An Efficient Access Control Scheme With Outsourcing and Attribute Revocation for Fog-Enabled E-Health

Fog computing is increasingly popular partly due to its capability to minimize data transfer and latency requirements, for example by moving some of the computational operations away from the cloud servers and closer to the users. To achieve fine-grained access control in fog-enabled application scenarios to guarantee data security and user privacy, one could use ciphertext-policy attribute-based encryption (CP-ABE). However, the lack of an effective mechanism to carry out access right revocation in conventional CP-ABE schemes limits the deployment of such schemes in practice. Thus, we propose an efficient CP-ABE scheme with attribute revocation capability, designed to construct a fine-grained access control system in fog-enabled E-health (referred to as AC-FEH). In our AC-FEH system, fog nodes undertake data encryption and decryption operations; thus, computational costs for data owners and users are minimized. In comparison to several other competing access control schemes based on CP-ABE, our AC-FEH system reduces the computational costs associated with encryption and decryption. We also prove the selective security of the underlying CP-ABE scheme under the intractability assumption of the $q$ -parallel BDHE problem.

[1]  Ting Wang,et al.  A Cloud-Based Access Control Scheme with User Revocation and Attribute Update , 2016, ACISP.

[2]  Xiaodong Lin,et al.  Ciphertext Policy Attribute Based Encryption with Efficient Revocation , 2009 .

[3]  Juanjuan Li,et al.  New Ciphertext-Policy Attribute-Based Encryption with Efficient Revocation , 2014, 2014 IEEE International Conference on Computer and Information Technology.

[4]  Jianfeng Ma,et al.  Provably secure unbounded multi-authority ciphertext-policy attribute-based encryption , 2015, Secur. Commun. Networks.

[5]  Han-Yu Lin,et al.  Secure PHR Access Control Scheme for Healthcare Application Clouds , 2013, 2013 42nd International Conference on Parallel Processing.

[6]  Hong Rong,et al.  Fine-grained data access control with attribute-hiding policy for cloud-based IoT , 2019, Comput. Networks.

[7]  Hongwei Liu,et al.  An efficient access control scheme with outsourcing capability and attribute update for fog computing , 2018, Future Gener. Comput. Syst..

[8]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[9]  Qutaibah M. Malluhi,et al.  A Ciphertext-Policy Attribute-based Encryption Scheme With Optimized Ciphertext Size And Fast Decryption , 2017, AsiaCCS.

[10]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[11]  Ting Wu,et al.  Large universe attribute based access control with efficient decryption in cloud storage system , 2018, J. Syst. Softw..

[12]  Xiaohua Jia,et al.  Security for Cloud Storage Systems , 2013, SpringerBriefs in Computer Science.

[13]  Min-Shiang Hwang,et al.  A Survey of Attribute-based Access Control with User Revocation in Cloud Data Storage , 2016, Int. J. Netw. Secur..

[14]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[15]  Jin Li,et al.  Secure attribute-based data sharing for resource-limited users in cloud computing , 2018, Comput. Secur..

[16]  Hui Li,et al.  A fine‐grained access control and revocation scheme on clouds , 2016, Concurr. Comput. Pract. Exp..

[17]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[18]  Jianfeng Ma,et al.  TrustAccess: A Trustworthy Secure Ciphertext-Policy and Attribute Hiding Access Control Scheme Based on Blockchain , 2020, IEEE Transactions on Vehicular Technology.

[19]  Hideki Imai,et al.  Conjunctive Broadcast and Attribute-Based Encryption , 2009, Pairing.

[20]  Pascal Junod,et al.  An efficient public-key attribute-based broadcast encryption scheme allowing arbitrary access policies , 2010, DRM '10.

[21]  Xiaolei Dong,et al.  CryptCloud$^+$+: Secure and Expressive Data Access Control for Cloud Storage , 2018, IEEE Transactions on Services Computing.

[22]  Jie Ling,et al.  Secure and fine-grained access control on e-healthcare records in mobile cloud computing , 2018, Future Gener. Comput. Syst..

[23]  Jin Li,et al.  New Ciphertext-Policy Attribute-Based Access Control with Efficient Revocation , 2013, ICT-EurAsia.

[24]  Zhiqian Xu,et al.  Dynamic User Revocation and Key Refreshing for Attribute-Based Encryption in Cloud Storage , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[25]  Robert H. Deng,et al.  Key regeneration-free ciphertext-policy attribute-based encryption and its application , 2020, Inf. Sci..

[26]  Dongqing Xie,et al.  Multi-authority ciphertext-policy attribute-based encryption with accountability , 2011, ASIACCS '11.

[27]  Jianqiang Li,et al.  An Efficient Attribute-Based Encryption Scheme With Policy Update and File Update in Cloud Computing , 2019, IEEE Transactions on Industrial Informatics.

[28]  Rui Zhang,et al.  Fine-grained access control system based on fully outsourced attribute-based encryption , 2017, J. Syst. Softw..

[29]  Mohammad S. Obaidat,et al.  An Authenticated Key Exchange Protocol for Multi-Server Architecture in 5G Networks , 2020, IEEE Access.

[30]  Junbeom Hur,et al.  Improving Security and Efficiency in Attribute-Based Data Sharing , 2013, IEEE Transactions on Knowledge and Data Engineering.

[31]  Fuchun Guo,et al.  CP-ABE With Constant-Size Keys for Lightweight Devices , 2014, IEEE Transactions on Information Forensics and Security.

[32]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[33]  Peng Li,et al.  An efficient attribute-based hierarchical data access control scheme in cloud computing , 2020, Hum. centric Comput. Inf. Sci..

[34]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[35]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[36]  Jianfeng Ma,et al.  Large universe decentralized key-policy attribute-based encryption , 2015, Secur. Commun. Networks.

[37]  Guomin Yang,et al.  Ciphertext-Policy Attribute-Based Encrypted Data Equality Test and Classification , 2018, IACR Cryptol. ePrint Arch..

[38]  Jiqiang Liu,et al.  Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation , 2015, Inf. Sci..

[39]  Xiaohui Liang,et al.  Attribute based proxy re-encryption with delegating capabilities , 2009, ASIACCS '09.

[40]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[41]  Kim-Kwang Raymond Choo,et al.  Fine-grained Database Field Search Using Attribute-Based Encryption for E-Healthcare Clouds , 2016, Journal of Medical Systems.

[42]  Yang Li,et al.  Optimized Ciphertext-Policy Attribute-Based Encryption with Efficient Revocation , 2013 .

[43]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[44]  Ambadas Wairagar,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2016 .