Secure and Fine-Grained Self-Controlled Outsourced Data Deletion in Cloud-Based IoT

Abstract

The emerging cloud-based Internet of Things (IoT) paradigm enables IoT devices to directly upload their collected data to the remote cloud and allows data owners (DOs) to conveniently manage those data through cloud APIs, which has greatly reduced infrastructure investment and data management cost in many IoT applications. Considering that the outsourced data are out of the physical control of DOs and the cloud server (CS) cannot always be fully trusted, how to securely delete the unneeded sensitive data stored in cloud to prevent potential data leakage issues is a big challenge. Most of the existing solutions only support coarse-grained deletion and rely on the participation of the CS, so their flexibility and practicability are seriously restricted. In this article, based on an enhanced policy-based puncturable encryption (P-PUN-ENC) primitive, we propose a secure and fine-grained self-controlled outsourced data deletion scheme in cloud-based IoT. The main contribution of our scheme is that it enables DOs to precisely and permanently delete their outsourced IoT-driven data in a policy-based way without relying on the CS. To achieve this, we subtly utilize the logical relationship between the puncture policy and access policy, and design a policy transform method to convert the puncture process based on the puncture policies into the update process of access policies. Then, we utilize a key delegation technique in attribute-based encryption (ABE) to complete the corresponding key update operations. Additionally, to address the issue of growing key storage and decryption cost in P-PUN-ENC, we propose the outsourced policy-based puncturable encryption (OP-PUN-ENC) primitive by combining the key and decryption outsource technique with P-PUN-ENC. Comprehensive comparisons show that our proposed scheme can better meet the data deletion requirements in cloud-based IoT, and formal security proof and extensive simulation results demonstrate the reliability and efficiency of the proposed scheme.