Publication Type

Journal Article

Version

acceptedVersion

Publication Date

8-2019

Abstract

Internet of Things (IoT) cloud provides a practical and scalable solution to accommodate the data management in large-scale IoT systems by migrating the data storage and management tasks to cloud service providers (CSPs). However, there also exist many data security and privacy issues that must be well addressed in order to allow the wide adoption of the approach. To protect data confidentiality, attribute-based cryptosystems have been proposed to provide fine-grained access control over encrypted data in loT cloud. Unfortunately, the existing attributed-based solutions are still insufficient in addressing some challenging security problems, especially when dealing with compromised or leaked user secret keys due to different reasons. In this paper, we present a practical attribute-based access control system for loT cloud by introducing an efficient revocable attribute-based encryption scheme that permits the data owner to efficiently manage the credentials of data users. Our proposed system can efficiently deal with both secret key revocation for corrupted users and accidental decryption key exposure for honest users. We analyze the security of our scheme with formal proofs, and demonstrate the high performance of the proposed system via experiments. (C) 2019 Elsevier B.V. All rights reserved.

Keywords

IoT cloud, Attribute-based encryption, Revocation, Decryption key exposure

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Future Generation Computer Systems

Volume

97

First Page

284

Last Page

294

ISSN

0167-739X

Identifier

10.1016/j.future.2019.02.051

Publisher

Elsevier

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1016/j.future.2019.02.051

Download

Share

COinS