Efficient Outsourced Data Access Control with User Revocation for Cloud-Based IoT

Data owners have benefited significantly from cloud computing for managing the numerous data produced by massive devices in various Internet of Things (IoT) applications, such as smart home and electronic healthcare. On the other hand, fine- grained access control on outsourced data is a big concern for data owners, after they lose physical control over their data. Key-policy attribute- based encryption (KP-ABE), which provides data confidentiality and fine-grained data access control simultaneously, can be naturally introduced in this cloud-based IoT paradigm. However, the primitive KP-ABE cannot achieve efficient data access control with flexible user revocation. In this paper, we propose an efficient and fine-grained data access control scheme based on the proxy re-encryption and key blinding techniques for cloud-based IoT. With the scheme, the decryption capability of misbehaving users can be efficiently revoked to prevent data disclosure. In addition, most of the costly update operations over ciphertexts and keys due to user revocation, are delegated to the cloud. Extensive experiment results demonstrate that our scheme is more efficient than existing solutions in terms of computation and communication overheads.

[1]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[2]  Xuemin Shen,et al.  Securing Fog Computing for Internet of Things Applications: Challenges and Solutions , 2018, IEEE Communications Surveys & Tutorials.

[3]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[4]  Juanjuan Li,et al.  New Ciphertext-Policy Attribute-Based Encryption with Efficient Revocation , 2014, 2014 IEEE International Conference on Computer and Information Technology.

[5]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[6]  Xuemin Shen,et al.  Lightweight and Privacy-Preserving Fog-Assisted Information Sharing Scheme for Health Big Data , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[7]  Matthew Green,et al.  Outsourcing the Decryption of ABE Ciphertexts , 2011, USENIX Security Symposium.

[8]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[9]  Ying Wang,et al.  Trust Based Incentive Scheme to Allocate Big Data Tasks with Mobile Social Cloud , 2017, IEEE Transactions on Big Data.

[10]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[11]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[12]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[13]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[14]  Brent Waters,et al.  Secure attribute-based systems , 2010, J. Comput. Secur..

[15]  Xiaodong Lin,et al.  FSSR: Fine-Grained EHRs Sharing via Similarity-Based Recommendation in Cloud-Assisted eHealthcare System , 2016, AsiaCCS.

[16]  Jian Liu,et al.  OE-CP-ABE: Over-Encryption Based CP-ABE Scheme for Efficient Policy Updating , 2017, NSS.