Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Qikun Zhang,Yongjiao Li,Chuanyang Zheng,Liang Zhu,Junling Yuan,Sikang Hu

DOI: https://doi.org/10.1002/ett.4060

IF: 3.6

2020-08-06

Transactions on Emerging Telecommunications Technologies

Abstract:<p>Development of the Internet of things (IoT) is considered as one of the major events in modern manufacturing industry, and IoT devices are expected to create and exchange vast amounts of data, thereby bringing forth unprecedented challenges in terms of robust and vendor‐neutral data sharing. While access control is widely used to protect the security of data sharing, it still has some security flaws and limitations, such as privacy leakage, fixed access permissions, security vulnerabilities, and so on. Aiming at these problems, this article proposes a permission‐combination scalable access control (PCS‐AC) scheme, in which the methods of access permissions assignment, data encryption, and data access are given. In contrast to prior works, PCS‐AC differs in several significant ways: (1) it supports anonymous access and traceability. Anonymous access can prevent leakage of users' privacy. Traceability can track the illegally accessed entity when the resource is illegally accessed; (2) it supports scalable access to data resources. Users use a combination of attribute permissions to access data at different security levels; (3) it achieves high efficiency because the entity can quickly search ciphertext resources by plaintext keywords. After searching and downloading the ciphertext, decrypt it by group key to obtain the corresponding plaintext information. PCS‐AC is proven secure under the hardness assumption of Discrete Logarithm problem and Inverse Computational Diffe‐Hellman problem. The performance analysis shows that PCS‐AC has higher efficiency than the referred works.</p>

telecommunications

Qinghua Gong,Jinnan Zhang,Zheng Wei,Xinmin Wang,Xia Zhang,Xin Yan,Yang Liu,Liming Dong

DOI: https://doi.org/10.3390/s24072267

IF: 3.9

2024-04-03

Sensors

Abstract:With the rapid growth of the Internet of Things (IoT), massive terminal devices are connected to the network, generating a large amount of IoT data. The reliable sharing of IoT data is crucial for fields such as smart home and healthcare, as it promotes the intelligence of the IoT and provides faster problem solutions. Traditional data sharing schemes usually rely on a trusted centralized server to achieve each attempted access from users to data, which faces serious challenges of a single point of failure, low reliability, and an opaque access process in current IoT environments. To address these disadvantages, we propose a secure and dynamic access control scheme for the IoT, named SDACS, which enables data owners to achieve decentralized and fine-grained access control in an auditable and reliable way. For access control, attribute-based control (ABAC), Hyperledger Fabric, and interplanetary file system (IPFS) were used, with four kinds of access control contracts deployed on blockchain to coordinate and implement access policies. Additionally, a lightweight, certificateless authentication protocol was proposed to minimize the disclosure of identity information and ensure the double-layer protection of data through secure off-chain identity authentication and message transmission. The experimental and theoretical analysis demonstrated that our scheme can maintain high throughput while achieving high security and stability in IoT data security sharing scenarios.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jianhua Li,Jiong Jin,Lingjuan Lyu,Dong Yuan,Yingying Yang,Longxiang Gao,Chao Shen

DOI: https://doi.org/10.48550/arXiv.2011.06325

2020-11-12

Abstract:Numerous resource-limited smart objects (SOs) such as sensors and actuators have been widely deployed in smart environments, opening new attack surfaces to intruders. The severe security flaw discourages the adoption of the Internet of things in smart living. In this paper, we leverage fog computing and microservice to push certificate authority (CA) functions to the proximity of data sources. Through which, we can minimize attack surfaces and authentication latency, and result in a fast and scalable scheme in authenticating a large volume of resource-limited devices. Then, we design lightweight protocols to implement the scheme, where both a high level of security and low computation workloads on SO (no bilinear pairing requirement on the client-side) is accomplished. Evaluations demonstrate the efficiency and effectiveness of our scheme in handling authentication and registration for a large number of nodes, meanwhile protecting them against various threats to smart living. Finally, we showcase the success of computing intelligence movement towards data sources in handling complicated services.

Cryptography and Security,Networking and Internet Architecture

Shengmin Xu,Jianting Ning,Jinhua Ma,Xinyi Huang,HweeHwa Pang,Robert H. Deng

DOI: https://doi.org/10.1145/3450569.3463561

2021-01-01

Abstract:As a versatile system architecture, cloud-fog Internet-of-Things~(IoT) enables multiple resource-constrained devices to communicate and collaborate with each other. By outsourcing local data and immigrating expensive workloads to cloud service providers and fog nodes (FNs), resource-constrained devices can enjoy data services with low latency and minimal cost. To protect data security and privacy in the untrusted cloud-fog environment, many cryptographic mechanisms have been invented. Unfortunately, most of them are impractical when directly applied to cloud-fog IoT computing, mainly due to the large number of resource-constrained end-devices (EDs). In this paper, we present a secure cloud-fog IoT data sharing system with bilateral access control based on a new cryptographic tool called lightweight matchmaking encryption. Our system enforces both sender access control and receiver access control simultaneously and adapts to resource-constrained EDs by outsourcing costly workloads to FNs. We conduct extensive experiments to demonstrate the superior performance of our system to the most relevant solutions in the literature.

Weiting Zhang,Hanyi Zhang,Liming Fang,Zhe Liu,Chunpeng Ge

DOI: https://doi.org/10.1109/jiot.2021.3091760

IF: 10.6

2022-02-01

IEEE Internet of Things Journal

Abstract:The supervisory control and data acquisition (SCADA) system is widely used in industrial control and the contemporary Industrial Internet of Things (IIoT). Unfortunately, due to its relatively weak design in terms of data security and access control, SCADA systems are becoming a favorite target for attackers. End-to-end encryption, such as SSL/TLS protocol, is used to protect the data transmission, but it cannot guarantee security in third-party cloud platforms. In this article, we propose a secure revocable fine-grained access control and data sharing scheme. This scheme not only ensures the confidentiality of the data but also enhances the access control of the SCADA system. Our scheme is based on three key observations. The common communication architecture of SCADA systems cannot protect data security itself. The security supports provided by industrial control protocols are limited. Moreover, the third-party cloud platforms are semitrusted. In addition, we have introduced digital signature technology to assure the integrity of the data in the SCADA system. We prove that our scheme is secure. This scheme has been experimentally evaluated to introduce negligible performance losses while improving data security in the SCADA system.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qinlong Huang,Chao Wang,Lixuan Chen

DOI: https://doi.org/10.1109/tsc.2022.3203378

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:With the popularity of cloud computing services, an increasing number of users begin to use subscription-based services. Due to the semi-trusted cloud servers that may access the outsourced data, and malicious senders who may publish unauthorized data or junk data, access control encryption (ACE) schemes have been studied recently to enforce secure data write control as well as read control. However, their access control policies are specified by the authority or publishers, which do not apply to the subscriptions. In this paper, we propose DSFlow, a secure and fine-grained flow control system for subscription-based data services. DSFlow is designed in the cloud-edge computing architecture, which employs edge nodes to control the communications between publishers and cloud servers by sanitizing the original ciphertexts to resist malicious publishers, and allows any valid subscriber to decrypt the sanitized ciphertexts in cloud. We introduce a receiver-policy attribute-based ACE (RA-ACE) scheme for DSFlow, which embeds the fine-grained access control policy within the receiver&#x27;s decryption key. We give a concrete construction of RA-ACE from key-policy attribute-based encryption, structure-preserving signature and non-interactive zero-knowledge proof, and formally prove the no-read rule and no-write rule of RA-ACE. The experiments demonstrate the efficiency of DSFlow compared with existing schemes.

computer science, information systems, software engineering

Jianghua Liu,Jian Yang,Wei Wu,Xinyi Huang,Yang Xiang

DOI: https://doi.org/10.1109/tc.2022.3207138

IF: 3.183

2023-04-08

IEEE Transactions on Computers

Abstract:Recent advancements in the Internet of Things (IoT) and cloud computing technologies have accelerated the development of various practical applications, including healthcare systems. Adequately revealing the collected healthcare data in a cloud-assisted healthcare IoT system brings a huge potential for improving the safety, quality, and efficiency of healthcare services. However, often the data collected in a healthcare IoT system is vital and sensitive. The dissemination of such data is also vulnerable to malicious attacks such as tampering, eavesdropping, and forgery. Thus, disseminated data's integrity, authenticity, and privacy are elementary security demands to end-users and owners. Also, the resource-constrained nature of healthcare IoT devices invalidates the existing solutions. To address the above challenges, we propose a lightweight and secure redactable signature scheme with coarse-grained additional redaction control (CRS) for secure dissemination of healthcare data in a cloud-assisted healthcare IoT system. The security analysis indicates our CRS is secure against signature forgery, additional redaction attacks, and redacted version linkability. Compared to other existing solutions, our scheme can achieve some level of security but less computational complexity and communication overhead.

engineering, electrical & electronic,computer science, hardware & architecture

Qian Mei,Minghao Yang,Jinhao Chen,Lili Wang,Hu Xiong

DOI: https://doi.org/10.1109/TDSC.2022.3188740

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Expressive data sharing and efficient data deletion are essential to drive the development of cloud-assisted IoT. But insecure transmission and the vulnerability of the cloud server may cause potential threats to IoT data, attribute-based encryption (ABE) is widely applied to ensure data confidentially. Nonetheless, the potential data exposure caused by the compromised long-term key and the contradiction between conventional access structures in ABE and the various demands of data owners are still two huge challenges. To overcome these challenges, this article designs an unbounded and puncturable ciphertext-policy ABE with arithmetic span program ( <inline-formula><tex-math notation="LaTeX">$\mathcal {UP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {CP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ABE}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ASP}$</tex-math></inline-formula> ) scheme and presents an expressive data sharing and self-controlled fine-grained data deletion solution in cloud-assisted IoT, which allows data owners to efficiently encrypt and share data with various computable access policies, but also enables data owners and data users to independently delete specific data stored in the cloud. The designed <inline-formula><tex-math notation="LaTeX">$\mathcal {UP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {CP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ABE}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ASP}$</tex-math></inline-formula> leverages unbounded ABE and puncturable encryption to support the flexible update of system parameters and the deletion of specific data. Also, the arithmetic span program access structure is combined to realize expressive data sharing. Moreover, the <inline-formula><tex-math notation="LaTeX">$\mathcal {UP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {CP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ABE}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ASP}$</tex-math></inline-formula> is adaptively secure in the standard model, and comprehensive performance evaluations demonstrate its practicability and scalability in cloud-assisted IoT.

N. Sivaselvan,K. Vivekananda Bhat,Muttukrishnan Rajarajan,Ashok Kumar Das,Joel J. P. C. Rodrigues

DOI: https://doi.org/10.1007/s10586-022-03733-w

2022-09-16

Cluster Computing

Abstract:Abstract With the widespread use of Internet of Things (IoT) in various applications and several security vulnerabilities reported in them, the security requirements have become an integral part of an IoT system. Authentication and access control are the two principal security requirements for ensuring authorized and restricted accesses to limited and essential resources in IoT. The built-in authentication mechanism in IoT devices is not reliable, because several security vulnerabilities are revealed in the firmware implementation of authentication protocols in IoT. On the other hand, the current authentication approaches for IoT that are not firmware are vulnerable to some security attacks prevalent in IoT. Moreover, the recent access control approaches for IoT have limitations in context-awareness, scalability, interoperability, and security. To mitigate these limitations, there is a need for a robust authentication and access control system to safeguard the rapidly growing number of IoT devices. Consequently, in this paper, we propose a new secure unified authentication and access control system for IoT, called SUACC-IoT. The proposed system is based around the notion of capability, where a capability is considered as a token containing the access rights for authorized entities in the network. In the proposed system, the capability token is used to ensure authorized and controlled access to limited resources in IoT. The system uses only lightweight Elliptic Curve Diffie-Hellman Ephemeral (ECDHE), symmetric key encryption/decryption, message authentication code and cryptographic hash primitives. SUACC-IoT is proved to be secure against probabilistic polynomial-time adversaries and various attacks prevalent in IoT. The experimental results demonstrate that the proposed protocol’s maximum CPU usage is 29.35%, maximum memory usage is 2.79% and computational overhead is 744.5 ms which are quite acceptable. Additionally, in SUACC-IoT, a reasonable communication cost of 872 bits is incurred for the longest message exchanged.

computer science, information systems, theory & methods

Jie Cui,Xuelian Chen,Jing Zhang,Qingyang Zhang,Hong Zhong

DOI: https://doi.org/10.1109/jiot.2020.3041860

IF: 10.6

2021-05-15

IEEE Internet of Things Journal

Abstract:A connected and autonomous vehicle (CAV) is often fitted with a large number of onboard sensors and applications to support autonomous driving functions. Based on the current research, little work on applications' access to in-vehicle data has been done. Furthermore, most existing autonomous driving operating systems lack authentication and encryption units. As such, applications can excessively obtain confidential information, such as vehicle location and owner preferences and even upload it to the cloud, threatening the security of the vehicle and the privacy of the owner. In this study, we propose a fine-grained access control scheme to restrict applications' access to data in CAVs (FGAC-inCAVs). First, we present a system model composed of the following elements: a trusted third party (TTP), which is a fully trusted authority; perception components like sensors, which can capture the road information (pictures, videos, etc.); and multiple applications. Then, a fast attribute-based encryption (ABE) is presented, and security analysis also shows it is secure against selective and chosen-plaintext attacks. Furthermore, we propose a key update scheme based on the Chinese remainder theorem (CRT). Finally, the theoretical analysis and simulation experiments demonstrate its feasibility and efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Nabeil Eltayieb,Rashad Elhabob,Yongjian Liao,Fagen Li,Shijie Zhou

DOI: https://doi.org/10.1016/j.jisa.2024.103763

IF: 4.96

2024-01-01

Journal of Information Security and Applications

Abstract:The Snowden leaks exposed the truth that skilled attackers can access users’ devices and steal their private information. Although public key encryption is widely used and theoretically secure, it has hidden vulnerabilities when implemented in practice. This is especially problematic when employing communication channels among heterogeneous protocols within the Internet of Things (IoT), it becomes apparent that these channels lack adequate protection to address the diverse nature of IoT systems. This work proposes a novel Heterogeneous Online/Offline Signcryption with Cryptographic Reverse Firewalls (HOOS-CRF). The scheme enables a secure communication channel between the sender in an Identity-based cryptosystem (IBC) and the receiver in the Public Key Infrastructure (PKI) cryptosystem with CRF deployed. To reduce computational costs, we split the signcryption algorithm into two stages: online and offline. Most resource-intensive operations are performed during the offline stage, which operates without any knowledge of the message being processed. The HOOS-CRF scheme provides confidentiality, authentication, and defense against insider security attacks. Meanwhile, we prove the security of the HOOS-CRF using the random oracle model and demonstrate its high efficiency and practicality through experiments. Lastly, the scheme’s relevance to IoT-driven healthcare applications is demonstrated.

Xiang Li,Xin Jin,Qixu Wang,Mingsheng Cao,Xingshu Chen

DOI: https://doi.org/10.1155/2018/3078272

2018-01-01

Wireless Communications and Mobile Computing

Abstract:The Internet of Things (IoT) offers a wide variety of benefits to our daily lives in many ways, ranging from smart wearable devices to industrial systems. However, it also brings well-known security and compliance concerns, especially in the physical layer. In addition, due to numerous IoT architectures which have been developed and deployed based on the cloud, the security and compliance of IoT depend on the cloud thoroughly. In this paper, a secure and compliant continuous assessment framework (SCCAF) is proposed to evaluate the security and compliance levels of cloud services in life-cycle. The SCCAF facilitates cloud service to customers to select an optimal cloud service provider (CSP) which satisfies their desired security requirements. Moreover, it also enables cloud service customers to evaluate the compliance of the selected CSP in the process of using cloud services. To evaluate the performance and availability of SCCAF, we carry out a series of experiments with case study and real-world scenario datasets. Experimental results show that SCCAF can assess the security and compliance of CSPs efficiently and effectively.

Xin Liu,Hao Wang,Bo Zhang,Bin Zhang

DOI: https://doi.org/10.1016/j.ins.2021.10.038

IF: 8.1

2022-01-01

Information Sciences

Abstract:In a data access control system oriented toward the cloud storage environment, a data owner defines attribute-based access control policies for data files to realize fine-grained data sharing. However, the existing schemes have defects in user execution efficiency and user privacy protection, and they do not consider the problems of user revocation and attribute updates. To this end, we propose a ciphertext policy attribute-based encryption method with verifiable outsourced decryption; this requires a user to complete decryption with the help of a server, but the results of the outsourced decryption can be verified independently. With this new encryption scheme and the technique of k-times anonymous authentication, a new fine-grained data access control system was constructed; this system allows a server to provide users with outsourced decryption services, and users’ computation cost is independent of the size of the underlying access control policy. Moreover, the number of outsourced decryption requests is limited. In addition, the new system supports user revocation and attribute updates and it is provably secure under formal proofs. An efficiency analysis shows that it can be compared with other similar systems in terms of performance, despite the addition of several practical properties.

computer science, information systems

Jialu Hao,Cheng Huang,Jian Liu,Ming Xian,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/glocom.2018.8647659

2018-01-01

Abstract:Data owners have benefited significantly from cloud computing for managing the numerous data produced by massive devices in various Internet of Things (IoT) applications, such as smart home and electronic healthcare. On the other hand, fine-grained access control on outsourced data is a big concern for data owners, after they lose physical control over their data. Key-policy attribute-based encryption (KP-ABE), which provides data confidentiality and fine-grained data access control simultaneously, can be naturally introduced in this cloud-based IoT paradigm. However, the primitive KP-ABE cannot achieve efficient data access control with flexible user revocation. In this paper, we propose an efficient and fine-grained data access control scheme based on the proxy re-encryption and key blinding techniques for cloud-based IoT. With the scheme, the decryption capability of misbehaving users can be efficiently revoked to prevent data disclosure. In addition, most of the costly update operations over ciphertexts and keys due to user revocation, are delegated to the cloud. Extensive experiment results demonstrate that our scheme is more efficient than existing solutions in terms of computation and communication overheads.

Dongfeng Fang,Yi Qian,Rose Qingyang Hu

DOI: https://doi.org/10.1109/jiot.2020.2970974

IF: 10.6

2020-04-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) applications have been rapidly deployed into pervasive environment, where both challenges and opportunities abound. On the one hand, a large number of IoT devices and their rich functions contribute significant volumes of data, which has brought tremendous convenience to the daily lives of end users. On the other hand, the heterogeneous IoT devices and a large amount of private information transmitted through networks also bring serious security and privacy issues. It is a big challenge to model IoT systems and trust relationships between different entities with a large number of heterogeneous IoT devices. In this article, we study a general IoT system architecture with consideration of heterogeneous IoT devices. Different trust models are proposed and analyzed based on the trust relationships between different entities in the IoT system. We propose a flexible and efficient authentication scheme with a consideration of heterogeneous IoT devices based on the least trust-required model. The proposed scheme provides security and privacy to resource-limited IoT devices flexibly and efficiently by utilizing IoT devices with better storage and computational ability. Moreover, secure data transmission is presented with contextual privacy and data integrity services. The proposed scheme achieves not only the mutual authentication, initial session key agreement, and data integrity but also anonymity, contextual privacy, forward security, end-to-end security, and key escrow resilience. Security analysis is presented to provide verification of the proposed protocol and security objectives. Moreover, performance evaluation is presented with comparison to the other schemes in terms of security features, computational overhead, and communication overhead. The performance comparisons show that our proposed scheme provides flexible and efficient security by consideration of heterogeneous IoT devices. With the higher proportion of resource-limited IoT devic-s, our proposed scheme outperforms other similar schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jianfei Sun,Hu Xiong,Ximeng Liu,Yinghui Zhang,Xuyun Nie,Robert H. Deng

DOI: https://doi.org/10.1109/JIOT.2020.2974257

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:With the booming of Internet of Things (IoT), smart health (s-health) is becoming an emerging and attractive paradigm. It can provide an accurate prediction of various diseases and improve the quality of healthcare. Nevertheless, data security and user privacy concerns still remain issues to be addressed. As a high potential and prospective solution to secure IoT-oriented s-health applications, ciphertext policy attribute-based encryption (CP-ABE) schemes raise challenges, such as heavy overhead and attribute privacy of the end users. To resolve these drawbacks, an optimized vector transformation approach is first proposed to efficiently transform the access policy and user attribute set into respective vectors of shorter length while other approaches result in redundant and longer vectors. Our transformation approach can greatly relieve the costly overheard of key generation, encryption, and decryption phases. Then, based on the transformation approach and the offline/online computation technology, we propose a lightweight policy-hiding CP-ABE scheme for the IoT-oriented s-health application. With our proposed scheme, data users in the s-health system can perform lightweight encryption and decryption without leaking any sensitive privacy about the attributes of the user. Finally, the formal security analysis, the theoretic performance evaluation and experiment results indicate that the solution is secure and efficient.

Wei,Saiyu Qi,Xu Yang,Wenjia Zhao,Jun Gu,Kashif Saleem,Yong Qi

DOI: https://doi.org/10.1109/tvt.2024.3398062

IF: 6.8

2024-01-01

IEEE Transactions on Vehicular Technology

Abstract:Internet of Vehicles (IoV) is a promising technology to equip transportation management systems with digitalized ability. The deployed IoV devices allow traffic participants to generate and analyze the traffic information such as driving status and road condition. They can further share the collected traffic data through the centralized cloud service to improve road operation efficiency, safety and reduce economic losses. Storing sensitive traffic data in an untrusted cloud server, however, raises the requirement of data access control to protect valuable business issues. Unfortunately, using pure cryptographic access control schemes for traffic data faces several limitations. In this paper, we first develop a pure cryptographic construction to enforce attribute-based access control (ABAC) model in untrusted cloud for IoV system based on ciphertext policy-attribute based encryption (CP-ABE) and explore three limitations of it. By studying ABAC in the context of CP-ABE, we can effectively lower-bound the costs that would be incurred when using more advanced and more expensive predicate encryption schemes. We then propose a new attribute based access control system (AACS) for cloud-aided IoV system to overcome the barriers of CP-ABE by using trusted hardware (Intel Software Guard Extensions (SGX)). AACS uses a secure data division framework to achieve a small Trusted Computing Base (TCB) and integrates SGX with several cryptographic protocols as well as optimization techniques. We comprehensively evaluate AACS to show the design advantages of it

Peng Wang,Tao Xiang,Xiaoguo Li,Hong Xiang

DOI: https://doi.org/10.1016/j.ins.2020.09.004

IF: 8.1

2021-02-01

Information Sciences

Abstract:<p>With the increasing popularity of Internet of Energy (IoE), more and more physical devices connected to IoE depend on the information system for energy control and coordination. Under this condition, how to achieve information flow control in IoE becomes a great challenge. Access control encryption (ACE) is a promising technology to address the problem. However, existing ACE requires a centralized sanitizer, hindering its successful application in IoE. In this paper, we construct a new kind of ACE without sanitizers for IoE. We first construct a basic ACE scheme based on number-theoretic assumptions (i.e., DBDH assumption), and this scheme can control not only what users can read but also what they can write. To resist against the quantum attacks, we further construct a more secure ACE scheme based on learning with errors (LWE). We formally prove that our proposed two ACE schemes are secure under the proposed security definition, and we also evaluate the applicability and the efficiency of them in experiments.</p>

computer science, information systems

Xiong Li,Tian Liu,Chaoyang Chen,Qingfeng Cheng,Xiaosong Zhang,Neeraj Kumar

DOI: https://doi.org/10.1109/jiot.2022.3165576

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:As an extension of cloud computing, edge computing has attracted the attention of academia and industry because of its characteristics of low latency, high bandwidth, and low energy consumption. However, due to limited terminal resources and insufficient security design, the edge computing environment still faces many challenges in terms of data security and privacy protection. Among them, how to effectively control access to outsourced data is one of the main issues. In this article, we propose a lightweight and verifiable ciphertext-policy attribute-based encryption (CP-ABE)-based multiauthority access control scheme for edge computing-assisted Internet of Things (IoT), which adopts the method of outsourcing decryption to mitigate the computational cost of data users with limited resources. In addition, our scheme realizes the feature of attribute revocation, and the design of the multiauthority mechanism enables our scheme to avoid the problem of key escrow. Therefore, our proposed scheme not only ensures data confidentiality but also can resist the collusion attack. Besides, our scheme is secure against the chosen plaintext attack in the random oracle model under the decision $q$ -BDHE assumption. Finally, we compared our scheme with some related work in performance, and the results demonstrate that our scheme is efficient in computation and communication. Because our scheme greatly mitigates the overhead of data users, it is very suitable for edge computing supported IoT applications with restricted computation resources.