PAC-FIT: An efficient privacy preserving access control scheme for fog-enabled IoT

With the proliferation of data produced by IoT devices, a new paradigm called fog computing has developed that allows processing and analysis of data at the edge. Together with fog, cloud computing co-exists for purposes such as enormous storage, processing resources, etc. However, storage and computation of data at various levels increase the risk of data privacy. Therefore, an access control mechanism is necessary for the fog-cloud framework in an IoT environment. Ciphertext-policy attribute-based encryption (CP-ABE) is a well-known cryptographic mechanism that provides confidentiality and fine-grained access control. Unfortunately, the existing CPABE schemes are not well suited for the cloud-fog-IoT environment as they do not provide the following functionalities together: key-escrow resistance, attribute revocation, attribute addition, and outsourcing of expensive operations. Therefore, this paper proposes a CP-ABE scheme named PAC-FIT that supports key-escrow resistance, attribute revocation, and attribute addition features. Additionally, the expensive encryption and decryption operations are outsourced to fog nodes, which greatly reduces the computational overhead from resource constrained IoT devices. Further, the tasks of attribute revocation and addition are also outsourced to third parties. The cost incurred during attribute revocation and addition are efficient as only those key components and ciphertexts are updated, which are associated with revoked or added attributes. Meanwhile, unlike existing CP-ABE schemes, the user holds a constant size secret key, which remains unchanged throughout. The security analysis proves that PAC-FIT is secure against Chosen-Plaintext Attack under Decisional Bilinear Diffie-Hellman assumption. The performance analysis shows that PAC-FIT is efficient and suitable for IoT devices.

Automated summary

This paper proposes a CP-ABE scheme named PAC-FIT that supports key-escrow resistance, attribute revocation, and attribute addition features. Additionally, expensive encryption and decryption operations are outsourced to fog nodes, reducing computational overhead for resource constrained IoT devices. Attribute revocation and addition tasks are also outsourced to third parties efficiently.