Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2017 Jun 17;17(6):1423.
doi: 10.3390/s17061423.

A Hybrid Scheme for Fine-Grained Search and Access Authorization in Fog Computing Environment

Min Xiao  1 Jing Zhou  2 Xuejiao Liu  3 Mingda Jiang  4
Affiliations

A Hybrid Scheme for Fine-Grained Search and Access Authorization in Fog Computing Environment

Min Xiao et al. Sensors (Basel). .

Abstract

In the fog computing environment, the encrypted sensitive data may be transferred to multiple fog nodes on the edge of a network for low latency; thus, fog nodes need to implement a search over encrypted data as a cloud server. Since the fog nodes tend to provide service for IoT applications often running on resource-constrained end devices, it is necessary to design lightweight solutions. At present, there is little research on this issue. In this paper, we propose a fine-grained owner-forced data search and access authorization scheme spanning user-fog-cloud for resource constrained end users. Compared to existing schemes only supporting either index encryption with search ability or data encryption with fine-grained access control ability, the proposed hybrid scheme supports both abilities simultaneously, and index ciphertext and data ciphertext are constructed based on a single ciphertext-policy attribute based encryption (CP-ABE) primitive and share the same key pair, thus the data access efficiency is significantly improved and the cost of key management is greatly reduced. Moreover, in the proposed scheme, the resource constrained end devices are allowed to rapidly assemble ciphertexts online and securely outsource most of decryption task to fog nodes, and mediated encryption mechanism is also adopted to achieve instantaneous user revocation instead of re-encrypting ciphertexts with many copies in many fog nodes. The security and the performance analysis show that our scheme is suitable for a fog computing environment.

Keywords: attribute-based encryption; cloud computing; fog computing; mediated encryption; online/offline encryption; searchable encryption.

PubMed Disclaimer

Conflict of interest statement

The authors declare no conflict of interest.

Figures

Figure 1
Figure 1
System Model.
Figure 2
Figure 2
(a) Time for system setup. (b) Time for user register.
Figure 3
Figure 3
(a) Secure index generation time for 10,000 items. (b) Online and offline data encryption time for 10,000 items.
Figure 4
Figure 4
(a) User-side time for trapdoor generation on an Android smartphone. (b) Time for per-index search. (c) Time for pre-decryption on fog node side and decryption on user side.
See this image and copyright information in PMC

References

    1. Bonomi F., Milito R., Zhu J., Addepalli S. Fog Computing and its Role in the Internet of Things; Proceedings of the first edition of the MCC workshop on Mobile cloud computing; Helsinki, Finland. 17 August 2012; pp. 13–16.
    1. Stojmenovic I., Wen S. The Fog computing paradigm: Scenarios and security issues; Proceedings of the Federated Conference on Computer Science and Information Systems; Warsaw, Poland. 7–10 September 2014; pp. 1–8.
    1. Yi S., Li C., Li Q. A Survey of Fog Computing: Concepts, Applications and Issues; Proceedings of the 2015 Workshop on Mobile Big Data; Hangzhou, China. 21 June 2015; pp. 37–42. - DOI
    1. Goyal V., Pandey O., Sahai A., Waters B. Attribute-based encryption for fine-grained access control of encrypted data; Proceedings of the ACM Conference on Computer and Communications Security, CCS 2006; Alexandria, VA, USA. 30 October–3 November 2006; pp. 89–98.
    1. Bethencourt J., Sahai A., Waters B. Ciphertext-Policy Attribute-Based Encryption; Procededings of the IEEE Symposium on Security and Privacy, 2007; Berkeley, CA, USA. 20–23 May 2007; pp. 321–334.