Abstract
The cloud computing paradigm has revolutionized the concept of computing and has gained a huge attention since it provides computing resources as a service over the internet. As auspicious as this model is, it brings forth many challenges: everything from data security to time latency issues with data computation and delivery to end users. To manage these challenges with the cloud, a fog computing paradigm has emerged. In the context of the computing, fog computing involves placing mini clouds close to end users to solve time latency problems. However, as fog computing is an extension of cloud computing, it inherits the same security and privacy challenges encountered by traditional cloud computing. These challenges have accelerated the research community’s efforts to find effective solutions. In this paper, we propose a secure and fine-grained data access control scheme based on the ciphertext-policy attribute-based encryption (CP-ABE) algorithm to prevent fog nodes from violating end users’ confidentiality in situations where a compromised fog node has been ousted. In addition, to provide decreased time latency and low communication overhead between the Cloud Service Provider (CSP) and the fog nodes (FNs), our scheme classifies the fog nodes into fog federations (FF), by location and services provided, and each fog node divides the plaintext to be encrypted into multiple blocks to accelerate the time when retrieving ciphertext from the CSP. We demonstrate our scheme’s efficiency by carrying on a simulation and analyzing its security and performance.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Beimel, A.: Secure schemes for secret sharing and key distribution. Technion-Israel Institute of Technology, Faculty of Computer Science (1996)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334. IEEE (2007)
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13
Bonomi, F., Milito, R., Zhu, J., Addepalli, S.: Fog computing and its role in the Internet of Things. In: Proceedings of the First Edition of the MCC Workshop on Mobile Cloud Computing, pp. 13–16. ACM (2012)
Caro, A., Iovino, V.: Java pairing-based cryptography library (2013)
Deng, R., Lu, R., Lai, C., Luan, T.H.: Towards power consumption-delay tradeoff by workload allocation in cloud-fog computing. In: 2015 IEEE International Conference on Communications (ICC), pp. 3909–3914. IEEE (2015)
Fox, A., et al.: Above the clouds: a Berkeley view of cloud computing. Department Electrical Engineering and Computer Sciences, University of California, Berkeley, Rep. UCB/EECS 28(13) (2009)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)
Green, M., Hohenberger, S., Waters, B., et al.: Outsourcing the decryption of ABE ciphertexts. In: USENIX Security Symposium, vol. 2011 (2011)
Hu, C., Li, H., Huo, Y., Xiang, T., Liao, X.: Secure and efficient data communication protocol for wireless body area networks. IEEE Trans. Multi-Scale Comput. Syst. 2, 94–107 (2016)
Huang, Q., Yang, Y., Wang, L.: Secure data access control with ciphertext update and computation outsourcing in fog computing for Internet of Things. IEEE Access 5, 12941–12950 (2017)
Jiang, Y., Susilo, W., Mu, Y., Guo, F.: Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing. Futur. Gener. Comput. Syst. 78, 720–729 (2018)
Li, J., Jin, J., Yuan, D., Palaniswami, M., Moessner, K.: Ehopes: data-centered fog platform for smart living. In: 2015 International Telecommunication Networks and Applications Conference (ITNAC), pp. 308–313. IEEE (2015)
Li, J., Yao, W., Zhang, Y., Qian, H., Han, J.: Flexible and fine-grained attribute-based data storage in cloud computing. IEEE Trans. Serv. Comput. 10(5), 785–796 (2017)
Li, J., Zhang, Y., Chen, X., Xiang, Y.: Secure attribute-based data sharing for resource-limited users in cloud computing. Comput. Secur. 72, 1–12 (2018)
Lynn, B.: The pairing-based cryptography (PBC) library (2010)
Mao, X., Lai, J., Mei, Q., Chen, K., Weng, J.: Generic and efficient constructions of attribute-based encryption with verifiable outsourced decryption. IEEE Trans. Dependable Secur. Comput. 13, 533–546 (2016)
Ning, J., Cao, Z., Dong, X., Wei, L., Lin, X.: Large universe ciphertext-policy attribute-based encryption with white-box traceability. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 55–72. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_4
Ning, J., Dong, X., Cao, Z., Wei, L., Lin, X.: White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes. IEEE Trans. Inf. Forensics Secur. 10(6), 1274–1288 (2015)
Ruj, S., Nayak, A., Stojmenovic, I.: DACC: distributed access control in clouds. In: 2011 International Joint Conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-11 (TrustCom 2011), pp. 91–98. IEEE (2011)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27
Sookhak, M., Yu, F.R., Khan, M.K., Xiang, Y., Buyya, R.: Attribute-based data access control in mobile cloud computing. Future Gener. Comput. Syst. 72(C), 273–287 (2017)
Stojmenovic, I., Wen, S., Huang, X., Luan, H.: An overview of fog computing and its security issues. Concurr. Comput.: Pract. Exp. 28(10), 2991–3005 (2016)
Tysowski, P., Hasan, M.: Hybrid attribute-based encryption and re-encryption for scalable mobile applications in clouds. IEEE Trans. Cloud Comput. 1, 172–186 (2013)
Wang, H.: Identity-based distributed provable data possession in multicloud storage. IEEE Trans. Serv. Comput. 2, 328–340 (2015)
Wang, H., Wu, Q., Qin, B., Domingo-Ferrer, J.: Identity-based remote data possession checking in public clouds. IET Inf. Secur. 8(2), 114–121 (2014)
Xiao, M., Zhou, J., Liu, X., Jiang, M.: A hybrid scheme for fine-grained search and access authorization in fog computing environment. Sensors 17(6), 1423 (2017)
Yi, S., Li, C., Li, Q.: A survey of fog computing: concepts, applications and issues. In: Proceedings of the 2015 Workshop on Mobile Big Data, pp. 37–42. ACM (2015)
Yi, S., Qin, Z., Li, Q.: Security and privacy issues of fog computing: a survey. In: Xu, K., Zhu, H. (eds.) WASA 2015. LNCS, vol. 9204, pp. 685–695. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21837-3_67
Yu, S., Ren, K., Lou, W.: FDAC: toward fine-grained distributed data access control in wireless sensor networks. IEEE Trans. Parallel Distrib. Syst. 22(4), 673–686 (2011)
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 IEEE Proceedings of Infocom, pp. 1–9. IEEE (2010)
Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 261–270. ACM (2010)
Zuo, C., Shao, J., Wei, G., Xie, M., Ji, M.: CCA-secure ABE with outsourced decryption for fog computing. Futur. Gener. Comput. Syst. 78, 730–738 (2018)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Alshehri, M., Panda, B. (2019). An Encryption-Based Approach to Protect Fog Federations from Rogue Nodes. In: Wang, G., Feng, J., Bhuiyan, M., Lu, R. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2019. Lecture Notes in Computer Science(), vol 11611. Springer, Cham. https://doi.org/10.1007/978-3-030-24907-6_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-24907-6_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24906-9
Online ISBN: 978-3-030-24907-6
eBook Packages: Computer ScienceComputer Science (R0)