Xin Sun,Yiyang Yao,Yingjie Xia,Xuejiao Liu,Jian Chen,Zhiqiang Wang

DOI: https://doi.org/10.3837/tiis.2016.04.024

2016-01-01

Abstract:Mobile social network is becoming more and more popular with respect to the development and popularity of mobile devices and interpersonal sociality. As the amount of social data increases in a great deal and cloud computing techniques become developed, the architecture of mobile social network is evolved into cloud-based that mobile clients send data to the cloud and make data accessible from clients. The data in the cloud should be stored in a secure fashion to protect user privacy and restrict data sharing defined by users. Ciphertext-policy attribute-based encryption (CP-ABE) is currently considered to be a promising security solution for cloud-based mobile social network to encrypt the sensitive data. However, its ciphertext size and decryption time grow linearly with the attribute numbers in the access structure. In order to reduce the computing overhead held by the mobile devices, in this paper we propose a new Outsourcing decryption and Match-then-decrypt CP-ABE algorithm (OM-CP-ABE) which firstly outsources the computation-intensive bilinear pairing operations to a proxy, and secondly performs the decryption test on the attributes set matching access policy in ciphertexts. The experimental performance assessments show the security strength and efficiency of the proposed solution in terms of computation, communication, and storage. Also, our construction is proven to be replayable choosen-ciphertext attacks (RCCA) secure based on the decisional bilinear Diffie-Hellman (DBDH) assumption in the standard model.

Yuzhao Cui,Qiong Huang,Jianye Huang,Hongbo Li,Guomin Yang

DOI: https://doi.org/10.1007/978-3-030-14234-6_24

2018-01-01

Abstract:In the cloud era people get used to store their data to the cloud server, and would use encryption technique to protect their sensitive data from leakage. However, encrypted data management is a challenging problem, for example, encrypted data classification. Besides, how to effectively control the access to the encrypted data is also an important problem. Ciphertext-policy attribute-based encryption with equality test (CP-ABEET) is an efficient solution to the aforementioned problems, which enjoys the advantage of attribute-based encryption, and in the meanwhile supports the test of whether two different ciphertexts contain the same message without the need of decryption. However, the existing CP-ABEET schemes suffer from high computation costs. In this paper, we study how to outsource the heavy computation in CP-ABEET scheme to a third-party server. We introduce the notion of CP-ABEET supporting outsourced decryption (OCP-ABEET), which saves a lot of local computation loads of CP-ABEET. We propose a concrete construction of OCP-ABEET, and prove its security based on a reasonable number-theoretic assumption in the random oracle model. Compared with the existing CP-ABEET schemes, our scheme is more computationally .

Jiguo Li,Yichen Zhang,Jianting Ning,Xinyi Huang,Geong Sen Poh,Debang Wang

DOI: https://doi.org/10.1109/tcc.2020.2975184

IF: 5.697

2020-01-01

IEEE Transactions on Cloud Computing

Abstract:The pervasive, ubiquitous, and heterogeneous properties of IoT make securing IoT systems a very challenging task. More so when access and storage are performed through a cloud-based IoT system. IoT data stored on cloud should be encrypted to ensure data privacy. It is also crucial to allow only authorized entities to access and decrypt the encrypted data. In this article, we propose a ciphertext-policy attribute-based encryption (CP-ABE) scheme that enables fine-grained access control of encrypted IoT data on cloud. CP-ABE is regarded as a highly promising approach to provide flexible and fine-grained access control, which is quite suited to secure cloud based IoT systems. We first present an access control system model of CloudIoT platform based on ABE. Based on the presented system model, we construct a ciphertext-policy hiding CP-ABE scheme, which guarantees the privacy of the users. We further construct a white-box traceable CP-ABE scheme with accountability in order to address the user key abuse and authorization center key abuse. Experiment illustrates the proposed systems are efficient.

computer science, information systems, theory & methods

Xin Huang,Hu Xiong,Jinhao Chen,Minghao Yang

DOI: https://doi.org/10.1109/tcc.2021.3131686

IF: 5.697

2021-01-01

IEEE Transactions on Cloud Computing

Abstract:Revocable storage and efficient description of the access policy are necessary to enhance the practicality of the attribute-based encryption (ABE) in real-life scenarios, such as cloud-assisted Internet of Things (IoT). Nevertheless, existing ABE works fail to balance the two vital factors. In this paper, we construct an efficient revocable storage ciphertext-policy attribute-based encryption with arithmetic span programs (RS-CPABE-ASP). The arithmetic span program (ASP) is elegantly utilized as the access structure to reduce the unnecessary cost for defining access policy. Combining the indirect revocation and the ciphertext update mechanism, our work prevents the revoked user unable to access the newly generated data and the old data that can be accessed before. As shown in the outsourced version of RS-CPABE-ASP, the costly part for users to decrypt the data can be outsourced to powerful cloud servers. In this way, users in our RS-CPABE-ASP are able to access their data in a more efficient way by merely one exponential operation. Finally, we carry out detailed theoretical analysis and experimental simulations to evaluate the performance of our work. The results fairly show that our proposed work is efficient and feasible in cloud-assisted IoT.

computer science, information systems, theory & methods

Yingjie Xia,Wenzhi Chen,Xuejiao Liu,Luming Zhang,Xuelong Li,Yang Xiang

DOI: https://doi.org/10.1109/tits.2017.2653103

IF: 8.5

2017-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Vehicular ad-hoc networks (VANETs) have drawn much attention of researchers. The vehicles in VANETs frequently join and leave the networks, and therefore restructure the network dynamically and automatically. Forwarded messages in vehicular ad-hoc networks are primarily multimedia data, including structured data, plain text, sound, and video, which require access control with efficient privacy preservation. Ciphertext-policy attribute-based encryption (CP-ABE) is adopted to meet the requirements. However, solutions based on traditional CP-ABE suffer from challenges of the limited computational resources on-board units equipped in the vehicles, especially for the complex policies of encryption and decryption. In this paper, we propose a CP-ABE delegation scheme, which allows road side units (RSUs) to perform most of the computation, for the purpose of improving the decryption efficiency of the vehicles. By using decision tree to jointly optimize multiple factors, such as the distance from RSU, the communication and computational cost, the CP-ABE delegation scheme is adaptively activated based on the estimation of various vehicles decryption overhead. Experimental results thoroughly demonstrate that our scheme is effective and efficient for multimedia data forwarding in vehicular ad-hoc networks with privacy preservation.

Hao Wang,Debiao He,Jian Shen,Zhihua Zheng,Chuan Zhao,Minghao Zhao

DOI: https://doi.org/10.1007/s00500-016-2271-2

IF: 3.732

2016-01-01

Soft Computing

Abstract:In the attribute-based encryption (ABE) systems, users can encrypt and decrypt messages based on their attributes. Because of the flexibility of ABE, it is more and more widely used in various network environments. However, complex functionality of ABE may cause an enormous computational cost. This reason greatly restricts the application of ABE in practice. In order to minimize the local computation of ABE, we introduce the concept of verifiable outsourced ABE system, in which key generation center, encryptor and decryptor, are able to outsource their computing tasks to the corresponding service providers, respectively, to reduce the local load. In addition, they are also able to verify the correctness of outsourcing calculation efficiently by using the outsourcing verification services. This is useful to save local computational resources, especially for mobile devices. Then, we propose a specific verifiable outsourced ABE scheme and prove its adaptive security in the standard model using the dual-system encryption method. Finally, we introduce how to deploy our outsourced CP-ABE scheme in cloud computing environment.

Hui Tian,Xiang Li,Hanyu Quan,Chin-Chen Chang,Thar Baker

DOI: https://doi.org/10.1109/jsen.2020.3030688

IF: 4.3

2021-07-15

IEEE Sensors Journal

Abstract:The Intelligent Transportation System (ITS) provides more possibilities for the realization of smart cities by integrating the Internet of Things (IoT) and cloud computing. However, how to ensure security of IoT data stored in the cloud has become one of the biggest challenges at present. As a promising solution for realizing fine-grained access control, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can be used to ensure data security. However, the traditional CP-ABE schemes may leak privacy of ITS users. Moreover, due to their high computational overheads, the current privacy-preserving techniques are not suitable for IoT lightweight devices. To fill this gap, this article presents ABE-FPP, a lightweight attribute-based access control scheme with full privacy protection (FPP), which can achieve full privacy protection in the three key stages (i.e., key generation, access control, and partial decryption), while reducing consumption overhead on the user side. Specifically, to protect privacy during key generation, a lightweight two-party secure computing protocol between the user and the authority is designed to generate secret keys; to protect privacy during the access control policy setting, we present an efficient policy hidden strategy, which only reveals attribute names and efficiently hides attribute values; to protect privacy during partial decryption, we propose a hybrid authentication method that does not need to submit attribute values to the cloud. Moreover, to achieve lightweight computation for IoT devices, online/offline encryption and outsourced decryption are employed in ABE-FPP. Finally, formal security proofs show that our scheme is secure in the standard model. The asymptotic complexity analyses and experimental results demonstrate that the presented scheme achieves higher computation efficiency than the state-of-the-art ones.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Yuejian Fang,Zilong Wen,Qingni Shen,Yahui Yang,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-28865-9_36

2015-01-01

Abstract:Attribute-based encryption (ABE) allows user to encrypt and decrypt data based on user attributes, and can be applied in some promising area such as mobile cloud storage. Since these are massive users in these applications, secure online transmission of decryption key is necessary. In this paper, a ciphertext-policy attribute-based encryption (CP-ABE) method with secure decryption key generation and outsourcing decryption of ABE ciphertexts is proposed. In the method, a user’s public key information is embedded into his decryption key in the key generation algorithm. Both the user’s decryption key and private key are needed to decrypt a ciphertext. With only the decryption key, a ciphertext cannot be decrypted, so the decryption key is secure and can be directly transmitted online. This saves some costs comparing to other transmission approaches, such as Secure Sockets Layer (SSL). Furthermore, the method supports outsourcing the decryption of ABE ciphertexts. Our analysis and experiment results prove that our method is more efficient than the existing outsourcing methods which generally use key transformation technique.

Jiawei Zhang,Teng Li,Mohammad S. Obaidat,Chi Lin,Jianfeng Ma

DOI: https://doi.org/10.1109/jsyst.2020.3044309

IF: 4.802

2022-03-01

IEEE Systems Journal

Abstract:The rapid development of cloud computing and Internet of Things enables widely use of Internet of Vehicles (IoV) and drives a revolutionary change for intelligent transport system. The advent of 5G and fog computing architectures also facilitates applications of IoV and makes the enormous IoV data outsourcing and sharing in cloud and fog more convenient. However, the data outsourcing and sharing will incur many security concerns to IoV including data leakage and breach as the users cannot direct control their data. To guarantee IoV data security, a novel scheme is proposed for IoV data sharing with high efficiency. In our scheme, we utilize ciphertext-policy attribute-based encryption (CP-ABE) to achieve confidentiality and fine-grained access control for IoV data shared in cloud and fog. Nevertheless, as another intrinsic feature in IoV environment, the dynamicity in a group of connected vehicles brings some challenges to our scheme. To deal with this situation, we bring forward a concept of auditable user revocation for CP-ABE to adapt to the dynamic vehicle groups. Moreover, online/offline and verifiable outsourcing techniques are leveraged to improve the efficiency and guarantee the correctness of decryption. At the end, we demonstrate the security and efficiency for our scheme by giving detailed security analysis and performance evaluation with extensive experiments.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Yinghui Zhang,Robert H. Deng,Shengmin Xu,Jianfei Sun,Qi Li,Dong Zheng

DOI: https://doi.org/10.1145/3398036

IF: 16.6

2021-07-31

ACM Computing Surveys

Abstract:Attribute-based encryption (ABE) for cloud computing access control is reviewed in this article. A taxonomy and comprehensive assessment criteria of ABE are first proposed. In the taxonomy, ABE schemes are assorted into key-policy ABE (KP-ABE) schemes, ciphertext-policy ABE (CP-ABE) schemes, anti-quantum ABE schemes, and generic constructions. In accordance with cryptographically functional features, CP-ABE is further divided into nine subcategories with regard to basic functionality, revocation, accountability, policy hiding, policy updating, multi-authority, hierarchy, offline computation, and outsourced computation. In addition, a systematical methodology for discussing and comparing existing ABE schemes is proposed. For KP-ABE and each type of CP-ABE, the corresponding access control scenario is presented and explained by concrete examples. Specifically, the syntax of ABE is given followed by the adversarial model and security goals. ABE schemes are discussed according to the design strategies and special features and are compared in the light of the proposed assessment criteria with respect to security and performance. Compared to related state-of-the-art survey papers, this article not only provides a broader 12 categories of ABE schemes, but also makes a more comprehensive and holistic comparison. Finally, a number of open research challenges in ABE are pointed out.

computer science, theory & methods

Hu Xiong,Xin Huang,Minghao Yang,Lili Wang,Shui Yu

DOI: https://doi.org/10.1109/jiot.2021.3094323

IF: 10.6

2022-02-15

IEEE Internet of Things Journal

Abstract:Existing attribute-based encryption (ABE) schemes with revocation to secure the cloud-assisted Internet of Things (IoTs) raise challenges, such as eliminating the need for predefined public parameters in system initialization, performing the encryption and decryption operations efficiently, and achieving adaptive security under standard security assumption. In this article, we address these challenges by proposing an unbounded and efficient revocable ABE scheme with adaptive security for cloud-assisted IoTs. Distinct from the previous approaches in this field, our scheme not only efficiently realizes access control over encrypted data in a fine-grained and revocable way but also is proved to be adaptively secure under standard decision linear assumption. Meanwhile, the parameters do not need to be predefined in the system initialization and thus, our scheme satisfies the unbounded property. Moreover, the monotonic span program (MSP) is elegantly utilized as the access structure to reduce the number of bilinear pairing and exponentiation operations for encryption and decryption. Theoretical performance analysis and experiment evaluation disclose that our proposed scheme owns outstanding feasibility, efficiency, and effectiveness.

computer science, information systems,telecommunications,engineering, electrical & electronic

Meiyan Xiao,Hongbo Li,Qiong Huang,Shui Yu,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2022.3173412

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Attribute-based encryption scheme is a promising mechanism to realize one-to-many fine-grained access control which strengthens the security in cloud computing. However, massive amounts of data and various data sharing requirements bring great challenges to the complex but isolated and fixed access structures in most of the existing attribute-based encryption schemes. In this paper, we propose an attribute-based hierarchical encryption scheme with extendable policy, called Extendable Hierarchical Ciphertext-Policy Attribute-Based Encryption (EH-CP-ABE), to improve the data sharing efficiency and security simultaneously. The scheme realizes the function of hierarchical encryption, in which, data with hierarchical access control relationships could be encrypted together flexibly to improve the efficiency. The scheme also achieves external and internal extension of the access structure to further encrypt newly added hierarchical data without updating the original ciphertexts or with only a minor update depending on the data sharing requirements, which simplifies the encryption process and greatly reduces the computation overhead. We formally prove the security of the scheme is IND-CCA secure in the random oracle model based on bilinear Diffie-Hellman assumption, and we also implement our scheme to demonstrate its efficiency and practicality.

Ningyu Chen,Jiguo Li,Yichen Zhang,Yuyan Guo

DOI: https://doi.org/10.1109/tc.2020.3043950

IF: 3.183

2022-01-01

IEEE Transactions on Computers

Abstract:Attribute-based encryption (ABE) is a preferred technology used to access control the data stored in the cloud servers. However, in many cases, the authorized decryption user may be unable to decrypt the ciphertext in time for some reason. To be on the safe side, several alternate users are delegated to cooperate to decrypt the ciphertext, instead of one user doing that. We provide a ciphertext-policy ABE scheme with shared decryption in this article. An authorized user can recover the messages independently. At the same time, these alternate users (semi-authorized users) can work together to get the messages. We also improve the basic scheme to ensure that the semi-authorized users perform the decryption tasks honestly. An integrated access tree is used to improve the efficiency for our scheme. The new scheme is proved CPA-secure in the standard model. The experimental result shows that our scheme is very efficient on both computational overhead and storage cost.

engineering, electrical & electronic,computer science, hardware & architecture

Praveen Kumar Premkamal,Syam Kumar Pasupuleti,P. J. A. Alphonse

DOI: https://doi.org/10.1007/s12652-018-0967-0

IF: 3.662

2018-08-14

Journal of Ambient Intelligence and Humanized Computing

Abstract:The foremost security concerns for big data in the cloud are privacy and access control. Ciphertext-policy attribute based encryption (CP-ABE) is an effective cryptographic solution for above concerns, but the existing CP-ABE schemes are not suitable for big data in the cloud as they require huge computation time for encryption and decryption process. In this paper, we propose a new verifiable outsourced CP-ABE for big data privacy and access control in the cloud. Our scheme reduces the computational overhead of encryption and decryption by outsourcing the heavy computations to the proxy server. Our scheme also verifies the correctness of the data along with the outsourcing computations. Further, our scheme limits the data access for a set of users instead of providing an infinite number of times data access, which is essentially required for commercial applications. In security analysis, we prove that our scheme is secure against chosen plain-text attack, collusion and proxy attacks. Performance analysis proves that our scheme is efficient.

computer science, information systems,telecommunications, artificial intelligence

Jialu Hao,Cheng Huang,Jianbing Ni,Hong Rong,Ming Xian,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1016/j.comnet.2019.02.008

IF: 5.493

2019-01-01

Computer Networks

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is a promising approach to achieve fine-grained access control over the outsourced data in Internet of Things (IoT). However, in the existing CP-ABE schemes, the access policy is either appended to the ciphertext explicitly or only partially hidden against public visibility, which results in privacy leakage of the underlying ciphertext and potential recipients. In this paper, we propose a fine-grained data access control scheme supporting expressive access policy with fully attribute hidden for cloud-based IoT. Specifically, the attribute information is fully hidden in access policy by using randomizable technique, and a fuzzy attribute positioning mechanism based on garbled Bloom filter is developed to help the authorized recipients locate their attributes efficiently and decrypt the ciphertext successfully. Security analysis and performance evaluation demonstrate that the proposed scheme achieves effective policy privacy preservation with low storage and computation overhead. As a result, no valuable attribute information in the access policy will be disclosed to the unauthorized recipients.

Hao Wang,Zhihua Zheng,Yilei Wang

DOI: https://doi.org/10.1504/ijguc.2017.10008770

2017-01-01

International Journal of Grid and Utility Computing

Abstract:Attribute-Based Encryption (ABE) is a useful encryption method that allows users to encrypt messages based on their attributes. However, the computational cost of ABE system is very high, because it often scales with the number of attributes. This makes ABE difficult to apply in practice. In this paper, we use the cloud computing technology as well as pre-computing technology to solve this problem, and introduce the cloud-aided online/offline ciphertext-policy ABE system. In this system, Private Key Generator (PKG) could per-compute intermediate keys offline before online key generation phase, encryptor could pre-compute intermediate ciphertexts offline before online encryption phase, and decryptor could call their cloud computing servers to transform the ciphertexts to the partially decrypted ciphertexts before decryption phase. This greatly reduces the local computational cost of these three phases. It is significant for mobile devices to use ABE. Then, we propose a specific scheme, and prove its adaptive security in the standard model. Finally, we introduce how to deploy our new scheme in the mobile cloud computing environment.

Zesen Hou,Jianting Ning,Xinyi Huang,Shengmin Xu,Leo Yu Zhang

DOI: https://doi.org/10.1016/j.csi.2024.103854

IF: 3.721

2024-03-21

Computer Standards & Interfaces

Abstract:Attribute-based encryption (ABE) has been widely applied in cloud services for access control. However, a large number of pairing operations required for decryption affect the wide use of ABE on lightweight devices. A general solution is to outsource the heavy computation to the cloud service provider (CSP), leaving the lighter computation to the data user. Nevertheless, it is impractical to assume that the CSP will provide free services. A recent ABE scheme with payable outsourced decryption ABEPOD (TIFS'20) provides a solution for the above payment issue. The CSP is generally untrusted, however, ABEPOD does not offer a verification mechanism for the data user to verify the correctness of the message. Moreover, the use of dual key pairs in ABEPOD incurs a significant computational overhead for data users during the key generation phase. We address the above issues by presenting a new blockchain-based verifiable outsourced attribute-based encryption system that enables data users to verify the correctness of plaintexts. We implement batch verification using homomorphic technical to optimize the verification process. We use the technique of dichotomous search to accurately locate problematic plaintexts. Additionally, we optimize three key-generation algorithms to transfer the computational cost from the data user to the key generation center. We offer the formal security models and the instantiation system with security analysis. As compared to ABEPOD , we further optimize the key-generation algorithms such that the computational overhead of transformation-key and verification-key generation for data users is reduced from O( Ω ) to O(1) and reduced by half respectively, where Ω is the number of attributes.

computer science, software engineering, hardware & architecture

Kaiping Xue,Na Gai,Jianan Hong,David S. L. Wei,Peilin Hong,Nenghai Yu

DOI: https://doi.org/10.1109/tdsc.2020.2987903

2022-01-01

Abstract:Under the assumption of honest-but-curious cloud service provider, various cryptographic techniques have been used to address the issues of data access control and confidentiality in public cloud storage. Among which, attribute-based encryption (ABE) has been shown to be an attractive scheme. Although the technique of ABE brings in various benefits, its onerous overhead should not be ignored. In this article, based on an improved LSSS (linear secret sharing scheme) matrix expression integrated in CP-ABE (Ciphertext-Policy Attribute-Based Encryption) algorithm, we present an efficient and secure attribute-based access control scheme for the scenarios where multiple data are shared and encrypted with frequently used sub-policies. In the scheme, a user can store the parameters about a specific sub-policy in his/her first decryption, which can be reused in the subsequent data decryptions whose embedded access policies include the same sub-policy so as to significantly reduce the computation cost. Our proposed scheme is proved to be semantically secure under chosen plaintext attacks and can well preserve the confidentiality of the data sharing system. Our analysis and experimentation also show that our scheme does significantly reduce the decryption time and while trades in only very little storage overhead, and thus effectively promotes the efficiency.

Li Yang,Cheng Li,Yuting Cheng,Shui Yu,Jianfeng Ma

DOI: https://doi.org/10.1016/j.ins.2021.09.034

IF: 8.1

2022-01-01

Information Sciences

Abstract:Increasingly more user data are transferred to the cloud for storage and analysis. Due to the dishonesty of the cloud, user data are at risk of leakage. CP-ABE is considered one of the most promising technologies for protecting outsourced data. However, in most existing schemes, the attacker may learn user privacy information from the policy plaintext. Furthermore, schemes supporting policy hiding either only achieve partial policy hiding or cannot hide policies in large universes. In this paper, we use hide both the values and names of attributes in policies by using private set intersections (PSIs). CP-ABE supports a complete hiding strategy. At the same time, it can calculate the authorization relationship and mapping between the user's password and key. We use polynomial-based PSI and a recursive algorithm to calculate the former. With the help of this algorithm and tag vectors, the mapping is determined in the case of communication restrictions. By outsourcing exponents, we achieve an efficient hiding policy and effectively reduces users' computing overhead. We also prove its security. Finally, the performance evaluation and simulation results reveal that our model achieves better performance compared with other schemes while preserving sensitive attributes.

computer science, information systems

Xiaolong Zhao,Zhenjie Huang

DOI: https://doi.org/10.1007/s10586-024-04423-5

2024-05-08

Cluster Computing

Abstract:Verifiable outsourced attribute-based encryption (VO-ABE) enables one-to-many data sharing and fine-grained access control under lower trust, making it suitable for cloud or edge systems involving resource-constrained devices. There is no fully outsourced and fully verifiable attribute-based encryption scheme or key-policy VO-ABE scheme. Moreover, the previous VO-ABE schemes require multiple rounds of interaction or high verification costs to support verifiable outsourced key generation and verifiable outsourced encryption. To address these issues, in this paper, we propose an effective key-policy fully outsourced and fully verifiable attribute-based encryption scheme supporting verifiable outsourced key generation, encryption, and decryption simultaneously. We formally define two new properties: outsourced key generation verifiability and outsourced encryption verifiability. Analysis and simulation show that the proposed scheme performs well and is practical. All local computational overheads of the proposed scheme are constant and do not increase with the number of attributes or the complexity of access structures.

computer science, information systems, theory & methods