A revocable multi-authority attribute-based encryption scheme for fog-enabled IoT

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture Pub Date : 2024-08-13 DOI:10.1016/j.sysarc.2024.103265

Alejandro Peñuelas-Angulo, Claudia Feregrino-Uribe, Miguel Morales-Sandoval

{"title":"A revocable multi-authority attribute-based encryption scheme for fog-enabled IoT","authors":"Alejandro Peñuelas-Angulo, Claudia Feregrino-Uribe, Miguel Morales-Sandoval","doi":"10.1016/j.sysarc.2024.103265","DOIUrl":null,"url":null,"abstract":"<div><p>As more applications move data storage to the cloud, protecting sensitive data becomes increasingly important, especially for the Internet of Things (IoT) environments. Ciphertext-policy attribute-based encryption (CP-ABE) is a practical approach for confidentiality and secure access control for data outsourced to the cloud. However, the underlying CP-ABE operations based on bilinear pairings are too demanding for resource-constrained IoT devices. Furthermore, applications such as Industrial IoT (IIoT) have requirements (efficiency, operative, and security) that existing CP-ABE proposals cannot fulfill, and advanced IoT architectures (e.g., fog computing) have not been well-exploited. This paper proposes a novel CP-ABE scheme suitable for IoT scenarios, using an IIoT generic model as a reference. It targets multiple attribute authorities, outsourced encryption and decryption to fog nodes, user revocation, and asymmetric pairings constructions to achieve recommended security levels. As the main distinctive, revocation is defined using a broadcast encryption-based approach, allowing data owners to enforce user revocation over their outsourced data. According to the performance analysis, the proposed scheme achieves high efficiency for IoT nodes. It is also competitive in terms of storage, bandwidth, and computation efficiency compared to previous proposals. Moreover, the security of the suggested construction is demonstrated against chosen-plaintext attacks.</p></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"155 ","pages":"Article 103265"},"PeriodicalIF":3.7000,"publicationDate":"2024-08-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762124002029","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

As more applications move data storage to the cloud, protecting sensitive data becomes increasingly important, especially for the Internet of Things (IoT) environments. Ciphertext-policy attribute-based encryption (CP-ABE) is a practical approach for confidentiality and secure access control for data outsourced to the cloud. However, the underlying CP-ABE operations based on bilinear pairings are too demanding for resource-constrained IoT devices. Furthermore, applications such as Industrial IoT (IIoT) have requirements (efficiency, operative, and security) that existing CP-ABE proposals cannot fulfill, and advanced IoT architectures (e.g., fog computing) have not been well-exploited. This paper proposes a novel CP-ABE scheme suitable for IoT scenarios, using an IIoT generic model as a reference. It targets multiple attribute authorities, outsourced encryption and decryption to fog nodes, user revocation, and asymmetric pairings constructions to achieve recommended security levels. As the main distinctive, revocation is defined using a broadcast encryption-based approach, allowing data owners to enforce user revocation over their outsourced data. According to the performance analysis, the proposed scheme achieves high efficiency for IoT nodes. It is also competitive in terms of storage, bandwidth, and computation efficiency compared to previous proposals. Moreover, the security of the suggested construction is demonstrated against chosen-plaintext attacks.

查看原文本刊更多论文

适用于雾化物联网的基于属性的可撤销多授权加密方案

随着越来越多的应用将数据存储转移到云端，保护敏感数据变得越来越重要，尤其是在物联网（IoT）环境中。基于密文策略属性的加密（CP-ABE）是为外包到云上的数据提供保密性和安全访问控制的一种实用方法。然而，对于资源受限的物联网设备来说，基于双线性配对的底层 CP-ABE 操作要求过高。此外，工业物联网（IIoT）等应用的要求（效率、操作性和安全性）是现有 CP-ABE 建议无法满足的，而且先进的物联网架构（如雾计算）尚未得到充分利用。本文以 IIoT 通用模型为参考，提出了一种适用于物联网场景的新型 CP-ABE 方案。该方案采用多属性授权、向雾节点外包加密和解密、用户撤销和非对称配对结构来实现推荐的安全等级。作为主要特色，撤销是使用基于广播加密的方法定义的，允许数据所有者对其外包数据执行用户撤销。根据性能分析，建议的方案为物联网节点实现了高效率。与之前的方案相比，它在存储、带宽和计算效率方面也具有竞争力。此外，还证明了所建议结构的安全性，可抵御选择性纯文本攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Systems Architecture 工程技术-计算机：硬件

CiteScore

8.70

自引率

15.60%

发文量

226

审稿时长

46 days

期刊介绍： The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software. Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.