PU-ABE: Lightweight Attribute-Based Encryption Supporting Access Policy Update for Cloud Assisted IoT

Cloud-assisted IoT applications are gaining an expanding interest, such that IoT devices are deployed in different distributed environments to collect and outsource sensed data to remote servers for further processing and sharing among users. On the one hand, in several applications, collected data are extremely sensitive and need to be protected before outsourcing. Generally, encryption techniques are applied at the data producer side to protect data from adversaries as well as curious cloud provider. On the other hand, sharing data among users requires fine grained access control mechanisms. To ensure both requirements, Attribute Based Encryption (ABE) has been widely applied to ensure encrypted access control to outsourced data. Although, ABE ensures fine grained access control and data confidentiality, updates of used access policies after encryption and outsourcing of data remains an open challenge. In this paper, we design PU-ABE, a new variant of key policy attribute based encryption supporting efficient access policy update that captures attributes addition to access policies. PU-ABE contributions are multifold. First, access policies involved in the encryption can be updated without requiring sharing secret keys between the cloud server and the data owners neither re-encrypting data. Second, PU-ABE ensures privacy preserving and fine grained access control to outsourced data. Third, ciphertexts received by the end-user are constant sized and independent from the number of attributes used in the access policy which affords low communication and storage costs.

[1]  Nesrine Kaaniche,et al.  Attribute based Encryption for Multi-level Access Control Policies , 2017, SECRYPT.

[2]  Youngho Park,et al.  A secure billing protocol over attribute-based encryption in vehicular cloud computing , 2016, EURASIP J. Wirel. Commun. Netw..

[3]  Fuchun Guo,et al.  Ciphertext-policy attribute-based encryption supporting access policy update and its extension with preserved attributes , 2017, International Journal of Information Security.

[4]  M. Laurent-Maknavicius,et al.  PHOABE: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT , 2018, Comput. Networks.

[5]  Bruno Crispo,et al.  Design and implementation of a confidentiality and access control solution for publish/subscribe systems , 2012, Comput. Networks.

[6]  Christian Esposito,et al.  On Security in Publish/Subscribe Services: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[7]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[8]  Javier Herranz,et al.  Attribute-based encryption schemes with constant-size ciphertexts , 2012, Theor. Comput. Sci..

[9]  Mohammad Hammoudeh,et al.  Internet of Things for Buildings Monitoring: Experiences and Challenges , 2017, ICFNDS.

[10]  Sabrina De Capitani di Vimercati,et al.  Mix&Slice: Efficient Access Revocation in the Cloud , 2016, CCS.

[11]  Zhi Chen,et al.  A lightweight attribute-based encryption scheme for the Internet of Things , 2015, Future Gener. Comput. Syst..

[12]  Chang-Ji Wang,et al.  A Key-policy Attribute-based Encryption Scheme with Constant Size Ciphertext , 2012, 2012 Eighth International Conference on Computational Intelligence and Security.

[13]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[14]  Fuchun Guo,et al.  Ciphertext-policy attribute-based encryption supporting access policy update and its extension with preserved attributes , 2016, International Journal of Information Security.

[15]  Marco Rosa,et al.  Access Control Management for Secure Cloud Storage , 2016, SecureComm.

[16]  Goichiro Hanaoka,et al.  Key Management for Versatile Pay-TV Services , 2017, STM.

[17]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[18]  Jian Shen,et al.  Verifiable Outsourced Decryption of Attribute-Based Encryption with Constant Ciphertext Length , 2017, Secur. Commun. Networks.

[19]  Mohammad Hammoudeh,et al.  A Survey on Authentication Techniques for the Internet of Things , 2017, ICFNDS.

[20]  Willy Susilo,et al.  A CCA-secure key-policy attribute-based proxy re-encryption in the adaptive corruption model for dropbox data sharing system , 2018, Designs, Codes and Cryptography.

[21]  Murad Khan,et al.  IoT-based students interaction framework using attention-scoring assessment in eLearning , 2018, Future Gener. Comput. Syst..

[22]  Bruno Crispo,et al.  PIDGIN: privacy-preserving interest and content sharing in opportunistic networks , 2014, AsiaCCS.

[23]  Cheng Chen,et al.  Threshold Ciphertext Policy Attribute-Based Encryption with Constant Size Ciphertexts , 2012, ACISP.

[24]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[25]  Abderrazak Jemai,et al.  Constant-size Threshold Attribute based SignCryption for Cloud Applications , 2017, SECRYPT.

[26]  Atsuko Miyaji,et al.  A ciphertext-policy attribute-based encryption scheme with constant ciphertext length , 2010, Int. J. Appl. Cryptogr..

[27]  Javier Herranz,et al.  Constant Size Ciphertexts in Threshold Attribute-Based Encryption , 2010, Public Key Cryptography.

[28]  Abderrazak Jemai,et al.  PAbAC: A Privacy Preserving Attribute based Framework for Fine Grained Access Control in Clouds , 2016, SECRYPT.

[29]  Nesrine Kaaniche,et al.  Data security and privacy preservation in cloud storage environments based on cryptographic mechanisms , 2017, Comput. Commun..

[30]  Joseph K. Liu,et al.  A secure and efficient Ciphertext-Policy Attribute-Based Proxy Re-Encryption for cloud data sharing , 2015, Future Gener. Comput. Syst..