A revocable multi-authority attribute-based encryption scheme for fog-enabled IoT

Abstract

As more applications move data storage to the cloud, protecting sensitive data becomes increasingly important, especially for the Internet of Things (IoT) environments. Ciphertext-policy attribute-based encryption (CP-ABE) is a practical approach for confidentiality and secure access control for data outsourced to the cloud. However, the underlying CP-ABE operations based on bilinear pairings are too demanding for resource-constrained IoT devices. Furthermore, applications such as Industrial IoT (IIoT) have requirements (efficiency, operative, and security) that existing CP-ABE proposals cannot fulfill, and advanced IoT architectures (e.g., fog computing) have not been well-exploited. This paper proposes a novel CP-ABE scheme suitable for IoT scenarios, using an IIoT generic model as a reference. It targets multiple attribute authorities, outsourced encryption and decryption to fog nodes, user revocation, and asymmetric pairings constructions to achieve recommended security levels. As the main distinctive, revocation is defined using a broadcast encryption-based approach, allowing data owners to enforce user revocation over their outsourced data. According to the performance analysis, the proposed scheme achieves high efficiency for IoT nodes. It is also competitive in terms of storage, bandwidth, and computation efficiency compared to previous proposals. Moreover, the security of the suggested construction is demonstrated against chosen-plaintext attacks.