Abstract
The Internet of things (IoT) technology has been used in a wide range of fields, ranging from industrial manufacturing to daily lives. The IoT system contains numerous resource-constrained lightweight devices such as wireless sensors and radio frequency identification (RFID) tags. A massive amount of sensitive data is generated and transmitted by these devices to a variety of users. The complexity of the IoT system places a high demand on security. Therefore, it is necessary to develop an encryption scheme with access control to provide flexible and secure access to the sensitive data. The ciphertext policy attribute-based encryption (CP-ABE) scheme is a potential solution. However, the long ciphertext as well as the slow encryption and decryption operations in traditional ABE schemes make it inappropriate for most IoT systems, which require low latency and contain many devices with limited memory size and computing capability. In this paper, we propose a modified CP-ABE scheme with constant length of ciphertext and low computation overhead in the encryption and decryption phases. Additionally, our scheme is proven to be adaptively secure under the standard model. Moreover, two enhanced schemes are developed to prevent authorized users from leaking data and protect the privacy of data owners by combining chameleon hash, bloom filters and CP-ABE, respectively. Finally, the experimental evaluation and analysis prove the feasibility of our scheme.
Similar content being viewed by others
References
Wan S H, Zhao Y, Wang T, et al. Multi-dimensional data indexing and range query processing via Voronoi diagram for internet of things. Future Gener Comput Syst, 2019, 91: 382–391
Ammar M, Russello G, Crispo B. Internet of things: a survey on the security of IoT frameworks. J Inf Secur Appl, 2018, 38: 8–27
Wu Y K, Huang H, Wu Q, et al. A risk defense method based on microscopic state prediction with partial information observations in social networks. J Parallel Distrib Comput, 2019, 131: 189–199
Guan Z T, Liu X Y, Wu L F, et al. Cross-lingual multi-keyword rank search with semantic extension over encrypted data. Inf Sci, 2020, 514: 523–540
Xu S M, Li Y J, Deng R H, et al. Lightweight and expressive fine-grained access control for healthcare Internet-of-things. IEEE Trans Cloud Comput, 2019. doi: https://doi.org/10.1109/tcc.2019.2936481
Xu S M, Yang G M, Mu Y, et al. A secure IoT cloud storage system with fine-grained access control and decryption key exposure resistance. Future Gener Comput Syst, 2019, 97: 284–294
Jiang Y H, Susilo W, Mu Y, et al. Flexible ciphertext-policy attribute-based encryption supporting AND-gate and threshold with short ciphertexts. Int J Inf Secur, 2018, 17: 463–475
Odelu V, Das A K. Design of a new CP-ABE with constant-size secret keys for lightweight devices using elliptic curve cryptography. Secur Commun Netw, 2016, 9: 4048–4059
Susilo W, Yang G M, Guo F C, et al. Constant-size ciphertexts in threshold attribute-based encryption without dummy attributes. Inf Sci, 2018, 429: 349–360
Lewko A, Okamoto T, Sahai A, et al. Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2010. 62–91
Doshi N, Jinwala D C. Fully secure ciphertext policy attribute-based encryption with constant length ciphertext and faster decryption. Secur Commun Netw, 2014, 7: 1988–2002
Odelu V, Das A K, Khan M K, et al. Expressive CP-ABE scheme for mobile devices in IoT satisfying constant-size keys and ciphertexts. IEEE Access, 2017, 5: 3273–3283
Banerjee S, Roy S, Odelu V, et al. Multi-authority CP-ABE-based user access control scheme with constant-size key and ciphertext for IoT deployment. J Inf Secur Appl, 2020, 53: 102503
Cui H, Deng R H, Liu J K, et al. Server-aided attribute-based signature with revocation for resource-constrained industrial-Internet-of-things devices. IEEE Trans Ind Inf, 2018, 14: 3724–3732
Guan Z T, Li J, Wu L F, et al. Achieving efficient and secure data acquisition for cloud-supported Internet of things in smart grid. IEEE Int Things J, 2017, 4: 1934–1944
Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In: Proceedings of IEEE Symposium on Security and Privacy, 2007. 321–334
Waters B. Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Proceedings of International Workshop on Public Key Cryptography, 2011. 53–70
Herranz J, Laguillaumie F, Rafols C. Constant size ciphertexts in threshold attribute-based encryption. In: Proceedings of International Workshop on Public Key Cryptography, 2010. 19–34
Guo F C, Mu Y, Susilo W, et al. CP-ABE with constant-size keys for lightweight devices. IEEE Trans Inf Forensic Secur, 2014, 9: 763–771
Agrawal S, Chase M. FAME: fast attribute-based message encryption. In: Proceedings of ACM SIGSAC Conference on Computer and Communications Security, 2017. 665–682
Teng W, Yang G, Xiang Y, et al. Attribute-based access control with constant-size ciphertext in cloud computing. IEEE Trans Cloud Comput, 2017, 5: 617–627
Odelu V, Das A K, Rao Y S, et al. Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment. Comput Stand Interface, 2017, 54: 3–9
Xu S M, Yang G M, Mu Y, et al. Secure fine-grained access control and data sharing for dynamic groups in the cloud. IEEE Trans Inf Forensic Secur, 2018, 13: 2101–2113
Chen C, Chen J, Lim H W, et al. Fully secure attribute-based systems with short ciphertexts/signatures and threshold access structures. In: Proceedings of Cryptographers’ Track at the RSA Conference, 2013. 50–67
Xu S M, Yang G M, Mu Y. Revocable attribute-based encryption with decryption key exposure resistance and ciphertext delegation. Inf Sci, 2019, 479: 116–134
Liu Z H, Duan S H, Zhou P L, et al. Traceable-then-revocable ciphertext-policy attribute-based encryption scheme. Future Gener Comput Syst, 2019, 93: 903–913
Zhang Y H, Zheng D, Deng R H. Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Int Things J, 2018, 5: 2130–2145
Han Q, Zhang Y H, Li H. Efficient and robust attribute-based encryption supporting access policy hiding in Internet of things. Future Gener Comput Syst, 2018, 83: 269–277
Menezes A J, Okamoto T, Vanstone S A. Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans Inf Theory, 1993, 39: 1639–1646
Galbraith S D, Paterson K G, Smart N P. Pairings for cryptographers. Discrete Appl Math, 2008, 156: 3113–3121
Malluhi Q M, Shikfa A, Trinh V C. A ciphertext-policy attribute-based encryption scheme with optimized ciphertext size and fast decryption. In: Proceedings of ACM on Asia Conference on Computer and Communications Security, 2017. 230–240
Zhou Z B, Huang D J. On efficient ciphertext-policy attribute based encryption and broadcast encryption. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010. 753–755
Akinyele J A, Garman C, Miers I, et al. Charm: a framework for rapidly prototyping cryptosystems. J Cryptogr Eng, 2013, 3: 111–128
Acknowledgements
This work was jointly supported by Beijing Natural Science Foundation (Grant No. 4182060), National Natural Science Foundation of China (Grant No. 61972148), and Fundamental Research Funds for the Central Universities (Grant No. 2019MS020).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Guan, Z., Yang, W., Zhu, L. et al. Achieving adaptively secure data access control with privacy protection for lightweight IoT devices. Sci. China Inf. Sci. 64, 162301 (2021). https://doi.org/10.1007/s11432-020-2957-5
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-020-2957-5