Abstract

Realizing access control to sensitive data offloaded to a Cloud is challenging in the Internet of Things, where various devices with low computational power and different security levels are interconnected. Despite various solutions, the National Institute of Standards and Technology (NIST)’s Attribute-Based Access Control (ABAC) model is one of the preferred techniques in the literature. In this model, users who satisfy access policies using both static and dynamic attributes are allowed to access the data. However, NIST’s ABAC model does not support encryption and therefore does not satisfy data confidentiality. Attribute-Based Encryption (ABE) is a known cryptographic primitive that enables fine-grained access control over encrypted data. However, currently the existing ABE schemes do not meet NIST’s ABAC requirements or are not computationally efficient enough for IoT applications. In this paper, we propose a Multi-Level Security ABAC (MLS-ABAC) scheme that satisfies the requirements of NIST’s ABAC model. Our construction is efficient and relies on a decryption outsourceable Ciphertext-Policy ABE scheme. Additionally, based on realistic application scenarios, only the authorized data users can decrypt the ciphertext, and check the integrity of the retrieved message. Furthermore, we present both conceptual and formal models for our proposed MLS-ABAC architecture along with performance metrics. The experimental results show that the proposed MLS-ABAC achieves a constant ciphertext size of ∼230 bytes and with encryption and decryption running times of ∼18 and ∼10 ms, respectively, independent of the number of attributes.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.