| As an effective solution for distributed applications of the Internet of Things,fog computing complements cloud computing and promotes the development of the Internet of Things together with cloud computing.Cloud-fog storage has become the first choice for data storage in Io T devices.However,for the data stored on the fog node or cloud server,the device cannot fully control them.In order to ensure the secure access of data,the ciphertext-based attribute-based encryption(CP-ABE)technology is widely used in cloud storage systems,which can ensure the confidentiality of data and meet the requirements of fine-grained data access control.However,the existing CP-ABE schemes have many problems in practical applications,such as the computational burden caused by complex encryption and decryption operations on resource-limited Io T devices;single point of failure caused by a single authorization center;the Internet of Things is dynamic,which causes attributes and users change frequently,increasing the difficulty of attribute and user revocation,and so on.To solve the above problems,a multi-authority access control scheme that supports computing outsourcing in fog computing is proposed.This scheme is built in the environment of multiple attribute authorization agencies,outsourcing part of the encryption and decryption calculations from the Internet of Things devices to the neighboring fog nodes.The devices only need to perform a small amount of calculations to complete the data encryption and decryption operations.This scheme reduces the computing overhead of resource-limited Io T devices while achieving fine-grained data access control,and is suitable for actual Io T application scenarios.An access control scheme with user and attribute revocation in fog computing is proposed,which adds a permission update mechanism to the above access control scheme.For attribute revocation,this scheme revokes attributes based on the concept of attribute groups.By reducing the updated ciphertext part and changing the calculation method of the updated key,the efficiency of ciphertext update and key update in the original revocation method are improved respectively.For user revocation,a new efficient user revocation method suitable for fog computing is proposed.The fog node and neighboring devices form a user group.The fog node realizes the revocation of users in the user group by updating the user group version key.There is no need to update the ciphertext during the user revocation.Finally,the security and performance of the two proposed access control schemes are analyzed respectively.The analysis results show that the two proposed schemes have high security and system efficiency,and can be applied to cloud-fog storage systems. |
PDF Full Text Request