مروری بر طرحهای کنترل دسترسی رمزنگاری ویژگی مبنا مبتنی بر خطمشی متن رمز در محاسبات مه
محورهای موضوعی : مهندسی کامپیوتر و فناوری اطلاعات
محمد علی علی زاده
1
,
سمیه جعفرعلی جاسبی
2
,
احمد خادم زاده
3
1 - گروه مهندسی کامپیوتر، واحد علوم و تحقیقات، دانشگاه آزاد اسلامی، تهران، ایران
2 - گروه مهندسی کامپیوتر، واحد علوم و تحقیقات، دانشگاه آزاد اسلامی، تهران، ایران
3 - پژوهشگاه ارتباطات و فناوری اطلاعات، تهران، ایران
کلید واژه: اینترنت اشیاء, محاسبات مه, کنترل دسترسی, رمزنگاری ویژگی مبنا مبتنی بر خطمشی متن رمز (CP-ABE), سیستم اعداد ماندهای (RNS),
چکیده مقاله :
محاسبات مه در کنار رایانش ابری توسعه مناسبی را برای پردازشهای بلادرنگ در اینترنت اشیاء فراهم میکند. محاسبات مه به دلیل نزدیکی به گرههای پایانی و دارابودن قدرت پردازشی و ارتباطی بالاتر، میتواند برای برونسپاری و سبکوزن سازی محاسبات گرههای پایانی مورد استفاده قرار گیرد. از سوی دیگر حفظ حریم خصوصی و امنیت کاربران در اینترنت اشیاء نیز دارای اهمیت است. این مهم توسط طرحهای کنترل دسترسی رمزنگاری ویژگی مبنا مبتنی بر خطمشی متن رمز (CP-ABE) بهصورت ریزدانه و منعطف قابلدستیابی است. در کنار محسنات طرحهای مذکور، چالشهایی نیز نظیر ابطال ویژگی و ابطال کاربر وجود دارد. در این مقاله در نظر داریم ضمن مرور طرحهای نوین مبتنی بر CP-ABE به بررسی قابلیتهای افزونه آنها نیز بپردازیم و به رهیافتی از چالشهایی که هر یک تلاش نمودند تا حل نمایند پی ببریم. همچنین جزئیات معماری هریک از طرحهای مذکور را که در چارچوب محاسبات مه پیادهسازی شدهاند نظیر مدل خطمشی دسترسی، مدل مرجع ویژگی و عملیات زیربنایی روشن نماییم. در پایان به بررسی نقاط ضعف طرحها میپردازیم و روندهای توسعه آینده را پیشبینی میکنیم و مسائل باز را ارائه میدهیم.
Fog computing with cloud computing is useful for real-time processing in the IoT ecosystem. Fog computing can be used to outsource and lighten the computations of the end nodes because it is closer to the end nodes and has higher processing and communication power. On the other hand, the privacy and security of users of IOT are significant.This can be achieved by attribute encryption fine-grained access control schemes like ciphertext-policy attribute-based encryption (CP-ABE). Along with the improvements of the mentioned schemes, there are challenges such as attribute revocation and user revocation. In this article, we intend to review the new schemes based on CP-ABE, examine their extensive capabilities, and find an approach to the challenges each of them tried to solve. Also, clarify the architectural details of the mentioned designs implemented in the fog computing framework, such as the access policy model, attribute authority model, and underlying operations. Finally, we examine the weak points of the schemes to predict future development trends and present open issues.
[1] T. Gan, Y. Liao, Y. Liang, Z. Zhou, and G. Zhang, "Partial policy hiding attribute-based encryption in vehicular fog computing," Soft Computing, vol. 25, pp. 10543-10559, 2021, doi: 10.1007/s00500-021-05996-8.
[2] R. Sarma and F. A. Barbhuiya, "A secure and efficient access control scheme with attribute revocation and merging capabilities for fog-enabled IoT," Computers and Electrical Engineering, vol. 104, p. 108449, 2022, doi: 10.1016/j.compeleceng.2022.108449.
[3] M. El-Hajj and P. Beune, "Lightweight public key infrastructure for the Internet of Things: A systematic literature review," Journal of Industrial Information Integration, p. 100670, 2024, doi: 10.1016/j.jii.2024.100670.
[4] A. Sahai and B. Waters, "Fuzzy identity-based encryption," in Advances in Cryptology–EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005. Proceedings 24, 2005: Springer, pp. 457-473., doi: 10.1007/11426639_27.
[5] S. Alshehri and T. Almehmadi, "A secure fog-cloud architecture using attribute-based encryption for the medical internet of things (MIoT)," International Journal of Advanced Computer Science and Applications, vol. 12, no. 12, 2021, doi: 10.14569/IJACSA.2021.01212112.
[6] J. Bethencourt, A. Sahai, and B. Waters, "Ciphertext-policy attribute-based encryption," in 2007 IEEE symposium on security and privacy (SP'07), 2007: IEEE, pp. 321-334., doi: 10.1109/SP.2007.11.
[7] J. Zhao, P. Zeng, and K.-K. R. Choo, "An efficient access control scheme with outsourcing and attribute revocation for fog-enabled E-health," IEEE Access, vol. 9, pp. 13789-13799, 2021, doi: 10.1109/ACCESS.2021.3052247.
[8] P. Ananda Mohan, "Residue number systems: Theory and applications," Basel: Birghauser, Mathematics, 2016, doi: 10.1007/978-3-319-41385-3.
[9] M. A. Alizadeh, S. Jafarali Jassbi, A. Khademzadeh, and M. Haghparast, "Novel lightweight and fine-grained fast access control using RNS properties in fog computing," Cluster Computing, vol. 27, no. 3, pp. 3799-3817, 2024, doi: 10.1007/s10586-023-04169-6.
[10] R. Trabelsi, G. Fersi, and M. Jmaiel, "Access control in Internet of Things: A survey," Computers & Security, p. 103472, 2023, doi: 10.1016/j.cose.2023.103472.
[11] O. A. Khashan, "Hybrid lightweight proxy re-encryption scheme for secure fog-to-things environment," IEEE Access, vol. 8, pp. 66878-66887, 2020, doi: 10.1109/ACCESS.2020.2984317.
[12] Z. Guo, G. Wang, G. Zhang, Y. Li, and J. Ni, "A multifactor combined data sharing scheme for vehicular fog computing using blockchain," IEEE Internet of Things Journal, vol. 10, no. 22, pp. 20049-20064, 2023, doi: 10.1109/JIOT.2023.3282672.
[13] P. Zhang, Z. Chen, J. K. Liu, K. Liang, and H. Liu, "An efficient access control scheme with outsourcing capability and attribute update for fog computing," Future Generation Computer Systems, vol. 78, pp. 753-762, 2018, doi: 10.1016/j.future.2016.12.015.
[14] Q. Huang, Y. Yang, and M. Shen, "Secure and efficient data collaboration with hierarchical attribute-based encryption in cloud computing," Future Generation Computer Systems, vol. 72, pp. 239-249, 2017, doi: 10.1016/j.future.2016.09.021.
[15] Q. Huang, Y. Yang, and L. Wang, "Secure data access control with ciphertext update and computation outsourcing in fog computing for Internet of Things," IEEE Access, vol. 5, pp. 12941-12950, 2017, doi: 10.1109/ACCESS.2017.2727054.
[16] A. B. Amor, M. Abid, and A. Meddeb, "Secure fog-based e- learning scheme," IEEE Access, vol. 8, pp. 31920-31933, 2020, doi: 10.1109/ACCESS.2020.2973325.
[17] Y. Mahi Gayathri and K. Rekha, "Comparative analysis of identity-based-broadcast encryption with attribute-based encryption for reduced storage cost of multi users in a public cloud," in AIP Conference Proceedings, 2024, vol. 2729, no. 1: AIP Publishing, doi: 10.1063/5.0168813.
[18] S. Xu et al., "Match in my way: Fine-grained bilateral access control for secure cloud-fog computing," IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 2, pp. 1064-1077, 2020, doi: 10.1109/TDSC.2020.3001557.
[19] L. Li, Z. Wang, and N. Li, "Efficient attribute-based encryption outsourcing scheme with user and attribute revocation for fog-enabled IoT," IEEE Access, vol. 8, pp. 176738-176749, 2020, doi: 10.1109/ACCESS.2020.3025140.
[20] M. Mahdavi, M. H. Tadayon, M. S. Haghighi, and Z. Ahmadian, "IoT-friendly, pre-computed and outsourced attribute based encryption," Future Generation Computer Systems, vol. 150, pp. 115-126, 2024, doi: 10.1016/j.future.2023.08.015.
[21] Y. Miao, J. Ma, X. Liu, J. Weng, H. Li, and H. Li, "Lightweight fine-grained search over encrypted data in fog computing," IEEE Transactions on Services Computing, vol. 12, no. 5, pp. 772-785, 2018, doi: 10.1109/TSC.2018.2823309.
[22] J. Zhang, Z. Cheng, X. Cheng, and B. Chen, "OAC-HAS: outsourced access control with hidden access structures in fog-enhanced IoT systems," Connection Science, vol. 33, no. 4, pp. 1060-1076, 2021, doi:10.1080/09540091.2020.1841096.
[23] C. Feng, K. Yu, M. Aloqaily, M. Alazab, Z. Lv, and S. Mumtaz, "Attribute-based encryption with parallel outsourced decryption for edge intelligent IoV," IEEE Transactions on Vehicular Technology, vol. 69, no. 11, pp. 13784-13795, 2020, doi: 10.1109/TVT.2020.3027568.
[24] A. Zhang, X. Wang, X. Ye, and X. Xie, "Lightweight and fine‐grained access control for cloud–fog‐based electronic medical record sharing systems," International Journal of Communication Systems, vol. 34, no. 13, p. e4909, 2021, doi: 10.1002/dac.4909.
[25] B. Waters, "Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization," in International workshop on public key cryptography, 2011: Springer, pp. 53-70., doi: 10.1007/978-3-642-19379-8_4.
[26] R. Sarma, C. Kumar, and F. A. Barbhuiya, "PAC-FIT: An efficient privacy preserving access control scheme for fog-enabled IoT," Sustainable Computing: Informatics and Systems, vol. 30, p. 100527, 2021, doi: 10.1016/j.suscom.2021.100527.
[27] Z. Wu, R.-h. Shi, K. Li, and Y. Yang, "Attribute-based data access control scheme with secure revocation in fog computing for smart grid," Cluster Computing, vol. 25, no. 6, pp. 3899-3913, 2022, doi: 10.1007/s10586-022-03616-0.
[28] K. Fan, J. Wang, X. Wang, H. Li, and Y. Yang, "A secure and verifiable outsourced access control scheme in fog-cloud computing," Sensors, vol. 17, no. 7, p. 1695, 2017, doi: 10.3390/s17071695.
[29] K. Routray and P. Bera, "RLT-CPABE: Revocable Location and Time Aware Ciphertext Policy Attribute-Based Encryption," in 2022 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), 2022: IEEE, pp. 409-414, doi: 10.1109/ANTS56424.2022.10227786.
[30] S. Fugkeaw, L. Wirz, and L. Hak, "An efficient medical records access control with auditable outsourced encryption and decryption," in 2023 15th International Conference on Knowledge and Smart Technology (KST), 2023: IEEE, pp. 1-6, doi: 10.1109/KST57286.2023.10086904.
[31] G. Thushara and S. M. S. Bhanu, "A new hybrid encryption in fog–cloud environment for secure medical data-sharing," Iran Journal of Computer Science, vol. 6, no. 2, pp. 169-183, 2023, doi: 10.1007/s42044-022-00129-2.
[32] A. Saidi, O. Nouali, and A. Amira, "SHARE-ABE: an efficient and secure data sharing framework based on ciphertext-policy attribute-based encryption and Fog computing," Cluster Computing, vol. 25, no. 1, pp. 167-185, 2022, doi: 10.1007/s10586-021-03382-5.
[33] J. Chen, J. Niu, H. Lei, L. Lin, and Y. Ling, "Adaptively secure multi-authority attribute-based broadcast encryption in fog computing," Computer Networks, vol. 232, p. 109844, 2023, doi: 10.1016/j.comnet.2023.109844.
[34] R. Ma and L. Zhang, "SPMAC: Secure and privacy-preserving multi-authority access control for fog-enabled IoT cloud storage," Journal of Systems Architecture, vol. 142, p. 102951, 2023, doi: 10.1016/j.sysarc.2023.102951.
[35] F. Yang, H. Cui, and J. Jing, "Decentralized Attribute-Based Access Control with Attribute Revocation and Outsourced Decryption," in 2023 15th International Conference on Computer Research and Development (ICCRD), 2023: IEEE, pp. 246-257, doi: 10.1109/ICCRD56364.2023.10080306.
[36] Y. Lu, T. Feng, C. Liu, and W. Zhang, "A Blockchain and CP-ABE Based Access Control Scheme with Fine-Grained Revocation of Attributes in Cloud Health," CMC-COMPUTERS MATERIALS & CONTINUA, vol. 78, no. 2, pp. 2787-2811, 2024, doi: 10.32604/cmc.2023.046106.
[37] L. Zhang and Y. Shang, "Leakage-resilient Attribute-based Encryption with CCA2 Security," Int. J. Netw. Secur., vol. 21, no. 5, pp. 819-827, 2019, doi: 10.6633/IJNS.201909 21(5).14.
[38] C. Ruan, C. Hu, X. Li, S. Deng, Z. Liu, and J. Yu, "A Revocable and Fair Outsourcing Attribute-Based Access Control Scheme in Metaverse," IEEE Transactions on Consumer Electronics, 2024, doi: 10.1109/TCE.2024.3377107.
[39] Q. Zhang, C. Xu, H. Zhong, C. Gu, and J. Cui, "Revocable and Efficient Blockchain-based Fine-grained Access Control against EDoS Attacks in Cloud Storage," IEEE Transactions on Computers, 2024, doi: 10.1109/TC.2024.3398502.
[40] S. Fugkeaw, R. P. Gupta, and K. Worapaluk, "Secure and Fine-grained Access Control with Optimized Revocation for Outsourced IoT EHRs With Adaptive Load-Sharing in Fog-Assisted Cloud Environment," IEEE Access, 2024, doi: 10.1109/ACCESS.2024.3412754.
[41] Y. Ren, C. Chen, M. Hu, G. Feng, and X. Zhang, "Bfdac: A blockchain-based and fog computing-assisted data access control scheme in vehicular social networks," IEEE Internet of Things Journal, 2023, doi: 10.1109/JIOT.2023.3296906.
[42] S. Tu, M. Waqas, F. Huang, G. Abbas, and Z. H. Abbas, "A revocable and outsourced multi-authority attribute-based encryption scheme in fog computing," Computer Networks, vol. 195, p. 108196, 2021, doi: 10.1016/j.comnet.2021.108196.
