One of the best ways to deal with the massive data generated by the Internet of Things (IoT) is storing them in the cloud. However, outsourced storage raises some security and privacy issues, such as data leaking and illegal access. The attribute-based signcryption (ABSC) is one of the most promising approaches which can ensure the confidentiality and authenticity of data simultaneously. Nonetheless, it not only inherits the fine-grained access control but also the heavy computational cost which is intolerable for most resource-limited IoT devices. In this article, we propose lightweight hybrid-policy ABSC (LH-ABSC), a lightweight ABSC scheme which adopts ciphertext-policy encryption (CPABE) and key-policy attribute-based signature (KPABS). Ciphertext-policy attribute-based signature leads the decision making that who can decrypt to the data owners directly. Meanwhile, the signature is related with data owners' attribute set which can be used to testify the authenticity of data. In particular, LH-ABSC has constant signature size and satisfies public verification which is deeply important for IoT devices. Moreover, LH-ABSC outsources most computing overhead to fog nodes, including signature, verify, and decryption. Comprehensive theoretical analyses, such as confidentiality, unforgeability, and verifiability, are provided. Also, the selective chosen ciphertext security, the selective chosen message security, and signers anonymity are achieved.
Read full abstract