Abstract

With the universality and availability of Internet of Things (IoT), data privacy protection in IoT has become a hot issue. As a branch of attribute-based encryption (ABE), ciphertext policy attribute-based encryption (CP-ABE) is widely used in IoT to offer flexible one-to-many encryption. However, in IoT, different mobile devices share messages collected, transmission of large amounts of data brings huge burdens to mobile devices. Efficiency is a bottleneck which restricts the wide application and adoption of CP-ABE in Internet of things. Besides, the decryption key in CP-ABE is shared by multiple users with the same attribute, once the key disclosure occurs, it is non-trivial for the system to tell who maliciously leaked the key. Moreover, if the malicious mobile device is not revoked in time, more security threats will be brought to the system. These problems hinder the application of CP-ABE in IoT. Motivated by the actual need, a scheme called traceable and revocable ciphertext policy attribute-based encryption scheme with constant-size ciphertext and key is proposed in this paper. Compared with the existing schemes, our proposed scheme has the following advantages: (1) Malicious users can be traced; (2) Users exiting the system and misbehaving users are revoked in time, so that they no longer have access to the encrypted data stored in the cloud server; (3) Constant-size ciphertext and key not only improve the efficiency of transmission, but also greatly reduce the time spent on decryption operation; (4) The storage overhead for traceability is constant. Finally, the formal security proof and experiment has been conducted to demonstrate the feasibility of our scheme.

Highlights

  • With the rapid development of network and smart devices, Internet of Things (IoT) has penetrated into people’s daily life, such as smart cars, smartphones, wearable devices and industrial Internet of Things

  • The constant-size ciphertext and key scheme [15] proposed by Odelu solves the efficiency problem in IoT, but neither of them solved the problems of key abuse and user revocation

  • We focus on three common problems of CP-attribute-based encryption (ABE) applications in IoT: efficiency, key abuse and user revocation

Read more

Summary

Introduction

With the rapid development of network and smart devices, Internet of Things (IoT) has penetrated into people’s daily life, such as smart cars, smartphones, wearable devices and industrial Internet of Things. With the development of the IoT, privacy-preserving has become the focus of attention, so the secure information exchange between mobile devices determines the smooth implementation of the Internet of things system. KP-ABE associates the access policy with the user’s private key and the user attribute with the ciphertext. CP-ABE associates the access policy with the ciphertext, and the user attribute with the user’s private key. Taking an IoT based CP-ABE as an example, cloud service provider A stores large amounts of encrypted data. Only users whose attributes satisfy the access policy in ciphertext can decrypt the data. In the face of the temptation of economic interests and “0” risk, many users are willing to disclose their decryption keys This illegal disclosure of the key seriously threatens the privacy of data owners and system security. The above problems hinder the wide application of CP-ABE encryption mechanism in IoT

Related work
Our contribution
Access structure and attribute
Bilinear group
Lagrange Interpolation Theorem
Entities in the system
System model
Security model
Traceability model
Construction
KeyGen
Encrypt
Revocation
Decrypt
Security analysis
Traceability
Comparison
Theoretical analysis
Experimental comparison
Conclusion and future work

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.