Wei Luo,Wenping Ma

DOI: https://doi.org/10.1109/access.2018.2858233

IF: 3.9

2018-01-01

IEEE Access

Abstract:Vehicular networking involves the storage, compute, and analysis of massive vehicular data. Vehicular cloud computing, as a special cloud computing platform, seamlessly combines vehicular ad hoc networks and conventional cloud computing. However, in the vehicular cloud computing, there is still the problem of unauthorized users accessing and stealing data. In the traditional ciphertext-policy attribute-based encryption (CP-ABE) scheme, a trusted central authority is employed to manage attributes and distribute keys. Based on multi-authority (MA) CP-ABE, we propose a secure and revocable access control scheme for vehicular cloud computing in this paper, in which the requester can decrypt the ciphertext with only a small amount of computation. We show that our MA-CP-ABE scheme can prevent static corruption of authorities in the standard model under the decisional q-parallel bilinear Diffie–Hellman exponent assumption. Theoretical analysis and experimental simulation results show that our scheme has lower communication cost and lower computational complexity than other schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jie Cui,Xuelian Chen,Jing Zhang,Qingyang Zhang,Hong Zhong

DOI: https://doi.org/10.1109/jiot.2020.3041860

IF: 10.6

2021-05-15

IEEE Internet of Things Journal

Abstract:A connected and autonomous vehicle (CAV) is often fitted with a large number of onboard sensors and applications to support autonomous driving functions. Based on the current research, little work on applications' access to in-vehicle data has been done. Furthermore, most existing autonomous driving operating systems lack authentication and encryption units. As such, applications can excessively obtain confidential information, such as vehicle location and owner preferences and even upload it to the cloud, threatening the security of the vehicle and the privacy of the owner. In this study, we propose a fine-grained access control scheme to restrict applications' access to data in CAVs (FGAC-inCAVs). First, we present a system model composed of the following elements: a trusted third party (TTP), which is a fully trusted authority; perception components like sensors, which can capture the road information (pictures, videos, etc.); and multiple applications. Then, a fast attribute-based encryption (ABE) is presented, and security analysis also shows it is secure against selective and chosen-plaintext attacks. Furthermore, we propose a key update scheme based on the Chinese remainder theorem (CRT). Finally, the theoretical analysis and simulation experiments demonstrate its feasibility and efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiawei Zhang,Teng Li,Mohammad S. Obaidat,Chi Lin,Jianfeng Ma

DOI: https://doi.org/10.1109/jsyst.2020.3044309

IF: 4.802

2022-03-01

IEEE Systems Journal

Abstract:The rapid development of cloud computing and Internet of Things enables widely use of Internet of Vehicles (IoV) and drives a revolutionary change for intelligent transport system. The advent of 5G and fog computing architectures also facilitates applications of IoV and makes the enormous IoV data outsourcing and sharing in cloud and fog more convenient. However, the data outsourcing and sharing will incur many security concerns to IoV including data leakage and breach as the users cannot direct control their data. To guarantee IoV data security, a novel scheme is proposed for IoV data sharing with high efficiency. In our scheme, we utilize ciphertext-policy attribute-based encryption (CP-ABE) to achieve confidentiality and fine-grained access control for IoV data shared in cloud and fog. Nevertheless, as another intrinsic feature in IoV environment, the dynamicity in a group of connected vehicles brings some challenges to our scheme. To deal with this situation, we bring forward a concept of auditable user revocation for CP-ABE to adapt to the dynamic vehicle groups. Moreover, online/offline and verifiable outsourcing techniques are leveraged to improve the efficiency and guarantee the correctness of decryption. At the end, we demonstrate the security and efficiency for our scheme by giving detailed security analysis and performance evaluation with extensive experiments.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Yingjie Xue,Kaiping Xue,Na Gai,Jianan Hong,David S. L. Wei,Peilin Hong

DOI: https://doi.org/10.1109/tifs.2019.2911166

IF: 7.231

2019-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In public cloud storage services, data are outsourced to semi-trusted cloud servers which are outside of data owners' trusted domain. To prevent untrustworthy service providers from accessing data owners' sensitive data, outsourced data are often encrypted. In this scenario, conducting access control over these data becomes a challenging issue. Attribute-based encryption (ABE) has been proved to be a powerful cryptographic tool to express access policies over attributes, which can provide a fine-grained, flexible, and secure access control over outsourced data. However, the existing ABE-based access control schemes do not support users to gain access permission by collaboration. In this paper, we explore a special attribute-based access control scenario where multiple users having different attribute sets can collaborate to gain access permission if the data owner allows their collaboration in the access policy. Meanwhile, the collaboration that is not designated in the access policy should be regarded as a collusion and the access request will be denied. We propose an attribute-based controlled collaborative access control scheme through designating translation nodes in the access structure. Security analysis shows that our proposed scheme can guarantee data confidentiality and has many other critical security properties. Extensive performance analysis shows that our proposed scheme is efficient in terms of storage and computation overhead.

Hui Tian,Xiang Li,Hanyu Quan,Chin-Chen Chang,Thar Baker

DOI: https://doi.org/10.1109/jsen.2020.3030688

IF: 4.3

2021-07-15

IEEE Sensors Journal

Abstract:The Intelligent Transportation System (ITS) provides more possibilities for the realization of smart cities by integrating the Internet of Things (IoT) and cloud computing. However, how to ensure security of IoT data stored in the cloud has become one of the biggest challenges at present. As a promising solution for realizing fine-grained access control, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can be used to ensure data security. However, the traditional CP-ABE schemes may leak privacy of ITS users. Moreover, due to their high computational overheads, the current privacy-preserving techniques are not suitable for IoT lightweight devices. To fill this gap, this article presents ABE-FPP, a lightweight attribute-based access control scheme with full privacy protection (FPP), which can achieve full privacy protection in the three key stages (i.e., key generation, access control, and partial decryption), while reducing consumption overhead on the user side. Specifically, to protect privacy during key generation, a lightweight two-party secure computing protocol between the user and the authority is designed to generate secret keys; to protect privacy during the access control policy setting, we present an efficient policy hidden strategy, which only reveals attribute names and efficiently hides attribute values; to protect privacy during partial decryption, we propose a hybrid authentication method that does not need to submit attribute values to the cloud. Moreover, to achieve lightweight computation for IoT devices, online/offline encryption and outsourced decryption are employed in ABE-FPP. Finally, formal security proofs show that our scheme is secure in the standard model. The asymptotic complexity analyses and experimental results demonstrate that the presented scheme achieves higher computation efficiency than the state-of-the-art ones.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Yingjie Xia,Wenzhi Chen,Xuejiao Liu,Luming Zhang,Xuelong Li,Yang Xiang

DOI: https://doi.org/10.1109/tits.2017.2653103

IF: 8.5

2017-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Vehicular ad-hoc networks (VANETs) have drawn much attention of researchers. The vehicles in VANETs frequently join and leave the networks, and therefore restructure the network dynamically and automatically. Forwarded messages in vehicular ad-hoc networks are primarily multimedia data, including structured data, plain text, sound, and video, which require access control with efficient privacy preservation. Ciphertext-policy attribute-based encryption (CP-ABE) is adopted to meet the requirements. However, solutions based on traditional CP-ABE suffer from challenges of the limited computational resources on-board units equipped in the vehicles, especially for the complex policies of encryption and decryption. In this paper, we propose a CP-ABE delegation scheme, which allows road side units (RSUs) to perform most of the computation, for the purpose of improving the decryption efficiency of the vehicles. By using decision tree to jointly optimize multiple factors, such as the distance from RSU, the communication and computational cost, the CP-ABE delegation scheme is adaptively activated based on the estimation of various vehicles decryption overhead. Experimental results thoroughly demonstrate that our scheme is effective and efficient for multimedia data forwarding in vehicular ad-hoc networks with privacy preservation.

Kan Yang,Xiaohua Jia,Kui Ren,Bo Zhang

DOI: https://doi.org/10.1109/tifs.2013.2279531

IF: 7.231

2013-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Data access control is an effective way to ensure data security in the cloud. However, due to data outsourcing and untrusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. Existing access control schemes are no longer applicable to cloud storage systems, because they either produce multiple encrypted copies of the same data or require a fully trusted cloud server. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising technique for access control of encrypted data. However, due to the inefficiency of decryption and revocation, existing CP-ABE schemes cannot be directly applied to construct a data access control scheme for multiauthority cloud storage systems, where users may hold attributes from multiple authorities. In this paper, we propose data access control for multiauthority cloud storage (DAC-MACS), an effective and secure data access control scheme with efficient decryption and revocation. Specifically, we construct a new multiauthority CP-ABE scheme with efficient decryption, and also design an efficient attribute revocation method that can achieve both forward security and backward security. We further propose an extensive data access control scheme (EDAC-MACS), which is secure under weaker security assumptions.

Xiong Li,Tian Liu,Chaoyang Chen,Qingfeng Cheng,Xiaosong Zhang,Neeraj Kumar

DOI: https://doi.org/10.1109/jiot.2022.3165576

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:As an extension of cloud computing, edge computing has attracted the attention of academia and industry because of its characteristics of low latency, high bandwidth, and low energy consumption. However, due to limited terminal resources and insufficient security design, the edge computing environment still faces many challenges in terms of data security and privacy protection. Among them, how to effectively control access to outsourced data is one of the main issues. In this article, we propose a lightweight and verifiable ciphertext-policy attribute-based encryption (CP-ABE)-based multiauthority access control scheme for edge computing-assisted Internet of Things (IoT), which adopts the method of outsourcing decryption to mitigate the computational cost of data users with limited resources. In addition, our scheme realizes the feature of attribute revocation, and the design of the multiauthority mechanism enables our scheme to avoid the problem of key escrow. Therefore, our proposed scheme not only ensures data confidentiality but also can resist the collusion attack. Besides, our scheme is secure against the chosen plaintext attack in the random oracle model under the decision $q$ -BDHE assumption. Finally, we compared our scheme with some related work in performance, and the results demonstrate that our scheme is efficient in computation and communication. Because our scheme greatly mitigates the overhead of data users, it is very suitable for edge computing supported IoT applications with restricted computation resources.

Pengshou xie,Haoxuan Yang,Tao Feng,Yan Yan

DOI: https://doi.org/10.1016/j.comnet.2022.109363

IF: 5.493

2022-09-19

Computer Networks

Abstract:CP-ABE is a flexible cryptographic algorithm that enables efficient implementation of access control techniques in cloud architectures. However, when CP-ABE is applied to the IoV environment, the weak performance of IoV individuals will inevitably reduce the efficiency of the overall cryptosystem. In addition, various contingencies in IoV require CP-ABE to be able to dynamically respond to various access requests, and generating only a single ciphertext cannot satisfy various additional access requests. In this paper, we propose an encryption algorithm VM-CP-ABE for IoV in cloud environment, which has the features of offline encryption and outsourced decryption. The offline encryption process utilizes the large amount of offline time of individuals in the vehicular network to generate the initial ciphertext segments, while executing its secret sharing process for each offline phase of the ciphertext segments, thus completing the initial combination of ciphertext parameters. The outsourced decryption can generate transformation keys, thus stripping the most complex pairing operations in the decryption process from the weak performing IoV individuals and transferring this part of operations to the more powerful outsourced individuals. In addition, VM-CP-ABE can generate special hierarchical ciphers that can be decrypted with no additional access control policies. This avoids the problem of space efficiency degradation because of large access control policy transfers. We show the static security of all mechanisms of VM-CP-ABE and conclude with a detailed efficiency analysis. VM-CP-ABE is more time- and space-efficient than traditional attribute encryption for extensive sets of IoV attributes in cloud environments.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Jin Li,Xiaofeng Chen,Jingwei Li,Chunfu Jia,Jianfeng Ma,Wenjing Lou

DOI: https://doi.org/10.3233/jcs-150533

2015-01-01

Journal of Computer Security

Abstract:As cloud computing becomes prevalent, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for outsourced data security and privacy. Attribute-based encryption (ABE) is a promising cryptographic primitive, which has been widely applied to design fine-grained access control system recently. However, ABE is criticized for its high scheme overhead as the computational cost grows with the complexity of the access formula. This disadvantage becomes more serious for mobile devices with constrained computing resources. Aiming at tackling the challenge above, we present a generic and efficient solution to implement attribute-based access control system by introducing secure outsourcing techniques into ABE. More precisely, two cloud service providers (CSPs), namely key generation-cloud service provider (KG-CSP) and decryption-cloud service provider (D-CSP) are introduced to perform the outsourced key-issuing and decryption on behalf of attribute authority and users respectively. In order to outsource heavy computation to both CSPs without private information leakage, we formalize an underlying primitive called outsourced ABE (OABE) and propose several constructions with outsourced decryption and key-issuing. Finally, extensive experiment demonstrates that with the help of KG-CSP and D-CSP, efficient key-issuing and decryption are achieved in our constructions.

Jialu Hao,Cheng Huang,Jianbing Ni,Hong Rong,Ming Xian,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1016/j.comnet.2019.02.008

IF: 5.493

2019-01-01

Computer Networks

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is a promising approach to achieve fine-grained access control over the outsourced data in Internet of Things (IoT). However, in the existing CP-ABE schemes, the access policy is either appended to the ciphertext explicitly or only partially hidden against public visibility, which results in privacy leakage of the underlying ciphertext and potential recipients. In this paper, we propose a fine-grained data access control scheme supporting expressive access policy with fully attribute hidden for cloud-based IoT. Specifically, the attribute information is fully hidden in access policy by using randomizable technique, and a fuzzy attribute positioning mechanism based on garbled Bloom filter is developed to help the authorized recipients locate their attributes efficiently and decrypt the ciphertext successfully. Security analysis and performance evaluation demonstrate that the proposed scheme achieves effective policy privacy preservation with low storage and computation overhead. As a result, no valuable attribute information in the access policy will be disclosed to the unauthorized recipients.

Hu Xiong,Xin Huang,Minghao Yang,Lili Wang,Shui Yu

DOI: https://doi.org/10.1109/jiot.2021.3094323

IF: 10.6

2022-02-15

IEEE Internet of Things Journal

Abstract:Existing attribute-based encryption (ABE) schemes with revocation to secure the cloud-assisted Internet of Things (IoTs) raise challenges, such as eliminating the need for predefined public parameters in system initialization, performing the encryption and decryption operations efficiently, and achieving adaptive security under standard security assumption. In this article, we address these challenges by proposing an unbounded and efficient revocable ABE scheme with adaptive security for cloud-assisted IoTs. Distinct from the previous approaches in this field, our scheme not only efficiently realizes access control over encrypted data in a fine-grained and revocable way but also is proved to be adaptively secure under standard decision linear assumption. Meanwhile, the parameters do not need to be predefined in the system initialization and thus, our scheme satisfies the unbounded property. Moreover, the monotonic span program (MSP) is elegantly utilized as the access structure to reduce the number of bilinear pairing and exponentiation operations for encryption and decryption. Theoretical performance analysis and experiment evaluation disclose that our proposed scheme owns outstanding feasibility, efficiency, and effectiveness.

computer science, information systems,telecommunications,engineering, electrical & electronic

Saiyu Qi,Youshui Lu,Wei Wei,Xiaofeng Chen

DOI: https://doi.org/10.1109/jiot.2020.3020979

IF: 10.6

2021-02-15

IEEE Internet of Things Journal

Abstract:The Industrial Internet of Things (IIoT) has provided a promising opportunity to build digitalized industrial systems. A fundamental technology of IIoT is the radio-frequency identification (RFID) technique, which allows industrial participants to identify items and anchor time-series IoT data for them. They can further share the IoT data through the cloud service to enable information exchange and support critical decisions in production operations. Storing IoT data in the cloud, however, requires a data access control mechanism to protect sensitive business issues. Unfortunately, using traditional cryptographic access control schemes for time-series IoT data face severe efficiency and key leakage problems. In this article, we design a secure industrial data access control scheme for cloud-assisted IIoT. Our scheme enables participants to enforce fine-grained access control policies for their IoT data via ciphertext policy-attribute-based encryption (CP-ABE) scheme. Our scheme adopts a hybrid cloud infrastructure for participants to outsource expensive CP-ABE tasks to the cloud service with strong privacy guarantees. Importantly, our scheme guarantees a new privacy notion named item-level data protection for IoT data to prevent key leakage problem. We achieve these goals via several encryption and optimization techniques. Our performance assessments combine system implementation with large-scale emulations and confirm the security and efficiency of our design.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiguo Li,Yichen Zhang,Jianting Ning,Xinyi Huang,Geong Sen Poh,Debang Wang

DOI: https://doi.org/10.1109/tcc.2020.2975184

IF: 5.697

2020-01-01

IEEE Transactions on Cloud Computing

Abstract:The pervasive, ubiquitous, and heterogeneous properties of IoT make securing IoT systems a very challenging task. More so when access and storage are performed through a cloud-based IoT system. IoT data stored on cloud should be encrypted to ensure data privacy. It is also crucial to allow only authorized entities to access and decrypt the encrypted data. In this article, we propose a ciphertext-policy attribute-based encryption (CP-ABE) scheme that enables fine-grained access control of encrypted IoT data on cloud. CP-ABE is regarded as a highly promising approach to provide flexible and fine-grained access control, which is quite suited to secure cloud based IoT systems. We first present an access control system model of CloudIoT platform based on ABE. Based on the presented system model, we construct a ciphertext-policy hiding CP-ABE scheme, which guarantees the privacy of the users. We further construct a white-box traceable CP-ABE scheme with accountability in order to address the user key abuse and authorization center key abuse. Experiment illustrates the proposed systems are efficient.

computer science, information systems, theory & methods

Zechao Liu,Zoe L. Jiang,Xuan Wang,S. M. Yiu,Ruoqing Zhang,Yulin Wu

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00092

2018-01-01

Abstract:Cloud storage service allows data owners to store their (encrypted) data in a remote and may be untrusted cloud server. Attribute-Based Encryption (ABE) provides an excellent and flexible solution for data access control. As more and more applications evolved, ABE schemes may not handle all scenarios, in particular, if the access control has a time and location constraint. Time and location attributes are not as static as other general attributes. Existing ABE schemes cannot efficiently handle the continuous range of an attribute making it impractical for temporal and spatial constraints that are changing dynamically. In this paper, we propose a novel temporal and spatial constrained attribute-based access control (TSC-ABAC) scheme to solve this problem. Our system adopts a redesigned access structure and makes use of multi-dimensional range derivation function to match the time domain. This is the first ABE scheme that can efficiently handle time and location elements simultaneously. We further propose an extended TSC-ABAC scheme, which aims at reducing the decryption cost imposed on user. A thorough security and performance analysis shows that our design is secure and efficient. The result of our work could provide a feasible and practical data access control scheme for cloud storage services.

Xuanmei Qin,Yongfeng Huang,Xing Li

DOI: https://doi.org/10.1007/s00500-020-05117-x

IF: 3.732

2020-06-30

Soft Computing

Abstract:Nowadays, more and more data are stored on cloud for sharing in vehicular networks, but the increasing number of cloud data security incidents makes how to guarantee confidentiality of sharing data one of the main concerns. Attribute-based encryption is considered as a suitable method to solve this issue. However, the requirements of lightweight and privacy make it difficult to apply the existing attribute-based encryption schemes directly in vehicular networks. In this paper, we put forward an access control scheme with lightweight decryption and conditional authentication for secure data sharing in vehicular networks. In this scheme, we extend elliptic-curve cryptography-based key-policy attribute-based encryption scheme with token-based decryption for lightweight access control. Moreover, we integrate Elliptic Curve Qu-Vanstone implicit certificate with ELGamal encryption algorithm to achieve both mutual authentication and conditional privacy protection. The performance analysis shows that the proposed scheme requires less time for both encryption and decryption on the user side. The security analysis shows that the proposed scheme can provide conditional anonymity.

computer science, artificial intelligence, interdisciplinary applications

Ivan E. Carvajal-Roca,Jian Wang

DOI: https://doi.org/10.1109/vtc2021-fall52928.2021.9625336

2021-01-01

Abstract:With the fast evolution of vehicle networks, Connected and Autonomous Vehicles (CAVs) are mobile devices that are not only used for transportation but also form part of other promising technologies such as the internet of vehicles and cyber-physical systems. Despite the benefits of CAVs, exposing in-vehicle networks to external devices can lead to different privacy and security challenges. Due to scalability, efficiency, and dynamic communication requirements, the security between in-vehicle networks with external devices cannot fully rely on the vehicle's external third parties. In this paper, we propose a semi-decentralized fine-grained security framework based on Ciphertex-Policy Attribute-Based Encryption (CP-ABE) to secure the communication of in-vehicle network's Electronic Control Units (ECUs) with vehicle's external connected device. Our approach's fine-grained access control is based on the attributes of external devices connected to different subsystems inside the vehicle. Each subsystem inside the vehicle has full control of the access policy during the vehicle's operation. Therefore, our proposed approach has a flexible and dynamic key management suitable for future CAVs. Finally, the experiment of our framework validates its feasibility for implementation.

Jie Zhang,Lingyun Yuan,Shanshan Xu

DOI: https://doi.org/10.48550/arXiv.2111.06544

2021-11-17

Abstract:In view of the security issues of the Internet of Things (IoT), considered better combining edge computing and blockchain with the IoT, integrating attribute-based encryption (ABE) and attribute-based access control (ABAC) models with attributes as the entry point, an attribute-based encryption and access control scheme (ABE-ACS) has been proposed. Facing Edge-Iot, which is a heterogeneous network composed of most resource-limited IoT devices and some nodes with higher computing power. For the problems of high resource consumption and difficult deployment of existing blockchain platforms, we design a lightweight blockchain (LBC) with improvement of the proof-of-work consensus. For the access control policies, the threshold tree and LSSS are used for conversion and assignment, stored in the blockchain to protect the privacy of the policy. For device and data, six smart contracts are designed to realize the ABAC and penalty mechanism, with which ABE is outsourced to edge nodes for privacy and integrity. Thus, our scheme realizing Edge-Iot privacy protection, data and device controlled access. The security analysis shows that the proposed scheme is secure and the experimental results show that our LBC has higher throughput and lower resources consumption, the cost of encryption and decryption of our scheme is desirable.

Cryptography and Security,Computers and Society

Maanak Gupta,James Benson,Farhan Patwa,Ravi Sandhu

DOI: https://doi.org/10.48550/arXiv.1908.08112

2019-08-22

Abstract:Future smart cities and intelligent world will have connected vehicles and smart cars as its indispensable and most essential components. The communication and interaction among such connected entities in this vehicular internet of things (IoT) domain, which also involves smart traffic infrastructure, road-side sensors, restaurant with beacons, autonomous emergency vehicles, etc., offer innumerable real-time user applications and provide safer and pleasant driving experience to consumers. Having more than 100 million lines of code and hundreds of sensors, these connected vehicles (CVs) expose a large attack surface, which can be remotely compromised and exploited by malicious attackers. Security and privacy are serious concerns that impede the adoption of smart connected cars, which if not properly addressed will have grave implications with risk to human life and limb. In this research, we present a formalized dynamic groups and attribute-based access control (ABAC) model (referred as \cvac) for smart cars ecosystem, where the proposed model not only considers system wide attributes-based security policies but also takes into account the individual user privacy preferences for allowing or denying service notifications, alerts and operations to on-board resources. Further, we introduce a novel notion of groups in vehicular IoT, which are dynamically assigned to moving entities like connected cars, based on their current GPS coordinates, speed or other attributes, to ensure relevance of location and time sensitive notification services to the consumers, to provide administrative benefits to manage large numbers of smart entities, and to enable attributes and alerts inheritance for fine-grained security authorization policies. We present proof of concept implementation of our model in AWS cloud platform demonstrating real-world uses cases along with performance metrics.

Cryptography and Security

Qian Mei,Minghao Yang,Jinhao Chen,Lili Wang,Hu Xiong

DOI: https://doi.org/10.1109/TDSC.2022.3188740

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Expressive data sharing and efficient data deletion are essential to drive the development of cloud-assisted IoT. But insecure transmission and the vulnerability of the cloud server may cause potential threats to IoT data, attribute-based encryption (ABE) is widely applied to ensure data confidentially. Nonetheless, the potential data exposure caused by the compromised long-term key and the contradiction between conventional access structures in ABE and the various demands of data owners are still two huge challenges. To overcome these challenges, this article designs an unbounded and puncturable ciphertext-policy ABE with arithmetic span program ( <inline-formula><tex-math notation="LaTeX">$\mathcal {UP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {CP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ABE}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ASP}$</tex-math></inline-formula> ) scheme and presents an expressive data sharing and self-controlled fine-grained data deletion solution in cloud-assisted IoT, which allows data owners to efficiently encrypt and share data with various computable access policies, but also enables data owners and data users to independently delete specific data stored in the cloud. The designed <inline-formula><tex-math notation="LaTeX">$\mathcal {UP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {CP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ABE}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ASP}$</tex-math></inline-formula> leverages unbounded ABE and puncturable encryption to support the flexible update of system parameters and the deletion of specific data. Also, the arithmetic span program access structure is combined to realize expressive data sharing. Moreover, the <inline-formula><tex-math notation="LaTeX">$\mathcal {UP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {CP}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ABE}$</tex-math></inline-formula> - <inline-formula><tex-math notation="LaTeX">$\mathcal {ASP}$</tex-math></inline-formula> is adaptively secure in the standard model, and comprehensive performance evaluations demonstrate its practicability and scalability in cloud-assisted IoT.