An efficient access control scheme with outsourcing capability and attribute update for fog computing

Peng Zhang, Zehong Chen, Joseph K. Liu, Kaitai Alexander Liang, Hongwei Liu

    Research output: Contribution to journalArticleResearchpeer-review

    Abstract

    Fog computing as an extension of cloud computing provides computation, storage and application services to end users. Ciphertext-policy attribute-based encryption (CP-ABE) is a well-known cryptographic technology for guaranteeing data confidentiality and fine-grained data access control. It enables data owners to define flexible access policy for data sharing. However, in CP-ABE systems, the problems of the time required to encrypt, decrypt and attribute update are long-standing unsolved in the literature. In this paper, we propose the first access control (CP-ABE) scheme supporting outsourcing capability and attribute update for fog computing. Specifically, the heavy computation operations of encryption and decryption are outsourced to fog nodes, thus the computation operations for data owners to encrypt and users to decrypt are irrelevant to the number of attributes in the access structure and secret keys, respectively. The cost brought by attribute update is efficient in the sense that we only concentrate on the update of the ciphertext associated with the corresponding updated attribute. The security analysis shows that the proposed scheme is secure under the decisional bilinear Diffie-Hellman assumption. The proposed scheme is efficient, and the time of encryption for data owners and decryption for users are small and constant. The computational ability of fog nodes are fully utilizing during the access control, so the tiny computing cost is left to end users with resource-constrained devices.

    Original languageEnglish
    Pages (from-to)753-762
    Number of pages10
    JournalFuture Generation Computer Systems
    Volume78
    Issue numberPart 2
    DOIs
    Publication statusPublished - Jan 2018

    Keywords

    • Access control
    • Attribute update
    • Attribute-based encryption
    • Fog computing
    • Outsourcing capability

    Cite this

    Zhang, Peng ; Chen, Zehong ; Liu, Joseph K. ; Liang, Kaitai Alexander ; Liu, Hongwei. / An efficient access control scheme with outsourcing capability and attribute update for fog computing. In: Future Generation Computer Systems. 2018 ; Vol. 78, No. Part 2. pp. 753-762.
    @article{db36fd55352d4776b7b9ddcd136594c3,
    title = "An efficient access control scheme with outsourcing capability and attribute update for fog computing",
    abstract = "Fog computing as an extension of cloud computing provides computation, storage and application services to end users. Ciphertext-policy attribute-based encryption (CP-ABE) is a well-known cryptographic technology for guaranteeing data confidentiality and fine-grained data access control. It enables data owners to define flexible access policy for data sharing. However, in CP-ABE systems, the problems of the time required to encrypt, decrypt and attribute update are long-standing unsolved in the literature. In this paper, we propose the first access control (CP-ABE) scheme supporting outsourcing capability and attribute update for fog computing. Specifically, the heavy computation operations of encryption and decryption are outsourced to fog nodes, thus the computation operations for data owners to encrypt and users to decrypt are irrelevant to the number of attributes in the access structure and secret keys, respectively. The cost brought by attribute update is efficient in the sense that we only concentrate on the update of the ciphertext associated with the corresponding updated attribute. The security analysis shows that the proposed scheme is secure under the decisional bilinear Diffie-Hellman assumption. The proposed scheme is efficient, and the time of encryption for data owners and decryption for users are small and constant. The computational ability of fog nodes are fully utilizing during the access control, so the tiny computing cost is left to end users with resource-constrained devices.",
    keywords = "Access control, Attribute update, Attribute-based encryption, Fog computing, Outsourcing capability",
    author = "Peng Zhang and Zehong Chen and Liu, {Joseph K.} and Liang, {Kaitai Alexander} and Hongwei Liu",
    year = "2018",
    month = "1",
    doi = "10.1016/j.future.2016.12.015",
    language = "English",
    volume = "78",
    pages = "753--762",
    journal = "Future Generation Computer Systems",
    issn = "0167-739X",
    publisher = "Elsevier",
    number = "Part 2",

    }

    An efficient access control scheme with outsourcing capability and attribute update for fog computing. / Zhang, Peng; Chen, Zehong; Liu, Joseph K.; Liang, Kaitai Alexander; Liu, Hongwei.

    In: Future Generation Computer Systems, Vol. 78, No. Part 2, 01.2018, p. 753-762.

    Research output: Contribution to journalArticleResearchpeer-review

    TY - JOUR

    T1 - An efficient access control scheme with outsourcing capability and attribute update for fog computing

    AU - Zhang, Peng

    AU - Chen, Zehong

    AU - Liu, Joseph K.

    AU - Liang, Kaitai Alexander

    AU - Liu, Hongwei

    PY - 2018/1

    Y1 - 2018/1

    N2 - Fog computing as an extension of cloud computing provides computation, storage and application services to end users. Ciphertext-policy attribute-based encryption (CP-ABE) is a well-known cryptographic technology for guaranteeing data confidentiality and fine-grained data access control. It enables data owners to define flexible access policy for data sharing. However, in CP-ABE systems, the problems of the time required to encrypt, decrypt and attribute update are long-standing unsolved in the literature. In this paper, we propose the first access control (CP-ABE) scheme supporting outsourcing capability and attribute update for fog computing. Specifically, the heavy computation operations of encryption and decryption are outsourced to fog nodes, thus the computation operations for data owners to encrypt and users to decrypt are irrelevant to the number of attributes in the access structure and secret keys, respectively. The cost brought by attribute update is efficient in the sense that we only concentrate on the update of the ciphertext associated with the corresponding updated attribute. The security analysis shows that the proposed scheme is secure under the decisional bilinear Diffie-Hellman assumption. The proposed scheme is efficient, and the time of encryption for data owners and decryption for users are small and constant. The computational ability of fog nodes are fully utilizing during the access control, so the tiny computing cost is left to end users with resource-constrained devices.

    AB - Fog computing as an extension of cloud computing provides computation, storage and application services to end users. Ciphertext-policy attribute-based encryption (CP-ABE) is a well-known cryptographic technology for guaranteeing data confidentiality and fine-grained data access control. It enables data owners to define flexible access policy for data sharing. However, in CP-ABE systems, the problems of the time required to encrypt, decrypt and attribute update are long-standing unsolved in the literature. In this paper, we propose the first access control (CP-ABE) scheme supporting outsourcing capability and attribute update for fog computing. Specifically, the heavy computation operations of encryption and decryption are outsourced to fog nodes, thus the computation operations for data owners to encrypt and users to decrypt are irrelevant to the number of attributes in the access structure and secret keys, respectively. The cost brought by attribute update is efficient in the sense that we only concentrate on the update of the ciphertext associated with the corresponding updated attribute. The security analysis shows that the proposed scheme is secure under the decisional bilinear Diffie-Hellman assumption. The proposed scheme is efficient, and the time of encryption for data owners and decryption for users are small and constant. The computational ability of fog nodes are fully utilizing during the access control, so the tiny computing cost is left to end users with resource-constrained devices.

    KW - Access control

    KW - Attribute update

    KW - Attribute-based encryption

    KW - Fog computing

    KW - Outsourcing capability

    UR - http://www.scopus.com/inward/record.url?scp=85009274837&partnerID=8YFLogxK

    U2 - 10.1016/j.future.2016.12.015

    DO - 10.1016/j.future.2016.12.015

    M3 - Article

    VL - 78

    SP - 753

    EP - 762

    JO - Future Generation Computer Systems

    JF - Future Generation Computer Systems

    SN - 0167-739X

    IS - Part 2

    ER -