Cargando…

A Hybrid Scheme for Fine-Grained Search and Access Authorization in Fog Computing Environment

In the fog computing environment, the encrypted sensitive data may be transferred to multiple fog nodes on the edge of a network for low latency; thus, fog nodes need to implement a search over encrypted data as a cloud server. Since the fog nodes tend to provide service for IoT applications often r...

Descripción completa

Detalles Bibliográficos
Autores principales: Xiao, Min, Zhou, Jing, Liu, Xuejiao, Jiang, Mingda
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2017
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5492313/
https://www.ncbi.nlm.nih.gov/pubmed/28629131
http://dx.doi.org/10.3390/s17061423
_version_ 1783247303249756160
author Xiao, Min
Zhou, Jing
Liu, Xuejiao
Jiang, Mingda
author_facet Xiao, Min
Zhou, Jing
Liu, Xuejiao
Jiang, Mingda
author_sort Xiao, Min
collection PubMed
description In the fog computing environment, the encrypted sensitive data may be transferred to multiple fog nodes on the edge of a network for low latency; thus, fog nodes need to implement a search over encrypted data as a cloud server. Since the fog nodes tend to provide service for IoT applications often running on resource-constrained end devices, it is necessary to design lightweight solutions. At present, there is little research on this issue. In this paper, we propose a fine-grained owner-forced data search and access authorization scheme spanning user-fog-cloud for resource constrained end users. Compared to existing schemes only supporting either index encryption with search ability or data encryption with fine-grained access control ability, the proposed hybrid scheme supports both abilities simultaneously, and index ciphertext and data ciphertext are constructed based on a single ciphertext-policy attribute based encryption (CP-ABE) primitive and share the same key pair, thus the data access efficiency is significantly improved and the cost of key management is greatly reduced. Moreover, in the proposed scheme, the resource constrained end devices are allowed to rapidly assemble ciphertexts online and securely outsource most of decryption task to fog nodes, and mediated encryption mechanism is also adopted to achieve instantaneous user revocation instead of re-encrypting ciphertexts with many copies in many fog nodes. The security and the performance analysis show that our scheme is suitable for a fog computing environment.
format Online
Article
Text
id pubmed-5492313
institution National Center for Biotechnology Information
language English
publishDate 2017
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-54923132017-07-03 A Hybrid Scheme for Fine-Grained Search and Access Authorization in Fog Computing Environment Xiao, Min Zhou, Jing Liu, Xuejiao Jiang, Mingda Sensors (Basel) Article In the fog computing environment, the encrypted sensitive data may be transferred to multiple fog nodes on the edge of a network for low latency; thus, fog nodes need to implement a search over encrypted data as a cloud server. Since the fog nodes tend to provide service for IoT applications often running on resource-constrained end devices, it is necessary to design lightweight solutions. At present, there is little research on this issue. In this paper, we propose a fine-grained owner-forced data search and access authorization scheme spanning user-fog-cloud for resource constrained end users. Compared to existing schemes only supporting either index encryption with search ability or data encryption with fine-grained access control ability, the proposed hybrid scheme supports both abilities simultaneously, and index ciphertext and data ciphertext are constructed based on a single ciphertext-policy attribute based encryption (CP-ABE) primitive and share the same key pair, thus the data access efficiency is significantly improved and the cost of key management is greatly reduced. Moreover, in the proposed scheme, the resource constrained end devices are allowed to rapidly assemble ciphertexts online and securely outsource most of decryption task to fog nodes, and mediated encryption mechanism is also adopted to achieve instantaneous user revocation instead of re-encrypting ciphertexts with many copies in many fog nodes. The security and the performance analysis show that our scheme is suitable for a fog computing environment. MDPI 2017-06-17 /pmc/articles/PMC5492313/ /pubmed/28629131 http://dx.doi.org/10.3390/s17061423 Text en © 2017 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Xiao, Min
Zhou, Jing
Liu, Xuejiao
Jiang, Mingda
A Hybrid Scheme for Fine-Grained Search and Access Authorization in Fog Computing Environment
title A Hybrid Scheme for Fine-Grained Search and Access Authorization in Fog Computing Environment
title_full A Hybrid Scheme for Fine-Grained Search and Access Authorization in Fog Computing Environment
title_fullStr A Hybrid Scheme for Fine-Grained Search and Access Authorization in Fog Computing Environment
title_full_unstemmed A Hybrid Scheme for Fine-Grained Search and Access Authorization in Fog Computing Environment
title_short A Hybrid Scheme for Fine-Grained Search and Access Authorization in Fog Computing Environment
title_sort hybrid scheme for fine-grained search and access authorization in fog computing environment
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5492313/
https://www.ncbi.nlm.nih.gov/pubmed/28629131
http://dx.doi.org/10.3390/s17061423
work_keys_str_mv AT xiaomin ahybridschemeforfinegrainedsearchandaccessauthorizationinfogcomputingenvironment
AT zhoujing ahybridschemeforfinegrainedsearchandaccessauthorizationinfogcomputingenvironment
AT liuxuejiao ahybridschemeforfinegrainedsearchandaccessauthorizationinfogcomputingenvironment
AT jiangmingda ahybridschemeforfinegrainedsearchandaccessauthorizationinfogcomputingenvironment
AT xiaomin hybridschemeforfinegrainedsearchandaccessauthorizationinfogcomputingenvironment
AT zhoujing hybridschemeforfinegrainedsearchandaccessauthorizationinfogcomputingenvironment
AT liuxuejiao hybridschemeforfinegrainedsearchandaccessauthorizationinfogcomputingenvironment
AT jiangmingda hybridschemeforfinegrainedsearchandaccessauthorizationinfogcomputingenvironment