover, LH-ABSC outsources most computing overhead to fog nodes, including signature, verify, and decryption. Comprehensive theoretical analyses, such as confidentiality, unforgeability, and verifiability, are provided. Also, the selective chosen ciphertext security, the selective chosen message security, and signers anonymity are achieved.

Jianguo Sun,Yang,Zechao Liu,Yuqing Qiao

DOI: https://doi.org/10.1155/2021/9174630

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:Currently, the Internet of Things (IoT) provides individuals with real-time data processing and efficient data transmission services, relying on extensive edge infrastructures. However, those infrastructures may disclose sensitive information of consumers without authorization, which makes data access control to be widely researched. Ciphertext-policy attribute-based encryption (CP-ABE) is regarded as an effective cryptography tool for providing users with a fine-grained access policy. In prior ABE schemes, the attribute universe is only managed by a single trusted central authority (CA), which leads to a reduction in security and efficiency. In addition, all attributes are considered equally important in the access policy. Consequently, the access policy cannot be expressed flexibly. In this paper, we propose two schemes with a new form of encryption named multi-authority criteria-based encryption (CE) scheme. In this context, the schemes express each criterion as a polynomial and have a weight on it. Unlike ABE schemes, the decryption will succeed if and only if a user satisfies the access policy and the weight exceeds the threshold. The proposed schemes are proved to be secure under the decisional bilinear Diffie–Hellman exponent assumption (q-BDHE) in the standard model. Finally, we provide an implementation of our works, and the simulation results indicate that our schemes are highly efficient.

Qian Xu,Chengxiang Tan,Zhijie Fan,Wenye Zhu,Ya Xiao,Fujia Cheng

DOI: https://doi.org/10.3390/s18051609

IF: 3.9

2018-01-01

Sensors

Abstract:Nowadays, fog computing provides computation, storage, and application services to end users in the Internet of Things. One of the major concerns in fog computing systems is how fine-grained access control can be imposed. As a logical combination of attribute-based encryption and attribute-based signature, Attribute-based Signcryption (ABSC) can provide confidentiality and anonymous authentication for sensitive data and is more efficient than traditional "encrypt-then-sign" or "sign-then-encrypt" strategy. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention recently. However, in many existing ABSC systems, the computation cost required for the end users in signcryption and designcryption is linear with the complexity of signing and encryption access policy. Moreover, only a single authority that is responsible for attribute management and key generation exists in the previous proposed ABSC schemes, whereas in reality, mostly, different authorities monitor different attributes of the user. In this paper, we propose OMDAC-ABSC, a novel data access control scheme based on Ciphertext-Policy ABSC, to provide data confidentiality, fine-grained control, and anonymous authentication in a multi-authority fog computing system. The signcryption and designcryption overhead for the user is significantly reduced by outsourcing the undesirable computation operations to fog nodes. The proposed scheme is proven to be secure in the standard model and can provide attribute revocation and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation.