Secure, Efficient, and Weighted Access Control for Cloud-Assisted Industrial IoT

Abstract

In the cloud-assisted Industrial Internet of Things (IIoT), ciphertext-policy attribute-based encryption (CP-ABE) could help the data owner (DO) share his sensitive data via the cloud under self-defined access structures. Among general CP-ABE schemes, the decryption overhead, the key generation cost, and the ciphertext length increase with the number of involved attributes. Additionally, only regular attributes are taking into consideration rather than weighted attributes. In this article, we proposed a secure, efficient, and weighted access control scheme (SEWAC) for cloud-assisted IIoT applications. SEWAC enables the DO to formulate any fine-grained access structure over weighted attributes without making it more complicated. Furthermore, such weighted attributes would not add the length of ciphertext. SEWAC also supports online/offline key generation to alleviate the computational cost of the authority from answering mass key requests in the online phase, while most computational tasks are executed in the offline phase. The heavy decryption overhead is offloaded to the cloud. To ensure the cloud to honestly execute the process of outsourced decryption, we design an efficient batch verification method, which allows the user to spend only three bilinear pairing operations in checking the correctness of batch results. We also give the formal security proof of the proposed scheme. Comprehensive comparisons and implementation results indicate that SEWAC can better achieve weighted access control, compressed ciphertext length, efficient key generation, and the assurance of the outsourced decryption result.