Abstract
With the universality and availability of Internet of Things (IoT), data privacy protection in IoT has become a hot issue. As a branch of attribute-based encryption (ABE), ciphertext policy attribute-based encryption (CP-ABE) is widely used in IoT to offer flexible one-to-many encryption. However, in IoT, different mobile devices share messages collected, transmission of large amounts of data brings huge burdens to mobile devices. Efficiency is a bottleneck which restricts the wide application and adoption of CP-ABE in Internet of things. Besides, the decryption key in CP-ABE is shared by multiple users with the same attribute, once the key disclosure occurs, it is non-trivial for the system to tell who maliciously leaked the key. Moreover, if the malicious mobile device is not revoked in time, more security threats will be brought to the system. These problems hinder the application of CP-ABE in IoT. Motivated by the actual need, a scheme called traceable and revocable ciphertext policy attribute-based encryption scheme with constant-size ciphertext and key is proposed in this paper. Compared with the existing schemes, our proposed scheme has the following advantages: (1) Malicious users can be traced; (2) Users exiting the system and misbehaving users are revoked in time, so that they no longer have access to the encrypted data stored in the cloud server; (3) Constant-size ciphertext and key not only improve the efficiency of transmission, but also greatly reduce the time spent on decryption operation; (4) The storage overhead for traceability is constant. Finally, the formal security proof and experiment has been conducted to demonstrate the feasibility of our scheme.
Highlights
With the rapid development of network and smart devices, Internet of Things (IoT) has penetrated into people’s daily life, such as smart cars, smartphones, wearable devices and industrial Internet of Things
The constant-size ciphertext and key scheme [15] proposed by Odelu solves the efficiency problem in IoT, but neither of them solved the problems of key abuse and user revocation
We focus on three common problems of CP-attribute-based encryption (ABE) applications in IoT: efficiency, key abuse and user revocation
Summary
With the rapid development of network and smart devices, Internet of Things (IoT) has penetrated into people’s daily life, such as smart cars, smartphones, wearable devices and industrial Internet of Things. With the development of the IoT, privacy-preserving has become the focus of attention, so the secure information exchange between mobile devices determines the smooth implementation of the Internet of things system. KP-ABE associates the access policy with the user’s private key and the user attribute with the ciphertext. CP-ABE associates the access policy with the ciphertext, and the user attribute with the user’s private key. Taking an IoT based CP-ABE as an example, cloud service provider A stores large amounts of encrypted data. Only users whose attributes satisfy the access policy in ciphertext can decrypt the data. In the face of the temptation of economic interests and “0” risk, many users are willing to disclose their decryption keys This illegal disclosure of the key seriously threatens the privacy of data owners and system security. The above problems hinder the wide application of CP-ABE encryption mechanism in IoT
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
