Match in My Way: Fine-Grained Bilateral Access Control for Secure Cloud-Fog Computing

Cloud-fog computing is a novel paradigm to extend the functionality of cloud computing to provide a variety of on-demand data services via the edge network. Many cryptographic tools have been introduced to preserve data confidentiality against the untrustworthy network and cloud servers. However, how to efficiently identify and retrieve useful data from a large number of ciphertexts without a costly decryption mechanism remains a challenging problem. In this article, we introduce a cloud-fog-device data sharing system (CFDS) with data confidentiality and data source identification simultaneously based on a new cryptographic primitive named matchmaking attribute-based encryption (MABE) by extending matchmaking encryption in CRYPTO'19. Our solution offers a secure fine-grained bilateral access control that includes (1) fine-grained sender access control, (2) fine-grained receiver access control, (3) sender privacy, and (4) performance optimization via outsourcing data source identification to fog nodes. We give the formal definition and security models of MABE, and present a concrete construction with formal security proofs. We also offer a detailed security analysis of our proposed CFDS against real-world security threats. The extensive comparison and experimental simulation demonstrate that, by immigrating heavy workload to fog nodes, our scheme has better functionalities and performances than the most related solutions.

Automated summary

This article introduces a cloud-fog-device data sharing system based on matchmaking attribute-based encryption (MABE), which provides data confidentiality and data source identification simultaneously. The system offers secure fine-grained bilateral access control and performance optimization, outperforming related solutions in terms of functionality and performance.