Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Jianhong Zhang,Wenle Bai,Yuehai Wang

DOI: https://doi.org/10.1109/access.2019.2899828

IF: 3.9

2019-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is the internetworking of terminal physical devices depends on application programming interfaces and sensors to be connected to the Internet for collecting and exchanging data. According to the characteristics of IoT, it can provide rich services for the terminal user. However, the centralized cloud computing-based storage architecture in IoT faces many challenges, such as data security, identity privacy, and high latency. To overcome these challenges, this paper introduces an IoT network storage architecture based on mobile edge computing, which not only achieves low-latency message response and computation offloading of the terminal user but also preserves identity-privacy of the terminal user. Afterward, we presented a novel non-interactive pairing-free ID-based proxy re-signature scheme (ID-PRS), which is a kernel technique to construct the aforementioned storage architecture. Compared with most of proxy re-signature schemes constructed based on traditional public-key-infrastructure, the proposed scheme avoids expensive pairing operation and intricate certificate-maintenance. And it is demonstrated to be provably secure under the classic security assumptions: integer factoring problem and the RSA assumption. Finally, in contrast to the other two ID-PRS schemes, the proposed ID-PRS scheme has more advantages in terms of security, functionability, and computation costs. Thus, it is very suitable to be applied to the resource-constrained mobile users.

Guan Zhitao,Yang Wenti,Zhu Liehuang,Wu Longfei,Wang Ruimiao

DOI: https://doi.org/10.1007/s11432-020-2957-5

2021-01-01

Science China Information Sciences

Abstract:The Internet of things(IoT) technology has been used in a wide range of fields, ranging from industrial manufacturing to daily lives. The IoT system contains numerous resource-constrained lightweight devices such as wireless sensors and radio frequency identification(RFID) tags. A massive amount of sensitive data is generated and transmitted by these devices to a variety of users. The complexity of the IoT system places a high demand on security. Therefore, it is necessary to develop an encryption scheme with access control to provide flexible and secure access to the sensitive data. The ciphertext policy attribute-based encryption(CP-ABE) scheme is a potential solution. However, the long ciphertext as well as the slow encryption and decryption operations in traditional ABE schemes make it inappropriate for most IoT systems,which require low latency and contain many devices with limited memory size and computing capability. In this paper, we propose a modified CP-ABE scheme with constant length of ciphertext and low computation overhead in the encryption and decryption phases. Additionally, our scheme is proven to be adaptively secure under the standard model. Moreover, two enhanced schemes are developed to prevent authorized users from leaking data and protect the privacy of data owners by combining chameleon hash, bloom filters and CP-ABE, respectively. Finally, the experimental evaluation and analysis prove the feasibility of our scheme.

Jialu Hao,Cheng Huang,Jian Liu,Ming Xian,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/glocom.2018.8647659

2018-01-01

Abstract:Data owners have benefited significantly from cloud computing for managing the numerous data produced by massive devices in various Internet of Things (IoT) applications, such as smart home and electronic healthcare. On the other hand, fine-grained access control on outsourced data is a big concern for data owners, after they lose physical control over their data. Key-policy attribute-based encryption (KP-ABE), which provides data confidentiality and fine-grained data access control simultaneously, can be naturally introduced in this cloud-based IoT paradigm. However, the primitive KP-ABE cannot achieve efficient data access control with flexible user revocation. In this paper, we propose an efficient and fine-grained data access control scheme based on the proxy re-encryption and key blinding techniques for cloud-based IoT. With the scheme, the decryption capability of misbehaving users can be efficiently revoked to prevent data disclosure. In addition, most of the costly update operations over ciphertexts and keys due to user revocation, are delegated to the cloud. Extensive experiment results demonstrate that our scheme is more efficient than existing solutions in terms of computation and communication overheads.

Wang Ren,Xin Tong,Jing Du,Na Wang,Shan Cang Li,Geyong Min,Zhiwei Zhao,Ali Kashif Bashir

DOI: https://doi.org/10.1016/j.comcom.2020.10.022

IF: 5.047

2020-01-01

Computer Communications

Abstract:The data privacy concerns are increasingly affecting the Internet of things (IoT) and artificial intelligence (AI) applications, in which it is very challenging to protect the privacy of the underlying data. In recent, the advancements in the performances of homomorphic encryption (HE) make it possible to help protect sensitive and personal data in IoT applications using homomorphic encryption based schemes. This paper proposed a practical homomorphic encryption scheme that can enable data users in IoT systems to securely operate data over encrypted data, which can effectively protect the privacy of key data in the system. The experimental results demonstrated the effectiveness proposed scheme.

Jianfei Sun,Hu Xiong,Ximeng Liu,Yinghui Zhang,Xuyun Nie,Robert H. Deng

DOI: https://doi.org/10.1109/JIOT.2020.2974257

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:With the booming of Internet of Things (IoT), smart health (s-health) is becoming an emerging and attractive paradigm. It can provide an accurate prediction of various diseases and improve the quality of healthcare. Nevertheless, data security and user privacy concerns still remain issues to be addressed. As a high potential and prospective solution to secure IoT-oriented s-health applications, ciphertext policy attribute-based encryption (CP-ABE) schemes raise challenges, such as heavy overhead and attribute privacy of the end users. To resolve these drawbacks, an optimized vector transformation approach is first proposed to efficiently transform the access policy and user attribute set into respective vectors of shorter length while other approaches result in redundant and longer vectors. Our transformation approach can greatly relieve the costly overheard of key generation, encryption, and decryption phases. Then, based on the transformation approach and the offline/online computation technology, we propose a lightweight policy-hiding CP-ABE scheme for the IoT-oriented s-health application. With our proposed scheme, data users in the s-health system can perform lightweight encryption and decryption without leaking any sensitive privacy about the attributes of the user. Finally, the formal security analysis, the theoretic performance evaluation and experiment results indicate that the solution is secure and efficient.

Nan Gao,Kai Fan,Haoyang Wang,Hongyan Chen,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/jiot.2023.3288131

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Ciphertext retrieval for Cloud-based Internet of Things has been widely explored with the increasing popularity of cloud computing. However, in most existing solutions, the security and efficiency of the retrieval process are difficult to achieve simultaneously. To this end, we develop a novel secure matrix index, and we utilize identity-based encryption to encrypt keywords and homomorphic encryption to encrypt matrix values. The former can guarantee the security of the keyword, and the latter can realize the efficiency of the operation while ensuring safety. Then, we develop an identity-based bidirectional authentication algorithm to ensure that only authenticated users can retrieve ciphertext. In addition, we use different scoring formulas to calculate the relevance scores of documents with different lengths, ensuring that the documents are appropriately returned to users. Finally, we design a new retrieval structure to protect the privacy of the correspondence between keywords and ciphertexts. The security proof shows that the index and trapdoor can resist Chosen Keyword Attack and Keyword Guessing Attack. The extensive simulation shows that our scheme is efficient.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yi Wu,Wei Zhang,Hu Xiong,Zhiguang Qin,Kuo-Hui Yeh

DOI: https://doi.org/10.1007/s11042-021-11286-0

IF: 2.577

2021-01-01

Multimedia Tools and Applications

Abstract:With the universality and availability of Internet of Things (IoT), data privacy protection in IoT has become a hot issue. As a branch of attribute-based encryption (ABE), ciphertext policy attribute-based encryption (CP-ABE) is widely used in IoT to offer flexible one-to-many encryption. However, in IoT, different mobile devices share messages collected, transmission of large amounts of data brings huge burdens to mobile devices. Efficiency is a bottleneck which restricts the wide application and adoption of CP-ABE in Internet of things. Besides, the decryption key in CP-ABE is shared by multiple users with the same attribute, once the key disclosure occurs, it is non-trivial for the system to tell who maliciously leaked the key. Moreover, if the malicious mobile device is not revoked in time, more security threats will be brought to the system. These problems hinder the application of CP-ABE in IoT. Motivated by the actual need, a scheme called traceable and revocable ciphertext policy attribute-based encryption scheme with constant-size ciphertext and key is proposed in this paper. Compared with the existing schemes, our proposed scheme has the following advantages: (1) Malicious users can be traced; (2) Users exiting the system and misbehaving users are revoked in time, so that they no longer have access to the encrypted data stored in the cloud server; (3) Constant-size ciphertext and key not only improve the efficiency of transmission, but also greatly reduce the time spent on decryption operation; (4) The storage overhead for traceability is constant. Finally, the formal security proof and experiment has been conducted to demonstrate the feasibility of our scheme.

Qian Mei,Minghao Yang,Jinhao Chen,Lili Wang,Hu Xiong

DOI: https://doi.org/10.1109/TDSC.2022.3188740

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Expressive data sharing and efficient data deletion are essential to drive the development of cloud-assisted IoT. But insecure transmission and the vulnerability of the cloud server may cause potential threats to IoT data, attribute-based encryption (ABE) is widely applied to ensure data confidentially. Nonetheless, the potential data exposure caused by the compromised long-term key and the contradiction between conventional access structures in ABE and the various demands of data owners are still two huge challenges. To overcome these challenges, this article designs an unbounded and puncturable ciphertext-policy ABE with arithmetic span program ( <inline-formula><tex-math notation="LaTeX">$\mathcal {UP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {CP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ABE}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ASP}$</tex-math></inline-formula> ) scheme and presents an expressive data sharing and self-controlled fine-grained data deletion solution in cloud-assisted IoT, which allows data owners to efficiently encrypt and share data with various computable access policies, but also enables data owners and data users to independently delete specific data stored in the cloud. The designed <inline-formula><tex-math notation="LaTeX">$\mathcal {UP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {CP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ABE}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ASP}$</tex-math></inline-formula> leverages unbounded ABE and puncturable encryption to support the flexible update of system parameters and the deletion of specific data. Also, the arithmetic span program access structure is combined to realize expressive data sharing. Moreover, the <inline-formula><tex-math notation="LaTeX">$\mathcal {UP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {CP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ABE}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ASP}$</tex-math></inline-formula> is adaptively secure in the standard model, and comprehensive performance evaluations demonstrate its practicability and scalability in cloud-assisted IoT.

Dongfeng Fang,Yi Qian,Rose Qingyang Hu

DOI: https://doi.org/10.1109/jiot.2020.2970974

IF: 10.6

2020-04-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) applications have been rapidly deployed into pervasive environment, where both challenges and opportunities abound. On the one hand, a large number of IoT devices and their rich functions contribute significant volumes of data, which has brought tremendous convenience to the daily lives of end users. On the other hand, the heterogeneous IoT devices and a large amount of private information transmitted through networks also bring serious security and privacy issues. It is a big challenge to model IoT systems and trust relationships between different entities with a large number of heterogeneous IoT devices. In this article, we study a general IoT system architecture with consideration of heterogeneous IoT devices. Different trust models are proposed and analyzed based on the trust relationships between different entities in the IoT system. We propose a flexible and efficient authentication scheme with a consideration of heterogeneous IoT devices based on the least trust-required model. The proposed scheme provides security and privacy to resource-limited IoT devices flexibly and efficiently by utilizing IoT devices with better storage and computational ability. Moreover, secure data transmission is presented with contextual privacy and data integrity services. The proposed scheme achieves not only the mutual authentication, initial session key agreement, and data integrity but also anonymity, contextual privacy, forward security, end-to-end security, and key escrow resilience. Security analysis is presented to provide verification of the proposed protocol and security objectives. Moreover, performance evaluation is presented with comparison to the other schemes in terms of security features, computational overhead, and communication overhead. The performance comparisons show that our proposed scheme provides flexible and efficient security by consideration of heterogeneous IoT devices. With the higher proportion of resource-limited IoT devic-s, our proposed scheme outperforms other similar schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rang Zhou,Xiaosong Zhang,Xiaofen Wang,Guowu Yang,Wanpeng Li

DOI: https://doi.org/10.1007/978-3-030-05063-4_23

2018-01-01

Abstract:With the incessant development and popularization of Internet of things (IoT), the amount of the data collected by IoT devices has rapidly increased. This introduces the concerns over the heavy storage overhead to such systems. In order to relief the storage burden, a popular method is to use the outsourced cloud technology. While the massive collected IoT data is outsourced to the cloud, the security and privacy of these outsourced data is therefore of critical importance, and many researches have been done in this area. In this paper, we propose a new keyword searchable encryption system with fine-grained right revocation. In the system, each IoT device’s data are stored in a special document. Thus the data owner can revoke users’ search rights at fine-grained document level by setting new random number in each time period. Especially, to realize search right revocation, re-encryption operations on keyword cipheretexts are not needed in our scheme. Then, we instantiate a valid construction in practical application and discuss the security properties in the construction. Our performance evaluations show that the proposed construction is efficient.

Biwen Chen,Lei Yang,Tao Xiang,Xiaoguo Li

DOI: https://doi.org/10.1109/trustcom53373.2021.00050

2021-01-01

Abstract:Smart home is a good exemplification of the Internet of Things (IoT). Many researchers study how to make smart home systems (SHS) smarter. However, the security of SHS is also worth studying as user's information is collected from the devices and security-sensitive data are communicated through an open network. Therefore, how to guarantee the security of the data transmission in SHS is an important problem. In this paper, we propose a new secure data transmission scheme with access control to protect the data transmission in SHS. In our scheme, data transmission is secured by a new cryptographic primitive called access control encryption (ACE). Different from other existing solutions in SHS, our scheme controls not only which messages smart devices can receive, but also which messages they can send. Our experimental results demonstrate the effectiveness and efficiency of our proposed mechanism.

Kai Fan,Huiyue Xu,Longxiang Gao,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.future.2019.04.003

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:The fog-to-things paradigm is introduced to mitigate the heavy burden on the edge of cloud-based network due to the centralized processing and storing of the massive volume of IoT data. Fog-enabled IoT architectures ensure small latency and enough computing resource that enables real time devices and applications. However, there still exist security and privacy challenges on data access control for fog-enabled IoT. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in cloud-fog computing systems. In this paper, we propose an efficient and privacy preserving outsourced multi-authority access control scheme, named PPO-MACS. All attributes of users are transformed to be anonymous and authenticable to realize privacy preserving. And the verifiable outsourced decryption is introduced to reduce computation overheads on the end user side. Meanwhile, an efficient user revocation method is proposed. Security and performance analysis show that our scheme is secure and highly efficient.

Bian, Qingquan,Zhang, Yue,Song, Chang,Wu, Axin

DOI: https://doi.org/10.1007/s12083-023-01619-1

IF: 3.488

2024-01-12

Peer-to-Peer Networking and Applications

Abstract:Internet of Things (IoT) applications are revolutionizing lifestyles and social management. In IoT environments, there is a need to deploy a large number of sensing devices, which are typically resource-constrained, with limited computational power and communication resources. Due to its open nature, IoT applications confront potential security and privacy risks in exchange for convenience, with data privacy being a significant concern. Predicate encryption (PE) offers a promising approach to address this concern. However, most PE schemes are public-key cryptosystems, which are more expensive compared to symmetric cryptography. These costs are burdensome for resource-constrained devices, especially when dealing with massive amounts of data. A recent study by Viet et al. (ESORICS'2022) introduced a symmetric PE scheme. However, this scheme's representation of attributes and predicates is limited. To overcome this limitation, we propose a flexible symmetric PE scheme. In the proposed scheme, predicates and attributes are represented using vectors. Tokens are related to predicates, while ciphertexts are associated with attributes. The encrypted message can be decrypted when the values of the predicate vector and attribute vector are pairwise unequal. This scheme enables fine-grained access control over encrypted data, ensuring that users with any attribute value in the vector embedded in the ciphertext cannot decrypt it. The security analysis demonstrates that the proposed scheme effectively protects data privacy. Additionally, performance evaluations indicate that the scheme is efficient, providing a lightweight solution for data privacy in IoT environments.

computer science, information systems,telecommunications

Mamun Abu-Tair,Soufiene Djahel,Philip Perry,Bryan Scotney,Unsub Zia,Jorge Martinez Carracedo,Ali Sajjad

DOI: https://doi.org/10.3390/s20216131

IF: 3.9

2020-01-01

Sensors

Abstract:Internet of Things (IoT) technology is increasingly pervasive in all aspects of our life and its usage is anticipated to significantly increase in future Smart Cities to support their myriad of revolutionary applications. This paper introduces a new architecture that can support several IoT-enabled smart home use cases, with a specified level of security and privacy preservation. The security threats that may target such an architecture are highlighted along with the cryptographic algorithms that can prevent them. An experimental study is performed to provide more insights about the suitability of several lightweight cryptographic algorithms for use in securing the constrained IoT devices used in the proposed architecture. The obtained results showed that many modern lightweight symmetric cryptography algorithms, as CLEFIA and TRIVIUM, are optimized for hardware implementations and can consume up to 10 times more energy than the legacy techniques when they are implemented in software. Moreover, the experiments results highlight that CLEFIA significantly outperforms TRIVIUM under all of the investigated test cases, and the latter performs 100 times worse than the legacy cryptographic algorithms tested.

Shuai Li,Miao Li,Haitao Xu,Xianwei Zhou

DOI: https://doi.org/10.3390/s19051059

2019-03-01

Abstract:The Internet of things (IoT) has become a significant part of our daily life. Composed of millions of intelligent devices, IoT can interconnect people with the physical world. With the development of IoT technology, the amount of data generated by sensors or devices is increasing dramatically. IoT-based big data has become a very active research area. One of the key issues in IoT-based big data is ensuring the utility of data while preserving privacy. In this paper, we deal with the protection of big data privacy in the data storage phase and propose a searchable encryption scheme satisfying personalized privacy needs. Our proposed scheme works for all file types including text, audio, image, video, etc., and meets different privacy needs of different individuals at the expense of high storage cost. We also show that our proposed scheme satisfies index indistinguishability and trapdoor indistinguishability.

Leyou Zhang,Jun Wang,Yi Mu

DOI: https://doi.org/10.1109/jiot.2021.3071553

IF: 10.6

2021-10-01

IEEE Internet of Things Journal

Abstract:Along with the development of edge computing and the cloud, the Internet of Things (IoT) is affecting and changing people's lives. Data sharing has played an important role in the IoT, but the leakage of private user information poses a new security threat to the users. Thus, flexible fine-grained access control for such shared data is proposed in this article as an effective and secure method of eliminating vulnerabilities. However, the disclosure of access policies will also expose users' private information. Recently, Yang et al. attempted to solve this problem and proposed a framework based on attribute-based encryption for shared data onto IEEE IoT-J(DOI: 10.1109/JIOT.2016.2571718). They hide the access policies by using a bloom filter (BF) and attempt to address privacy preservation in IoT. However, we demonstrate several security weaknesses of their framework and point out its vulnerability to dictionary attacks and access policy guessing attacks. Then, an improved IoT solution is proposed. Under this proposal, the attribute values are stored in BF while the attribute names are embedded in the access policy. The proposed scheme can resist dictionary attacks and access policy guessing attacks. In addition, it simultaneously realizes large attribute sets, an efficient decryption algorithm, and adaptive security. Security analysis and performance evaluations show that the presented scheme achieves higher security and implementation simplicity in the IoT than other currently available schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Han-Yu Lin,Pei-Ru Chen

DOI: https://doi.org/10.3390/s24196290

2024-09-28

Abstract:As technology advances rapidly, a diverse array of Internet of Things (IoT) devices finds widespread application across numerous fields. The intelligent nature of these devices not only gives people more convenience, but also introduces new challenges especially in security when transmitting data in fog-based cloud environments. In fog computing environments, data need to be transmitted across multiple devices, increasing the risk of data being intercepted or tampered with during transmission. To securely share cloud ciphertexts, an alleged proxy re-encryption approach is a commonly adopted solution. Without decrypting the original ciphertext, such a mechanism permits a ciphertext intended for user A to be easily converted into the one intended for user B. However, to revoke the decryption privilege of data users usually relies on the system authority to maintain a user revocation list which inevitably increases the storage space. In this research, the authors come up with a fog-based proxy re-encryption system with revocable identity. Without maintaining the traditional user revocation list, the proposed scheme introduces a time-updated key mechanism. The time-update key could be viewed as a partial private key and should be renewed with different time periods. A revoked user is unable to obtain the renewed time-update key and hence cannot share or decrypt cloud ciphertexts. We formally demonstrate that the introduced scheme satisfies the security of indistinguishability against adaptively chosen identity and chosen plaintext attacks (IND-PrID-CPA) assuming the hardness of the Decisional Bilinear Diffie-Hellman (DBDH) problem in the random oracle model. Furthermore, compared with similar systems, the proposed one also has lower computational complexity as a whole.

Xiong Li,Tian Liu,Chaoyang Chen,Qingfeng Cheng,Xiaosong Zhang,Neeraj Kumar

DOI: https://doi.org/10.1109/jiot.2022.3165576

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:As an extension of cloud computing, edge computing has attracted the attention of academia and industry because of its characteristics of low latency, high bandwidth, and low energy consumption. However, due to limited terminal resources and insufficient security design, the edge computing environment still faces many challenges in terms of data security and privacy protection. Among them, how to effectively control access to outsourced data is one of the main issues. In this article, we propose a lightweight and verifiable ciphertext-policy attribute-based encryption (CP-ABE)-based multiauthority access control scheme for edge computing-assisted Internet of Things (IoT), which adopts the method of outsourcing decryption to mitigate the computational cost of data users with limited resources. In addition, our scheme realizes the feature of attribute revocation, and the design of the multiauthority mechanism enables our scheme to avoid the problem of key escrow. Therefore, our proposed scheme not only ensures data confidentiality but also can resist the collusion attack. Besides, our scheme is secure against the chosen plaintext attack in the random oracle model under the decision $q$ -BDHE assumption. Finally, we compared our scheme with some related work in performance, and the results demonstrate that our scheme is efficient in computation and communication. Because our scheme greatly mitigates the overhead of data users, it is very suitable for edge computing supported IoT applications with restricted computation resources.

Saiyu Qi,Youshui Lu,Wei Wei,Xiaofeng Chen

DOI: https://doi.org/10.1109/jiot.2020.3020979

IF: 10.6

2021-02-15

IEEE Internet of Things Journal

Abstract:The Industrial Internet of Things (IIoT) has provided a promising opportunity to build digitalized industrial systems. A fundamental technology of IIoT is the radio-frequency identification (RFID) technique, which allows industrial participants to identify items and anchor time-series IoT data for them. They can further share the IoT data through the cloud service to enable information exchange and support critical decisions in production operations. Storing IoT data in the cloud, however, requires a data access control mechanism to protect sensitive business issues. Unfortunately, using traditional cryptographic access control schemes for time-series IoT data face severe efficiency and key leakage problems. In this article, we design a secure industrial data access control scheme for cloud-assisted IIoT. Our scheme enables participants to enforce fine-grained access control policies for their IoT data via ciphertext policy-attribute-based encryption (CP-ABE) scheme. Our scheme adopts a hybrid cloud infrastructure for participants to outsource expensive CP-ABE tasks to the cloud service with strong privacy guarantees. Importantly, our scheme guarantees a new privacy notion named item-level data protection for IoT data to prevent key leakage problem. We achieve these goals via several encryption and optimization techniques. Our performance assessments combine system implementation with large-scale emulations and confirm the security and efficiency of our design.

computer science, information systems,telecommunications,engineering, electrical & electronic