SEM-ACSIT: Secure and Efficient Multiauthority Access Control for IoT Cloud Storage

Data access control in a cloud storage system is regarded as a promising technique for enhanced efficiency and security utilizing a ciphertext-policy attribute-based encryption (CP-ABE) approach. However, due to a large number of data users as well as limited resources and heterogeneity of data devices in Internet of Things (IoT), existing access control schemes for the cloud storage are not effectively applicable to IoT applications. In this article, we construct a new CP-ABE-based storage model for data storing and secure access in a cloud for IoT applications. Our new framework introduces an attribute authority management (AAM) module in the cloud storage system functioned as an agent that provides a user-friendly access control and highly reduces the storage overhead of public keys. Then, we propose a novel secure and efficient multiauthority access control scheme of the cloud storage system for IoT, namely, SEM-ACSIT, which obtains both backward security and forward security when an attribute of a user is revoked. By exploiting encryption outsourcing, simplified key structuring and the AAM module, the computational overhead of a user is immensely decreased. Moreover, a user access control list (UACL) in the cloud server is constructed newly to support authorization access for a specific user. The analysis and simulation results demonstrate that our SEM-ACSIT scheme achieves powerful security with less computational overhead and lower storage costs than the existing schemes.

[1]  Ivan Stojmenovic,et al.  DACC: Distributed Access Control in Clouds , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[2]  Peilin Hong,et al.  An Attribute-Based Controlled Collaborative Access Control Scheme for Public Cloud Storage , 2019, IEEE Transactions on Information Forensics and Security.

[3]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[4]  Minglu Li,et al.  Achieving an effective, scalable and privacy-preserving data sharing service in cloud computing , 2014, Comput. Secur..

[5]  Masakatu Morii,et al.  Attribute Revocable Multi-Authority Attribute-Based Encryption with Forward Secrecy for Cloud Storage , 2017, IEICE Trans. Inf. Syst..

[6]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[7]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[8]  Bharat K. Bhargava,et al.  On the Security of Data Access Control for Multiauthority Cloud Storage Systems , 2017, IEEE Transactions on Services Computing.

[9]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[10]  Min Chen,et al.  NextMe: Localization Using Cellular Traces in Internet of Things , 2015, IEEE Transactions on Industrial Informatics.

[11]  Junbeom Hur,et al.  Improving Security and Efficiency in Attribute-Based Data Sharing , 2013, IEEE Transactions on Knowledge and Data Engineering.

[12]  Qiang Ni,et al.  A Connectivity Enhancement Scheme Based on Link Transformation in IoT Sensing Networks , 2017, IEEE Internet of Things Journal.

[13]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[14]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[15]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[16]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[17]  Liu Zhenpeng,et al.  Multi-authority Attribute Based Encryption with Attribute Revocation , 2014, 2014 IEEE 17th International Conference on Computational Science and Engineering.

[18]  Kaiping Xue,et al.  Combining Data Owner-Side and Cloud-Side Access Control for Encrypted Cloud Storage , 2018, IEEE Transactions on Information Forensics and Security.

[19]  Hongming Cai,et al.  An IoT-Oriented Data Storage Framework in Cloud Computing Platform , 2014, IEEE Transactions on Industrial Informatics.

[20]  Thouraya Bouabana-Tebibel,et al.  Towards a distributed ABE based approach to protect privacy on online social networks , 2019, 2019 IEEE Wireless Communications and Networking Conference (WCNC).

[21]  Matthew Green,et al.  Outsourcing the Decryption of ABE Ciphertexts , 2011, USENIX Security Symposium.

[22]  Joseph K. Liu,et al.  Privacy-Preserving Ciphertext Multi-Sharing Control for Big Data Storage , 2015, IEEE Transactions on Information Forensics and Security.

[23]  Xiaohua Jia,et al.  DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems , 2013, IEEE Transactions on Information Forensics and Security.

[24]  Chuan Zhang,et al.  A Reconfigurable Smart Sensor Interface for Industrial WSN in IoT Environment , 2014, IEEE Transactions on Industrial Informatics.

[25]  Kaiping Xue,et al.  Comments on “DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems”/Security Analysis of Attribute Revocation in Multiauthority Data Access Control for Cloud Storage Systems , 2015, IEEE Transactions on Information Forensics and Security.

[26]  Heonshik Shin,et al.  A Scalable and Flexible Repository for Big Sensor Data , 2015, IEEE Sensors Journal.

[27]  Sneha A. Dalvi,et al.  Internet of Things for Smart Cities , 2017 .

[28]  Xiaolei Dong,et al.  TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[29]  Hao Yue,et al.  RAAC: Robust and Auditable Access Control With Multiple Attribute Authorities for Public Cloud Storage , 2017, IEEE Transactions on Information Forensics and Security.

[30]  Sudip Misra,et al.  Cloud Computing Applications for Smart Grid: A Survey , 2015, IEEE Transactions on Parallel and Distributed Systems.

[31]  K. Goutham Raju,et al.  Mobile Data Gathering with Load Balanced Clustering and Dual Data Uploading in Wireless Sensor Networks , 2016 .

[32]  Wenfen Liu,et al.  Secure and Efficient Attribute-Based Access Control for Multiauthority Cloud Storage , 2018, IEEE Systems Journal.