A Secure Data-Sharing Scheme for Privacy-Preserving Supporting Node–Edge–Cloud Collaborative Computation
Abstract
:1. Introduction
2. Related Work
3. Preliminary
3.1. Notations
- —The licensing attribute set is , which is updated periodically.
- — represents the attribute set of user .
- — is the Lagrange coefficient in this scheme.
- —The access control policy is composed of fine-grained access control conditions, such as attribute logic statements linked by “and”, “or”, and “not”.
- —The access control tree is generated according to the access control policy .
- —This represents the - node in the - layer from tree , including the root node, leaf node, transfer node, and inserted control node.
- — represents the index number corresponding to node x in . is the parent node of node x; is the attribute of node x; and are the polynomial and threshold values corresponding to node x; is the degree of polynomial .
- — has ℓ content key , which corresponds to the ℓ access control level. The ℓ secret values are embedded in the access control tree .
- —This denotes the threshold corresponding to the nonleaf node. The secret is decomposed into n shares, where . If t shares are collected, the secret can be restored.
- —The plaintext document set includes N documents, namely .
- E—The ciphertext document set includes N documents, which are divided into ℓ sets. is the document context key set. , which means encrypt to by key .
3.2. Bilinear Mapping
- (1)
- .
- (2)
- .
- (3)
- ; can be computed efficiently.
3.3. Some Difficult Problems in Cryptography
3.4. Decisional Bilinear Diffie–Hellman(DBDH)
3.5. Access Control Structure and Access Control Tree
3.6. Threshold Secret-Sharing Mechanism
3.7. Kerckhoffs’ Principle
4. Construction of DS-ABE-CC
4.1. Design Objectives
4.2. Overall Model
4.2.1. Overall Architecture
- 1.
- Key generation center (KGC): This entity is completely trusted and referred to as the KGC. The KGC is responsible for managing the system’s public parameter and the master key . It facilitates key distribution and attribute management for all entities within the system.
- 2.
- Cloud service provider (CSP): This entity is a semi-trusted entity that provides ciphertext storage and computing services. Firstly, it can faithfully execute the preset calculation protocol and return the correct results. Secondly, it curiously guesses the privacy of each entity and tries to crack the encrypted ciphertext.
- 3.
- Data owners (DOs): The DOs are responsible for defining the access structure and performing data encryption operations, embedding the access control policy into the encrypted file E with the help of ENs, then delegating it to the CSP.
- 4.
- Data users (DUs): These entities generally refer to the end-users of the IoT, who access the data stored in the CSP. DUs who meet predefined access control policies can access, download, and decrypt target ciphertext.
- 5.
- Edge nodes (ENs): The ENs are entities between the DOs, DUs, and CSP centers, which provide certain storage, computing, and other resources. In this model, part of the computing overhead of the DOs and DUs is transferred to the edge nodes (ENs) to reduce the users’ computing overhead. The ENs is considered “honest and curious" like CSP.
4.2.2. Overview of DS-ABE-CC
- : The input includes the initial security parameter , and the output parameters from the KGC consist of the public parameter and the master key for the system.
- : The KGC distributes keys for each entity. The algorithm is executed by the KGC, which inputs the user , attribute set , and master key , then generates the corresponding attribute key for each DU.
- : The data owner DO and the edge nodes (ENs) executed this algorithm in cooperation. The public parameter , access control policy , and content key are input. According to , the plaintext is encrypted into the ciphertext .
- : The algorithm is executed by user and edge node in cooperation, which input the parameters , ciphertext , and attribute private key of user . If user can meet the preset access control policy , then the ciphertext can be decrypted to plaintext content key . Otherwise, the plaintext content key cannot be returned.
- : Input the attribute to be updated, public key , ciphertext , and user’s attribute key . Finally, the attributes key and ciphertext will be updated as and , separately.
4.3. Threat Model
5. Realization of DS-ABE-CC Scheme
5.1. Hierarchical Access Control Tree Supporting Privacy Preservation
- : The parent node of a null attribute is defined as the control node. The BD in tree represents the control node.
- : The transfer node set minus the control node set is the hierarchical node. For example, the node ACE is the hierarchical node.
- : The leaf nodes are the lowest nodes in the access control tree , in which each leaf represents an attribute .
- If the content key associated with the root node can be recovered by the DUs, then they have the highest level of access rights.
- If the content key can be recovered by the DUs, then they have the second-level access right.
- If the content key can be recovered by the DUs, then they have the third level of access.
5.2. The Secure Data Sharing Scheme Supporting Node–Edge–Cloud Computation
- 1.
- is a p-order multiplicative cyclic group, in which g is a generator. The hash function is defined as . Randomly selecting two parameters , the KGC generates master key and public parameter .
- 2.
- First, the KGC distributes keys for each entity. Then, input the master key and attribute set of user , and the attribute key is generated for each end-user DU.
- Firstly, the KGC generates a secret key for each data owner DO, whose public key is . In the same manner, the KGC generates a secret key for each end-user DU, whose public key is , and secret key for each edge node EN, whose public key is . The public key of each entity is broadcast in public.
- Firstly, the KGC issues the identity shield token and the attribute set to the end-user DU. From the public key , the primitive attribute key of the user DU is after key agreement as follows.Finally, the user DU sends primitive attribute key with its own attribute , namely (), to the edge node EN.
- . Finally, according to attribute set of user DU, the edge node EN generates a random value for every target attribute . Then, the attribute key of user DU is as follows.
Finally, is sent to the CSP for data sharing by edge node EN. - 3.
- This inputs access control policy , public key , and context key . The owners and upstream ENs cooperate to complete encryption. First, the owner only needs to perform lightweight constant operations to generate pre-encrypted ciphertext, which is sent to the upstream edge node. Then, the EN will complete the remaining encryption calculations. The ciphertext will be generated. Assume the private and public key pair of the upstream edge node of is .
- : The DO defines the access level of each document and key , then encrypts into ciphertext based on the corresponding level key , namely . It will obtain a set of dictionaries containing encrypted documents and corresponding levels, namely . Lastly, the DO randomly selects and encrypts the content key into ciphertext .Then, the is sent to edge node EN.
- : First, the EN randomly selects , to obtain . Then, for every nonleaf node x in from top to bottom, sequentially, a -order constant polynomial is generated, where is the threshold value. Secondly, it sets in the root node. Subsequently, following the same rule, the remaining child node x of the root node is set with the corresponding constant polynomial . If node x is a hierarchy node, then . If node x is not a hierarchy node, then . Lastly, must be embedded in the root node and hierarchical nodes in the tree in turn. An access control tree is built for access policy . Each leaf node in corresponds to a licensing attribute. Finally, is the licensing attribute set. The X in tree T is a transport node set. is the children of the threshold set of transport node , namely . The data owner computes for each node for set X and for all as follows in Equation (5).The EN extracts all leaf nodes y of access control tree , to build leaf node set Y. A random number is generated for each leaf . Based on access control tree , the content key will be computed as the final ciphertext .
The final ciphertext encrypted by the edge node EN is sent to the CSP. - 4.
- Input the ciphertext , user’s attribute key , and public key . If the user attributes can meet the preset access policy, can be decrypted from . Otherwise, the corresponding cannot be decrypted, and ⊥ will be output. The edge node EN first decrypts the ciphertext and sends the semi-decrypted ciphertext to the user DU. Then, the DU only needs to execute a lightweight constant calculation to decrypt the ciphertext. Meanwhile, the users DU can verify the decrypted results.
- : In the access control phase, the following protocol is implemented for attribute verification. After receiving the , the EN will map the attributes to . We define the recursive operation , in which x represents a node in . If x belongs to the leaf node, namely , set , then the recursive operation is executed as Equation (7).Let , which can be computed as follows in Equation (8).When x is a non-leaf node in tree , the operation is required for each sub-node z of x. Assume there is a random node set , whose size is . The recursive process continues if all child nodes of x are in set . Otherwise, will be obtained. Let , . We obtain the below Equation (9).The can be obtained when the attribute set can meet the i--level access control condition. Meanwhile, the lower-level correlation value can be obtained through recursive calculation. The specific recursive operation is as follows in Equation (10). Through analysis, our scheme has a lower overhead to achieve hierarchical access control than other schemes [17,34].Therefore, can be calculated in turn. Meanwhile, when the attribute set can meet the authorization conditions , the following calculation can be performed correctly as follows in Equation (11).Finally, the edge node EN sends to the end-user DU.
- : Finally, end-user DU can compute and restore the context key through a simple exponential operation based on as follows in Equation (12).
- : In the IoT scenario, the users need to verify whether their decrypted is correct or not. The user checks whether the following equation is true as follows.If Equation (13) holds, then the outsourcing computing is correct, and the user DU can obtain corresponding access level and decrypt the plaintext document using the symmetric key . Otherwise, there are some errors in the outsourcing computing, which means that the legitimate user has obtained the wrong decryption result, then “⊥” will be obtained.
- : The CSP downloads the ciphertext set of the corresponding level to users DU through edge nodes EN, and the user DU can decrypt the plaintext document using the symmetric key as follows.
This scheme is based on lightweight methods to achieve decryption and verification. - 5.
- scenarios in the IoT, the authorization attribute is dynamic. The malicious DUs can use outdated attribute keys to access secret data. Considering these, our scheme needs to support attribute update [35]. Input the attribute to be updated, public key , ciphertext , and the user’s attribute key . Generate attribute update key and ciphertext update key . Then, the attribute key and ciphertext will be updated.
- Assume that the attribute is revoked or updated to . The KGC generates attribute update key , then sends the attribute update secret to the DUs that hold these attributes, but have not been revoked. Finally, the DUs will update its attribute key as follows in Equation (15).At the same time, the KGC sends the attribute update key to the CSP, which updates the ciphertext as follows in Equation ( 16).
- When the data owner DO updates a secret value to , the DO generates ciphertext update key and sends it to the CSP. The CSP can refresh the ciphertext as follows in Equation (17).Finally, the attribute revocation or update and ciphertext update are realized through these lightweight methods.
5.3. Feasibility Verification
5.4. Functional Comparison
6. Security and Performance Analysis
6.1. Privacy and Security Analysis
6.1.1. Privacy Analysis
- For the ENs: The ciphertext observed by the edge node is as follows in Equation (20).
- For the CSP: The ciphertext observed by the CSP is as follows in Equation (21).
6.1.2. Security Analysis
6.2. Performance Analysis
6.2.1. Time and Space Complexity Analysis
6.2.2. Computational Performance Simulation
7. Conclusions
Author Contributions
Funding
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
Abbreviations
IoT | Internet of Things |
CSP | Cloud service provider |
DO | Data owner |
DU | Data user |
ABE | Attribute-based encryption |
CP-ABE | Ciphertext-policy attribute-based encryption |
CPA | Chosen-plaintext attack |
DS-ABE-CC | A data sharing scheme of ABE supporting node–edge–cloud collaborative computation |
LSSS | Linear secret-sharing scheme. |
References
- Song, D.X.D.; Wagner, D.; Perrig, A. Practical Techniques For Searches On Encrypted Data. In Proceedings of the 2000 IEEE Symposium on Security And Privacy, Berkeley, CA, USA, 14–17 May 2000; pp. 44–55. [Google Scholar]
- Zheng, K.F.; Wang, N.; Liu, J.W. An efficient multikeyword fuzzy ciphertext retrieval scheme based on distributed transmission for internet of things. Int. J. Intell. Syst. 2022, 37, 7419–7443. [Google Scholar]
- Shamir, A. Identity-Based Cryptosystems And Signature Schemes. In Proceedings of the Advances in Cryptology: Proceedings of CRYPTO 84; Springer: Berlin/Heidelberg, Germany, 1985; pp. 47–53. [Google Scholar]
- Boneh, D.; Franklin, M. Identity-Based Encryption from the Weil pairing. In Proceedings of the Advances in Cryptology—CRYPTO 2001: 21st Annual International Cryptology Conference, Santa Barbara, CA, USA, 19–23 August 2001; pp. 213–229. [Google Scholar]
- Sahai, A.; Waters, B. Fuzzy identity-based encryption. Proceedings of Advances in Cryptology–EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, 22–26 May 2005; pp. 457–473. [Google Scholar]
- Waters, B. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Proceedings of the 14th International Conference on Practice and Theory In Public Key Cryptography Conference on Public Key Cryptography (PKC’11); Taormina, Italy, 6–9 March 2011; pp. 53–70. [Google Scholar]
- Ning, J.T.; Huang, X.Y.; Wei, L.F. Tracing malicious insider in attribute-based cloud data sharing. Chin. J. Comput. 2022, 45, 1431–1445. [Google Scholar]
- Bethencourt, J.; Sahai, A.; Waters, B. Ciphertext-policy attribute-based encryption. Proceedings of 2007 IEEE Symposium on Security And Privacy (Sp’07), Berkeley, CA, USA, 20–23 May 2007; pp. 321–334. [Google Scholar]
- Zhang, P.; Chen, Z.; Li, J.K. An efficient access control scheme with outsourcing capability and attribute update for fog computing. Future Gener. Comput. Syst. 2018, 78, 753–762. [Google Scholar]
- Wang, H.; He, D.; Shen, J. Verifiable outsourced ciphertext-policy attribute-based encryptionin cloud computing. Soft Comput. 2017, 21, 7325–7335. [Google Scholar]
- Xue, L.; Yu, Y.; Li, Y. Efficient Attribute-based Encryption with Attribute Revocation for Assured Data Deletion. Inf. Sci. 2019, 479, 640–650. [Google Scholar]
- Zhang, L.; Gao, X.; Mu, Y. Secure data sharing with lightweight computation in E-health. IEEE Access 2020, 8, 209630–209643. [Google Scholar]
- Li, Z.; Li, W.; Jin, Z. An efficient ABC scheme with verifiable outsourced encryption and decryption. IEEE Access 2019, 7, 29023–29037. [Google Scholar]
- Yan, X.X.; Meng, H. Ciphertext policy attribute-based encryption scheme supporting direct revocation. J. Commun. 2016, 37, 44–50. [Google Scholar]
- Dong, G.F.; Lu, Y.K.; Zhang, C.W. CP-ABE key update method supporting revocation attribute. Appl. Res. Comput. 2022, 40, 142–149. [Google Scholar] [CrossRef]
- Qiu, Z.; Zhang, Z.; Tan, S.; Wang, J.; Tao, X. Hierarchical Access Control with Scalable Data Sharing in Cloud Storage. J. Internet Technol. 2019, 20, 663–676. [Google Scholar]
- Wang, S.; Zhou, J.; Yu, J.K. An Efficient File Hierarchy Attribute-Based Encryption Scheme in Cloud Computing. IEEE Trans. Inf. Forensics Secur. 2016, 11, 1265–1277. [Google Scholar]
- Shi, N.; Hou, Z.; Tan, M.; Shao, K.; Zhu, X. A threshold encryption scheme without a dealer based on Chinese remainder theorem. In Proceedings of the 2017 IEEE 9th International Conference on Communication Software and Networks (ICCSN), Guangzhou, China, 6–8 May 2017; pp. 90–96. [Google Scholar]
- Liu, Z.; Cao, Z.; Huang, Q. Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles. In Proceedings of the Computer Security–ESORICS 2011: 16th European Symposium on Research in Computer Security, Leuven, Belgium, 12–14 September 2011; pp. 278–297. [Google Scholar]
- Qian, H.; Li, J.; Zhang, Y. Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation. Int. J. Inf. Secur. 2015, 14, 487–497. [Google Scholar]
- Cui, H.; Wan, Z.; Deng, R.H. Efficient and expressive keyword search over encrypted data in cloud. IEEE Trans. Dependable Secur. Comput. 2016, 15, 409–422. [Google Scholar]
- Meng, R.; Zhou, Y.; Ning, J. An Efficient Key-Policy Attribute-Based Searchable Encryption In Prime-Order Groups. In Proceedings of the Provable Security: 11th International Conference, ProvSec 2017, Xi’an, China, 23–25 October 2017; pp. 39–56. [Google Scholar]
- Tseng, Y.F.; Fan, C.I.; Liu, Z.C. Fast keyword search over encrypted data with short ciphertext in clouds. J. Inf. Secur. Appl. 2022, 70, 103320. [Google Scholar]
- Guo, F.; Mu, Y.; Susilo, W. CP-ABE with constant-size keys for lightweight devices. IEEE Trans. Inf. Forensics Secur. 2014, 9, 763–771. [Google Scholar]
- Zhou, Z.; Huang, D. On efficient ciphertext-policy attribute based encryption and broadcast encryption. In Proceedings of the 17th ACM Conference on Computer and Communications Security, New York, NY, USA, 4 October 2010; pp. 753–755. [Google Scholar]
- Doshi, N.; Jinwala, D.C. Fully secure ciphertext policy attribute-based encryption with constant length ciphertext and faster decryption. Secur. Commun. Netw. 2014, 7, 1988–2002. [Google Scholar]
- Guan, Z.; Yang, W.; Zhu, L.; Wu, L.; Wang, R. Achieving adaptively secure data access control with privacy protection for lightweight IoT devices. Sci. China Inf. Sci. 2021, 64, 162301. [Google Scholar] [CrossRef]
- Green, M.; Hohenberger, S.; Waters, B. Outsourcing the Decryption of ABE Ciphertexts. In Proceedings of the 2011 USENIX Conference on Security; ACM: New York, NY, USA, 2016; pp. 1–16. [Google Scholar]
- Mao, X.; Lai, J.; Mei, Q. Generic and Efficient Constructions of Attribute-Based Encryption with Verifiable Outsourced Decryption. IEEE Trans. Dependable Secur. Comput. 2016, 13, 533–546. [Google Scholar]
- Zhao, Z.; Wang, J. Verifiable outsourced ciphertext-policy attribute-based encryption for mobile cloud computing. KSII Trans. Internet Inf. Syst. (TIIS) 2017, 11, 3254–3272. [Google Scholar]
- LI, J.; Huang, X.Y.; Li, J. Securely Outsourcing Attribute-Based Encryption with Checkability. IEEE Trans. Parallel Distrib. Syst. 2014, 28, 2201–2210. [Google Scholar]
- Ostrovsky, R.; Sahai, A.; Waters, B. Attribute-based encryption with non-monotonic access structures. In Proceedings of the 14th ACM conference on Computer and communications security (CCS ’07). Association for Computing Machinery, New York, NY, USA, 28 October 2007; pp. 195–203. [Google Scholar]
- Pirretti, M.; Traynor, P.; McDaniel, P. Secure attribute-based systems. In Proceedings of the 13th ACM conference on Computer and communications security (CCS ’06). Association for Computing Machinery, New York, NY, USA, 30 October 2006; pp. 99–112. [Google Scholar]
- Liu, S.N.; Liu, B.; Guo, Z. File Hierarchy CP-ABE Scheme Supporting Graded User Access. J. Softw. 2022, 1–14. [Google Scholar] [CrossRef]
- Yao, X.; Chen, Z.; Tian, Y. A lightweight attribute-based encryption scheme for the Internet of Things. Future Gener. Comput. Syst. 2015, 49, 104–112. [Google Scholar]
- Miao, Y.; Ma, J.; Liu, X. Lightweight fine-grained search over encrypted data in fog computing. IEEE Trans. Serv. Comput. 2018, 12, 772–785. [Google Scholar]
- Agrawal, S.; Chase, M. FAME: Fast Attribute-based Message Encryption. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ’17), New York, NY, USA, 30 October 2017; pp. 665–682. [Google Scholar]
Scheme | F1 | F2 | F3 | F4 | F5 | F6 |
---|---|---|---|---|---|---|
Our scheme | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
BSW Scheme [8] | ✓ | – | – | – | – | – |
Water’s scheme [6] | ✓ | – | – | – | – | – |
Zhang’s scheme [12] | ✓ | ✓ | ✓ | – | – | – |
Li’s Scheme [13] | ✓ | ✓ | ✓ | – | – | – |
Wang’s Scheme [17] | ✓ | – | – | – | – | ✓ |
Liu’s Scheme [34] | ✓ | – | – | – | – | ✓ |
Dong’s Scheme [15] | ✓ | – | – | ✓ | – | – |
Miao’s Scheme [36] | ✓ | ✓ | – | ✓ | – | – |
Scheme | Access Structure | Key Size | Ciphertext Size | ||
---|---|---|---|---|---|
DO | E N | E N | D U | ||
Our Scheme | Tree | ||||
Water’s Scheme [6] | LSSS | – | – | ||
BSW Scheme [8] | Tree | – | – | ||
Wang’s Scheme [17] | Tree | – | – | ||
Liu’s Scheme [34] | Tree | – | – | ||
Guan’s Scheme [27] | And gate | – | – | ||
FAME Scheme [37] | LSSS | 3 | – | – | |
Tseng Scheme [23] | ISSS | – | – | ||
Yao’s Scheme [35] | LSSS | – | – |
Scheme | Encrypt | Decrypt | ||
---|---|---|---|---|
DO | E N | E N | D U | |
Our Scheme | ||||
Li’s Scheme [13] | 4 | 9 | ||
Zhang’s scheme [12] | ||||
Water’s Scheme [6] | – | – | ||
BSW Scheme [8] | – | – | ||
Wang’s Scheme [17] | – | – | ||
Liu’s Scheme [34] | – | – | ||
FAME Scheme [37] | – | – | ||
Yao’s Scheme [35] | – | – |
Group | ||||
---|---|---|---|---|
0.0041 | 0.0324 | 3.2 | 0.838 | |
0.0041 | 0.0324 | 3.2 | ||
0.001 | 0.038 | — |
Group | ||||
---|---|---|---|---|
0.0012 | 0.0121 | 0.0175 | ||
0.0176 | 0.113 | 11.29 | 2.9 | |
0.0048 | 0.305 | — |
Group | ||||
---|---|---|---|---|
0.0012 | 0.0147 | 0.155 | ||
0.0239 | 0.213 | 21.751 | 5.62 | |
0.0063 | 0.414 | — |
Group | ||||
---|---|---|---|---|
0.0016 | 0.0127 | 0.0479 | ||
0.0169 | 0.1460 | 15.37 | 4.46 | |
0.0047 | 0.292 | — |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Zheng, K.; Ding, C.; Wang, J. A Secure Data-Sharing Scheme for Privacy-Preserving Supporting Node–Edge–Cloud Collaborative Computation. Electronics 2023, 12, 2737. https://doi.org/10.3390/electronics12122737
Zheng K, Ding C, Wang J. A Secure Data-Sharing Scheme for Privacy-Preserving Supporting Node–Edge–Cloud Collaborative Computation. Electronics. 2023; 12(12):2737. https://doi.org/10.3390/electronics12122737
Chicago/Turabian StyleZheng, Kaifa, Caiyang Ding, and Jinchen Wang. 2023. "A Secure Data-Sharing Scheme for Privacy-Preserving Supporting Node–Edge–Cloud Collaborative Computation" Electronics 12, no. 12: 2737. https://doi.org/10.3390/electronics12122737