Privacy preserving data access scheme for IoT devices

Attribute-based encryption schemes provide read access to data based on users' attributes. In these schemes, user privacy is compromised as the access policies are visible. This privacy issue has been addressed in literature by enabling the data owner to obfuscate the policy in a setting where a single authority generates decryption keys. However, a single authority can figure out the hidden access policy which violates user privacy. We present PPDAS, a scheme which overcomes these limitations and makes two contributions. Firstly, we present a mechanism which supports fine-grained read and write operations in a setting where decryption keys are generated by multiple attribute authorities, and the access policy is hidden from all unauthorized entities including the attribute authorities. Our scheme is also accompanied with a user revocation mechanism. Secondly, we show that it is possible to adapt the scheme for accessing data through resource-constrained devices such as smart watches and IoT devices through extensive experimental evaluations.

[1]  Yanqin Zhu,et al.  Privacy-preserving online/offline and outsourced multi-authority attribute-based encryption , 2017, 2017 IEEE/ACIS 16th International Conference on Computer and Information Science (ICIS).

[2]  Kyungtae Kang,et al.  Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks , 2014, IEEE/ACM Transactions on Networking.

[3]  Guomin Yang,et al.  Hidden Ciphertext Policy Attribute-Based Encryption Under Standard Assumptions , 2016, IEEE Transactions on Information Forensics and Security.

[4]  Junbeom Hur,et al.  Attribute-Based Secure Data Sharing with Hidden Policies in Smart Grid , 2013, IEEE Transactions on Parallel and Distributed Systems.

[5]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[6]  Nouha Oualha,et al.  Lightweight Attribute-Based Encryption for the Internet of Things , 2016, 2016 25th International Conference on Computer Communication and Networks (ICCCN).

[7]  Robert H. Deng,et al.  Expressive CP-ABE with partially hidden access structures , 2012, ASIACCS '12.

[8]  Tooska Dargahi,et al.  On the Feasibility of Attribute-Based Encryption on Smartphone Devices , 2015, IoT-Sys@MobiSys.

[9]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[10]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[11]  Yacine Challal,et al.  C-CP-ABE: Cooperative Ciphertext Policy Attribute-Based Encryption for the Internet of Things , 2014, 2014 International Conference on Advanced Networking Distributed Systems and Applications.

[12]  Tooska Dargahi,et al.  On the Feasibility of Attribute-Based Encryption on Internet of Things Devices , 2016, IEEE Micro.

[13]  Marc-Olivier Killijian,et al.  XPIR : Private Information Retrieval for Everyone , 2016, Proc. Priv. Enhancing Technol..

[14]  Jie Cui,et al.  Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage , 2016, Soft Computing.

[15]  Jian Shen,et al.  An Expressive Hidden Access Policy CP-ABE , 2017, 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC).

[16]  Zhibin Zhou,et al.  Efficient Privacy-Preserving Ciphertext-Policy Attribute Based-Encryption and Broadcast Encryption , 2015, IEEE Transactions on Computers.

[17]  Sanjay Jha,et al.  Secure and Light Weight Fine-grained Access Mechanism for Outsourced Data , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[18]  Aleksandr Ometov,et al.  Feasibility characterization of cryptographic primitives for constrained (wearable) IoT devices , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[19]  Nishat Koti,et al.  Group-oriented encryption for dynamic groups with constant rekeying cost , 2016, Secur. Commun. Networks.

[20]  Mahbub Hassan,et al.  A Survey of Wearable Devices and Challenges , 2017, IEEE Communications Surveys & Tutorials.