Efficient and fine-grained access control with fully-hidden policies for cloud-enabled IoT

Li Qi; Liu Gaozhan; Zhang Qianqian; Han Lidong; Chen Wei; Li Rui; Xiong Jinbo

doi:10.1016/j.dcan.2024.05.007

›› 2025, Vol. 11 ›› Issue (2) : 473 -481. DOI: 10.1016/j.dcan.2024.05.007

Original article

Efficient and fine-grained access control with fully-hidden policies for cloud-enabled IoT

Li Qi ^a^,^b^,^c^,^d
, Liu Gaozhan ^a
, Zhang Qianqian ^a
, Han Lidong ^b
, Chen Wei ^a
, Li Rui ^e^,^f^,^*
, Xiong Jinbo ^g

Author information +

History +

PDF

Abstract

Ciphertext-Policy Attribute-Based Encryption (CP-ABE) enables fine-grained access control on ciphertexts, making it a promising approach for managing data stored in the cloud-enabled Internet of Things. But existing schemes often suffer from privacy breaches due to explicit attachment of access policies or partial hiding of critical attribute content. Additionally, resource-constrained IoT devices, especially those adopting wireless communication, frequently encounter affordability issues regarding decryption costs. In this paper, we propose an efficient and fine-grained access control scheme with fully hidden policies (named FHAC). FHAC conceals all attributes in the policy and utilizes bloom filters to efficiently locate them. A test phase before decryption is applied to assist authorized users in finding matches between their attributes and the access policy. Dictionary attacks are thwarted by providing unauthorized users with invalid values. The heavy computational overhead of both the test phase and most of the decryption phase is outsourced to two cloud servers. Additionally, users can verify the correctness of multiple outsourced decryption results simultaneously. Security analysis and performance comparisons demonstrate FHAC's effectiveness in protecting policy privacy and achieving efficient decryption.

Keywords

Access control / Policy hiding / Verifiable outsourced computation / Cloud / IoT

Cite this article

Download citation ▾

Li Qi, Liu Gaozhan, Zhang Qianqian, Han Lidong, Chen Wei, Li Rui, Xiong Jinbo. Efficient and fine-grained access control with fully-hidden policies for cloud-enabled IoT. , 2025, 11(2): 473-481 DOI:10.1016/j.dcan.2024.05.007

登录浏览全文

4963

注册一个新账户忘记密码

CRediT authorship contribution statement

Qi Li: Writing - review & editing, Writing - original draft, Investigation, Formal analysis. Gaozhan Liu: Writing - original draft, Data curation. Qianqian Zhang: Project administration, Methodology. Lidong Han: Investigation, Conceptualization. Wei Chen: Project administration, Methodology. Rui Li: Writing - review & editing, Supervision, Software, Methodology. Jinbo Xiong: Formal analysis, Conceptualization.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	D.E. Kouicem, A. Bouabdallah, H. Lakhlef, Internet of things security: a top-down survey, Comput. Netw. 141 (2018) 199-221.

[2]	J. Guo, Z. Liu, S. Tian, F. Huang, J. Li, X. Li, K.K. Igorevich, J. Ma, Tfl-dt: a trust evaluation scheme for federated learning in digital twin for mobile networks, IEEE J. Sel. Areas Commun. 41 (11) (2023) 3548-3560.

[3]	D. Wu, Z. Yang, P. Zhang, R. Wang, B. Yang, X. Ma, Virtual-reality inter-promotion technology for metaverse: a survey, IEEE Int. Things J. 10 (18) (2023) 15788-15809.

[4]	Z. Yang, X. Zhang, D. Wu, R. Wang, P. Zhang, Y. Wu, Efficient asynchronous feder-ated learning research in the Internet of vehicles, IEEE Int. Things J. 10 (9) (2023) 7737-7748.

[5]	R. Ma, T. Feng, J. Xiong, Q. Li, Y. Tian, Dscpa: a dynamic sub-cluster privacy-preserving aggregation scheme for mobile crowdsourcing in industrial iot, IEEE Int. Things J. 11 (2) (2024) 1880-1892.

[6]	X. Liu, R.H. Deng, K.-K.R. Choo, Y. Yang, H. Pang, Privacy-preserving outsourced calculation toolkit in the cloud, IEEE Trans. Dependable Secure Comput. 17 (5) (2018) 898-911.

[7]	M. Gupta, F.M. Awaysheh, J. Benson, M. Alazab, F. Patwa, R. Sandhu, An attribute-based access control for cloud enabled industrial smart vehicles, IEEE Trans. Ind. Inform. 17 (6) (2020) 4288-4297.

[8]	J. Bethencourt, A. Sahai, B. Waters, Ciphertext-policy attribute-based encryption, in: 2007 IEEE Symposium on Security and Privacy (SP’07), IEEE, 2007, pp. 321-334.

[9]	Q. Li, B. Xia, H. Huang, Y. Zhang, T. Zhang, Trac: traceable and revocable access con-trol scheme for mhealth in 5g-enabled iiot, IEEE Trans. Ind. Inform. 18 (5) (2022) 3437-3448.

[10]	Q. Li, Q. Zhang, H. Huang, W. Zhang, W. Chen, H. Wang, Secure, efficient, and weighted access control for cloud-assisted industrial iot, IEEE Int. Things J. 9 (18) (2022) 16917-16927.

[11]	Y. Zhang, D. Zheng, R.H. Deng, Security and privacy in smart health: efficient policy-hiding attribute-based access control, IEEE Int. Things J. 5 (3) (2018) 2130-2145.

[12]	J. Sun, H. Xiong, X. Liu, Y. Zhang, X. Nie, R.H. Deng, Lightweight and privacy-aware fine-grained access control for iot-oriented smart health, IEEE Int. Things J. 7 (7) (2020) 6566-6575.

[13]	Y. Miao, Q. Tong, K.-K.R. Choo, X. Liu, R.H. Deng, H. Li, Secure online/offline data sharing framework for cloud-assisted industrial Internet of things, IEEE Int. Things J. 6 (5) (2019) 8681-8691.

[14]	X. Huang, H. Xiong, J. Chen, M. Yang, Efficient revocable storage attribute-based encryption with arithmetic span programs in cloud-assisted Internet of things, IEEE Trans. Cloud Comput. 11 (2) (2023) 1273-1285.

[15]	Q. Mei, M. Yang, J. Chen, L. Wang, H. Xiong, Expressive data sharing and self-controlled fine-grained data deletion in cloud-assisted iot, IEEE Trans. Dependable Secure Comput. 20 (3) (2023) 2625-2640.

[16]	T. Nishide, K. Yoneyama, K. Ohta, Attribute-based encryption with partially hid-den encryptor-specified access structures, in: International Conference on Applied Cryptography and Network Security, Springer, 2008, pp. 111-129.

[17]	J. Lai, R.H. Deng, Y. Li, Expressive cp-abe with partially hidden access structures, in: Proceedings of the 7th ACM Symposium on Information, Computer and Commu-nications Security, 2012, pp. 18-19.

[18]	J. Lai, R.H. Deng, Y. Li, Fully secure ciphertext-policy hiding cp-abe, in: Interna-tional Conference on Information Security Practice and Experience, Springer, 2011, pp. 24-39.

[19]	H. Cui, R.H. Deng, G. Wu, J. Lai, An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures, in: In-ternational Conference on Provable Security, Springer, 2016, pp. 19-38.

[20]	H. Cui, R.H. Deng, J. Lai, X. Yi, S. Nepal, An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures, revisited, Comput. Netw. 133 (2018) 157-165.

[21]	J. Li, K. Ren, B. Zhu, Z. Wan, Privacy-aware attribute-based encryption with user ac-countability, in: International Conference on Information Security, Springer, 2009, pp. 347-362.

[22]	K. Yang, Q. Han, H. Li, K. Zheng, Z. Su, X. Shen, An efficient and fine-grained big data access control scheme with privacy-preserving policy, IEEE Int. Things J. 4 (2) (2016) 563-571.

[23]	C. Dong, L. Chen, Z. Wen, When private set intersection meets big data: an effi-cient and scalable protocol,in: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, 2013, pp. 789-800.

[24]	J. Hao, C. Huang, J. Ni, H. Rong, M. Xian, X.S. Shen, Fine-grained data access control with attribute-hiding policy for cloud-based iot, Comput. Netw. 153 (2019) 1-10.

[25]	A. Sahai, B. Waters, Fuzzy identity-based encryption, in: Annual International Con-ference on the Theory and Applications of Cryptographic Techniques, Springer, 2005, pp. 457-473.

[26]	A. Lewko, B. Waters, Unbounded hibe and attribute-based encryption, in: Annual International Conference on the Theory and Applications of Cryptographic Tech-niques, Springer, 2011, pp. 547-567.

[27]	Y. Rouselakis, B. Waters, Practical constructions and new proof methods for large universe attribute-based encryption, in: Proceedings of the 2013 ACM SIGSAC Con-ference on Computer & Communications Security, 2013, pp. 463-474.

[28]	G. Hu, L. Zhang, Y. Mu, X. Gao, An expressive “test-decrypt-verify” attribute-based encryption scheme with hidden policy for smart medical cloud, IEEE Syst. J. 15 (1) (2020) 365-376.

[29]	J. Yu, G. He, X. Yan, Y. Tang, R. Qin, Outsourced ciphertext-policy attribute-based encryption with partial policy hidden, Int. J. Distrib. Sens. Netw. 16 (5) (2020) 1550147720926368.

[30]	M. Green, S. Hohenberger, B. Waters, Outsourcing the decryption of abe cipher-texts, in: Proceedings of the 20th USENIX Conference on Security, SEC’11, USENIX Association, 2011, p. 34.

[31]	J. Lai, R.H. Deng, C. Guan, J. Weng, Attribute-based encryption with verifiable out-sourced decryption, IEEE Trans. Inf. Forensics Secur. 8 (8) (2013) 1343-1354.

[32]	X. Mao, J. Lai, Q. Mei, K. Chen, J. Weng, Generic and efficient constructions of attribute-based encryption with verifiable outsourced decryption, IEEE Trans. De-pendable Secure Comput. 13 (5) (2015) 533-546.

[33]	J. Ning, Z. Cao, X. Dong, K. Liang, H. Ma, L. Wei, Auditable 𝜎-time outsourced attribute-based encryption for access control in cloud computing, IEEE Trans. Inf. Forensics Secur. 13 (1) (2017) 94-105.

[34]	T. Wang, H. Ma, Y. Zhou, R. Zhang, Z. Song, Fully accountable data sharing for pay-as-you-go cloud scenes, IEEE Trans. Dependable Secure Comput. 18 (4) (2019) 2005-2016.