A Privacy-Preserving Access Control Scheme with Verifiable and Outsourcing Capabilities in Fog-Cloud Computing

Fog computing is a distribution system architecture which uses edge devices to provide computation, storage, and sharing at the edge of the network as an extension of cloud computing architecture, where the potential network traffic jams can be resolved. Whereas, the untrustworthy edge devices which contribute the computing resources may lead to data security and privacy-preserving issues. To address security issues and achieve fine-grained access control to protect privacy of users, ciphertext-policy attribute-based encryption (CP-ABE) mechanism has been well-explored, where data owners obtain flexible access policy to share data between users. However, the major drawback of CP-ABE system is heavy computational cost due to the complicated cryptographic operations. To tackle this problem, we propose a privacy-preserving access control (PPAC) scheme and the contributions are tri-folded: (1) we introduce outsourcing capability in fog-cloud computing (FCC) environment; (2) the outsource verification mechanism has been considered to guarantee the third party execute the algorithm correctly; (3) we design a partiality hidden method to protect the privacy information embedded in the access structures. The experimental results show that our proposed PPAC is efficient, economical and suitable for mobile devices with limited resources.

[1]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[2]  Brent Waters,et al.  Practical constructions and new proof methods for large universe attribute-based encryption , 2013, CCS.

[3]  Bing Chen,et al.  Data Security and Privacy-Preserving in Edge Computing Paradigm: Survey and Open Issues , 2018, IEEE Access.

[4]  Tansu Alpcan,et al.  Fog Computing May Help to Save Energy in Cloud Computing , 2016, IEEE Journal on Selected Areas in Communications.

[5]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[6]  Hui Ma,et al.  Verifiable and Exculpable Outsourced Attribute-Based Encryption for Access Control in Cloud Computing , 2017, IEEE Transactions on Dependable and Secure Computing.

[7]  Jin Li,et al.  Securely Outsourcing Attribute-Based Encryption with Checkability , 2014, IEEE Transactions on Parallel and Distributed Systems.

[8]  Matthew Green,et al.  Outsourcing the Decryption of ABE Ciphertexts , 2011, USENIX Security Symposium.

[9]  Xiaolei Dong,et al.  TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[10]  Nenghai Yu,et al.  Fog-Aided Verifiable Privacy Preserving Access Control for Latency-Sensitive Data Sharing in Vehicular Cloud Computing , 2018, IEEE Network.

[11]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[12]  Xiaohua Jia,et al.  An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing , 2013, IEEE Transactions on Parallel and Distributed Systems.

[13]  Brent Waters,et al.  Online/Offline Attribute-Based Encryption , 2014, IACR Cryptol. ePrint Arch..

[14]  Mihir Bellare,et al.  Fast Batch Verification for Modular Exponentiation and Digital Signatures , 1998, IACR Cryptol. ePrint Arch..

[15]  Weisong Shi,et al.  Edge Computing: Vision and Challenges , 2016, IEEE Internet of Things Journal.

[16]  Jason Crampton,et al.  Access Control in Publicly Verifiable Outsourced Computation , 2015, IACR Cryptol. ePrint Arch..

[17]  Ke Zhang,et al.  Mobile-Edge Computing for Vehicular Networks: A Promising Network Paradigm with Predictive Off-Loading , 2017, IEEE Veh. Technol. Mag..

[18]  Hugo Krawczyk,et al.  Cryptographic Extraction and Key Derivation: The HKDF Scheme , 2010, IACR Cryptol. ePrint Arch..

[19]  Ian Miers,et al.  Charm: a framework for rapidly prototyping cryptosystems , 2013, Journal of Cryptographic Engineering.