Efficient and fine-grained access control with fully-hidden policies for cloud-enabled IoT

IF 7.5 2区计算机科学 Q1 TELECOMMUNICATIONS

Digital Communications and Networks Pub Date : 2025-04-01 DOI:10.1016/j.dcan.2024.05.007

Qi Li , Gaozhan Liu , Qianqian Zhang , Lidong Han , Wei Chen , Rui Li , Jinbo Xiong

{"title":"Efficient and fine-grained access control with fully-hidden policies for cloud-enabled IoT","authors":"Qi Li , Gaozhan Liu , Qianqian Zhang , Lidong Han , Wei Chen , Rui Li , Jinbo Xiong","doi":"10.1016/j.dcan.2024.05.007","DOIUrl":null,"url":null,"abstract":"<div><div>Ciphertext-Policy Attribute-Based Encryption (CP-ABE) enables fine-grained access control on ciphertexts, making it a promising approach for managing data stored in the cloud-enabled Internet of Things. But existing schemes often suffer from privacy breaches due to explicit attachment of access policies or partial hiding of critical attribute content. Additionally, resource-constrained IoT devices, especially those adopting wireless communication, frequently encounter affordability issues regarding decryption costs. In this paper, we propose an efficient and fine-grained access control scheme with fully hidden policies (named FHAC). FHAC conceals all attributes in the policy and utilizes bloom filters to efficiently locate them. A test phase before decryption is applied to assist authorized users in finding matches between their attributes and the access policy. Dictionary attacks are thwarted by providing unauthorized users with invalid values. The heavy computational overhead of both the test phase and most of the decryption phase is outsourced to two cloud servers. Additionally, users can verify the correctness of multiple outsourced decryption results simultaneously. Security analysis and performance comparisons demonstrate FHAC's effectiveness in protecting policy privacy and achieving efficient decryption.</div></div>","PeriodicalId":48631,"journal":{"name":"Digital Communications and Networks","volume":"11 2","pages":"Pages 473-481"},"PeriodicalIF":7.5000,"publicationDate":"2025-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Digital Communications and Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2352864824000658","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Ciphertext-Policy Attribute-Based Encryption (CP-ABE) enables fine-grained access control on ciphertexts, making it a promising approach for managing data stored in the cloud-enabled Internet of Things. But existing schemes often suffer from privacy breaches due to explicit attachment of access policies or partial hiding of critical attribute content. Additionally, resource-constrained IoT devices, especially those adopting wireless communication, frequently encounter affordability issues regarding decryption costs. In this paper, we propose an efficient and fine-grained access control scheme with fully hidden policies (named FHAC). FHAC conceals all attributes in the policy and utilizes bloom filters to efficiently locate them. A test phase before decryption is applied to assist authorized users in finding matches between their attributes and the access policy. Dictionary attacks are thwarted by providing unauthorized users with invalid values. The heavy computational overhead of both the test phase and most of the decryption phase is outsourced to two cloud servers. Additionally, users can verify the correctness of multiple outsourced decryption results simultaneously. Security analysis and performance comparisons demonstrate FHAC's effectiveness in protecting policy privacy and achieving efficient decryption.

查看原文本刊更多论文

利用完全隐藏的策略为云计算物联网提供高效、细粒度的访问控制

基于密文策略属性的加密（CP-ABE）能够对密文进行细粒度的访问控制，使其成为管理存储在云支持的物联网中的数据的一种很有前途的方法。但是，现有的方案往往由于显式附加访问策略或部分隐藏关键属性内容而导致隐私泄露。此外，资源受限的物联网设备，尤其是那些采用无线通信的设备，经常会遇到解密成本方面的负担能力问题。在本文中，我们提出了一种高效的、细粒度的全隐藏策略访问控制方案（称为FHAC）。FHAC隐藏策略中的所有属性，并利用布隆过滤器有效地定位它们。应用解密前的测试阶段来帮助授权用户查找其属性与访问策略之间的匹配。通过向未经授权的用户提供无效值来阻止字典攻击。测试阶段和大部分解密阶段的繁重计算开销都外包给两个云服务器。此外，用户可以同时验证多个外包解密结果的正确性。安全性分析和性能比较证明了FHAC在保护策略隐私和实现高效解密方面的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Digital Communications and Networks Computer Science-Hardware and Architecture

CiteScore

12.80

自引率

5.10%

发文量

915

审稿时长

30 weeks

期刊介绍： Digital Communications and Networks is a prestigious journal that emphasizes on communication systems and networks. We publish only top-notch original articles and authoritative reviews, which undergo rigorous peer-review. We are proud to announce that all our articles are fully Open Access and can be accessed on ScienceDirect. Our journal is recognized and indexed by eminent databases such as the Science Citation Index Expanded (SCIE) and Scopus. In addition to regular articles, we may also consider exceptional conference papers that have been significantly expanded. Furthermore, we periodically release special issues that focus on specific aspects of the field. In conclusion, Digital Communications and Networks is a leading journal that guarantees exceptional quality and accessibility for researchers and scholars in the field of communication systems and networks.