雾计算中基于无配对CP-ABE可验证的访问控制方案

doi:10.11959/j.issn.1000-436x.2021162

Abstract

Abstract:

Fog computing extends computing power and data analysis applications to the edge of the network, solves the latency problem of cloud computing, and also brings new challenges to data security.Attribute encryption based on ciphertext strategy (CP-ABE) is a technology to ensure data confidentiality and fine-grained access control.The excessive computational overhead of bilinear pairing restricts its application and development.In response to this, a verifiable access control scheme was proposed based on unpaired CP-ABE in fog computing.In order to make CP-ABE more efficient, simple scalar multiplication in elliptic curve encryption was used to replace bilinear pairing, thereby reducing the overall computational overhead.Decryption operations were outsourced to fog nodes to reduce user computational complexity, and based on the tamper-proof and traceable characteristics of the blockchain, the correctness of the access transaction was verified and the access authorization process was recorded.Security and performance analysis shows that the scheme is safe under the elliptic curve decision-making DBDH (Diffie-Hellman) assumption, and the calculation efficiency is higher.

Key words: access control, fog computing, CP-ABE, elliptic curve cryptography

CLC Number:

TP309

Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing[J]. Journal on Communications, 2021, 42(8): 139-150.

Figures/Tables 7

References 29

[1]	贾维嘉, 周小杰 . 雾计算的概念、相关研究与应用[J]. 通信学报, 2018,39(5): 153-165.
	JIA W J , ZHOU X J . Concepts,issues,and applications of fog computing[J]. Journal on Communications, 2018,39(5): 153-165.
[2]	GUO R , ZHUANG C Y , SHI H X ,et al. A lightweight verifiable outsourced decryption of attribute-based encryption scheme for blockchain-enabled wireless body area network in fog computing[J]. International Journal of Distributed Sensor Networks, 2020,16(2): 155014772090679.
[3]	JIANG J F , TANG L Y , GU K ,et al. Secure computing resource allocation framework for open fog computing[J]. The Computer Journal, 2020,63(4): 567-592.
[4]	SHAHID M H , HAMEED A R , ISLAM S U ,et al. Energy and delay efficient fog computing using caching mechanism[J]. Computer Communications, 2020,154: 534-541.
[5]	DESIKAN K E S , KOTAGI V J , MURTHY C S R . Topology control in fog computing enabled IoT networks for smart cities[J]. Computer Networks, 2020,176:107270.
[6]	VILELA P H , RODRIGUES J J P C , RIGHI R D R ,et al. Looking at fog computing for E-health through the lens of deployment challenges and applications[J]. Sensors, 2020,20(9): 2553.
[7]	FERRAIOLO D , CUGINI J , KUHN D R . Role-based access control (RBAC):features and motivations[C]// Proceedings of 11th Annual Computer Security Application Conference. Piscataway:IEEE Press, 1995: 241-248.
[8]	ZHANG P Y , ZHOU M C , FORTINO G . Security and trust issues in fog computing:a survey[J]. Future Generation Computer Systems, 2018,88: 16-27.
[9]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// 2007 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2007: 321-334.
[10]	WANG H , ZHENG Z H , WU L . New large-universe multi-authority ciphertext-policy ABE scheme and its application in cloud storage systems[J]. Journal of High Speed Networks, 2016,22(2): 153-167.
[11]	LIANG K T , SUSILO W . Searchable attribute-based mechanism with efficient data sharing for secure cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2015,10(9): 1981-1992.
[12]	LEWKO A , WATERS B . Decentralizing attribute-based encryption[C]// Advances in Cryptology – EUROCRYPT 2011. Berlin:Springer, 2011: 568-588.
[13]	HORVATH M , . Attribute-based encryption optimized for cloud computing[C]// Theory and Practice of Computer Science. Berlin:Springer, 2015,DOI:10.1007/978-3-662-46078-8_47.
[14]	HUR J . Improving security and efficiency in attribute-based data sharing[J]. IEEE Transactions on Knowledge and Data Engineering, 2013,25(10): 2271-2282.
[15]	LIANG K T , SUSILO W . Searchable attribute-based mechanism with efficient data sharing for secure cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2015,10(9): 1981-1992.
[16]	WANG S L , LIANG K T , LIU J K ,et al. Attribute-based data sharing scheme revisited in cloud computing[J]. IEEE Transactions on Information Forensics and Security, 2016,11(8): 1661-1673.
[17]	LI J G , WANG Y , ZHANG Y C ,et al. Full verifiability for outsourced decryption in attribute based encryption[J]. IEEE Transactions on Services Computing, 2020,13(3): 478-487.
[18]	ZHANG K , LI H , MA J F ,et al. Efficient large-universe multi-authority ciphertext-policy attribute-based encryption with white-box traceability[J]. Science China Information Sciences, 2017,61(3): 1-13.
[19]	FREEMAN D , SCOTT M , TESKE E . A taxonomy of pairing-friendly elliptic curves[J]. Journal of Cryptology, 2010,23(2): 224-280.
[20]	SCOTT M , . On the efficient implementation of pairing-based protocols[C]// Cryptography and Coding. Berlin:Springer, 2011: 296-308.
[21]	PONTIE S , MAISTRI P , LEVEUGLE R . Dummy operations in scalar multiplication over elliptic curves:a tradeoff between security and performance[J]. Microprocessors ＆ Microsystems, 2016,47: 23-36.
[22]	CHEVALLIER-MAMES B , CORON J S , MCCULLAGH N ,et al. Secure delegation of elliptic-curve pairing[C]// Lecture Notes in Computer Science. Berlin:Springer, 2010: 24-35.
[23]	CHEN X F , SUSILO W , LI J ,et al. Efficient algorithms for secure outsourcing of bilinear pairings[J]. Theoretical Computer Science, 2015,562: 112-121.
[24]	ODELU V , DAS A K . Design of a new CP-ABE with constant-size secret keys for lightweight devices using elliptic curve cryptography[J]. Security and Communication Networks, 2016,9(17): 4048-4059.
[25]	MAESA D D F , MORI P , RICCI L . Blockchain based access control[C]// Distributed Applications and Interoperable Systems. Berlin:Springer, 2017: 206-220.
[26]	DAGHER G G , MOHLER J , MILOJKOVIC M ,et al. Ancile:privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology[J]. Sustainable Cities and Society, 2018,39: 283-297.
[27]	DORRI A , KANHERE S S , JURDAK R ,et al. Blockchain for IoT security and privacy:the case study of a smart home[C]// 2017 IEEE International Conference on Pervasive Computing and Communications Workshops. Piscataway:IEEE Press, 2017: 618-623.
[28]	谢绒娜, 李晖, 史国振 ,等. 基于区块链的可溯源访问控制机制[J]. 通信学报, 2020,41(12): 82-93.
	XIE R N , LI H , SHI G Z ,et al. Blockchain-based access control mechanism for data traceability[J]. Journal on Communications, 2020,41(12): 82-93.
[29]	应作斌, 斯元平, 马建峰 ,等. 基于区块链的分布式EHR细粒度可追溯方案[J]. 通信学报, 2021,42(5): 205-215.
	YING Z B , SI Y P , MA J F ,et al. Blockchain-based distributed EHR fine-grained traceability scheme[J]. Journal on Communications, 2021,42(5): 205-215.

Metrics

Recommended 0

No Suggested Reading articles found!

方案	访问结构	多授权机构	双线性配对	外包计算
文献[17]方案	LSSS	No	Yes	Yes
文献[18]方案	LSSS	Yes	Yes	No
文献[24]方案	与门	No	No	No
本文方案	LSSS	Yes	No	Yes

方案	用户加密	用户解密	外包解密
文献[17]方案	(4L+2)E_g+4E_T	E_T	(L+2)P+2LE_g
文献[18]方案	6 LE+(2L+1)E_T+(2 L+1)P	3 L_sP+3 L_sE_g	—
文献[24]方案	(N-ω+2)E	(N-ω+3)E	—
本文方案	(4L+1)E	2E	(7L+1)E
注：—表示方案中不涉及该项功能。

Verifiable access control scheme based on unpaired CP-ABE in fog computing

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 29

Related Articles 15

Metrics

Recommended 0

[1]	Wei JIN, Fenghua LI, Mingjie YU, Yunchuan GUO, Ziyan ZHOU, Liang FANG. HDFS-oriented cryptographic key resource control mechanism [J]. Journal on Communications, 2022, 43(9): 27-41.
[2]	Hui LIU, Xinyan LIU, Yan XU, Hong ZHONG, Meng WANG. Privacy protection of warning message publishing protocol in VANET [J]. Journal on Communications, 2021, 42(8): 120-129.
[3]	Changgen PENG, Zongfeng PENG, Hongfa DING, Youliang TIAN, Rongfei LIU. Attribute-based revocable collaborative access control scheme [J]. Journal on Communications, 2021, 42(5): 75-86.
[4]	Zuobin YING, Yuanping SI, Jianfeng MA, Ximeng LIU. Blockchain-based distributed EHR fine-grained traceability scheme [J]. Journal on Communications, 2021, 42(5): 205-215.
[5]	Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing [J]. Journal on Communications, 2021, 42(3): 160-170.
[6]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[7]	Tianyi ZHU,Fenghua LI,Wei JIN,Yunchuan GUO,Liang FANG,Lin CHENG. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy [J]. Journal on Communications, 2020, 41(9): 29-48.
[8]	Qinglei ZHOU,Shaohuan BAN,Yingjie HAN,Feng FENG. Mimic defense authentication method for physical access control [J]. Journal on Communications, 2020, 41(6): 80-87.
[9]	Chunfu JIA,Guanxiong HA,Ruiqi LI. Data access control policy of encrypted deduplication system [J]. Journal on Communications, 2020, 41(5): 72-83.
[10]	Yonggui FU,Jianming ZHU. Design for database access control mechanism based on blockchain [J]. Journal on Communications, 2020, 41(5): 130-140.
[11]	Zheng GUAN,Lei XIONG,Yao JIA,Min HE,Zhijun YANG. Research on scheduled WLAN MAC protocol with failure retries on RoF-DAS architecture [J]. Journal on Communications, 2020, 41(3): 102-111.
[12]	Rongna XIE,Hui LI,Guozhen SHI,Yunchuan GUO. Attribute-based lightweight reconfigurable access control policy [J]. Journal on Communications, 2020, 41(2): 112-122.
[13]	Aodi LIU, Xuehui DU, Na WANG, Rui QIAO. ABAC access control policy generation technique based on deep learning [J]. Journal on Communications, 2020, 41(12): 8-20.
[14]	Rongna XIE, Hui LI, Guozhen SHI, Yunchuan GUO, Ming ZHANG, Xiuze DONG. Blockchain-based access control mechanism for data traceability [J]. Journal on Communications, 2020, 41(12): 82-93.
[15]	LI Xuejun,ZHANG Dan,LI Hui. Efficient revocable attribute-based encryption scheme [J]. Journal on Communications, 2019, 40(6): 32-39.