Abstract
The Internet of Things (IoT) is a novel paradigm where many of the objects that surround us can be connected to the internet. Since IoT is always related to user’s personal information, it raises lot of data security and privacy issues. In this paper, we present a secure and fine-grained data access control scheme for constrained IoT devices and cloud computing based on hierarchical attribute-based encryption, which reduces the key management by introducing hierarchical attribute authorities. In order to relieve local computation burden, we propose an outsourced encryption and decryption construction by delegating most of laborious operations to gateway and cloud server. Further, our scheme achieves efficient policy updating, which allows the sender device to update access policies without retrieving and re-encrypting the data. The security and performance analysis results show that our scheme is secure and efficient.
Similar content being viewed by others
References
Hur, J.: Attribute-based secure data sharing with hidden policies in smart grid. IEEE Transactions on Parallel and Distributed Systems. 24(11), 2171–2180 (2013)
Barua, M., Liang, X., Lu, R., Shen, X.: ESPAC: enabling security and patient-centric access control for eHealth in cloud computing. International Journal of Security and Networks. 6(2), 67–76 (2011)
Gubbia, J., Buyyab, R., Marusic, S., Palaniswami, M.: Internet of things (IoT): a vision, architectural elements, and future directions. Futur. Gener. Comput. Syst. 29(7), 2013 (1645-1660)
Ning, H., Liu, H., Yang, L.: Cyberentity security in the internet of things. Computer. 46(4), 46–53 (2013)
Huang, Q., Ma, Z., Yang, Y., Fu, J., Niu, X.: EABDS: attribute-based secure data sharing with efficient revocation in cloud computing. Chin. J. Electron. 24(4), 862–868 (2015)
Wang, G., Liu, Q., Wu, J., Guo, M.: Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Computers and Security. 30(5), 320–331 (2011)
Huang, Q., Yang, Y., Shen, M.: Secure and efficient data collaboration with hierarchical attribute-based encryption in cloud computing. Futur. Gener. Comput. Syst. 72, 239–249 (2017)
Li, J., Huang, X., Li, J., Chen, X., Xiang, Y.: Securely outsourcing attribute-based encryption with checkability. IEEE Transactions on Parallel and Distributed Systems. 25(8), 2201–2210 (2014)
Ying, Z., Li, H., Ma, J., Zhang, J., Cui, J.: Adaptively secure ciphertext-policy attribute-based encryption with dynamic policy updating. Science China Inf. Sci. 59(4), 1–16 (2016)
Thilakanathan, D., Chen, S., Nepal, S., Calvo, R., Alem, L.: A platform for secure monitoring and sharing of generic health data in the cloud. Futur. Gener. Comput. Syst. 35, 102–113 (2014)
C. Tan, H. Wang, S. Zhong, Q. Li. Body sensor network security: an identity-based cryptography approach. Proceedings of the First ACM Conference on Wireless Network Security, WiSec'08, Alexandria, Virginia, USA, 2008, pp. 148–153.
A. Sahai, B. Waters. Fuzzy identity-based encryption. Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT'05, Aarhus, Denmark, 2005, pp. 457–473.
A. Lewko, B. Waters. Decentralizing attribute-based encryption. Proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT'11, Tallinn, Estonia, 2011, pp. 568–588.
Goyal V., Pandey O., Sahai A., Waters B.: Attribute-based encryption for fine-grained access control of encrypted data. Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS'06, New York, USA, 2006, pp. 89–98.
J. Bethencourt, A. Sahai, B. Waters. Ciphertext-policy attribute-based encryption. Proceedings of 2007 I.E. Symposium on Security and Privacy, SP'07, Berkeley, California, USA, 2007, pp. 321–334.
S. Ruj, A. Nayak, I. Stojmenovic. Distributed fine-grained access control in wireless sensor networks. Proceedings of 2011 I.E. International Parallel & Distributed Processing Symposium, IPDPS'11, Anchorage, Alaska, 2011, pp. 352–362.
Yu, S., Ren, K., Lou, W.: FDAC: toward fine-grained distributed data access control in wireless sensor networks. IEEE Transactions on Parallel and Distributed Systems. 22(4), 673–686 (2011)
Hu, C., Li, H., Huo, Y., Xiang, T., Liao, X.: Secure and efficient data communication protocol for wireless body area networks. IEEE Transactions on Multi-Scale Computing Systems. 2(2), 94–107 (2016)
Yeh, L., Chiang, P., Tsai, Y., Huang, J.: Cloud-based fine-grained health information access control framework for lightweight IoT devices with dynamic auditing and attribute revocation. IEEE Transactions on Cloud Computing. doi:10.1109/TCC.2015.2485199
Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems. 24(1), 131–143 (2013)
Yang, K., Jia, X.: Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Transactions on Parallel and Distributed Systems. 25(7), 2014 (1735-1744)
Deng, H., Wu, Q., Qin, B., Domingo-Ferrer, J., Zhang, L., Liu, J., Shi, W.: Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Inf. Sci. 275, 370–384 (2014)
Hohenberger S., Waters B.: Online/offline attribute-based encryption. Proceedings of the 17th International Conference on Practice and Theory in Public-Key Cryptography, PKC'14, Buenos Aires, Argentina, 2014, pp. 293–310.
Oualha N., Nguyen K.T.: Lightweight attribute-based encryption for the internet of things. Proceedings of the 25th International Conference on Computer Communications and Networks, ICCCN 2016, Waikoloa, Hawaii, USA, 2016, pp. 1–6.
Lounis, A., Hadjidj, A., Bouabdallah, A., Challal, Y.: Healing on the cloud: secure cloud architecture for medical wireless sensor networks. Futur. Gener. Comput. Syst. 55, 266–277 (2016)
Ma, H., Zhang, R., Wan, Z., Lu, Y., Lin, S.: Verifiable and exculpable outsourced attribute-based encryption for access control in cloud computing. IEEE Transactions on Dependable and Secure Computing. doi:10.1109/TDSC.2015.2499755
Yang Y., Zheng X., Tang C.: Lightweight distributed secure data management system for health internet of things. Journal of Network and Computer Applications. doi:10.1016/j.jnca.2016.11.017
Yang L., Humayed A., Li F.: A multi-cloud based privacy-preserving data publishing scheme for the internet of things. Proceedings of the 32nd Annual Computer Security Applications Conference, ACSAC 2016, Los Angeles, California, USA, 2016, pp. 30–39.
Sahai A., Seyalioglu H., Waters B.: Dynamic credentials and ciphertext delegation for attribute-based encryption. Proceedings of the 32nd Annual International Cryptology Conference, CRYPTO'12, Santa Barbara, CA, USA, 2012, pp. 199–217.
Ruj, S., Nayak, A.: A decentralized security framework for data aggregation and access control in smart grids. IEEE Transactions on Smart Grid. 4(1), 196–205 (2013)
Yang, K., Jia, X., Ren, K.: Secure and verifiable policy update outsourcing for big data access control in the cloud. IEEE Transactions on Parallel and Distributed Systems. 26(12), 3461–3470 (2015)
Li, H., Liu, D., Alharbi, K., Zhang, S., Lin, X.: Enabling fine-grained access control with efficient attribute revocation and policy updating in smart grid. KSII Transactions on Internet and Information Systems. 9(4), 1404–1423 (2015)
Acknowledgements
This work has been supported by the National Key Research and Development Program of China under Grant No. 2016YFB0800605, the National Natural Science Foundation of China under Grant No. 61572080, the CCF and Venustech Research Program under Grant No. 2016012.
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection: Special Issue on Security and Privacy of IoT
Guest Editors: Tarik Taleb, Zonghua Zhang, and Hua Wang
Rights and permissions
About this article
Cite this article
Huang, Q., Wang, L. & Yang, Y. DECENT: Secure and fine-grained data access control with policy updating for constrained IoT devices. World Wide Web 21, 151–167 (2018). https://doi.org/10.1007/s11280-017-0462-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11280-017-0462-0