Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Weichu Deng,Jin Li,Hongyang Yan,Arthur Sandor Voundi Koe,Teng huang,Jianfeng Wang,Cong Peng

DOI: https://doi.org/10.1016/j.jisa.2024.103885

IF: 4.96

2024-09-14

Journal of Information Security and Applications

Abstract:In the Internet of Things, access control and identity management rely on centralized platforms. However, centralized platforms will compromise user privacy with identity leakage. Self-sovereign identity (SSI) is a novel model for identity management that does not require third-party centralized authority. Thus, SSI is a potential solution to the identity management problem in IoT access control. This paper's motivation is to address the problems of lack of identity sovereignty, centralized authorization, and high computational overhead for IoT access control. We propose a novel access control scheme for IoT that decentralizes identity management and tackles single-point-of-failure issues. This scheme leverages ciphertext policy attribute-based encryption (CP-ABE) and SSI to achieve the overall goal. Specifically, Our scheme eliminates the central authority and empowers users to manage their identity, allowing users to decide what attributes they disclose. Regarding the distribution of roles in the architecture, this paper follows the generic SSI model (ISSUER–HOLDER—VERIFIER) that allows a user to access a service from a service provider. To enable real-world deployment of our scheme, we establish an attribute authorization authority(such as the government) as a trusted identity point of entry. Users generate decentralized identifiers to enjoy services of interest in a privacy-preserving manner. The analysis demonstrates the practicality and superiority of our scheme. Our scheme requires less computation and is suitable for resource-constrained IoT scenarios.

computer science, information systems

Hu Xiong,Zheng Qu,Xin Huang,Kuo-Hui Yeh

DOI: https://doi.org/10.1109/jsac.2023.3310076

IF: 16.4

2023-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Internet of Things (IoTs) has been a burgeoning field that transforms the ubiquitous objects to interconnected devices and intelligent system. Today, with the emerging of innovative technologies such as cloud computing, the IoT sector is in a race to leverage these novel technologies to achieve optimal performance. Naturally the Digital Twins (DTs) architecture acts as an indispensable intermediary bridge to couple the IoT domain with these lastest technologies together. However, a tremendous obstacle is that the current Revocable Attribute-Based Encryption (RABE) schemes applied in the DTs paradigm fail to balance the efficiency, security and scalability simultaneously. In this paper, we tackle this challenge by presenting an unbounded and efficient direct RABE scheme with adaptive security. Compared with the previous schemes in this domain, our approach achieves revocable and fine-grained access control efficiently by employing the arithmetic span program (ASP) as the access structure. In this way, the expensive bilinear pairing and exponentiation operations are reduced significantly. Moreover, the unbounded property is satisfied in our scheme since the parameters are not required to be predefined in the setup phase. At last, with the support of the Matrix Decisional Diffie-Hellman (MDDH) assumption, the proposed scheme is proved to achieve adaptive security by adopting dual system encryption methodology. Theoretical comparison and implementation results demonstrate our proposed scheme possesses prominent practicability, scalability and efficiency.

telecommunications,engineering, electrical & electronic

Hu Xiong,Xin Huang,Minghao Yang,Lili Wang,Shui Yu

DOI: https://doi.org/10.1109/jiot.2021.3094323

IF: 10.6

2022-02-15

IEEE Internet of Things Journal

Abstract:Existing attribute-based encryption (ABE) schemes with revocation to secure the cloud-assisted Internet of Things (IoTs) raise challenges, such as eliminating the need for predefined public parameters in system initialization, performing the encryption and decryption operations efficiently, and achieving adaptive security under standard security assumption. In this article, we address these challenges by proposing an unbounded and efficient revocable ABE scheme with adaptive security for cloud-assisted IoTs. Distinct from the previous approaches in this field, our scheme not only efficiently realizes access control over encrypted data in a fine-grained and revocable way but also is proved to be adaptively secure under standard decision linear assumption. Meanwhile, the parameters do not need to be predefined in the system initialization and thus, our scheme satisfies the unbounded property. Moreover, the monotonic span program (MSP) is elegantly utilized as the access structure to reduce the number of bilinear pairing and exponentiation operations for encryption and decryption. Theoretical performance analysis and experiment evaluation disclose that our proposed scheme owns outstanding feasibility, efficiency, and effectiveness.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhenhua Lu,Yuyan Guo,Jiguo Li,Weina Jia,Liping Lv,Jie Shen

DOI: https://doi.org/10.1155/2022/8350006

2022-04-11

Wireless Communications and Mobile Computing

Abstract:As the product of the third information technology revolution, the Internet of Things (IoT) has greatly altered our way of lifetime. Cloud storage has gradually become the best choice for data processing due to its scalability and flexibility. However, the cloud is not a completely trusted entity, such as tampering with user data or leaking personal privacy. Therefore, cloud storage usually adopts attribute-based encryption schemes to accomplish data confidentiality and fine-grained access control. However, applying the ABE scheme to the Internet of Things still faces many challenges, such as dynamic user revocation, data sharing, and excessive computational burden. In this paper, we propose a novel searchable attribute encryption system that replaces the traditional key generation center with consortium blockchain to generate and manage partial keys. In addition, our scheme can perform predecryption operations in the cloud, and users only need to spend a small amount of computational cost to achieve decryption operations. Security analysis proves that our scheme achieves security under both the chosen keyword attack and the chosen plaintext attack. Compared with other schemes, this scheme is more economical in terms of computing and storage.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chong Guo,Bei Gong,Muhammad Waqas,Hisham Alasmary,Shanshan Tu,Sheng Chen

DOI: https://doi.org/10.3390/s24216843

IF: 3.9

2024-10-25

Sensors

Abstract:The Internet of Things (IoT) is a heterogeneous network composed of numerous dynamically connected devices. While it brings convenience, the IoT also faces serious challenges in data security. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptography method that supports fine-grained access control, offering a solution to the IoT's security issues. However, existing CP-ABE schemes are inefficient and unsuitable for IoT devices with limited computing resources. To address this problem, this paper proposes an efficient pairing-free CP-ABE scheme for the IoT. The scheme is based on lightweight elliptic curve scalar multiplication and supports multi-authority and verifiable outsourced decryption. The proposed scheme satisfies indistinguishability against chosen-plaintext attacks (CPA) under the elliptic curve decisional Diffie–Hellman (ECDDH) problem. Performance analysis shows that our proposed scheme is more efficient and better suited to the IoT environment compared to existing schemes.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Kui Ma,Yanwei Zhou,Ying Wang,Chunsheng Dong,Zhe Xia,Bo Yang,Mingwu Zhang

DOI: https://doi.org/10.1109/jsyst.2023.3269597

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) is helpful in making people's life more convenient and efficient. To ensure that the nodes within IoT can interact securely, a certificateless signature (CLS) can be used to protect message authentication in the IoT. Recently, some concrete constructions of CLS schemes have been proposed in the literature, but through our analyses, we demonstrate that some existing CLS schemes cannot keep their claimed security because of various security flaws. For example, a valid signature can be forged by any Type I adversary by replacing the corresponding user's public key. In this article, we describe the security flaws that need to be addressed and introduce a novel CLS scheme without using bilinear mapping. The existential unforgeability in our proposed scheme can be proved based on the hardness of the elliptic curve discrete logarithm problem in the random oracle model. The comparison with existing CLS schemes shows that our scheme not only enjoys more security features but also is more efficient in computation. Moreover, we introduce an identity authentication protocol as the application of our proposed CLS scheme, which achieves mutual authentication and anonymity in communications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Hu Xiong,Yangyang Bao,Xuyun Nie,Yakubu Issifu Asoor

DOI: https://doi.org/10.1109/tii.2019.2921516

IF: 12.3

2020-01-01

IEEE Transactions on Industrial Informatics

Abstract:Existing server-aided attribute-based signature (SA-ABS) to secure industrial Internet of Things (IIoT)-oriented applications raise challenges such as achieving collusion attack resilience and realizing expressive linear secret-sharing scheme (LSSS) access structures. In this paper, we positively address these challenges by proposing a novel SA-ABS for IIoT. Distinct from the existing works in this field, our SA-ABS protocol not only allows to delegate the heavy calculation in both signature generation and verification to a third-party server, but also resists the collusion attack and realizes expressive LSSS access structures. The formal proof about the unforgeability of the proposed SA-ABS has been given on the basis of the standard model. Theoretical analysis as well as experimental simulation reveal the fact that the proposed SA-ABS is feasible and efficient.

XiaoFang Huang,Qi Tao,BaoDong Qin,ZhiQin Liu

DOI: https://doi.org/10.1109/icccn.2015.7288431

2015-01-01

Abstract:Attribute Based Encryption (ABE) scheme can achieve information sharing of one-to-many users, without considering the number of users and the users identity. But, the traditional single Attribute Authority (AA) ABE scheme can hardly meet requirements of different agencies in distributed application environment and it is easy to form the system performance bottlenecks. Based on ciphertext-policy ABE scheme, this paper proposes a multi-authority revocable ABE scheme, where the classification manages user attributes, effectively relieving the management burden of single organization. In addition, it can achieve fine grained access control of shared information by adopting tree access strategy and secret sharing scheme, and support system attribute revocation. Finally, we show that the scheme is secure against chosen plaintext attack under the Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Xiong Li,Tian Liu,Chaoyang Chen,Qingfeng Cheng,Xiaosong Zhang,Neeraj Kumar

DOI: https://doi.org/10.1109/jiot.2022.3165576

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:As an extension of cloud computing, edge computing has attracted the attention of academia and industry because of its characteristics of low latency, high bandwidth, and low energy consumption. However, due to limited terminal resources and insufficient security design, the edge computing environment still faces many challenges in terms of data security and privacy protection. Among them, how to effectively control access to outsourced data is one of the main issues. In this article, we propose a lightweight and verifiable ciphertext-policy attribute-based encryption (CP-ABE)-based multiauthority access control scheme for edge computing-assisted Internet of Things (IoT), which adopts the method of outsourcing decryption to mitigate the computational cost of data users with limited resources. In addition, our scheme realizes the feature of attribute revocation, and the design of the multiauthority mechanism enables our scheme to avoid the problem of key escrow. Therefore, our proposed scheme not only ensures data confidentiality but also can resist the collusion attack. Besides, our scheme is secure against the chosen plaintext attack in the random oracle model under the decision $q$ -BDHE assumption. Finally, we compared our scheme with some related work in performance, and the results demonstrate that our scheme is efficient in computation and communication. Because our scheme greatly mitigates the overhead of data users, it is very suitable for edge computing supported IoT applications with restricted computation resources.

Moreno Ambrosin,Arman Anzanpour,Mauro Conti,Tooska Dargahi,Sanaz Rahimi Moosavi,Amir M. Rahmani,Pasi Liljeberg

DOI: https://doi.org/10.48550/arXiv.1611.08098

2016-11-24

Abstract:Attribute-Based Encryption (ABE) could be an effective cryptographic tool for the secure management of Internet-of-Things (IoT) devices, but its feasibility in the IoT has been under-investigated thus far. This article explores such feasibility for well-known IoT platforms, namely, Intel Galileo Gen 2, Intel Edison, Raspberry Pi 1 Model B, and Raspberry Pi Zero, and concludes that adopting ABE in the IoT is indeed feasible.

Cryptography and Security

Jian Chen,Fei Lu,Yuanzhe Liu,Sheng Peng,Zhiming Cai,Fu Mo

DOI: https://doi.org/10.1016/j.ijcip.2024.100661

IF: 3.683

2024-01-25

International Journal of Critical Infrastructure Protection

Abstract:With an increasing demand for authenticated data exchange between jurisdictions, ensuring the privacy and security of data interactions is crucial for national security, public health, and economic vitality, becoming a fundamental national infrastructure. Current solutions can be categorized into two types: fully decentralized autonomous systems based on blockchains or centralized solutions that rely on authoritative centers such as certification authorities (CAs). In reality, a balance needs to be struck between guaranteed authority and privacy independence. A certain authority is needed as an authorization guarantee, and decentralization is required to ensure privacy and the independence of the authority. This paper proposes a novel scheme, CT-MA-ABE (Cross-Trust Multiple Authorization Attribute-Based Encryption), to address these issues by implementing MA-ABE for cross-border institutional authorization interactions, utilize blockchain certification authority (BCA) for credibility and encryption-based authorization to protect attribute data privacy. This solution integrates the role of 'notary' in cross-border interactions, addressing the supervision problem in fully decentralized approaches while also considering the trust issue in centralized systems. This paper also introduces the Universal Certificate Authority Pool (UCAP), an innovative hybrid federated authorization method, creatively utilizing the implied authorization conditions of attributes to create a flexible and transitive authorization mechanism based on attribute relationships and extensions, enhancing privacy protection and improving the speed of authorization matrix calculation. The successful deployment of the system between the legal jurisdictions in South China, Zhuhai and Macau as a critical infrastructure component for securing data interactions further demonstrates its effectiveness as a reliable and secure solution.

engineering, multidisciplinary,computer science, information systems

Michele La Manna,Pericle Perazzo,Gianluca Dini

DOI: https://doi.org/10.1016/j.jisa.2020.102692

2021-01-25

Abstract:Attribute-Based Encryption (ABE) is an emerging cryptographic technique that allows one to embed a fine-grained access control mechanism into encrypted data. In this paper we propose a novel ABE scheme called SEA-BREW (Scalable and Efficient Abe with Broadcast REvocation for Wireless networks), which is suited for Internet of Things (IoT) and Industrial IoT (IIoT) applications. In contrast to state-of-the-art ABE schemes, ours is capable of securely performing key revocations with a single short broadcast message, instead of a number of unicast messages that is linear with the number of nodes. This is desirable for low-bitrate Wireless Sensor and Actuator Networks (WSANs) which often are the heart of (I)IoT systems. In SEA-BREW, sensors, actuators, and users can exchange encrypted data via a cloud server, or directly via wireless if they belong to the same WSAN. We formally prove that our scheme is secure also in case of an untrusted cloud server that colludes with a set of users, under the generic bilinear group model. We show by simulations that our scheme requires a constant computational overhead on the cloud server with respect to the complexity of the access control policies. This is in contrast to state-of-the-art solutions, which require instead a linear computational overhead.

Cryptography and Security

Oberko Prince Silas Kwesi,Obeng Victor-Hillary Kofi Setornyo,Xiong Hu

DOI: https://doi.org/10.1007/s12652-021-02915-5

IF: 3.662

2021-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:The introduction of attribute-based encryption (ABE) targets to achieve the implementation of single-to-numerous encryption; however, the sole authority challenge and the issue of distributed management of attributes are bottlenecks to its realization. Multi-authority attribute-based encryption (MA-ABE) where various attribute authorities (which may be independent of each other) control different attribute universe and are involved in the administration of attribute keys for decryption provides the necessary platform to undertake the implementation of fine-grained access regulation over shared data while achieving single-to-numerous encryption. In recent years, research into MA-ABE has seen rapid advancement, and we believe that it is a suitable solution to thwarting the key escrow problem as well as the problem of distributed management of attributes. This paper offers a thorough survey and examines the state-of-the-art of some traditional ABE as well as multi-authority attribute-based encryption schemes over the past decade. Furthermore, the survey gives detailed insights on some essential techniques as well as some classic concretely constructed algorithms. Moreover, we discuss an extension (the different directions) of MA-ABE and its progress since its inception. We also provide design principles of MA-ABE and also show comparisons between existing works on areas as security, performance, and functionality. This paper also discusses several interesting open problems. As far as we can tell, no comparable survey on MA-ABE exists in literature so far.

Guanglei Zhao,Xianping Si,Jingcheng Wang,Xiao Long,Ting Hu

DOI: https://doi.org/10.1109/ICMIC.2011.5973767

2011-01-01

Abstract:This paper presents a novel mutual identity authentication scheme which can be applied securely in Internet of Things. Based on secure hash algorithm(SHA), feature extraction and elliptic curve cryptography(ECC), we propose an asymmetric mutual authentication scheme between the platform and the terminal node, which imposes light computation and communication cost, through security analysis it is also shown that the proposed scheme is secure and feasible for applications in the Internet of Things.

Hui Li,Tao Jing

DOI: https://doi.org/10.1016/j.procs.2020.06.080

2020-01-01

Procedia Computer Science

Abstract:In large scale Internet of Things (IoT) systems, IoT-Cloud is a scalable and practical method to achieve high-efficiency data management accommodation through delegating the data storage and management tasks to the cloud service providers (CSPs). To cope with the low-computability and limited-resource of IoT devices and the response-latency of CSPs, recent works introduce an IoT-Fog-Cloud architecture. Yet, the existing attribute-based data sharing solutions with high computation requirements are no longer suitable for this new architecture. In this paper, we propose a ciphertext-policy attribute-based encryption scheme for the architecture to address the above challenges. The expensive offline encryption is delegated to the fog by constructing an intermediate ciphertext pool with the help of a Chameleon hash function. A public verification is performed to filter the illegitimate ciphertexts before executing the decryption operation. We provide a formal proof of the security and extensive performance analyses. These demonstrate that the scheme is suitable for resource-constrained IoT devices.

Zhishuo Zhang,Wen Huang,Songying Cai,Lin Yang,Yongjian Liao,Shijie Zhou

DOI: https://doi.org/10.1016/j.comcom.2022.09.017

IF: 5.047

2022-12-01

Computer Communications

Abstract:Fog computing is an emergent computing paradigm that supports the mobility and geographic distribution of Internet of Things (IoT) nodes and delivers context-aware applications with low latency to end-users. In fog computing, the critical obstacle restricting widespread deployment is security and privacy, especially how to build a lightweight fine-grained message authentication scheme in fog computing. In this paper, we first propose and give the formalization definition to a new variant of the attribute-based signature primitive (ABS), which we called Verifier-Policy Attribute-based Signature (VP-ABS). Distinct from the traditional ABS, in our VP-ABS primitive, the signature generated by the signer is decoupled with the access policy, which means the signer can generate a signature associated with some of his own attributes. Therefore, our VP-ABS can be reusable for multiple access policies. Then we also give a concrete VP-ABS construction over Type-3 pairing under Linear Secret Sharing Scheme (LSSS) policy which supports both AND and OR access gates. In addition, we rigorously prove our VP-ABS scheme is existentially unforgeable in the selective policy model under the adaptive chosen message attack (sP-EUF-CMA). Next, we give the feature comparison and theoretical analysis to our VP-ABS scheme as well as some other representative attribute authentication schemes to show the comprehensiveness of our scheme. To prove the correctness of the theoretical analysis and test the actual performance, we also do simulation experiments. Finally, we use our VP-ABS scheme to build an attribute-based fine-grained message authentication scheme for fog nodes in mobile microservices architecture with multiple access policies.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ruidong Li,Hitoshi Asaeda,Jie Li,Xiaoming Fu

DOI: https://doi.org/10.1109/icc.2017.7996804

2017-01-01

Abstract:In an Information-Centric Internet of Things (ICIoT) environment for big data sharing, IoT data can be cached throughout the network. Such distributed data caching poses a challenge on flexible authorization and identity verification. For fine-grained data access authorization in a distributed manner, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has been identified as a promising approach. However in the existing CP-ABE based scheme, each publisher would need to retrieve the attributes from the centralized server for encrypting data, resulting in high communication overhead. Moreover, valid authorization period and distributed authentication are still not addressed and seamlessly incorporated. In this paper, we propose a Verifiable and Flexible Data Sharing (VFDS) mechanism for ICIoT, which exploits CP-ABE for authorization and Identity-Based Signature (IBS) for the distributed verification of the identities. In VFDS, publishers retrieve the attributes from the nearby cache holders. In addition, the Attribute Manifest (AM) and the Automatic Attribute Update (AAU) realize efficient attribute updates within the distributed caches to achieve valid authorization period. Meanwhile, VFDS provides the public parameters of IBS in local domain, which enables the efficient identity verifications. Our system evaluations show that the VFDS can achieve lower bandwidth cost compared to the existing schemes for both authentication and flexible authorization.

Xiaofeng Chen,Jin Li,Xinyi Huang,Jingwei Li,Yang Xiang,Duncan S. Wong

DOI: https://doi.org/10.1109/tpds.2013.2295809

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Attribute-based signature (ABS) enables users to sign messages over attributes without revealing any information other than the fact that they have attested to the messages. However, heavy computational cost is required during signing in existing work of ABS, which grows linearly with the size of the predicate formula. As a result, this presents a significant challenge for resource-constrained devices (such as mobile devices or RFID tags) to perform such heavy computations independently. Aiming at tackling the challenge above, we first propose and formalize a new paradigm called Outsourced ABS, i.e., OABS, in which the computational overhead at user side is greatly reduced through outsourcing intensive computations to an untrusted signing-cloud service provider (S-CSP). Furthermore, we apply this novel paradigm to existing ABS schemes to reduce the complexity. As a result, we present two concrete OABS schemes: i) in the first OABS scheme, the number of exponentiations involving in signing is reduced from O(d) to O(1) (nearly three), where d is the upper bound of threshold value defined in the predicate; ii) our second scheme is built on Herranz et al.'s construction with constant-size signatures. The number of exponentiations in signing is reduced from O(d(2)) to O(d)and the communication overhead is O(1). Security analysis demonstrates that both OABS schemes are secure in terms of the unforgeability and attribute-signer privacy definitions specified in the proposed security model. Finally, to allow for high efficiency and flexibility, we discuss extensions of OABS and show how to achieve accountability as well.

Yu Chen,Jiguo Li,Chengdong Liu,Jinguang Han,Yichen Zhang,Peng Yi

DOI: https://doi.org/10.1109/tsc.2021.3096420

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Attribute based signature (ABS) is a novel cryptographic primitive, which permits users to sign a message over attributes without revealing other information. A signature only reveals that it is signed by a signer whose some attributes meet an access policy. However, some ABS schemes only support the threshold access policy, where the signing algorithms are limited by the threshold. The threshold access policy can not express precise access control well. In addition, the computation cost of the verification algorithm is heavy since pairing operations are required. Pairing is costly operation comparing to exponentiation. Therefore, existing ABS schemes are not suitable to resource-limited devices, such as RFID tags and smart cards. In order to solve the issues above, we present a novel ABS scheme by using the attribute tree as access policy that expresses flexible access control. We utilize server-aid technique to help the verifier to verify signatures and reduce the computation burden. Our scheme is proved secure against unforgeable and anonymous under chosen-policy selective-message attack in the standard model. Compared with existing schemes, our scheme is more efficient in terms of private key generation and verification. The proposed scheme reduces users’ calculation burden and expresses more flexible access policy.