Kai Fan,Junxiong Wang,Xin Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.3390/s17071695

IF: 3.9

2017-01-01

Sensors

Abstract:With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

Qian Xu,Chengxiang Tan,Zhijie Fan,Wenye Zhu,Ya Xiao,Fujia Cheng

DOI: https://doi.org/10.3390/s18051609

IF: 3.9

2018-01-01

Sensors

Abstract:Nowadays, fog computing provides computation, storage, and application services to end users in the Internet of Things. One of the major concerns in fog computing systems is how fine-grained access control can be imposed. As a logical combination of attribute-based encryption and attribute-based signature, Attribute-based Signcryption (ABSC) can provide confidentiality and anonymous authentication for sensitive data and is more efficient than traditional "encrypt-then-sign" or "sign-then-encrypt" strategy. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention recently. However, in many existing ABSC systems, the computation cost required for the end users in signcryption and designcryption is linear with the complexity of signing and encryption access policy. Moreover, only a single authority that is responsible for attribute management and key generation exists in the previous proposed ABSC schemes, whereas in reality, mostly, different authorities monitor different attributes of the user. In this paper, we propose OMDAC-ABSC, a novel data access control scheme based on Ciphertext-Policy ABSC, to provide data confidentiality, fine-grained control, and anonymous authentication in a multi-authority fog computing system. The signcryption and designcryption overhead for the user is significantly reduced by outsourcing the undesirable computation operations to fog nodes. The proposed scheme is proven to be secure in the standard model and can provide attribute revocation and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation.

Jing Zhao,Peng Zeng,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/access.2021.3052247

IF: 3.9

2021-01-01

IEEE Access

Abstract:Fog computing is increasingly popular partly due to its capability to minimize data transfer and latency requirements, for example by moving some of the computational operations away from the cloud servers and closer to the users. To achieve fine-grained access control in fog-enabled application scenarios to guarantee data security and user privacy, one could use ciphertext-policy attribute-based encryption (CP-ABE). However, the lack of an effective mechanism to carry out access right revocation in conventional CP-ABE schemes limits the deployment of such schemes in practice. Thus, we propose an efficient CP-ABE scheme with attribute revocation capability, designed to construct a fine-grained access control system in fog-enabled E-health (referred to as AC-FEH). In our AC-FEH system, fog nodes undertake data encryption and decryption operations; thus, computational costs for data owners and users are minimized. In comparison to several other competing access control schemes based on CP-ABE, our AC-FEH system reduces the computational costs associated with encryption and decryption. We also prove the selective security of the underlying CP-ABE scheme under the intractability assumption of the $q$ -parallel BDHE problem.

Kai Fan,Huiyue Xu,Longxiang Gao,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.future.2019.04.003

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:The fog-to-things paradigm is introduced to mitigate the heavy burden on the edge of cloud-based network due to the centralized processing and storing of the massive volume of IoT data. Fog-enabled IoT architectures ensure small latency and enough computing resource that enables real time devices and applications. However, there still exist security and privacy challenges on data access control for fog-enabled IoT. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in cloud-fog computing systems. In this paper, we propose an efficient and privacy preserving outsourced multi-authority access control scheme, named PPO-MACS. All attributes of users are transformed to be anonymous and authenticable to realize privacy preserving. And the verifiable outsourced decryption is introduced to reduce computation overheads on the end user side. Meanwhile, an efficient user revocation method is proposed. Security and performance analysis show that our scheme is secure and highly efficient.

Arthur S. Voundi Koe,Qi Chen,Juan Tang,Shan Ai,Hongyang Yan,Shiwen Zhang,Duncan S. Wong

DOI: https://doi.org/10.1002/int.23009

IF: 8.993

2022-09-09

International Journal of Intelligent Systems

Abstract:With recent advances in cloud computing, mobile devices are increasingly being used to record patient physiological parameters, and transfer them to a cloud‐based hospital information system, for access control mediation over a variety of stakeholders. In such a cloud‐based architecture, the patient must specify an access policy for a group of authorized parties towards its outsourced data. Multiauthority ciphertext‐policy attribute‐based encryption (CP‐ABE) was provided as an innovative cloud‐based access control cryptographic primitive to tackle the key escrow issue in a centralized architecture, and boost flexibility through cross‐domain attributes management. Existing works, however, still have glaring drawbacks. First, they still rely on a trusted authority to generate and distribute user secret keys. Second, they do not simultaneously provide encryption, decryption, or revocation outsourcing, resulting in high processing and communication cost for both the data sender and the data receiver. Third, they do not support both user and attribute revocation, and the integrity of ciphertext downloaded from the cloud is not always verified at the user end. As a result, this paper exploits the dummy attribute technique and introduces a novel, efficient, and secure multiauthority ciphertext‐policy ABE method for mediating access control over medical data, in the mobile cloud. The ciphertext access policy enforcement, partial ciphertext decryption, and both the user and attribute indirect revocation updates are safely outsourced to the cloud server in this study. Theoretical analysis demonstrates that our scheme is efficient and verifiable, and we prove that our construction is secure under the decisional bilinear Diffie‐Hellman assumption.

computer science, artificial intelligence

Suhui Liu,Jiguo Yu,Chunqiang Hu,Mengmeng Li

DOI: https://doi.org/10.1155/2021/6682580

2021-01-01

Wireless Communications and Mobile Computing

Abstract:Cloud-assisted Internet of Things (IoT) significantly facilitate IoT devices to outsource their data for high efficient management. Unfortunately, some unsettled security issues dramatically impact the popularity of IoT, such as illegal access and key escrow problem. Traditional public-key encryption can be used to guarantees data confidentiality, while it cannot achieve efficient data sharing. The attribute-based encryption (ABE) is the most promising way to ensure data security and to realize one-to-many fine-grained data sharing simultaneously. However, it cannot be well applied in the cloud-assisted IoT due to the complexity of its decryption and the decryption key leakage problem. To prevent the abuse of decryption rights, we propose a multiauthority ABE scheme with white-box traceability in this paper. Moreover, our scheme greatly lightens the overhead on devices by outsourcing the most decryption work to the cloud server. Besides, fully hidden policy is implemented to protect the privacy of the access policy. Our scheme is proved to be selectively secure against replayable chosen ciphertext attack (RCCA) under the random oracle model. Some theory analysis and simulation are described in the end.

Hao Wang,Debiao He,Jian Shen,Zhihua Zheng,Chuan Zhao,Minghao Zhao

DOI: https://doi.org/10.1007/s00500-016-2271-2

IF: 3.732

2016-01-01

Soft Computing

Abstract:In the attribute-based encryption (ABE) systems, users can encrypt and decrypt messages based on their attributes. Because of the flexibility of ABE, it is more and more widely used in various network environments. However, complex functionality of ABE may cause an enormous computational cost. This reason greatly restricts the application of ABE in practice. In order to minimize the local computation of ABE, we introduce the concept of verifiable outsourced ABE system, in which key generation center, encryptor and decryptor, are able to outsource their computing tasks to the corresponding service providers, respectively, to reduce the local load. In addition, they are also able to verify the correctness of outsourcing calculation efficiently by using the outsourcing verification services. This is useful to save local computational resources, especially for mobile devices. Then, we propose a specific verifiable outsourced ABE scheme and prove its adaptive security in the standard model using the dual-system encryption method. Finally, we introduce how to deploy our outsourced CP-ABE scheme in cloud computing environment.

Qingshui Xue,Chenyang Wang,Zhen Xue

DOI: https://doi.org/10.1109/iceitsa57468.2022.00054

2022-01-01

Abstract:The traditional ciphertext-policy attribute-based encryption (CP-ABE) has the problems of poor security of key distribution by a single attribute authorization center and too much calculation on the client in the process of encryption and decryption. A CP-ABE scheme that can outsource encryption and decryption and support multi-authorization centers is introduced to solve the above two problems. In the key generation stage, the user's private key is generated by the attribute authorization center and the key generation center jointly executing the two-party secure computing protocol; In the encryption and decryption stage, the cloud encryption server and cloud storage server are used to handle most of the computing work. Security proof and performance analysis show that the scheme not only can effectively make up for the defect of all key leakage when the attribute authorization center is broken, but also can enhance the security of the system; Moreover, after using the cloud server to process data, users only need to perform a simple calculation on the client to complete encryption or decryption, thus reducing the user's computing workload.

Zhishuo Zhang,Guanjie Huang,Sunqiang Hu,Wei Zhang,Yi Wu,Zhiguang Qin

DOI: https://doi.org/10.1109/icccs52626.2021.9449093

2021-01-01

Abstract:Attribute-based encryption (ABE) is an emergent cryptographic primitive introduced in recent years. Due to its fine-grained access policy, ABE has been widely used in cloud security to build an attribute-based access control architecture. As a promising edge technology, Mobile Edge Computing (MEC), introduced for the Internet of Mobile Things (IoMT), provides the high quality services for the end-users with mobile IoT devices. In MEC, the data is stored and processed isolately and independently in fog nodes or cloudlets located at the edge of the Internet in the vicinity of the mobile users. But in most existing ABE schemes, researchers only consider there is a single data storage in the system. So this makes the existing ABE scheme not applicable for the MEC with distributed micro data storages. To solve this prominent challenge in traditional ABE, in this paper, we propose a fully decentralized outsourced ABE scheme (FDO-ABE) acted as the access control architecture for the MEC. Our FDO-ABE scheme, based on the non-interactive multi-authority ABE (NI-MA-ABE) scheme, not only supports the multi attribute authorities (AAs) in generating the multi attribute-based private keys for user, but also provides the independent and isolated ciphertext storage for the distributed cloudlets or fog nodes. What's more, to offload the computational intensive tasks from mobile devices, we design an efficient outsourced decryption (oDec) algorithm for our FDO-ABE scheme. By using our oDec algorithm, the complex operations in decryption phase can be transmitted from mobile IoT devices to the cloudlets. Summing up, our FDO-ABE scheme is more suitable as an access control model for MEC.

Jing Li,Xiong Li,Licheng Wang,Debiao He,Haseeb Ahmad,Xinxin Niu

DOI: https://doi.org/10.1007/s00500-017-2482-1

IF: 3.732

2018-01-01

Soft Computing

Abstract:Attributed-based encryption (ABE) is a promising cryptographic access control mechanism with a rich expressiveness of ABE policies. Due to the high complexities of encryption and decryption, users are burdened with large computation cost. Fortunately, outsourcing technologies can be used to reduce the computation overhead for the ABE schemes. In the recent decade, the achievements of the outsourced ciphertext-policy ABE (CP-ABE) schemes are inspiring. But, the outsourcing encryption algorithms for CP-ABE schemes are not addressed properly since the encryption exponents are dynamic. In this paper, we present an efficient outsourced CP-ABE scheme with checkability, where the number of the exponential operations in the encryption can be reduced to a constant by introducing a blinding algorithm. Meanwhile, the ciphertext size is not increased. Furthermore, to guarantee the correctness of our scheme, we provide the verification mechanism based on a collision-resistance hash function, which allows the users to efficiently check the validity of messages and outsourced computation results. Besides, the proposed scheme is secure against replayable chosen ciphertext attacks based on Green’s outsourcing security model. Intensive experiments are carried out to illustrate the efficiency of the proposed scheme.

Jie Chen,Jiaxu Niu,Hao Lei,Li Lin,Yunhao Ling

DOI: https://doi.org/10.1016/j.comnet.2023.109844

IF: 5.493

2023-01-01

Computer Networks

Abstract:Fog computing is considered an important development in cloud computing, with shorter response times, less data transfer load and a more secure distributed service architecture that can be accessed by a wide range of end devices. As with cloud computing, it also faces the challenge of how to securely distribute sensitive data. Ciphertext-Policy Attribute-based Broadcast Encryption (CP-ABBE) can protect sensitive data and provide fine-grained access control with user revocation. However, existing CP-ABBE schemes suffer many limitations when implemented in a fog computing environment: a single authority performs poorly in handling requests or data from many IoT devices, leading to system delays or limited functionality; expensive decryption costs make the computation and storage overheads unfriendly to devices with limited resources; these schemes are only proven selectively secure, meaning that security was proven in a weaker model. In this paper, using threshold secret sharing and decryption delegation, we propose an adaptively secure attribute-based multi-authority broadcast encryption (MA-ABBE) scheme that breaks through these limitations. The comparison and analysis results show that our scheme is practical and achieves adaptive security, enables user-side fast decryption and low storage overhead, and provides a secure and efficient option for protecting sensitive data in fog computing environments.

Xiong Li,Tian Liu,Chaoyang Chen,Qingfeng Cheng,Xiaosong Zhang,Neeraj Kumar

DOI: https://doi.org/10.1109/jiot.2022.3165576

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:As an extension of cloud computing, edge computing has attracted the attention of academia and industry because of its characteristics of low latency, high bandwidth, and low energy consumption. However, due to limited terminal resources and insufficient security design, the edge computing environment still faces many challenges in terms of data security and privacy protection. Among them, how to effectively control access to outsourced data is one of the main issues. In this article, we propose a lightweight and verifiable ciphertext-policy attribute-based encryption (CP-ABE)-based multiauthority access control scheme for edge computing-assisted Internet of Things (IoT), which adopts the method of outsourcing decryption to mitigate the computational cost of data users with limited resources. In addition, our scheme realizes the feature of attribute revocation, and the design of the multiauthority mechanism enables our scheme to avoid the problem of key escrow. Therefore, our proposed scheme not only ensures data confidentiality but also can resist the collusion attack. Besides, our scheme is secure against the chosen plaintext attack in the random oracle model under the decision $q$ -BDHE assumption. Finally, we compared our scheme with some related work in performance, and the results demonstrate that our scheme is efficient in computation and communication. Because our scheme greatly mitigates the overhead of data users, it is very suitable for edge computing supported IoT applications with restricted computation resources.

Jin Li,Xiaofeng Chen,Jingwei Li,Chunfu Jia,Jianfeng Ma,Wenjing Lou

DOI: https://doi.org/10.3233/jcs-150533

2015-01-01

Journal of Computer Security

Abstract:As cloud computing becomes prevalent, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for outsourced data security and privacy. Attribute-based encryption (ABE) is a promising cryptographic primitive, which has been widely applied to design fine-grained access control system recently. However, ABE is criticized for its high scheme overhead as the computational cost grows with the complexity of the access formula. This disadvantage becomes more serious for mobile devices with constrained computing resources. Aiming at tackling the challenge above, we present a generic and efficient solution to implement attribute-based access control system by introducing secure outsourcing techniques into ABE. More precisely, two cloud service providers (CSPs), namely key generation-cloud service provider (KG-CSP) and decryption-cloud service provider (D-CSP) are introduced to perform the outsourced key-issuing and decryption on behalf of attribute authority and users respectively. In order to outsource heavy computation to both CSPs without private information leakage, we formalize an underlying primitive called outsourced ABE (OABE) and propose several constructions with outsourced decryption and key-issuing. Finally, extensive experiment demonstrates that with the help of KG-CSP and D-CSP, efficient key-issuing and decryption are achieved in our constructions.

Xingxing Xie,Hua Ma,Jin Li,Xiaofeng Chen

DOI: https://doi.org/10.1007/978-3-642-36818-9_41

2013-01-01

Abstract:Attribute-Based Encryption (ABE) is one of the promising cryptographic primitives for fine-grained access control of shared outsourced data in cloud computing. However, before ABE can be deployed in data outsourcing systems, it has to provide efficient enforcement of authorization policies and policy updates. However, in order to tackle this issue, efficient and secure attribute and user revocation should be supported in original ABE scheme, which is still a challenge in existing work. In this paper, we propose a new ciphertext-policy ABE (CP-ABE) construction with efficient attribute and user revocation. Besides, an efficient access control mechanism is given based on the CP-ABE construction with an outsourcing computation service provider.

Xingxing Xie,Hua Ma,Jin Li,Xiaofeng Chen

DOI: https://doi.org/10.3217/jucs-019-16-2349

2013-01-01

Abstract:Attribute-Based Encryption (ABE) is one of the new visions for fine- grained access control in cloud computing. Plenty of research work has been done in both academic and industrial communities. However, before ABE can be deployed in data outsourcing systems, efficient enforcement of authorization policies and policy updates are the main obstacles. Therefore, in order to solve this problem, efficient and secure attribute and user revocation should be proposed in original ABE scheme, which is still a challenge in existing work. In this paper, we propose a new ciphertext-policy ABE (CP-ABE) construction with efficient attribute and user revocation, which largely eliminates the overhead computation at data service manager and data owner. Besides, we present an efficient access control mechanism based on the CP-ABE construction with one outsourcing computation service provider.

Arwa Alrawais,Abdulrahman Alhothaily,Chunqiang Hu,Xiaoshuang Xing,Xiuzhen Cheng

DOI: https://doi.org/10.1109/access.2017.2705076

IF: 3.9

2017-01-01

IEEE Access

Abstract:Fog computing is deemed as a highly virtualized paradigm that can enable computing at the Internet of Things devices, residing in the edge of the network, for the purpose of delivering services and applications more efficiently and effectively. Since fog computing originates from and is a non-trivial extension of cloud computing, it inherits many security and privacy challenges of cloud computing, causing the extensive concerns in the research community. To enable authentic and confidential communications among a group of fog nodes, in this paper, we propose an efficient key exchange protocol based on ciphertext-policy attribute-based encryption (CP-ABE) to establish secure communications among the participants. To achieve confidentiality, authentication, verifiability, and access control, we combine CP-ABE and digital signature techniques. We analyze the efficiency of our protocol in terms of security and performance. We also implement our protocol and compare it with the certificate-based scheme to illustrate its feasibility.

Dawei Li,Jianwei Liu,Qianhong Wu,Zhenyu Guan

DOI: https://doi.org/10.1109/access.2019.2890976

IF: 3.9

2019-01-01

IEEE Access

Abstract:Fog computing enables computation, storage, applications, and network services between the Internet of Things and the cloud servers by extending the Cloud Computing paradigm to the edge of the network. When protecting information security in Fog computing, advanced security with low latency, wide-spread geographical distribution support, and high flexibility should be taken in to considertion first, because of its huge number of nodes. In this paper, we propose a new cryptographic primitive, named CCA2 secure publicly-verifiable revocable large-universe multi-authority attribute-based encryption (CCA2-PV-R-LU-MA-ABE), to achieve flexible fine-grained access control in Fog computing. In this primitive, end nodes in fogs generate private keys from multiple authorities that might be differentiated by their geographical locations or functions, and their attributes can be denoted by any strings in the large universe, which meets diverse needs in practical Fog applications. In addition, the accessibility of nodes can be revoked efficiently even by resource-limited devices. To ensure the validity of ciphertext, this primitive supports public verification and only valid ciphertext can be stored or transmitted. Based on the primitive and the feature of Fog computing, we construct a concrete CCA2-PV-R-LU-MA-ABE scheme. We define the security model of this primitive, which is much more secure than the CPA-secure scheme. Finally, we compare the efficiency of the proposed concrete scheme with that of the existing CPA-secure scheme by both theoretical and experimental analysis, and the results show that the extra consumption of efficiency to improving CPA to CCA2 is considerably low. The proposed scheme is highly secure, flexible, and efficient enough to be deployed in practical Fog computing.

Suhui Liu,Jiguo Yu,Chunqiang Hu,Mengmeng Li

DOI: https://doi.org/10.1007/978-3-030-59016-1_27

2020-01-01

Abstract:Some unsettled security issues, such as illegal data access and secret key leakage, dramatically impact the popularity of cloud-assisted Internet of Things (Cloud-IoT). The attribute-based encryption (ABE) achieves data confidentiality and one-to-many data sharing simultaneously, yet it consumes too much to decrypt. In this paper, a multi-authority ABE scheme with verifiable outsourced decryption and white-box traceability is proposed, which greatly lightens the burden on IoT devices. Moreover fully hidden policy and user traceability are realized and replayable chosen ciphertext security is proved.

Jing Li,Zhitao Guan,Xiaojiang Du,Zijian Zhang,Jun Wu

DOI: https://doi.org/10.1109/icc.2017.7996492

2017-01-01

Abstract:With the increasing number of mobile applications and the popularity of cloud computing, the combination of these two techniques that named mobile cloud computing (MCC) attracts great attention in recent years. A promising public key encryption scheme, Attribute-Based Encryption (ABE), especially the Ciphertext Policy Attribute-Based Encryption (CP-ABE), has been used for realizing fine-grained access control on encrypted data stored in MCC. However, the computational overhead of encryption and decryption grow with the complexity of the access policy. Thus, maintaining data security as well as efficiency of data processing in MCC are important and challenging issues. In this paper, we propose an efficient encryption method based on CP-ABE, which can lower the overhead on data owners. To further reduce the decryption overhead on data receivers, we additionally propose a verifiable outsourced decryption scheme. By security analysis and performance evaluation, the proposed scheme is proved to be secure as well as efficient.

Zhishuo Zhang,Wei Zhang,Zhiguang Qin

DOI: https://doi.org/10.1155/2021/6676862

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:In recent years, ciphertext-policy attribute-based encryption (CP-ABE) has been recognized as a solution to the challenge of the information privacy and data confidentiality in cloud-assisted Internet-of-Things (IoT). Since the devices in cloud-assisted IoT are generally resource-constrained, the lightweight CP-ABE is more suitable for the cloud-assisted IoT. So how to construct the lightweight CP-ABE for the cloud-assisted IoT to achieve the fine-grained access control and ensure the privacy and confidentiality simultaneously is a prominent challenge. Thus, in this paper, we propose a constant-size CP-ABE scheme with outsourced decryption for the cloud-assisted IoT. In our scheme, the ciphertexts and the attribute-based private keys for users are both of constant size, which can alleviate the transmission overhead and reduce the occupied storage space. Our outsourced decryption algorithm is privacy-protective, which means the proxy server cannot know anything about the access policy of the ciphertext and the attributes set of the user during performing the online partial decryption algorithm. This will prevent the privacy from leaking out to the proxy server. And we rigorously prove that our scheme is selectively indistinguishably secure under the chosen ciphertext attacks (IND-CCA) in the random oracle model (ROM). Finally, by evaluating and implementing our scheme as well as other CP-ABE schemes, we can observe that our scheme is more suitable and applicable for cloud-assisted IoT.