Expressive CP-ABE Scheme for Mobile Devices in IoT Satisfying Constant-Size Keys and Ciphertexts

Designing lightweight security protocols for cloud-based Internet-of-Things (IoT) applications for battery-limited mobile devices, such as smart phones and laptops, is a topic of recent focus. Ciphertext-policy attribute-based encryption (CP-ABE) is a viable solution, particularly for cloud deployment, as an encryptor can “write” the access policy so that only authorized users can decrypt and have access to the data. However, most existing CP-ABE schemes are based on the costly bilinear maps, and require long decryption keys, ciphertexts and incur significant computation costs in the encryption and decryption (e.g. costs is at least linear to the number of attributes involved in the access policy). These design drawbacks prevent the deployment of CP-ABE schemes on battery-limited mobile devices. In this paper, we propose a new RSA-based CP-ABE scheme with constant size secret keys and ciphertexts (CSKC) and has $\mathcal {O}(1)$ time-complexity for each decryption and encryption. Our scheme is then shown to be secure against a chosen-ciphertext adversary, as well as been an efficient solution with the expressive AND gate access structures (in comparison to other related existing schemes). Thus, the proposed scheme is suitable for deployment on battery-limited mobile devices.

[1]  Kim-Kwang Raymond Choo,et al.  Towards Lightweight Anonymous Entity Authentication for IoT Applications , 2016, ACISP.

[2]  Yacine Challal,et al.  C-CP-ABE: Cooperative Ciphertext Policy Attribute-Based Encryption for the Internet of Things , 2014, 2014 International Conference on Advanced Networking Distributed Systems and Applications.

[3]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[4]  Rajkumar Buyya,et al.  Cloud-Based Augmentation for Mobile Devices: Motivation, Taxonomies, and Open Challenges , 2013, IEEE Communications Surveys & Tutorials.

[5]  Kim-Kwang Raymond Choo,et al.  Forensic-by-Design Framework for Cyber-Physical Cloud Systems , 2016, IEEE Cloud Computing.

[6]  Jianqing Zhang,et al.  Performance evaluation of Attribute-Based Encryption: Toward data privacy in the IoT , 2014, 2014 IEEE International Conference on Communications (ICC).

[7]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[8]  Lein Harn,et al.  Design of generalised ElGamal type digital signature schemes based on discrete logarithm , 1994 .

[9]  Gaetano Marrocco,et al.  RFID Technology for IoT-Based Personal Healthcare in Smart Spaces , 2014, IEEE Internet of Things Journal.

[10]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[11]  Laurence T. Yang,et al.  Data Exfiltration From Internet of Things Devices: iOS Devices as Case Studies , 2017, IEEE Internet of Things Journal.

[12]  Kim-Kwang Raymond Choo,et al.  Cloud based data sharing with fine-grained proxy re-encryption , 2016, Pervasive Mob. Comput..

[13]  Beibei Li,et al.  DDOA: A Dirichlet-Based Detection Scheme for Opportunistic Attacks in Smart Grid Cyber-Physical System , 2016, IEEE Transactions on Information Forensics and Security.

[14]  Kim-Kwang Raymond Choo,et al.  Is the data on your wearable device secure? An Android Wear smartwatch case study , 2017, Softw. Pract. Exp..

[15]  Xiaohui Liang,et al.  EPPDR: An Efficient Privacy-Preserving Demand Response Scheme with Adaptive Key Evolution in Smart Grid , 2014, IEEE Transactions on Parallel and Distributed Systems.

[16]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[17]  Minghui Zheng,et al.  A strong provably secure IBE scheme without bilinear map , 2015, J. Comput. Syst. Sci..

[18]  Joseph K. Liu,et al.  On Lightweight Security Enforcement in Cyber-Physical Systems , 2015, LightSec.

[19]  Jing Li,et al.  Fuzzy encryption in cloud computation: efficient verifiable outsourced attribute-based encryption , 2017, Soft Computing.

[20]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[21]  Allison Bishop,et al.  New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques , 2012, CRYPTO.

[22]  Cécile Delerablée,et al.  Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys , 2007, ASIACRYPT.

[23]  Kevin S. McCurley,et al.  A key distribution system equivalent to factoring , 1988, Journal of Cryptology.

[24]  Jin Li,et al.  Computationally Efficient Ciphertext-Policy Attribute-Based Encryption with Constant-Size Ciphertexts , 2014, ProvSec.

[25]  Nuttapong Attrapadung,et al.  Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts , 2011, Public Key Cryptography.

[26]  Cheng Chen,et al.  Fully Secure Attribute-Based Systems with Short Ciphertexts/Signatures and Threshold Access Structures , 2013, CT-RSA.

[27]  Fuchun Guo,et al.  CP-ABE With Constant-Size Keys for Lightweight Devices , 2014, IEEE Transactions on Information Forensics and Security.

[28]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[29]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[30]  Cong Wang,et al.  Enhancing attribute-based encryption with attribute hierarchy , 2009, ICC 2009.

[31]  Fuchun Guo,et al.  Identity-Based Traitor Tracing with Short Private Key and Short Ciphertext , 2012, ESORICS.

[32]  Atsuko Miyaji,et al.  A ciphertext-policy attribute-based encryption scheme with constant ciphertext length , 2010, Int. J. Appl. Cryptogr..

[33]  Javier Herranz,et al.  Constant Size Ciphertexts in Threshold Attribute-Based Encryption , 2010, Public Key Cryptography.

[34]  Mauro Conti,et al.  Updaticator: Updating Billions of Devices by an Efficient, Scalable and Secure Software Update Distribution over Untrusted Cache-enabled Networks , 2014, ESORICS.

[35]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[36]  Joseph K. Liu,et al.  Extended Proxy-Assisted Approach: Achieving Revocable Fine-Grained Encryption of Cloud Data , 2015, ESORICS.

[37]  Nishant Doshi,et al.  Fully secure ciphertext policy attribute-based encryption with constant length ciphertext and faster decryption , 2014, Secur. Commun. Networks.

[38]  Lein Harn,et al.  A cryptographic key generation scheme for multilevel data security , 1990, Comput. Secur..

[39]  Zhibin Zhou,et al.  On efficient ciphertext-policy attribute based encryption and broadcast encryption: extended abstract , 2010, CCS '10.

[40]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[41]  Yi Mu,et al.  Attribute-Based Hash Proof System Under Learning-With-Errors Assumption in Obfuscator-Free and Leakage-Resilient Environments , 2017, IEEE Systems Journal.

[42]  Kim-Kwang Raymond Choo,et al.  Forensic data acquisition from cloud‐of‐things devices: windows Smartphones as a case study , 2017, Concurr. Comput. Pract. Exp..

[43]  Eike Kiltz,et al.  Practical Chosen Ciphertext Secure Encryption from Factoring , 2009, EUROCRYPT.

[44]  Bala Srinivasan,et al.  Secure sharing and searching for real-time video data in mobile cloud , 2015, IEEE Network.

[45]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.