Ciphertext-Policy Attribute-Based Encryption for Cloud Storage: Toward Data Privacy and Authentication in AI-Enabled IoT System

People can store their data on servers in cloud computing and allow public users to access data via data centers. One of the most difficult tasks is to provide security for the access policy of data, which is also needed to be stored at cloud servers. The access structure (policy) itself may reveal partial information about what the ciphertext contains. To provide security for the access policy of data, a number of encryption schemes are available. Among these, CP-ABE (Ciphertext-Policy Attribute-Based Encryption) scheme is very significant because it helps to protect, broadcast, and control the access of information. The access policy that is sent as plaintext in the existing CP-ABE scheme along with a ciphertext may leak user privacy and data privacy. To resolve this problem, we hereby introduce a new technique, which hides the access policy using a hashing algorithm and provides security against insider attack using a signature verification scheme. The proposed system is compared with existing CP-ABE schemes in terms of computation and expressive policies. In addition, we can test the functioning of any access control that could be implemented in the Internet of Things (IoT). Additionally, security against indistinguishable adaptive chosen ciphertext attacks is also analyzed for the proposed work.

Ciphertext-Policy Attribute-Based Encryption with Outsourced Set Intersection in Multimedia Cloud Computing

In a multimedia cloud computing system, suppose all cloud users outsource their own data sets to the cloud in the encrypted form. Each outsourced set is associated with an access structure such that a valid data user, Bob, with the credentials satisfying the access structure is able to conduct computing over outsourced encrypted set (e.g., decryption or other kinds of computing function). Suppose Bob needs to compute the set intersection over a data owner Alice’s and his own outsourced encrypted sets. Bob’s simple solution is to download Alice’s and Bob’s outsourced encrypted sets, perform set intersection operation, and decrypt the set intersection ciphertexts. A better solution is for Bob to delegate the cloud to calculate the set intersection, without giving the cloud any ability in breaching the secrecy of the sets. To solve this problem, this work introduces a novel primitive called ciphertext-policy attribute-based encryption with outsourced set intersection for multimedia cloud computing. It is the first cryptographic algorithm supporting a fully outsourced encrypted storage, computation delegation, fine-grained authorization security for ciphertext-policy model, without relying on an online trusted authority or data owners, and multi-elements set, simultaneously. We construct a scheme that provably satisfies the desirable security properties, and analyze its efficiency.

Simplified ciphertext-policy attribute-based encryption scheme with attribute level collusion resistance for cloud storage

The core objective of our paper is that to overcome the challenges of secure data sharing problem in cloud where users can access data if they acquire a certain set of attributes or credentials. At present, there is only one way for implementing such procedures is by employing a reliable server to mediate access control, store the data. The service providers have whole control over cloud applications, client’s data and hardware. However, if the data stored in the cloud server is conceded, then the data confidentiality will be compromised. With simplified CP-ABE data is confidential even though storage server is un trusted. Hence privacy of cloud data is enhanced by proposing a methodology that uses a privacy policy, encrypts the data based upon various group of attributes related to the user. The decryption of the data can be done only when his/her attributes match with the privacy policy. Simplified CP-ABE makes it easier to secure, broadcast and control the access of sensitive information, specifically across the cloud’s server and decrease collision resistance.

Speech Encryption Scheme Based on Ciphertext Policy Hierarchical Attribute in Cloud Storage

In order to ensure the confidentiality and secure sharing of speech data, and to solve the problems of slow deployment of attribute encryption systems and fine-grained access control in cloud storage, a speech encryption scheme based on ciphertext policy hierarchical attributes was proposed. First, perform hierarchical processing of the attributes of the speech data to reflect the hierarchical structure and integrate the hierarchical access structure into a single-access structure. Second, use the attribute fast encryption framework to construct the attribute encryption scheme of the speech data, and use the integrated access to the speech data; thus, the structure is encrypted and uploaded to the cloud for storage and sharing. Finally, use the hardness of decisional bilinear Diffie–Hellman (DBDH) assumption to prove that the proposed scheme is secure in the random oracle model. The theoretical security analysis and experimental results show that the proposed scheme can achieve efficient and fine-grained access control and is secure and extensible.

Towards Virtuous Cloud Data Storage Using Access Policy Hiding in Ciphertext Policy Attribute-Based Encryption

Managing and controlling access to the tremendous data in Cloud storage is very challenging. Due to various entities engaged in the Cloud environment, there is a high possibility of data tampering. Cloud encryption is being employed to control data access while securing Cloud data. The encrypted data are sent to Cloud storage with an access policy defined by the data owner. Only authorized users can decrypt the encrypted data. However, the access policy of the encrypted data is in readable form, which results in privacy leakage. To address this issue, we proposed a reinforcement hiding in access policy over Cloud storage by enhancing the Ciphertext Policy Attribute-based Encryption (CP-ABE) algorithm. Besides the encryption process, the reinforced CP-ABE used logical connective operations to hide the attribute value of data in the access policy. These attributes were converted into scrambled data along with a ciphertext form that provides a better unreadability feature. It means that a two-level concealed tactic is employed to secure data from any unauthorized access during a data transaction. Experimental results revealed that our reinforced CP-ABE had a low computational overhead and consumed low storage costs. Furthermore, a case study on security analysis shows that our approach is secure against a passive attack such as traffic analysis.

Secure Multi-Keyword Search and Access Control over Electronic Health Records in Wireless Body Area Networks

Wireless body area network (WBAN) consists of a number of sensors that are worn on patients to collect dynamic e-health records (EHRs) and mobile devices that aggregate EHRs. These EHRs are encrypted at mobile devices and then uploaded to the public cloud for storage and user access. To share encrypted EHRs with users effectively, help users retrieve EHRs accurately, and ensure EHRs confidentiality, a secure multi‐keyword search and access control (SMKS-AC) scheme is proposed, which implements encrypted EHRs access control under the ciphertext-policy attribute-based encryption (CP-ABE). SMKS-AC provides multi‐keyword search for accurate EHRs retrieval, supports the validation of decrypted EHRs, and traces and revokes the identity of users who leak private key. Security analysis shows that SMKS-AC is secure against chosen keyword and chosen plaintext attacks. Through theoretical analysis and experimental verification, the proposed SMKS-AC scheme requires less storage resources and computational costs on mobile devices than existing schemes.

BEI-TAB: Enabling Secure and Distributed Airport Baggage Tracking with Hybrid Blockchain-Edge System

Global air transport carries about 4.3 billion pieces of baggage each year, and up to 56 percent of travellers prefer obtaining real-time baggage tracking information throughout their trip. However, the traditional baggage tracking scheme is generally based on optical scanning and centralized storage systems, which suffers from low efficiency and information leakage. In this paper, a blockchain and edge computing-based Internet of Things (IoT) system for tracking of airport baggage (BEI-TAB) is proposed. Through the combination of radio frequency identification technology (RFID) and blockchain, real-time baggage processing information is automatically stored in blockchain. In addition, we deploy Interplanetary File System (IPFS) at edge nodes with ciphertext policy attribute-based encryption (CP-ABE) to store basic baggage information. Only hash values returned by the IPFS network are kept in blockchain, enhancing the scalability of the system. Furthermore, a multichannel scheme is designed to realize the physical isolation of data and to rapidly process multiple types of data and business requirements in parallel. To the best of our knowledge, it is the first architecture that integrates RFID, IPFS, and CP-ABE with blockchain technologies to facilitate secure, decentralized, and real-time characteristics for storing and sharing data for baggage tracking. We have deployed a testbed with both software and hardware to evaluate the proposed system, considering the performances of transaction processing time and speed. In addition, based on the characteristics of consortium blockchain, we improved the practical Byzantine fault tolerance (PBFT) consensus protocol, which introduced the node credit score mechanism and cooperated with the simplified consistency protocol. Experimental results show that the credit score-based PBFT consensus (CSPBFT) can shorten transaction delay and improve the long-term running efficiency of the system.

Efficient access control with traceability and user revocation in IoT

With the universality and availability of Internet of Things (IoT), data privacy protection in IoT has become a hot issue. As a branch of attribute-based encryption (ABE), ciphertext policy attribute-based encryption (CP-ABE) is widely used in IoT to offer flexible one-to-many encryption. However, in IoT, different mobile devices share messages collected, transmission of large amounts of data brings huge burdens to mobile devices. Efficiency is a bottleneck which restricts the wide application and adoption of CP-ABE in Internet of things. Besides, the decryption key in CP-ABE is shared by multiple users with the same attribute, once the key disclosure occurs, it is non-trivial for the system to tell who maliciously leaked the key. Moreover, if the malicious mobile device is not revoked in time, more security threats will be brought to the system. These problems hinder the application of CP-ABE in IoT. Motivated by the actual need, a scheme called traceable and revocable ciphertext policy attribute-based encryption scheme with constant-size ciphertext and key is proposed in this paper. Compared with the existing schemes, our proposed scheme has the following advantages: (1) Malicious users can be traced; (2) Users exiting the system and misbehaving users are revoked in time, so that they no longer have access to the encrypted data stored in the cloud server; (3) Constant-size ciphertext and key not only improve the efficiency of transmission, but also greatly reduce the time spent on decryption operation; (4) The storage overhead for traceability is constant. Finally, the formal security proof and experiment has been conducted to demonstrate the feasibility of our scheme.