Skip to main content
SpringerLink
Log in

DECENT: Secure and fine-grained data access control with policy updating for constrained IoT devices

  • Published:
World Wide Web Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) is a novel paradigm where many of the objects that surround us can be connected to the internet. Since IoT is always related to user’s personal information, it raises lot of data security and privacy issues. In this paper, we present a secure and fine-grained data access control scheme for constrained IoT devices and cloud computing based on hierarchical attribute-based encryption, which reduces the key management by introducing hierarchical attribute authorities. In order to relieve local computation burden, we propose an outsourced encryption and decryption construction by delegating most of laborious operations to gateway and cloud server. Further, our scheme achieves efficient policy updating, which allows the sender device to update access policies without retrieving and re-encrypting the data. The security and performance analysis results show that our scheme is secure and efficient.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Hur, J.: Attribute-based secure data sharing with hidden policies in smart grid. IEEE Transactions on Parallel and Distributed Systems. 24(11), 2171–2180 (2013)

    Article  Google Scholar 

  2. Barua, M., Liang, X., Lu, R., Shen, X.: ESPAC: enabling security and patient-centric access control for eHealth in cloud computing. International Journal of Security and Networks. 6(2), 67–76 (2011)

    Article  Google Scholar 

  3. Gubbia, J., Buyyab, R., Marusic, S., Palaniswami, M.: Internet of things (IoT): a vision, architectural elements, and future directions. Futur. Gener. Comput. Syst. 29(7), 2013 (1645-1660)

    Google Scholar 

  4. Ning, H., Liu, H., Yang, L.: Cyberentity security in the internet of things. Computer. 46(4), 46–53 (2013)

    Article  Google Scholar 

  5. Huang, Q., Ma, Z., Yang, Y., Fu, J., Niu, X.: EABDS: attribute-based secure data sharing with efficient revocation in cloud computing. Chin. J. Electron. 24(4), 862–868 (2015)

    Article  Google Scholar 

  6. Wang, G., Liu, Q., Wu, J., Guo, M.: Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Computers and Security. 30(5), 320–331 (2011)

    Article  Google Scholar 

  7. Huang, Q., Yang, Y., Shen, M.: Secure and efficient data collaboration with hierarchical attribute-based encryption in cloud computing. Futur. Gener. Comput. Syst. 72, 239–249 (2017)

  8. Li, J., Huang, X., Li, J., Chen, X., Xiang, Y.: Securely outsourcing attribute-based encryption with checkability. IEEE Transactions on Parallel and Distributed Systems. 25(8), 2201–2210 (2014)

    Article  Google Scholar 

  9. Ying, Z., Li, H., Ma, J., Zhang, J., Cui, J.: Adaptively secure ciphertext-policy attribute-based encryption with dynamic policy updating. Science China Inf. Sci. 59(4), 1–16 (2016)

    Article  Google Scholar 

  10. Thilakanathan, D., Chen, S., Nepal, S., Calvo, R., Alem, L.: A platform for secure monitoring and sharing of generic health data in the cloud. Futur. Gener. Comput. Syst. 35, 102–113 (2014)

    Article  Google Scholar 

  11. C. Tan, H. Wang, S. Zhong, Q. Li. Body sensor network security: an identity-based cryptography approach. Proceedings of the First ACM Conference on Wireless Network Security, WiSec'08, Alexandria, Virginia, USA, 2008, pp. 148–153.

  12. A. Sahai, B. Waters. Fuzzy identity-based encryption. Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT'05, Aarhus, Denmark, 2005, pp. 457–473.

  13. A. Lewko, B. Waters. Decentralizing attribute-based encryption. Proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT'11, Tallinn, Estonia, 2011, pp. 568–588.

  14. Goyal V., Pandey O., Sahai A., Waters B.: Attribute-based encryption for fine-grained access control of encrypted data. Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS'06, New York, USA, 2006, pp. 89–98.

  15. J. Bethencourt, A. Sahai, B. Waters. Ciphertext-policy attribute-based encryption. Proceedings of 2007 I.E. Symposium on Security and Privacy, SP'07, Berkeley, California, USA, 2007, pp. 321–334.

  16. S. Ruj, A. Nayak, I. Stojmenovic. Distributed fine-grained access control in wireless sensor networks. Proceedings of 2011 I.E. International Parallel & Distributed Processing Symposium, IPDPS'11, Anchorage, Alaska, 2011, pp. 352–362.

  17. Yu, S., Ren, K., Lou, W.: FDAC: toward fine-grained distributed data access control in wireless sensor networks. IEEE Transactions on Parallel and Distributed Systems. 22(4), 673–686 (2011)

    Article  Google Scholar 

  18. Hu, C., Li, H., Huo, Y., Xiang, T., Liao, X.: Secure and efficient data communication protocol for wireless body area networks. IEEE Transactions on Multi-Scale Computing Systems. 2(2), 94–107 (2016)

    Article  Google Scholar 

  19. Yeh, L., Chiang, P., Tsai, Y., Huang, J.: Cloud-based fine-grained health information access control framework for lightweight IoT devices with dynamic auditing and attribute revocation. IEEE Transactions on Cloud Computing. doi:10.1109/TCC.2015.2485199

  20. Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems. 24(1), 131–143 (2013)

    Article  Google Scholar 

  21. Yang, K., Jia, X.: Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Transactions on Parallel and Distributed Systems. 25(7), 2014 (1735-1744)

    Google Scholar 

  22. Deng, H., Wu, Q., Qin, B., Domingo-Ferrer, J., Zhang, L., Liu, J., Shi, W.: Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Inf. Sci. 275, 370–384 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  23. Hohenberger S., Waters B.: Online/offline attribute-based encryption. Proceedings of the 17th International Conference on Practice and Theory in Public-Key Cryptography, PKC'14, Buenos Aires, Argentina, 2014, pp. 293–310.

  24. Oualha N., Nguyen K.T.: Lightweight attribute-based encryption for the internet of things. Proceedings of the 25th International Conference on Computer Communications and Networks, ICCCN 2016, Waikoloa, Hawaii, USA, 2016, pp. 1–6.

  25. Lounis, A., Hadjidj, A., Bouabdallah, A., Challal, Y.: Healing on the cloud: secure cloud architecture for medical wireless sensor networks. Futur. Gener. Comput. Syst. 55, 266–277 (2016)

    Article  Google Scholar 

  26. Ma, H., Zhang, R., Wan, Z., Lu, Y., Lin, S.: Verifiable and exculpable outsourced attribute-based encryption for access control in cloud computing. IEEE Transactions on Dependable and Secure Computing. doi:10.1109/TDSC.2015.2499755

  27. Yang Y., Zheng X., Tang C.: Lightweight distributed secure data management system for health internet of things. Journal of Network and Computer Applications. doi:10.1016/j.jnca.2016.11.017

  28. Yang L., Humayed A., Li F.: A multi-cloud based privacy-preserving data publishing scheme for the internet of things. Proceedings of the 32nd Annual Computer Security Applications Conference, ACSAC 2016, Los Angeles, California, USA, 2016, pp. 30–39.

  29. Sahai A., Seyalioglu H., Waters B.: Dynamic credentials and ciphertext delegation for attribute-based encryption. Proceedings of the 32nd Annual International Cryptology Conference, CRYPTO'12, Santa Barbara, CA, USA, 2012, pp. 199–217.

  30. Ruj, S., Nayak, A.: A decentralized security framework for data aggregation and access control in smart grids. IEEE Transactions on Smart Grid. 4(1), 196–205 (2013)

    Article  Google Scholar 

  31. Yang, K., Jia, X., Ren, K.: Secure and verifiable policy update outsourcing for big data access control in the cloud. IEEE Transactions on Parallel and Distributed Systems. 26(12), 3461–3470 (2015)

    Article  Google Scholar 

  32. Li, H., Liu, D., Alharbi, K., Zhang, S., Lin, X.: Enabling fine-grained access control with efficient attribute revocation and policy updating in smart grid. KSII Transactions on Internet and Information Systems. 9(4), 1404–1423 (2015)

    Google Scholar 

Download references

Acknowledgements

This work has been supported by the National Key Research and Development Program of China under Grant No. 2016YFB0800605, the National Natural Science Foundation of China under Grant No. 61572080, the CCF and Venustech Research Program under Grant No. 2016012.

Author information

Authors and Affiliations

  1. Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China

    Qinlong Huang, Licheng Wang & Yixian Yang

  2. National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing, 100876, China

    Qinlong Huang, Licheng Wang & Yixian Yang

Authors
  1. Qinlong Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Licheng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yixian Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qinlong Huang.

Additional information

This article is part of the Topical Collection: Special Issue on Security and Privacy of IoT

Guest Editors: Tarik Taleb, Zonghua Zhang, and Hua Wang

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Huang, Q., Wang, L. & Yang, Y. DECENT: Secure and fine-grained data access control with policy updating for constrained IoT devices. World Wide Web 21, 151–167 (2018). https://doi.org/10.1007/s11280-017-0462-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11280-017-0462-0

Keywords

Search

Navigation