Teng Li1,*, Jiawei Zhang1, Yanbo Yang2, Wei Qiao1, and Yangxu Lin1
Teng Li
1 School of Cyber Engineering, Xidian University, Shaanxi, China
2 School of Information Engineering, Inner Mongolia University of Science & Technology, China
*Corresponding author
Recently, the rapid development of Internet of things (IoT) and cloud computing technologies have greatly facilitated various industrial applications and Industrial IoT (IIoT). The widely deployed IIoT devices and large capacity of cloud significantly benefit for and bring convenience to various industrial sectors. However, there exist a large number of concerns about data security in IIoT, especially when a majority of sensitive IIoT data is shared in cloud. Although as one of the most promising technique, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can provide fine-grained access control for IIoT data shared in cloud, there are still many drawbacks which impede the direct adoption of conventional CP-ABE. On the one hand, unlimited IIoT data access times may disable data access service of cloud and bring serious consequences. On the other hand, the access policies of ciphertexts usually consist of much sensitive information and cause privacy exposure. Moreover, the high computation overhead also extremely hinders resource-limited users in IIoT applications. To solve these problems, we propose TAHP-CP-ABE, a k-times and auditable hidden-policy CP-ABE scheme which is suitable for resource-limited users and privacy-aware access policies with data access times limitation in IIoT applications. Specifically, TAHP-CP-ABE preserves the privacy of access policies by hiding only attribute values and realizes limited access times as well as efficient IIoT ciphertexts decryption with decryption test and outsourced decryption. The security analysis and experimental results indicate that TAHP-CP-ABE is secure, efficient and practical.
CP-ABE, privacy-preserving, cloud-assisted IIoT, access times limitation, auditable outsourced decryption
Teng Li, Jiawei Zhang, Yanbo Yang, Wei Qiao and Yangxu Lin (2021). Auditable and Times limitable Secure Data Access Control for Cloud-based Industrial Internet of Things. Journal of Networking and Network Applications, Volume 1, Issue 3, pp. 129–138. https://doi.org/10.33969/J-NaNA.2021.010306.
[1] Lv, Z., Qiao, L., Li, J., Song, H.: Deep-learning-enabled security issues in the internet of things. IEEE Internet of Things Journal 8(12), 9531–9538 (2020)
[2] Wei, W., Yang, R., Gu, H., Zhao, W., Chen, C., Wan, S.: Multi-objective optimization for resource allocation in vehicular cloud computing net-works. IEEE Transactions on Intelligent Transportation Systems (2021)
[3] Qi, S., Lu, Y., Wei, W., Chen, X.: Efficient data access control with fine-grained data protection in cloud-assisted iiot. IEEE Internet of Things Journal 8(4), 2886–2899 (2020)
[4] Jiang, S., Cao, J., Wu, H., Yang, Y.: Fairness-based packing of industrial iot data in permissioned blockchains. IEEE Transactions on Industrial Informatics (2020)
[5] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Annual In-ternational Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2005, pp. 457–473.
[6] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proceedings of the 13th ACM conference on Computer and communications security. Acm, 2006, pp. 89–98.
[7] Zhang, Y., Zheng, D., Deng, R.H.: Security and privacy in smart health: Efficient policy-hiding attribute-based access control. IEEE Internet of Things Journal 5(3), 2130–2145 (2018)
[8] J. Zhang, T. Li, M. S. Obaidat, C. Lin, and J. Ma, “Enabling efficient data sharing with auditable user revocation for iov systems,” IEEE Systems Journal, 2021.
[9] Xu, Y., Deng, G., Zhang, T., Qiu, H., Bao, Y.: Novel denial-of-service attacks against cloud-based multi-robot systems. Information Sciences 576, 329–344 (2021)
[10] S. Hohenberger and B. Waters, “Attribute-based encryption with fast decryption,” pp. 162–179, 2013.
[11] K. Yang and X. Jia, “Attributed-based access control for multi-authority systems in cloud storage,” pp. 536–545, 2012.
[12] M. Green, S. Hohenberger, B. Waters et al., “Outsourcing the decryption of abe ciphertexts.” in USENIX Security Symposium, vol. 2011, no. 3, 2011.
[13] J. Lai, R. H. Deng, C. Guan, and J. Weng, “Attribute-based encryption with verifiable outsourced decryption,” IEEE Transactions on Information Forensics and Security, vol. 8, no. 8, pp. 1343–1354, 2013.
[14] B. Qin, R. H. Deng, S. Liu, and S. Ma, “Attribute-based encryption with efficient verifiable outsourced decryption,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 7, pp. 1384–1393, 2015.
[15] Ning, J., Cao, Z., Dong, X., Liang, K., Ma, H., Wei, L.: Auditable \ σ
- time outsourced attribute-based encryption for access control in cloud computing. IEEE Transactions on Information Forensics and Security 13(1), 94–105 (2017)
[16] D. Wang and P. Wang, “Two birds with one stone: Two-factor authenti-cation with security beyond conventional bound,” IEEE transactions on dependable and secure computing, vol. 15, no. 4, pp. 708–722, 2016.
[17] Z. Li, D. Wang, and E. Morais, “Quantum-safe round-optimal password authentication for mobile devices,” IEEE Transactions on Dependable and Secure Computing, 2020.
[18] S. Qiu, D. Wang, G. Xu, and S. Kumari, “Practical and provably secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices,” IEEE Transactions on Dependable and Secure Computing, 2020.
[19] C. Wang, D. Wang, Y. Tu, G. Xu, and H. Wang, “Understanding node capture attacks in user authentication schemes for wireless sensor networks,” IEEE Transactions on Dependable and Secure Computing, 2020.
[20] Jiang, Q., Zhang, X., Zhang, N., Tian, Y., Ma, X., Ma, J.: Three-factor authentication protocol using physical unclonable function for iov. Computer Communications 173, 45–55 (2021)
[21] Zhao, G., Jiang, Q., Huang, X., Ma, X., Tian, Y., Ma, J.: Secure and usable handshake based pairing for wrist-worn smart devices on different users. Mobile Networks and Applications pp. 1–16 (2021)
[22] Y. Rouselakis and B. Waters, “Practical constructions and new proof methods for large universe attribute-based encryption,” pp. 463–474, 2013.
[23] N. Zhang, Q. Jiang, L. Li, X. Ma, and J. Ma, “An efficient three-factor remote user authentication protocol based on bpv-fourq for internet of drones,” Peer-to-Peer Networking and Applications, pp. 1–14, 2021.
[24] Q. Jiang, N. Zhang, J. Ni, J. Ma, X. Ma, and K.-K. R. Choo, “Unified biometric privacy preserving three-factor authentication and key agreement for cloud-assisted autonomous vehicles,” IEEE Transactions on Vehicular Technology, vol. 69, no. 9, pp. 9390–9401, 2020.
[25] J. Zhang, J. Ma, Z. Ma, N. Lu, Y. Yang, T. Li, and D. Wei, “Efficient hierarchical data access control for resource-limited users in cloud-based
e- health,” in 2019 International Conference on Networking and Network Applications (NaNA). IEEE, 2019, pp. 319–324.
[26] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryption,” in 2007 IEEE symposium on security and privacy (SP’07). IEEE, 2007, pp. 321–334.
[27] F. Guo, Y. Mu, and Z. Chen, “Identity-based online/offline encryption,” Lecture Notes in Computer Science, vol. 5143, pp. 247–261, 2008.
[28] S. Even, O. Goldreich, and S. Micali, “On-line/off-line digital signa-tures,” Journal of Cryptology, vol. 9, no. 1, pp. 35–67, 1996.
[29] A. Shamir and Y. Tauman, “Improved online/offline signature schemes,” pp. 355–367, 2001.
[30] Hohenberger, S., Waters, B.: Online/offline attribute-based encryption. In: International workshop on public key cryptography. pp. 293–310. Springer (2014)
[31] P. Datta, R. Dutta, and S. Mukhopadhyay, “Fully secure online/offline predicate and attribute-based encryption,” International Conference on Information Security Practice and Experience, pp. 331–345, 2015.
[32] De, S.J., Ruj, S.: Efficient decentralized attribute based access control for mobile clouds. IEEE Transactions on Cloud Computing 8(01), 124–137 (2020)
[33] H. Ma, R. Zhang, Z. Wan, Y. Lu, and S. Lin, “Verifiable and exculpable outsourced attribute-based encryption for access control in cloud comput-ing,” IEEE transactions on dependable and secure computing, vol. 14, no. 6, pp. 679–692, 2017.
[34] K. Yang and X. Jia, “Expressive, efficient, and revocable data access control for multi-authority cloud storage,” IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 7, pp. 1735–1744, 2014.
[35] S. Wang, D. Zhang, and Y. Zhang, “Blockchain-based personal health records sharing scheme with data integrity verifiable,” IEEE Access, vol. 7, pp. 102 887–102 901, 2019.
[36] H. Li, L. Pei, D. Liao, S. Chen, M. Zhang, and D. Xu, “Fadb: A fine-grained access control scheme for vanet data based on blockchain,” IEEE Access, vol. 8, pp. 85 190–85 203, 2020.
[37] S. Gao, G. Piao, J. Zhu, X. Ma, and J. Ma, “Trustaccess: A trustworthy secure ciphertext-policy and attribute hiding access control scheme based on blockchain,” IEEE Transactions on Vehicular Technology, vol. 69, no. 6, pp. 5784–5798, 2020.
[38] H. Cui, Z. Wan, X. Wei, S. Nepal, and X. Yi, “Pay as you decrypt: Decryption outsourcing for functional encryption using blockchain,” IEEE Transactions on Information Forensics and Security, vol. 15, pp. 3227–3238, 2020.
[39] T. Nishide, K. Yoneyama, and K. Ohta, “Attribute-based encryption with partially hidden encryptor-specified access structures,” International conference on applied cryptography and network security, pp. 111–129, 2008.
[40] J. Lai, R. H. Deng, and Y. Li, “Expressive cp-abe with partially hidden access structures,” Proceedings of the 7th ACM symposium on information, computer and communications security, pp. 18–19, 2012.
[41] J. Lai, R. H. Deng, and Y. Li, “Fully secure cipertext-policy hiding cp-abe,” International conference on information security practice and experience, vol. 6672, pp. 24–39, 2011.
[42] Y. Zhang, X. Chen, J. Li, D. S. Wong, and H. Li, “Anonymous attribute-based encryption supporting efficient decryption test,” pp. 511–516, 2013.
[43] Zeng, P., Zhang, Z., Lu, R., Choo, K.K.R.: Efficient policy-hiding and large universe attribute-based encryption with public traceability for internet of medical things. IEEE Internet of Things Journal (2021)
[44] Li, Q., Zhang, Y., Zhang, T., Huang, H., Xiong, J.: Htac: Fine-grained policy-hiding and traceable access control in mhealth. IEEE Access PP(99), 1–1 (2020)
[45] H. Cui, R. H. Deng, G. Wu, and J. Lai, “An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures,” vol. 10005, pp. 19–38, 2016.
[46] H. Cui, R. H. Deng, J. Lai, X. Yi, and S. Nepal, “An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures, revisited,” Computer Networks, vol. 133, pp. 157–165, 2018.
[47] Z. Zhou, D. Huang, and Z. Wang, “Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption,” IEEE Transactions on Computers, vol. 64, no. 1, pp. 126–138, 2015.
[48] T. V. X. Phuong, G. Yang, and W. Susilo, “Hidden ciphertext policy attribute-based encryption under standard assumptions,” IEEE Transac-tions on Information Forensics and Security, vol. 11, no. 1, pp. 35–45, 2016.
[49] S. Belguith, N. Kaaniche, M. Laurent, A. Jemai, and R. Attia, “Phoabe: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted iot,” Computer Networks, vol. 133, pp. 141–156, 2018.
[50] K. Fan, H. Xu, L. Gao, H. Li, and Y. Yang, “Efficient and privacy preserving access control scheme for fog-enabled iot,” Future Generation Computer Systems, vol. 99, pp. 134–142, 2019.
[51] Zhang, Z., Zeng, P., Pan, B., Choo, K.K.R.: Large-universe attribute-based encryption with public traceability for cloud storage. IEEE Internet of Things Journal 7(10), 10314–10323 (2020)
[52] D. Boneh and M. Franklin, “Identity-based encryption from the weil pairing,” in Annual international cryptology conference. Springer, 2001, pp. 213–229.
[53] A. De Caro and V. Iovino, “jpbc: Java pairing based cryptography,” in Proceedings of the 16th IEEE Symposium on Computers and Communi-cations, ISCC 2011, Kerkyra, Corfu, Greece, June 28 - July 1, 2011, pp. 850–855.