Abstract

Fog computing is a paradigm that extends cloud computing to the edge of the network. It can provide computation and storage services to end devices in Internet of Things (IoT). Attribute-based cryptography is a well-known technology to guarantee data confidentiality and fine-grained data access control. However, its computational cost in encryption and decryption phase is linear with the complexity of policy. In this paper, we propose a secure and fine-grained data access control scheme with ciphertext update and computation outsourcing in fog computing for IoT. The sensitive data of data owner are first encrypted using attribute-based encryption with multiple policies and then outsourced to cloud storage. Hence, the user whose attributes satisfy the access policy can decrypt the ciphertext. Based on the attribute-based signature technique, authorized user whose attributes integrated in the signature satisfy the update policy can renew the ciphertext. Specifically, most of the encryption, decryption, and signing computations are outsourced from end devices to fog nodes, and thus, the computations for data owners to encrypt, end users to decrypt, re-encrypt, and sign are irrelevant to the number of attributes in the policies. The security analysis shows that the proposed scheme is secure against known attacks, and the experimental results show that the fog nodes perform most of the computation operations of encryption, decryption, and signing, and hence, the time of encryption for data owner, decryption, re-encryption, and signing for users is small and constant.