Authors:
Sana Belguith
1
;
Nesrine Kaaniche
2
and
Giovanni Russello
1
Affiliations:
1
Cyber Security Foundry, University of Auckland and New Zealand
;
2
SAMOVAR, CNRS, Telecom SudParis, University Paris-Saclay, Paris and France
Keyword(s):
Constant-size Attribute based Encryption, Access Policy Update, Cloud Assisted IoT, Confidentiality, Access Control.
Related
Ontology
Subjects/Areas/Topics:
Access Control
;
Applied Cryptography
;
Cryptographic Techniques and Key Management
;
Data and Application Security and Privacy
;
Data Engineering
;
Data Protection
;
Databases and Data Security
;
Information and Systems Security
;
Internet Technology
;
Security and Privacy in the Cloud
;
Security in Distributed Systems
;
Web Information Systems and Technologies
Abstract:
Cloud-assisted IoT applications are gaining an expanding interest, such that IoT devices are deployed in different distributed environments to collect and outsource sensed data to remote servers for further processing and sharing among users. On the one hand, in several applications, collected data are extremely sensitive and need to be protected before outsourcing. Generally, encryption techniques are applied at the data producer side to protect data from adversaries as well as curious cloud provider. On the other hand, sharing data among users requires fine grained access control mechanisms. To ensure both requirements, Attribute Based Encryption (ABE) has been widely applied to ensure encrypted access control to outsourced data. Although, ABE ensures fine grained access control and data confidentiality, updates of used access policies after encryption and outsourcing of data remains an open challenge. In this paper, we design PU-ABE, a new variant of key policy attribute based enc
ryption supporting efficient access policy update that captures attributes addition and revocation to access policies. PU-ABE contributions are multifold. First, access policies involved in the encryption can be updated without requiring sharing secret keys between the cloud server and the data owners neither re-encrypting data. Second, PU-ABE ensures privacy preserving and fine grained access control to outsourced data. Third, ciphertexts received by the end-user are constant sized and independent from the number of attributes used in the access policy which affords low communication and storage costs.
(More)