Abstract
Attribute-based encryption (ABE) is an access control mechanism that ensures efficient data sharing among dynamic groups of users by setting up access structures indicating who can access what. However, ABE suffers from expensive computation and privacy issues in resource-constrained environments such as IoT devices. In this paper, we present SHARE-ABE, a novel collaborative approach for preserving privacy that is built on top of Ciphertext-Policy Attribute-Based Encryption (CP-ABE). Our approach uses Fog computing to outsource the most laborious decryption operations to Fog nodes. The latter collaborate to partially decrypt the data using an original and efficient chained architecture. Additionally, our approach preserves the privacy of the access policy by introducing false attributes. Furthermore, we introduce a new construction of a collaboration attribute that allows users within the same group to combine their attributes while satisfying the access policy. Experiments and analyses of the security properties demonstrate that the proposed scheme is secure and efficient especially for resource-constrained IoT devices.
Similar content being viewed by others
References
Sehgal, N., Bhatt, P., Acken, J.: Cloud Computing with Security: Concepts and Practices, vol. 01. Springer, Berlin (2020)
Osanaiye, O., Chen, S., Yan, Z., Lu, R., Choo, K.R., Dlodlo, M.: From cloud to Fog computing: a review and a conceptual live VM migration framework. IEEE Access 5, 8284–8300 (2017)
Zahmatkesh, H., Al-Turjman, F.: Fog computing for sustainable smart cities in the IoT era: caching techniques and enabling technologies—an overview. Sustain. Cities Soc. 59, 102139 (2020)
Alli, A.A., Alam, M.M.: The Fog cloud of things: a survey on concepts, architecture, standards, tools, and applications. Internet Things 9, 100177 (2020)
Jalali, F., Hinton, K., Ayre, R., Alpcan, T., Tucker, R.S.: Fog computing may help to save energy in cloud computing. IEEE J. Sel. Areas Commun. 34(5), 1728–1739 (2016)
Bany, M.M., Taha, S.C., Ko, R.K.L.: Trusted tamper-evident data provenance. 2015 IEEE Trustcom/BigDataSE/ISPA 1, 646–653 (2015)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) Advances in Cryptology—EUROCRYPT 2005, pp. 457–473. Springer, Berlin (2005)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS ’06, pp. 89–98. Association for Computing Machinery, New York, NY, USA (2006)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. 2007 IEEE Symposium on Security and Privacy (SP ’07), pp. 321–334 (2007)
Ning, J., Cao, Z., Dong, X., Liang, K., Ma, H., Wei, L.: Auditable \(\sigma \)-time outsourced attribute-based encryption for access control in cloud computing. IEEE Trans. Inf. Forens. Secur. 13, 94–105 (2018)
Li, R., Shen, C., He, H., Xiwu, G., Zhiyong, X., Cheng-Zhong, X.: A lightweight secure data sharing scheme for mobile cloud computing. IEEE Trans. Cloud Comput. 6, 344–357 (2018)
Yang, K., Jia, X.: Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Trans. Parallel Distrib. Syst. 25, 1735–1744 (2014)
Li, J., Huang, X., Li, J., Chen, X., Xiang, Y.: Securely outsourcing attribute-based encryption with checkability. IEEE Trans. Parallel Distrib. Syst. 25, 2201–2210 (2014)
Mao, X., Lai, J., Mei, Q., Chen, K., Weng, J.: Generic and efficient constructions of attribute-based encryption with verifiable outsourced decryption. IEEE Trans. Dependable Secure Comput. 13, 533–546 (2016)
Fan, K., Wang, J., Wang, X., Li, H., Yang, Y.: A secure and verifiable outsourced access control scheme in Fog-cloud computing. Sensors 17, 1695 (2017)
Saidi, A., Nouali, O., Amira, A.: Collaborative and fast decryption using Fog computing and a hidden access policy, vol. 11, pp. 57–71 (2019)
Zuo, C., Shao, J., Wei, G., Xie, M., Ji, M.: CCA-secure ABE with outsourced decryption for Fog computing. Future Gener. Comput. Syst. 78, 730–738 (2018)
Yeh, L., Chiang, P., Tsai, Y., Huang, J.: Cloud-based fine-grained health information access control framework for lightweightiot devices with dynamic auditing andattribute revocation. IEEE Trans. Cloud Comput. 6(2), 532–544 (2018)
Li, Z., Li, W., Jin, Z., Zhang, H., Wen, Q.: An efficient ABE scheme with verifiable outsourced encryption and decryption. IEEE Access 7, 29023–29037 (2019)
Fan, K., Liu, T., Zhang, K., Li, H., Yang, Y.: A secure and efficient outsourced computation on data sharing scheme for privacy computing. J. Parallel Distrib. Comput. 135, 169–176 (2020)
Feng, C., Keping, Yu., Aloqaily, M., Alazab, M., Lv, Z., Mumtaz, S.: Attribute-based encryption with parallel outsourced decryption for edge intelligent IoV. IEEE Trans. Veh. Technol. 69, 13784–13795 (2020)
Sabitha, S., Rajasree, M.S.: Multi-level on-demand access control for flexible data sharing in cloud. Clust. Comput. (2020)
Yuanfei, T., Yang, G., Wang, J., Qingjian, S.: A secure, efficient and verifiable multimedia data sharing scheme in Fog networking system. Clust. Comput. 24(1), 225–247 (2021)
Sethi, K., Pradhan, A., Bera, P.: PMTER-ABE: a practical multi-authority CP-ABE with traceability, revocation and outsourcing decryption for secure access control in cloud systems. Clust. Comput. (2021)
Phuong, T.V.X., Yang, G., Susilo, W.: Hidden ciphertext policy attribute-based encryption under standard assumptions. IEEE Trans. Inf. Forens. Secur. 11, 35–45 (2016)
Sun, L., Xu, C.: Hidden policy ciphertext-policy attribute based encryption with conjunctive keyword search. In: 2017 3rd IEEE International Conference on Computer and Communications (ICCC), pp. 1439–1443 (2017)
Zhang, Y., Zheng, D., Deng, R.H.: Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet Things J. 5, 2130–2145 (2018)
Belguith, S., Kaaniche, N., Laurent-Maknavicius, M., Jemai, A., Attia, R.: Phoabe: securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT. Comput. Netw. 133, 141–156 (2018)
Wang, J., Lang, B.: An efficient and privacy preserving CP-ABE scheme for internet-based collaboration. CollaborateCom (2017)
Abd El-Aziz, A.A.: An extended data protection model based on cipher-text-policy attribute based encryption model and an XACML framework in cloud computing. Int. J. Adv. Sci. Technol. 28(16), 1021–1033 (2019)
Zhao, Y., Zhang, X., Xie, X., Ding, Y., Kumar, S.: A verifiable hidden policy CP-ABE with decryption testing scheme and its application in vanet. Trans. Emerg. Telecommun. Technol. (2019)
Li, M., Huang, X., Liu, J.K., Li, X.: GO-ABE: group-oriented attribute-based encryption. In: Man Ho, A., Carminati, B., Jay Kuo, C.-C. (eds.) Netw. Syst. Secur., pp. 260–270. Springer, Cham (2014)
Xue, Y., Xue, K., Gai, N., Hong, J., Wei, D.S.L., Hong, P.: An attribute-based controlled collaborative access control scheme for public cloud storage. IEEE Trans. Inf. Forens. Secur. 14, 2927–2942 (2019)
Chen, N., Li, J., Zhang, Y., Guo, Y.: Efficient CP-ABE scheme with shared decryption in cloud storage. IEEE Trans. Comput. https://doi.org/10.1109/TC.2020.3043950 (2020)
Yang, K., Jia, X.: Attributed-based access control for multi-authority systems in cloud storage. In: 2012 IEEE 32nd International Conference on Distributed Computing Systems, 2012, pp. 536–545. https://doi.org/10.1109/ICDCS.2012.42
Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden encryptor-specified access structures. In Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) Applied Cryptography and Network Security, pp. 111–129. Springer, Berlin (2008)
Lai, J., Deng, R.H., Li, Y.: Fully secure cipertext-policy hiding CP-ABE. In Bao, F., Weng, J. (eds.) Information Security Practice and Experience, pp. 24–39. Springer, Berlin (2011)
Lee, J., Oh, S., Jang, J.W.: A work in progress: context based encryption scheme for internet of things. Procedia Comput. Sci. 56:271–275 (2015). The 10th International Conference on Future Networks and Communications (FNC 2015)/The 12th International Conference on Mobile Systems and Pervasive Computing (MobiSPC 2015) Affiliated Workshops
Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13, 422–426 (1970)
Akinyele, J.A., Garman, C., Miers, I., Pagano, M.W., Rushanan, M., Green, M., Rubin, A.D.: Charm: a framework for rapidly prototyping cryptosystems. J. Cryptogr. Eng. 3, 111–128 (2013)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Saidi, A., Nouali, O. & Amira, A. SHARE-ABE: an efficient and secure data sharing framework based on ciphertext-policy attribute-based encryption and Fog computing. Cluster Comput 25, 167–185 (2022). https://doi.org/10.1007/s10586-021-03382-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-021-03382-5