Shuming Xiong,Qiang Ni,Liangmin Wang,Qian Wang

DOI: https://doi.org/10.1109/jiot.2020.2963899

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Data access control in a cloud storage system is regarded as a promising technique for enhanced efficiency and security utilizing a ciphertext-policy attribute-based encryption (CP-ABE) approach. However, due to a large number of data users as well as limited resources and heterogeneity of data devices in Internet of Things (IoT), existing access control schemes for the cloud storage are not effectively applicable to IoT applications. In this article, we construct a new CP-ABE-based storage model for data storing and secure access in a cloud for IoT applications. Our new framework introduces an attribute authority management (AAM) module in the cloud storage system functioned as an agent that provides a user-friendly access control and highly reduces the storage overhead of public keys. Then, we propose a novel secure and efficient multiauthority access control scheme of the cloud storage system for IoT, namely, SEM-ACSIT, which obtains both backward security and forward security when an attribute of a user is revoked. By exploiting encryption outsourcing, simplified key structuring and the AAM module, the computational overhead of a user is immensely decreased. Moreover, a user access control list (UACL) in the cloud server is constructed newly to support authorization access for a specific user. The analysis and simulation results demonstrate that our SEM-ACSIT scheme achieves powerful security with less computational overhead and lower storage costs than the existing schemes.

Kai Fan,Huiyue Xu,Longxiang Gao,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.future.2019.04.003

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:The fog-to-things paradigm is introduced to mitigate the heavy burden on the edge of cloud-based network due to the centralized processing and storing of the massive volume of IoT data. Fog-enabled IoT architectures ensure small latency and enough computing resource that enables real time devices and applications. However, there still exist security and privacy challenges on data access control for fog-enabled IoT. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in cloud-fog computing systems. In this paper, we propose an efficient and privacy preserving outsourced multi-authority access control scheme, named PPO-MACS. All attributes of users are transformed to be anonymous and authenticable to realize privacy preserving. And the verifiable outsourced decryption is introduced to reduce computation overheads on the end user side. Meanwhile, an efficient user revocation method is proposed. Security and performance analysis show that our scheme is secure and highly efficient.

Kai Fan,Junxiong Wang,Xin Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.3390/s17071695

IF: 3.9

2017-01-01

Sensors

Abstract:With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

Qian Xu,Chengxiang Tan,Zhijie Fan,Wenye Zhu,Ya Xiao,Fujia Cheng

DOI: https://doi.org/10.3390/s18051609

IF: 3.9

2018-01-01

Sensors

Abstract:Nowadays, fog computing provides computation, storage, and application services to end users in the Internet of Things. One of the major concerns in fog computing systems is how fine-grained access control can be imposed. As a logical combination of attribute-based encryption and attribute-based signature, Attribute-based Signcryption (ABSC) can provide confidentiality and anonymous authentication for sensitive data and is more efficient than traditional "encrypt-then-sign" or "sign-then-encrypt" strategy. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention recently. However, in many existing ABSC systems, the computation cost required for the end users in signcryption and designcryption is linear with the complexity of signing and encryption access policy. Moreover, only a single authority that is responsible for attribute management and key generation exists in the previous proposed ABSC schemes, whereas in reality, mostly, different authorities monitor different attributes of the user. In this paper, we propose OMDAC-ABSC, a novel data access control scheme based on Ciphertext-Policy ABSC, to provide data confidentiality, fine-grained control, and anonymous authentication in a multi-authority fog computing system. The signcryption and designcryption overhead for the user is significantly reduced by outsourcing the undesirable computation operations to fog nodes. The proposed scheme is proven to be secure in the standard model and can provide attribute revocation and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation.

Qi Li,Hongbo Zhu,Jinbo Xiong,Ruo Mo,Zuobin Ying,Huaqun Wang

DOI: https://doi.org/10.1007/s12243-018-00702-6

2019-01-01

Annals of Telecommunications

Abstract:With the popularity of Internet of Things (IoT) and cloud computing technologies, mobile healthcare (mHealth) can offer remote, accurate, and effective medical services for patients according to their personal health records (PHRs). However, data security and efficient access of the PHR should be addressed. Attribute-based encryption (ABE) is regarded as a well-received cryptographic mechanism to simultaneously realize fine-grained access control and data confidentiality in mHealth. Nevertheless, existing works are either constructed in the single-authority setting which may be a performance bottleneck, or lack of efficient user decryption. In this paper, we propose SEMAAC, a secure and efficient multi-authority access control system for IoT-enabled mHealth. In SEMAAC, there are multiple independently worked attribute authorities (AAs). A new entity could be an AA without re-building the system. To reduce the user decryption overhead, most decryption is executed in cloud server, which whereafter returns a partial decryption ciphertext (PDC). The AAs can help the user to check if the PDC is correctly computed. Additionally, a restricted user can delegate his/her key to someone to outsource the decryption and check the returned result, without exposing the plaintext PHR file. The proposed SEMAAC is proved to be adaptively secure in the standard model. The numerical analysis and extensive experiments illustrate the efficiency and advantage of our scheme.

Jiawei Zhang,Teng Li,Zuobin Ying,Jianfeng Ma

DOI: https://doi.org/10.1109/tcc.2022.3147226

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Cloud-Fog-Assisted Internet-of-Things (IoT) is a convincing paradigm to provide users with on-demand and low-latency services through Fog nodes in the edge of multiple clouds (Multi-Cloud). Multi-Cloud is a scalable multi-domain service-oriented net-centric system and can respond to complicated user requirements leveraging Multi-Cloud Service Composition (MCSC). However, in MCSC, user security can be easily compromised by untrusted and curious cloud service providers that may collect and violate the privacy and other essential assets of cloud users. Although many trust-based MCSC solutions have been proposed to seek a trustworthy composite service with highest trust level, most of them are vulnerable to malicious users intending to break through the clouds and inflict serious data leakage or asset damage. Considering these security concerns on both malicious users and untrusted service providers, in this article, we present a trust-based secure multi-cloud collaboration framework for Cloud-Fog-Assisted IoT systems. Specifically, to guarantee the security of users, we develop a role-based trust evaluation method to enhance the trustworthiness of MCSC. To preserve the security of services, we design an efficient user authentication scheme and a secure collaboration scheme to provide collaborative user authentication and access control mechanism for MCSC. We develop a proof of concept implementation for our framework and demonstrate its practicability by performance evaluation with extensive experiments.

computer science, information systems, theory & methods

Kaiqing Huang,Xueli Wang,Zhiqiang Lin

DOI: https://doi.org/10.1155/2021/8872699

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:With the assistance of edge computing which reduces the heavy burden of the cloud center server by using the network edge servers, the Internet of Things (IoTs) architectures enable low latency for real-time devices and applications. However, there still exist security challenges on data access control for the IoT. Multiauthority attribute-based encryption (MA-ABE) is a promising technique to achieve access control over encrypted data in cross-domain applications. Based on the characteristics and technical requirements of the IoT, we propose an efficient fine-grained revocable large universe multiauthority access control scheme. In the proposed scheme, the most expensive encryption operations have been executed in the user’s initialization phase by adding a reusable ciphertext pool besides splitting the encryption algorithm to online encryption and offline encryption. Massive decryption operations are outsourced to the near-edge servers for reducing the computation overhead of decryption. An efficient revocation mechanism is designed to change users’ access privileges dynamically. Moreover, the scheme supports ciphertext verification. Only valid ciphertext can be stored and transmitted, which saves system resources. With the help of the chameleon hash function, the proposed scheme is proven CCA2-secure under the q-DPBDHE2 assumption. The performance analysis results indicate that the proposed scheme is efficient and suitable in edge computing for the IoT.

Shengmin Xu,Jianting Ning,Jinhua Ma,Xinyi Huang,HweeHwa Pang,Robert H. Deng

DOI: https://doi.org/10.1145/3450569.3463561

2021-01-01

Abstract:As a versatile system architecture, cloud-fog Internet-of-Things~(IoT) enables multiple resource-constrained devices to communicate and collaborate with each other. By outsourcing local data and immigrating expensive workloads to cloud service providers and fog nodes (FNs), resource-constrained devices can enjoy data services with low latency and minimal cost. To protect data security and privacy in the untrusted cloud-fog environment, many cryptographic mechanisms have been invented. Unfortunately, most of them are impractical when directly applied to cloud-fog IoT computing, mainly due to the large number of resource-constrained end-devices (EDs). In this paper, we present a secure cloud-fog IoT data sharing system with bilateral access control based on a new cryptographic tool called lightweight matchmaking encryption. Our system enforces both sender access control and receiver access control simultaneously and adapts to resource-constrained EDs by outsourcing costly workloads to FNs. We conduct extensive experiments to demonstrate the superior performance of our system to the most relevant solutions in the literature.

Wided Ben Daoud,Mohammad S. Obaidat,Amel Meddeb-Makhlouf,Faouzi Zarai,Kuei-Fang Hsiao

DOI: https://doi.org/10.1186/s13673-019-0188-3

2019-07-22

Abstract:Abstract Fog computing network is designed as an extension of the cloud due to the need for a supporting platform capable of ensuring the requirements of Internet of Thing (IoT). The growth of fog based fifth generation mobile communication (5G) system is challenged by the need for data sharing security. In fact, without properly securing access to Fog node resources in IoT network, services providers may not be able to achieve the desired performance. Indeed, fog computing obviously confront numerous security and privacy risks, due to its features, such as huge scale geolocation, heterogeneity and mobility. Thus, we propose a security model that is based on cooperation between IoT and fog. This model integrates an efficient access control process associated with a monitoring scheme to ensure secure cooperation between diverse resources and different operational parts. Indeed, a comprehensive scheduling process and resource allocation mechanism using our security model is proposed to improve the intended performance of the system. In fact, our main contribution is to introduce a distributed access control based on security resource management framework for fog-IoT networks, and proactive security scheme under ultra-trustworthiness and low-latency constraints. After evaluation based on iFogSim, we have proved that our scheme not only provides low latency with high security and privacy, but also reduces the complexity of administration and management of security and resources mechanisms.

computer science, information systems

Dawei Li,Jianwei Liu,Qianhong Wu,Zhenyu Guan

DOI: https://doi.org/10.1109/access.2019.2890976

IF: 3.9

2019-01-01

IEEE Access

Abstract:Fog computing enables computation, storage, applications, and network services between the Internet of Things and the cloud servers by extending the Cloud Computing paradigm to the edge of the network. When protecting information security in Fog computing, advanced security with low latency, wide-spread geographical distribution support, and high flexibility should be taken in to considertion first, because of its huge number of nodes. In this paper, we propose a new cryptographic primitive, named CCA2 secure publicly-verifiable revocable large-universe multi-authority attribute-based encryption (CCA2-PV-R-LU-MA-ABE), to achieve flexible fine-grained access control in Fog computing. In this primitive, end nodes in fogs generate private keys from multiple authorities that might be differentiated by their geographical locations or functions, and their attributes can be denoted by any strings in the large universe, which meets diverse needs in practical Fog applications. In addition, the accessibility of nodes can be revoked efficiently even by resource-limited devices. To ensure the validity of ciphertext, this primitive supports public verification and only valid ciphertext can be stored or transmitted. Based on the primitive and the feature of Fog computing, we construct a concrete CCA2-PV-R-LU-MA-ABE scheme. We define the security model of this primitive, which is much more secure than the CPA-secure scheme. Finally, we compare the efficiency of the proposed concrete scheme with that of the existing CPA-secure scheme by both theoretical and experimental analysis, and the results show that the extra consumption of efficiency to improving CPA to CCA2 is considerably low. The proposed scheme is highly secure, flexible, and efficient enough to be deployed in practical Fog computing.

Xiong Li,Tian Liu,Chaoyang Chen,Qingfeng Cheng,Xiaosong Zhang,Neeraj Kumar

DOI: https://doi.org/10.1109/jiot.2022.3165576

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:As an extension of cloud computing, edge computing has attracted the attention of academia and industry because of its characteristics of low latency, high bandwidth, and low energy consumption. However, due to limited terminal resources and insufficient security design, the edge computing environment still faces many challenges in terms of data security and privacy protection. Among them, how to effectively control access to outsourced data is one of the main issues. In this article, we propose a lightweight and verifiable ciphertext-policy attribute-based encryption (CP-ABE)-based multiauthority access control scheme for edge computing-assisted Internet of Things (IoT), which adopts the method of outsourcing decryption to mitigate the computational cost of data users with limited resources. In addition, our scheme realizes the feature of attribute revocation, and the design of the multiauthority mechanism enables our scheme to avoid the problem of key escrow. Therefore, our proposed scheme not only ensures data confidentiality but also can resist the collusion attack. Besides, our scheme is secure against the chosen plaintext attack in the random oracle model under the decision $q$ -BDHE assumption. Finally, we compared our scheme with some related work in performance, and the results demonstrate that our scheme is efficient in computation and communication. Because our scheme greatly mitigates the overhead of data users, it is very suitable for edge computing supported IoT applications with restricted computation resources.

Jiale Zhang,Zhen Cheng,Xiang Cheng,Bing Chen

DOI: https://doi.org/10.1080/09540091.2020.1841096

2020-01-01

Connection Science

Abstract:Fog computing is recently a novel distributed computing paradigm that performs a significant achievement in the latency-sensitive smart Internet of Things (IoT) applications. However, the security and privacy issues, such as data leakage, still challenge the wide deployment of fog computing infrastructure. To guarantee data confidentiality and meanwhile achieving fine-grained access control, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) promises to provide a flexible access policy for securely sharing data among users, fog nodes, and cloud center. However, due to the complicated cryptographic operations, CP-ABE has met a significant drawback that requires heavy computation resources on the user-side. In this paper, we propose an outsourced access control scheme with hidden access structures, named OAC-HAS, in fog-enhanced IoT systems. The contributions of our OAC-HAS scheme are three-folds. Firstly, we introduce a fog-cloud computing (FCC) environment which has the outsourcing capability. Then, we design an outsource verification mechanism to guarantee the correctness of executing cryptographic operations on the fog nodes. Finally, we also provide a privacy guarantee that prevents information leakage from the access structures. Security analysis and experimental results show that the proposed OAC-HAS scheme achieves flexible access policy, privacy-preserving, and high efficiency in fog-enhanced IoT systems.

Willy Susilo,Peng Jiang,Jianchang Lai,Fuchun Guo,Guomin Yang,Robert H. Deng

DOI: https://doi.org/10.1109/tdsc.2021.3058132

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Cloud computing is considered as one of the most prominent paradigms in the information technology industry, since it can significantly reduce the costs of hardware and software resources in computing infrastructure. This convenience has enabled corporations to efficiently use the cloud storage as a mechanism to share data among their employees. At the first sight, by merely storing the shared data as plaintext in the cloud storage and protect them using an appropriate access control would be a nice solution. This is assuming that the cloud is fully trusted for not leaking any information, which is impractical as the cloud is owned by a third party. Therefore, encryption is mandatory, and the shared data will need to be stored as a ciphertext using an appropriate access control. However, in practice, some of these employees may be malicious and may want to deviate from the required sharing policy. The existing protection in the literature has been explored to allow only legitimate recipients to decrypt the contents stored in the cloud storage, but unfortunately, no existing work deals with issues raised due to the presence of malicious data publishers. Malicious data publishers construct data following the given policy, but the ciphertexts can actually be decrypted by unauthorized users without valid keys, or simply, anyone else who is unauthorized. The impact of the involvement of malicious data publishers is detrimental, as it may damage intellectual properties from the corporations. Therefore, it remains an elusive research problem on how to enable a sound approach to resolve the issue when malicious data publishers are involved in the system, which is a very practical question. In this work, we present a new direction of research that can cope with the presence of malicious data publishers. We resolve the aforementioned problem by proposing the notion of Sanitizable Access Control System (SACS), which is designed for a secure cloud storage that can also resist against malicious data publishers. We define the threat model and its formal security model, as well as its design and scheme which is based on q-Parallel Bilinear Diffie-Hellman Exponent Assumption. We provide the security proof of our construction as well as its performance analysis. We believe that this work has opened a new area of research which has never been explored before, even though it is very practical. Therefore, this work will enhance the adoption of secure cloud storage in practice.

Jinbo Xiong,Zhiqiang Yao,Jianfeng Ma,Ximeng Liu,Qi Li,Tao Zhang

DOI: https://doi.org/10.1145/2484402.2484412

2013-01-01

Abstract:ABSTRACTIdentity privacy and access control pose a significant challenge for cloud services security. This is because a cloud service may have different owner and users, which necessitates privacy preserving access control. Although most existing identity management and access control schemes solve these problems to a certain extent, they also have some limitations. In this paper, we propose a new approach, called Privacy pReserving Access Management scheme (PRAM), which can satisfy all the desirable security requirements in cloud services. Specifically, there are two main contributions in this paper. First, we use two cryptographic primitives: Blind signature and Hash chain to protect identity privacy and secure authentication. Second, we combine on-demand access control with Service-Level Agreements (SLA) to provide flexible fine-grained access management. As a result, our PRAM scheme is applicable in cloud services due to its simplicity, low overhead, and efficiency.

Shengmin Xu,Guomin Yang,Yi Mu,Ximeng Liu

DOI: https://doi.org/10.1016/j.future.2019.02.051

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:Internet of Things (IoT) cloud provides a practical and scalable solution to accommodate the data management in large-scale IoT systems by migrating the data storage and management tasks to cloud service providers (CSPs). However, there also exist many data security and privacy issues that must be well addressed in order to allow the wide adoption of the approach. To protect data confidentiality, attribute-based cryptosystems have been proposed to provide fine-grained access control over encrypted data in IoT cloud. Unfortunately, the existing attributed-based solutions are still insufficient in addressing some challenging security problems, especially when dealing with compromised or leaked user secret keys due to different reasons. In this paper, we present a practical attribute-based access control system for IoT cloud by introducing an efficient revocable attribute-based encryption scheme that permits the data owner to efficiently manage the credentials of data users. Our proposed system can efficiently deal with both secret key revocation for corrupted users and accidental decryption key exposure for honest users. We analyze the security of our scheme with formal proofs, and demonstrate the high performance of the proposed system via experiments.

Keke Gai,Liehuang Zhu,Meikang Qiu,Kai Xu,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/tcc.2019.2942293

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:The interest in fog computing is growing, including in traditionally conservative and sensitive areas such as military and governments. This is partly driven by the interconnectivity of our society, and advances in technologies such as Internet-of-Things (IoT). However, protecting against privacy leakage is one of several key considerations in fog computing deployment. Therefore, in this paper, we present a privacy-preserving multi-layer access filtering model, designed for a fog computing environment; hence, coined fog-based access filter (FAF). FAF comprises three key algorithms, namely: access filter initialization algorithm, optimal privacy-energy-time algorithm, and tuple reduction algorithm. Also, a hierarchical classification is used to distinguish the protection objectives. Findings from our experimental evaluation demonstrate that FAF allows one to achieve an optimal balance between privacy protection and computational costs.

Reetu Gupta,Priyesh Kanungo,Nirmal Dagdee,Golla Madhu,Kshira Sagar Sahoo,N Z Jhanjhi,Mehedi Masud,Nabil Sharaf Almalki,Mohammed A AlZain

DOI: https://doi.org/10.3390/s23052617

2023-02-27

Abstract:With continuous advancements in Internet technology and the increased use of cryptographic techniques, the cloud has become the obvious choice for data sharing. Generally, the data are outsourced to cloud storage servers in encrypted form. Access control methods can be used on encrypted outsourced data to facilitate and regulate access. Multi-authority attribute-based encryption is a propitious technique to control who can access encrypted data in inter-domain applications such as sharing data between organizations, sharing data in healthcare, etc. The data owner may require the flexibility to share the data with known and unknown users. The known or closed-domain users may be internal employees of the organization, and unknown or open-domain users may be outside agencies, third-party users, etc. In the case of closed-domain users, the data owner becomes the key issuing authority, and in the case of open-domain users, various established attribute authorities perform the task of key issuance. Privacy preservation is also a crucial requirement in cloud-based data-sharing systems. This work proposes the SP-MAACS scheme, a secure and privacy-preserving multi-authority access control system for cloud-based healthcare data sharing. Both open and closed domain users are considered, and policy privacy is ensured by only disclosing the names of policy attributes. The values of the attributes are kept hidden. Characteristic comparison with similar existing schemes shows that our scheme simultaneously provides features such as multi-authority setting, expressive and flexible access policy structure, privacy preservation, and scalability. The performance analysis carried out by us shows that the decryption cost is reasonable enough. Furthermore, the scheme is demonstrated to be adaptively secure under the standard model.

Kaiping Xue,Jianan Hong,Yongjin Ma,David S. L. Wei,Peilin Hong,Nenghai Yu

DOI: https://doi.org/10.1109/mnet.2018.1700341

IF: 10.294

2018-01-01

IEEE Network

Abstract:VCC is an emerging computing paradigm developed for providing various services to vehicle drivers, and has attracted more and more attention from researchers and practitioners over the last few years. However, privacy preserving and secure data sharing has become a very challenging and important issue in VCC. Unfortunately, existing secure access control schemes consume too many computation resources, which prevents them from being performed on computing resource constrained vehicle onboard devices. Also, these cloud-based schemes suffer large latency and jitter due to their centralized resource management, and thus may not be suitable for real-time applications in VANETs. In this article, we thus propose a novel fog-to-cloud-based architecture for data sharing in VCC. Our scheme is a cryptography-based mechanism that conducts fine-grained access control. In our design, the complicated computation burden is securely out-sourced to fog and cloud servers with confidentiality and privacy preservation. Meanwhile, with the prediction of a vehicle's mobility, pre-pushing data to specific fog servers can further reduce response latency with no need to consume more resources of the fog server. In addition, with the assumption of no collusion between different providers for the cloud and fog servers, our scheme can provide verifiable auditing of fog servers' reports. The scheme is proved secure against existing adversaries and newborn security threats. Experimental test shows significant performance improvement in edge devices' overhead saving and response delay reduction.

Vijay Karnatak,Amit Kumar Mishra,Neha Tripathi,Mohammad Wazid,Jaskaran Singh,Ashok Kumar Das

DOI: https://doi.org/10.1002/spy2.353

2023-11-03

Security and Privacy

Abstract:Fog computing is a distributed computing architecture, as opposed to depending entirely on centralized cloud servers, which brings the processing of data, functionality of an application, and its storage closer to the network's edge, where it can be closer to the data source or an end‐user device. Some of the potential applications of the fog computing‐based Internet of Things (IoT)‐enabled system are smart healthcare, smart agriculture, smart manufacturing, intelligent transportation system, and smart cities (i.e., in parking management, lighting control, traffic control, and security of civilians). The fog computing‐based IoT‐enabled system is vulnerable to various attacks. Therefore, one needs to deploy security mechanisms, like authentication, access control, key management, and malware detection, in order to secure its communication. In this article, we design a signature‐based access control and key management scheme for fog computing‐based IoT‐enabled big data applications (in short, SBAC‐FC). A detailed security analysis and performance comparison of the SBAC‐FC with other similar existing schemes reveal that the SBAC‐FC surpasses the existing schemes in terms of security and functionality characteristics, as well as complexity overheads.

Qian Xu,Chengxiang Tan,Zhijie Fan,Wenye Zhu,Ya Xiao,Fujia Cheng

DOI: https://doi.org/10.1109/access.2018.2844829

IF: 3.9

2018-01-01

IEEE Access

Abstract:Nowadays, secure data access control has become one of the major concerns in a cloud storage system. As a logical combination of attribute-based encryption and attribute-based signature, attribute-based signcryption (ABSC) can provide confidentiality and an anonymous authentication for sensitive data and is more efficient than traditional ``encrypt-then-sign”or ``sign-then-encrypt”strategies. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention in recent years. However, in many previous ABSC schemes, user's sensitive attributes can be disclosed to the authority, and only a single authority that is responsible for attribute management and key generation exists in the system. In this paper, we propose PMDAC-ABSC, a novel privacy-preserving data access control scheme based on Ciphertext-Policy ABSC, to provide a fine-grained control measure and attribute privacy protection simultaneously in a multi-authority cloud storage system. The attributes of both the signcryptor and the designcryptor can be protected to be known by the authorities and cloud server. Furthermore, the decryption overhead for user is significantly reduced by outsourcing the undesirable bilinear pairing operations to the cloud server without degrading the attribute privacy. The proposed scheme is proven to be secure in the standard model and has the ability to provide confidentiality, unforgeability, anonymous authentication, and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation.