雾计算中细粒度属性更新的外包计算访问控制方案

doi:10.11959/j.issn.1000-436x.2021063

Abstract

Abstract:

To slove the problem that in the fog computing environment with comparatively high low latency demand, ciphertext policy attribute based encryption (CP-ABE) faced the problems of high encryption and decryption overhead and low efficiency of attribute update, an fine-grained attribute update and outsourcing computing access control scheme in fog computing was proposed.The unanimous consent control by modular addition technique was used to construct an access control tree, and the computing operations of ecryption and decryption were outsourced to fog nodes in order to reduce user encryption and decryption overhead.Combined with the re-encryption mechanism, a group key binary tree was established at the fog node to re-encrypt the ciphertext so that user attribute can be updated flexibly.The security analysis shows that the proposed scheme is safe under the decision bilinear Diffie-Hellman hypothesis.Compared with other schemes, the results of simulation experiment prove that the time cost of user encryption and decryption in this scheme is lower and the efficiency of attribute update is higher.

Key words: access control, fog computing, outsourcing computing, attribute update, CP-ABE

CLC Number:

TP309

Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing[J]. Journal on Communications, 2021, 42(3): 160-170.

Figures/Tables 9

References 25

[1]	HABIBI P , FARHOUDI M , KAZEMIAN S ,et al. Fog computing:a comprehensive architectural survey[J]. IEEE Access, 2020,8: 69105-69133.
[2]	GUO R , ZHUANG C , SHI H ,et al. A lightweight verifiable outsourced decryption of attribute-based encryption scheme for blockchain-enabled wireless body area network in fog computing[J]. International Journal of Distributed Sensor Networks, 2020,DOI:10.1177/1550147720906796.
[3]	JIANG J F , TANG L Y , GU K ,et al. Secure computing resource allocation framework for open fog computing[J]. The Computer Journal, 2020,63(4): 567-592.
[4]	SHAHID M H , HAMEED A R , ISLAM S U ,et al. Energy and delay efficient fog computing using caching mechanism[J]. Computer Communications, 2020,154: 534-541.
[5]	DESIKAN K E S , KOTAGI V J , MURTHY C S R . Topology control in fog computing enabled IoT networks for smart cities[J]. Computer Networks, 2020,167: 107270.
[6]	VILELA P H , RODRIGUES J J P C , RIGHI R R ,et al. Looking at fog computing for E-health through the lens of deployment challenges and applications[J]. Sensors, 2020,20(9): 2553.
	李琦, 朱洪波, 熊金波 ,等. mHealth中可追踪多授权机构基于属性的访问控制方案[J]. 通信学报, 2018,39(6): 1-10.
	LI Q , ZHONG H B , XIONG J B ,et al. Multi-authority attribute-based access control system in mHealth with traceability[J]. Journal on Communications, 2018,39(6): 1-10.
[7]	ALEISA M A , ABUHUSSEIN A , SHELDON F T . Access control in fog computing:challenges and research agenda[J]. IEEE Access, 2020,8: 83986-83999.
[8]	ZHANG P Y , ZHOU M C , FORTINO G . Security and trust issues in fog computing:a survey[J]. Future Generation Computer Systems, 2018,88: 16-27.
[9]	BETHENCOURT J , AMIT S , WATERS B . Ciphertext-policy attribute based encryption[C]// 2007 IEEE Symposium on Security ＆ Privacy. Piscataway:IEEE Press, 2007: 321-334.
[10]	WANG H , ZHENG Z H , WU L ,et al. New large-universe multi-authority ciphertext-policy ABE scheme and its application in cloud storage systems[J]. Journal of High Speed Networks, 2016,22(2): 153-167.
[11]	LIANG K T , SUSILO W . Searchable attribute-based mechanism with efficient data sharing for secure cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2015,10(9): 1981-1992.
[12]	IBRAIMI L , TANG Q , HARTEL P H . Efficient and provable secure ciphertext-policy attribute-based encryption schemes lecture notes in computer science[C]// 2009 International Conference on Information Security Practice and Experience(ISPEC). Berlin:Springer, 2009: 1-12.
[13]	WANG H Q , HE D B , HAN J G . VOD-ADAC:anonymous distributed fine-grained access control protocol with verifiable outsourced decryption in public cloud[J]. IEEE Transactions on Services Computing, 2017,13(3): 572-583.
[14]	WANG H Q , HE D B , YU J ,et al. Incentive and unconditionally anonymous identity-based public provable data possession[J]. IEEE Transactions on Services Computing, 2016,12(5): 824-835.
[15]	JIN Y , TIAN C , HE H ,et al. A secure and lightweight data access control scheme for mobile cloud computing[C]// 2015 IEEE Fifth International Conference on Big Data and Cloud Computing. Piscataway:IEEE Press, 2015: 172-179.
[16]	GREEN M , HOHENBERGER S , WATERS B . Outsourcing the decryption of ABE ciphertexts[C]// Proceedings of the 20th USENIX Conference on Security. Berkeley:USENIX Association, 2011: 523-538.
[17]	MAO X P , LAI J Z , MEI Q X ,et al. Generic and efficient constructions of attribute-based encryption with verifiable outsourced decryption[J]. IEEE Transactions on Dependable and Secure Computing, 2016,13(5): 533-546.
[18]	KUMAR P P , KUMAR P S , ALPHONSE P J A . A new verifiable outsourced ciphertext-policy attribute based encryption for big data privacy and access control in cloud[J]. Journal of Ambient Intelligence and Humanized Computing, 2019,10: 2693-2707.
[19]	KIBIWOTT K P , FENGLI Z , ANYEMBE O A ,et al. Secure cloudlet-based ehealth big data system with fine-grained access control and outsourcing decryption from ABE[J]. International Journal of Network Security, 2018,20(6): 1149-1162.
[20]	AL-DAHHAN R R , SHI Q , LEE G M ,et al. Revocable,decentralized multi-authority access control system[C]// 2018 IEEE/ACM International Conference on Utility and Cloud Computing Companion. Piscataway:IEEE Press, 2018: 220-225.
[21]	ZHANG P , CHEN Z , LIU J K ,et al. An efficient access control scheme with outsourcing capability and attribute update for fog computing[J]. Future Generation Computer Systems, 2018,78(2): 753-762.
[22]	CHEN N , GERLA M , HUANG D ,et al. Secure,selective group broadcast in vehicular networks using dynamic attribute based encryption[C]// 2010 The 9th IFIP Annual Mediterranean Ad Hoc Networking Workshop. Piscataway:IEEE Press, 2010,DOI:10.1109/ MEDHOCNET.2010.5546877.
[23]	HUR J , NOH D K . Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2011,22(7): 1214-1221.
[24]	LIU Z H , DUAN S H , ZHOU P L ,et al. Traceable-then-revocable ciphertext-policy attribute-based encryption scheme[J]. Future Generation Computer Systems, 2019,93: 903-913.
[25]	张凯, 马建峰, 李辉 ,等. 支持高效撤销的多机构属性加密方案[J]. 通信学报, 2017,38(3): 83-91.
	ZHANG K , MA J F , LI H ,et al. Multi-authority attribute-based encryption with efficient revocation[J]. Journal on Communications, 2017,38(3): 83-91.

Metrics

Recommended 0

No Suggested Reading articles found!

方案	外包加密	外包解密	属性撤销
文献[12]方案	No	No	No
文献[18]方案	Yes	Yes	No
文献[21]方案	Yes	Yes	Yes
文献[24]方案	No	No	Yes
本文方案	Yes	Yes	Yes

符号	含义
n₁	访问树中的属性个数或者矩阵中的行数
n₂	用户持有属性个数
n₃	与用户关联属性个数
n₄	满足访问树中的最小节点
t_e	双线性配对运算
G_i(i=0,T)	乘法循环群内的幂运算或乘法运算
H	哈希运算
δ	对称解密

方案	用户加密	外包加密	外包解密	用户解密	属性撤销
文献[12]方案	(n₁+2)G₀	×	×	(n₃+1)t_e+n₃G_T	×
文献[18]方案	2G₀+G_T+H	(n₁+1)G₀	(n₃+3)t_e+n₄G_T	δ	×
文献[21]方案	4G₀+2G_T	(n₁+2)G₀	(n ₃+2)t_e+(2n₄+2)G_T	t_e+2G_T	n₃G₀
文献[24]方案	(2n₁+3)G₀	×	×	(2n₄+3)t_e+(T+2)G_T	n₂G₀
本文方案	2G₀+2G_T	(n₁+2)G₀	(n ₃+2)t_e	t_e+G_T	G₀
注释：×表示方案中不涉及该项功能。

Fine-grained attribute update and outsourcing computing access control scheme in fog computing

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 25

Related Articles 15

Metrics

Recommended 0

[1]	Wei JIN, Fenghua LI, Mingjie YU, Yunchuan GUO, Ziyan ZHOU, Liang FANG. HDFS-oriented cryptographic key resource control mechanism [J]. Journal on Communications, 2022, 43(9): 27-41.
[2]	Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing [J]. Journal on Communications, 2021, 42(8): 139-150.
[3]	Changgen PENG, Zongfeng PENG, Hongfa DING, Youliang TIAN, Rongfei LIU. Attribute-based revocable collaborative access control scheme [J]. Journal on Communications, 2021, 42(5): 75-86.
[4]	Zuobin YING, Yuanping SI, Jianfeng MA, Ximeng LIU. Blockchain-based distributed EHR fine-grained traceability scheme [J]. Journal on Communications, 2021, 42(5): 205-215.
[5]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[6]	Tianyi ZHU,Fenghua LI,Wei JIN,Yunchuan GUO,Liang FANG,Lin CHENG. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy [J]. Journal on Communications, 2020, 41(9): 29-48.
[7]	Qinglei ZHOU,Shaohuan BAN,Yingjie HAN,Feng FENG. Mimic defense authentication method for physical access control [J]. Journal on Communications, 2020, 41(6): 80-87.
[8]	Chunfu JIA,Guanxiong HA,Ruiqi LI. Data access control policy of encrypted deduplication system [J]. Journal on Communications, 2020, 41(5): 72-83.
[9]	Yonggui FU,Jianming ZHU. Design for database access control mechanism based on blockchain [J]. Journal on Communications, 2020, 41(5): 130-140.
[10]	Zheng GUAN,Lei XIONG,Yao JIA,Min HE,Zhijun YANG. Research on scheduled WLAN MAC protocol with failure retries on RoF-DAS architecture [J]. Journal on Communications, 2020, 41(3): 102-111.
[11]	Rongna XIE,Hui LI,Guozhen SHI,Yunchuan GUO. Attribute-based lightweight reconfigurable access control policy [J]. Journal on Communications, 2020, 41(2): 112-122.
[12]	Aodi LIU, Xuehui DU, Na WANG, Rui QIAO. ABAC access control policy generation technique based on deep learning [J]. Journal on Communications, 2020, 41(12): 8-20.
[13]	Rongna XIE, Hui LI, Guozhen SHI, Yunchuan GUO, Ming ZHANG, Xiuze DONG. Blockchain-based access control mechanism for data traceability [J]. Journal on Communications, 2020, 41(12): 82-93.
[14]	LI Xuejun,ZHANG Dan,LI Hui. Efficient revocable attribute-based encryption scheme [J]. Journal on Communications, 2019, 40(6): 32-39.
[15]	Tian WANG,Xuewei SHEN,Hao LUO,Baisheng CHEN,Guojun WANG,Weijia JIA. Research progress of trusted sensor-cloud based on fog computing [J]. Journal on Communications, 2019, 40(3): 170-181.