Research On Attribute-based Encryption Scheme For Public Cloud Storage Data

Tons of data is generated by Internet of Things devices(IoTDs)per second,while those resource-limited devices cannot store and manage these data in a proper way.With the continuous development and improvement of cloud computing technology,cloud-Internet of Things(CIoT)architecture has been proposed and has received increasing attention.However,outsourced storage will bring a series of security and privacy issues,such as illegal access and data leakage.Traditional symmetric encryption or public key encryption technology can ensure data confidentiality while one-to-many data sharing cannot be realized simultaneously as the data owner has to authorize every access for the data user.This issue will not only impose a huge burden on the data owner,but also increase the communication overhead of the whole system.Attribute-based encryption(ABE)technology is considered to be one of the most promising technologies to solve the above problem.Not only can it protect the confidentiality of data,but more importantly,it can realize one-to-many fine-grained data sharing without direct interactions between data users and data owners.In ciphertext-policy ABE(CPABE)schemes,the data owner uses a self-defined access structure to encrypt the data and then upload it to the cloud.A data user can decrypt correctly if and only if its attribute set satisfies this access structure.Although some classic attribute-based encryption schemes have been proposed,the application of ABE to CIoT scenarios still faces some obstacles,including the absence of some practical functions and the heavy computing overhead of IoT devices caused by the decryption.Targeted at this specific application scenario,this paper proposes three improved attribute-based encryption schemes.(1)The first scheme is an outsourced attribute-based encryption scheme with white-box traceability.When a legitimate user leaks its private key to an illegal user,the white-box tracing algorithm can recover the user's global identity number corresponding to the key.In addition,this scheme achieves fully hidden policy in order to ensure user privacy,that is,eavesdroppers cannot obtain user privacy information through access sturctures in the communication channel.As most of decryption overhead is outsourced to a third-party server-the cloud,which greatly reduces the computing overhead of users,this scheme is practical for Internet of Things.(2)The second scheme is a blockchain-assisted searchable attribute-based encryption,which innovatively uses a coalition blockchain to replace the general attribute authority center,in which the blockchain nodes generate system parameters and user private keys in the threshold way by the secret sharing protocol.The overall security and robustness of the scheme have been greatly improved as the result of the distribution and unforgeability of blockchain.Moreover,the key esckow issue and the single security hole are avoided and the efficient user-level revocation is implemented.Besides,the blockchain also enables fine-grained keyword-based search by assisting users in the generation of search tokens.This scheme achieves the same outsourcing decryption as the first scheme.(3)The third scheme is a lightweight attribute-based signcryption scheme for cloud-fog IoT.Signcryption can simultaneously guarantee data confidentiality and authentication within one cryptographic primitive by signing the message while encrypting.It is worth noting that,considering the actual application scenario-the Internet of Things,this scheme designs and implements a hybrid-policy signcryption,which combines the ciphertext–policy attribute-based encryption and the key-policy attribute-based signature.Furthermore,this scheme is based on the cloud-fog IoT architecture.By outsourcing encryption,signing and decryption to fog nodes that are geographically closer to the underlying IoTDs,it achieves a lightweight attribute-based signcryption scheme while ensuring low latency.The security proof shows that this scheme realizes the security of indistinguishability of ciphertext under adaptive selection ciphertext attack.