A Fine-Grained IoT Data Access Control Scheme Combining Attribute-Based Encryption and Blockchain

IoT technology has been widely valued and applied, and the resulting massive IoT data brings many challenges to the traditional centralized data management, such as performance, privacy, and security challenges. This paper proposes an IoT data access control scheme that combines attribute-based encryption (ABE) and blockchain technology. Symmetric encryption and ABE algorithms are utilized to realize fine-grained access control and ensure the security and openness of IoT data. Moreover, blockchain technology is combined with distributed storage to solve the storage bottleneck of blockchain systems. Only the hash values of the data, the hash values of the ciphertext location, the access control policy, and other important information are stored on the blockchain. In this scheme, smart contract is used to implement access control. The results of experiments demonstrate that the proposed scheme can effectively protect the security and privacy of IoT data and realize the secure sharing of data.

Download Full-text

A Fine-Grained User-Divided Privacy-Preserving Access Control Protocol in Smart Watch

Sensors ◽

10.3390/s19092109 ◽

2019 ◽

Vol 19 (9) ◽

pp. 2109

Author(s):

Liming Fang ◽

Minghui Li ◽

Lu Zhou ◽

Hanyi Zhang ◽

Chunpeng Ge

Keyword(s):

Access Control ◽

Data Privacy ◽

Privacy Preservation ◽

Data Access ◽

Privacy Preserving ◽

Security And Privacy ◽

Fine Grained ◽

Data Access Control ◽

Smart Watch ◽

Performance And Evaluation

A smart watch is a kind of emerging wearable device in the Internet of Things. The security and privacy problems are the main obstacles that hinder the wide deployment of smart watches. Existing security mechanisms do not achieve a balance between the privacy-preserving and data access control. In this paper, we propose a fine-grained privacy-preserving access control architecture for smart watches (FPAS). In FPAS, we leverage the identity-based authentication scheme to protect the devices from malicious connection and policy-based access control for data privacy preservation. The core policy of FPAS is two-fold: (1) utilizing a homomorphic and re-encrypted scheme to ensure that the ciphertext information can be correctly calculated; (2) dividing the data requester by different attributes to avoid unauthorized access. We present a concrete scheme based on the above prototype and analyze the security of the FPAS. The performance and evaluation demonstrate that the FPAS scheme is efficient, practical, and extensible.

Download Full-text

Secure and efficient fine-grained data access control scheme in cloud computing1

Journal of High Speed Networks ◽

10.3233/jhs-150524 ◽

2015 ◽

Vol 21 (4) ◽

pp. 259-271 ◽

Cited By ~ 10

Author(s):

Changsong Yang ◽

Jun Ye

Keyword(s):

Access Control ◽

Data Access ◽

Fine Grained ◽

Data Access Control ◽

Control Scheme

Download Full-text

AN EFFICIENT AND FINE-GRAINED BIG DATA ACCESS CONTROL SCHEME WITH PRIVACY-PRESERVING POLICY

International Journal of Advance Engineering and Research Development ◽

10.21090/ijaerd.38344 ◽

2017 ◽

Vol 4 (10) ◽

Keyword(s):

Big Data ◽

Access Control ◽

Data Access ◽

Privacy Preserving ◽

Fine Grained ◽

Data Access Control ◽

Control Scheme

Download Full-text

Multi-Level Attribute-Based Encryption Access Control Scheme for Big Data

MATEC Web of Conferences ◽

10.1051/matecconf/201817303047 ◽

2018 ◽

Vol 173 ◽

pp. 03047

Author(s):

Zhao Li ◽

Shuiyuan Huan

Keyword(s):

Big Data ◽

Access Control ◽

Data Processing ◽

Data Access ◽

Big Data Processing ◽

Fine Grained ◽

Computational Overhead ◽

Data Access Control ◽

Attribute Based Encryption ◽

Multi Level

There are many security threats such as data’s confidentiality and privacy protection in the new application scenario of big data processing, and for the problems such as coarse granularity and low sharing capability existing in the current research on big data access control, a new model to support fine-grained access control and flexible attribute change is proposed. Based on CP-ABE method, a multi-level attribute-based encryption scheme is designed to solve fine-grained access control problem. And to solve the problem of attribute revocation, the technique of re-encryption and version number tag is integrated into the scheme. The analysis shows that the proposed scheme can meet the security requirement of access control in big data processing environment, and has an advantage in computational overhead compared with the previous schemes.

Download Full-text

A Key-Policy Searchable Attribute-Based Encryption Scheme for Efficient Keyword Search and Fine-Grained Access Control over Encrypted Data

Electronics ◽

10.3390/electronics8030265 ◽

2019 ◽

Vol 8 (3) ◽

pp. 265 ◽

Cited By ~ 3

Author(s):

Hui Yin ◽

Yinqiao Xiong ◽

Jixin Zhang ◽

Lu Ou ◽

Shaolin Liao ◽

...

Keyword(s):

Access Control ◽

Large Scale ◽

Keyword Search ◽

Data Access ◽

Encryption Scheme ◽

Encrypted Data ◽

Fine Grained ◽

Data Access Control ◽

Attribute Based Encryption ◽

Key Policy

Attribute based encryption is a promising technique that achieves flexible and fine-grained data access control over encrypted data, which is very suitable for a secure data sharing environment such as the currently popular cloud computing. However, traditional attribute based encryption fails to provide an efficient keyword based search on encrypted data, which somewhat weakens the power of this encryption technique, as search is usually the most important approach to quickly obtain data of interest from large-scale dataset. To address this problem, attribute based encryption with keyword search (ABKS) is designed to achieve fine-grained data access control and keyword based search, simultaneously, by an ingenious combination of attribute based encryption and searchable encryption. Recently, several ABKS schemes have been constructed in secure cloud storage system for data access control and keyword search. Nonetheless, each of these schemes has some defects such as impractical computation overhead and insufficient access policy expression. To overcome these limitations, in this paper, we design a Key-Policy Searchable Attribute-based Encryption Scheme (KPSABES) based on the full-blown key-policy attribute-based encryption proposed by Vipul Goyal et al. By novel design, our scheme not only inherits all advantages of that scheme but also achieves efficient and secure keyword search over encrypted data. We provide the detailed performance analyses and security proofs for our scheme. Extensive experiments demonstrated that our proposed scheme is superior in many aspects to the similar work.

Download Full-text

Blockchain-Enabled Access Management System for Edge Computing

Electronics ◽

10.3390/electronics10091000 ◽

2021 ◽

Vol 10 (9) ◽

pp. 1000

Author(s):

Yong Zhu ◽

Chao Huang ◽

Zhihui Hu ◽

Abdullah Al-Dhelaan ◽

Mohammed Al-Dhelaan

Keyword(s):

Access Control ◽

Management System ◽

Trusted Computing ◽

Academic Research ◽

Data Access ◽

Edge Computing ◽

Security And Privacy ◽

Access Management ◽

Blockchain Technology ◽

Data Access Control

In the post-cloud era, edge computing is a new computing paradigm with data processed at the edge of the network, which can process the data close to the end-user in real time and offload the cloud task intelligently. Meanwhile, the decentralization, tamper-proof and anonymity of blockchain technology can provide a new trusted computing environment for edge computing. However, it does raise considerable concerns of security, privacy, fault-tolerance and so on. For example, identity authentication and access control rely on third parties, heterogeneous devices and different vendors in IoT, leading to security and privacy risks, etc. How to combine the advantages of the two has become the highlight of academic research, especially the issue of secure resource management. Comprehensive security and privacy involve all aspects of platform, data, application and access control. In. this paper, the architecture and behavior of an Access Management System (AMS) in a proof of concept (PoC) prototype are proposed with a Color Petri Net (CPN) model. The two domains of blockchain and edge computing are organically connected by interfaces and interactions. The simulation of operation, activity and role association proves the feasibility and effectiveness of the AMS. The instances of platform business access control, data access control, database services, IOT hub service are run on Advantech WISE-PaaS through User Account and Authentication (UAA). Finally, fine-grained and distributed access control can be realized with the help of a blockchain attribute. Namely, smart contracts are used to register, broadcast, and revoke access authorization, as well as to create specific transactions to define access control policies.

Download Full-text

An efficient attribute-based hierarchical data access control scheme in cloud computing

Human-centric Computing and Information Sciences ◽

10.1186/s13673-020-00255-5 ◽

2020 ◽

Vol 10 (1) ◽

Author(s):

Heng He ◽

Liang-han Zheng ◽

Peng Li ◽

Li Deng ◽

Li Huang ◽

...

Keyword(s):

Cloud Computing ◽

Access Control ◽

High Performance ◽

Data Access ◽

Fine Grained ◽

Security Issues ◽

Access Structures ◽

Data Access Control ◽

Control Scheme ◽

Access Requirement

AbstractSecurity issues in cloud computing have become a hot topic in academia and industry, and CP-ABE is an effective solution for managing and protecting data. When data is shared in cloud computing, they usually have multiple access structures that have hierarchical relationships. However, existing CP-ABE algorithms do not consider such relationships and just require data owners to generate multiple ciphertexts to meet the hierarchical access requirement, which would incur substantial computation overheads. To achieve fine-grained access control of multiple hierarchical files effectively, first we propose an efficient hierarchical CP-ABE algorithm whose access structure is linear secret sharing scheme. Moreover, we construct an attribute-based hierarchical access control scheme, namely AHAC. In our scheme, when a data visitor’s attributes match a part of the access control structure, he can decrypt the data that associate with this part. The experiments show that AHAC has good security and high performance. Furthermore, when the quantity of encrypted data files increases, the superiority of AHAC will be more significant.

Download Full-text

An Efficient and Fine-Grained Big Data Access Control Scheme With Privacy-Preserving Policy

IEEE Internet of Things Journal ◽

10.1109/jiot.2016.2571718 ◽

2017 ◽

Vol 4 (2) ◽

pp. 563-571 ◽

Cited By ~ 48

Author(s):

Kan Yang ◽

Qi Han ◽

Hui Li ◽

Kan Zheng ◽

Zhou Su ◽

...

Keyword(s):

Big Data ◽

Access Control ◽

Data Access ◽

Privacy Preserving ◽

Fine Grained ◽

Data Access Control ◽

Control Scheme

Download Full-text

A fine-grained and lightweight data access control scheme for WSN-integrated cloud computing

Cluster Computing ◽

10.1007/s10586-017-0863-y ◽

2017 ◽

Vol 20 (2) ◽

pp. 1457-1472 ◽

Cited By ~ 6

Author(s):

Heng He ◽

Ji Zhang ◽

Jinguang Gu ◽

Yan Hu ◽

Fangfang Xu

Keyword(s):

Cloud Computing ◽

Access Control ◽

Data Access ◽

Fine Grained ◽

Data Access Control ◽

Control Scheme

Download Full-text

A Secure and Fine-Grained Big Data Access Control Scheme for Cloud-Based Services

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit206448 ◽

2020 ◽

pp. 254-262

Author(s):

Nisha J William ◽

Nisha O S

Keyword(s):

Cloud Computing ◽

Big Data ◽

Access Control ◽

Data Access ◽

End Users ◽

Access Policy ◽

Fine Grained ◽

Data Access Control ◽

Control Scheme ◽

Access Policies

Cloud computing is the delivery of computing services including servers, storage, databases, networking, software, analytics, and intelligence over the Internet. Nowadays, access control is one of the most critical problems with cloud computing. Ciphertext-Policy Attribute Based Encryption (CP-ABE) is a promising encryption technique that enables end-users to encrypt their data under the access policies defined over some attributes of data consumers and only allows data consumers whose attributes satisfy the access policies to decrypt the data. In CP-ABE, the access policy is attached to the ciphertext in plaintext form, which may also leak some private information about end-users. Existing methods only partially hide the attribute values in the access policies, while the attribute names are still unprotected. This paper proposes an efficient and fine-grained big data access control scheme with privacy-preserving policy. Specifically, it hides the whole attribute (rather than only its values) in the access policies. To assist data decryption, it designs an algorithm called Attribute Bloom Filter to evaluate whether an attribute is in the access policy and locate the exact position in the access policy if it is in the access policy. The paper also deals with offline attribute guessing attack. Security analysis and performance evaluation show that this scheme can preserve the privacy from any LSSS access policy without employing much overhead.

Download Full-text