<p>In the Internet of Things (IoT) environment, the end-cloud collaborative architecture enables secure sharing and processing of massive data between the terminals and the cloud. It highlights establishing trusted transmission and computing mechanisms to ensure security over the data’s full lifecycle. However, privacy issues about illegal access and forgery of sensitive data are increasingly severe during the computation, storage, and distribution process, thus hindering the development of IoT. Although the bilateral access control methods for end-cloud collaboration enforce access control on user privilege and ensure data source credibility through authentication mechanisms, they struggle to balance forward security and communication cost, resulting in limited key updating efficiency and policy flexibility. To address these practical issues, this paper proposes a novel forward secure bilateral access control scheme named FSBiAC for end-cloud collaborative IoT, which draws on the idea of matchmaking encryption and puncturable encryption. Our scheme outsources a significant portion of puncture tasks to reduce local updating overhead, while the bi-directional match between policies and attributes ensures fine-grained bilateral access control. Detailed proofs demonstrate that FSBiAC achieves semantic security under selectively chosen plaintext attacks (IND-sCPA) and existential unforgeability under chosen message attacks (EUF-CMA). Simulation shows that FSBiAC realizes superior computation and storage overhead compared to the previous studies.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Forward secure bilateral access control for end-cloud collaborative Internet of Things

  • Keyong Hong,
  • Jianfeng Ma,
  • Chuang Tian,
  • Xiangyu Wang,
  • Dilxat Ghopur,
  • Junwei Zhang,
  • Xinghua Li

摘要

In the Internet of Things (IoT) environment, the end-cloud collaborative architecture enables secure sharing and processing of massive data between the terminals and the cloud. It highlights establishing trusted transmission and computing mechanisms to ensure security over the data’s full lifecycle. However, privacy issues about illegal access and forgery of sensitive data are increasingly severe during the computation, storage, and distribution process, thus hindering the development of IoT. Although the bilateral access control methods for end-cloud collaboration enforce access control on user privilege and ensure data source credibility through authentication mechanisms, they struggle to balance forward security and communication cost, resulting in limited key updating efficiency and policy flexibility. To address these practical issues, this paper proposes a novel forward secure bilateral access control scheme named FSBiAC for end-cloud collaborative IoT, which draws on the idea of matchmaking encryption and puncturable encryption. Our scheme outsources a significant portion of puncture tasks to reduce local updating overhead, while the bi-directional match between policies and attributes ensures fine-grained bilateral access control. Detailed proofs demonstrate that FSBiAC achieves semantic security under selectively chosen plaintext attacks (IND-sCPA) and existential unforgeability under chosen message attacks (EUF-CMA). Simulation shows that FSBiAC realizes superior computation and storage overhead compared to the previous studies.