An efficient access control scheme with outsourcing capability and attribute update for fog computing

Peng Zhang, Zehong Chen, Joseph K. Liu, Kaitai Alexander Liang, Hongwei Liu

Research output: Research - peer-reviewArticle

Abstract

Fog computing as an extension of cloud computing provides computation, storage and application services to end users. Ciphertext-policy attribute-based encryption (CP-ABE) is a well-known cryptographic technology for guaranteeing data confidentiality and fine-grained data access control. It enables data owners to define flexible access policy for data sharing. However, in CP-ABE systems, the problems of the time required to encrypt, decrypt and attribute update are long-standing unsolved in the literature. In this paper, we propose the first access control (CP-ABE) scheme supporting outsourcing capability and attribute update for fog computing. Specifically, the heavy computation operations of encryption and decryption are outsourced to fog nodes, thus the computation operations for data owners to encrypt and users to decrypt are irrelevant to the number of attributes in the access structure and secret keys, respectively. The cost brought by attribute update is efficient in the sense that we only concentrate on the update of the ciphertext associated with the corresponding updated attribute. The security analysis shows that the proposed scheme is secure under the decisional bilinear Diffie-Hellman assumption. The proposed scheme is efficient, and the time of encryption for data owners and decryption for users are small and constant. The computational ability of fog nodes are fully utilizing during the access control, so the tiny computing cost is left to end users with resource-constrained devices.

LanguageEnglish
Pages753-762
Number of pages10
JournalFuture Generation Computer Systems
Volume78
Issue numberPart 2
DOIs
StatePublished - Jan 2018

Keywords

  • Access control
  • Attribute update
  • Attribute-based encryption
  • Fog computing
  • Outsourcing capability

Cite this

Zhang, Peng ; Chen, Zehong ; Liu, Joseph K. ; Liang, Kaitai Alexander ; Liu, Hongwei. / An efficient access control scheme with outsourcing capability and attribute update for fog computing. In: Future Generation Computer Systems. 2018 ; Vol. 78, No. Part 2. pp. 753-762
@article{db36fd55352d4776b7b9ddcd136594c3,
title = "An efficient access control scheme with outsourcing capability and attribute update for fog computing",
abstract = "Fog computing as an extension of cloud computing provides computation, storage and application services to end users. Ciphertext-policy attribute-based encryption (CP-ABE) is a well-known cryptographic technology for guaranteeing data confidentiality and fine-grained data access control. It enables data owners to define flexible access policy for data sharing. However, in CP-ABE systems, the problems of the time required to encrypt, decrypt and attribute update are long-standing unsolved in the literature. In this paper, we propose the first access control (CP-ABE) scheme supporting outsourcing capability and attribute update for fog computing. Specifically, the heavy computation operations of encryption and decryption are outsourced to fog nodes, thus the computation operations for data owners to encrypt and users to decrypt are irrelevant to the number of attributes in the access structure and secret keys, respectively. The cost brought by attribute update is efficient in the sense that we only concentrate on the update of the ciphertext associated with the corresponding updated attribute. The security analysis shows that the proposed scheme is secure under the decisional bilinear Diffie-Hellman assumption. The proposed scheme is efficient, and the time of encryption for data owners and decryption for users are small and constant. The computational ability of fog nodes are fully utilizing during the access control, so the tiny computing cost is left to end users with resource-constrained devices.",
keywords = "Access control, Attribute update, Attribute-based encryption, Fog computing, Outsourcing capability",
author = "Peng Zhang and Zehong Chen and Liu, {Joseph K.} and Liang, {Kaitai Alexander} and Hongwei Liu",
year = "2018",
month = "1",
doi = "10.1016/j.future.2016.12.015",
volume = "78",
pages = "753--762",
journal = "Future Generation Computer Systems",
issn = "0167-739X",
publisher = "Elsevier",
number = "Part 2",

}

An efficient access control scheme with outsourcing capability and attribute update for fog computing. / Zhang, Peng; Chen, Zehong; Liu, Joseph K.; Liang, Kaitai Alexander; Liu, Hongwei.

In: Future Generation Computer Systems, Vol. 78, No. Part 2, 01.2018, p. 753-762.

Research output: Research - peer-reviewArticle

TY - JOUR

T1 - An efficient access control scheme with outsourcing capability and attribute update for fog computing

AU - Zhang,Peng

AU - Chen,Zehong

AU - Liu,Joseph K.

AU - Liang,Kaitai Alexander

AU - Liu,Hongwei

PY - 2018/1

Y1 - 2018/1

N2 - Fog computing as an extension of cloud computing provides computation, storage and application services to end users. Ciphertext-policy attribute-based encryption (CP-ABE) is a well-known cryptographic technology for guaranteeing data confidentiality and fine-grained data access control. It enables data owners to define flexible access policy for data sharing. However, in CP-ABE systems, the problems of the time required to encrypt, decrypt and attribute update are long-standing unsolved in the literature. In this paper, we propose the first access control (CP-ABE) scheme supporting outsourcing capability and attribute update for fog computing. Specifically, the heavy computation operations of encryption and decryption are outsourced to fog nodes, thus the computation operations for data owners to encrypt and users to decrypt are irrelevant to the number of attributes in the access structure and secret keys, respectively. The cost brought by attribute update is efficient in the sense that we only concentrate on the update of the ciphertext associated with the corresponding updated attribute. The security analysis shows that the proposed scheme is secure under the decisional bilinear Diffie-Hellman assumption. The proposed scheme is efficient, and the time of encryption for data owners and decryption for users are small and constant. The computational ability of fog nodes are fully utilizing during the access control, so the tiny computing cost is left to end users with resource-constrained devices.

AB - Fog computing as an extension of cloud computing provides computation, storage and application services to end users. Ciphertext-policy attribute-based encryption (CP-ABE) is a well-known cryptographic technology for guaranteeing data confidentiality and fine-grained data access control. It enables data owners to define flexible access policy for data sharing. However, in CP-ABE systems, the problems of the time required to encrypt, decrypt and attribute update are long-standing unsolved in the literature. In this paper, we propose the first access control (CP-ABE) scheme supporting outsourcing capability and attribute update for fog computing. Specifically, the heavy computation operations of encryption and decryption are outsourced to fog nodes, thus the computation operations for data owners to encrypt and users to decrypt are irrelevant to the number of attributes in the access structure and secret keys, respectively. The cost brought by attribute update is efficient in the sense that we only concentrate on the update of the ciphertext associated with the corresponding updated attribute. The security analysis shows that the proposed scheme is secure under the decisional bilinear Diffie-Hellman assumption. The proposed scheme is efficient, and the time of encryption for data owners and decryption for users are small and constant. The computational ability of fog nodes are fully utilizing during the access control, so the tiny computing cost is left to end users with resource-constrained devices.

KW - Access control

KW - Attribute update

KW - Attribute-based encryption

KW - Fog computing

KW - Outsourcing capability

UR - http://www.scopus.com/inward/record.url?scp=85009274837&partnerID=8YFLogxK

U2 - 10.1016/j.future.2016.12.015

DO - 10.1016/j.future.2016.12.015

M3 - Article

VL - 78

SP - 753

EP - 762

JO - Future Generation Computer Systems

T2 - Future Generation Computer Systems

JF - Future Generation Computer Systems

SN - 0167-739X

IS - Part 2

ER -