Abstract

Nowadays, the development of the Internet of Things (IoT) has received much attention from both industry and academia. Sensors and devices connected to the IoT network can conveniently gather and collect information for further usage and analysis by IoT users. However, a large quantity of data produced by IoT devices contain sensitive information, which leads to many challenging security issues in IoT systems. The most important one is how to efficiently and securely share IoT data with valid IoT users while forbidding others from obtaining the data. In this article, we propose a cryptographic method to protect the privacy of IoT data while maintaining the functionality of efficient data sharing and user revocation. Our solution relies on a revocable attribute-based encryption (ABE) scheme to encrypt IoT data. The ABE technique makes fine-grained access control available on the encrypted IoT data, while the revocation technique makes invalid users unable to access future encrypted IoT data. To alleviate the issue of resource limitation of IoT devices, we involve a cloud-assisted data sharing and user revocation technique. Finally, we experimentally tested our scheme, and the performance evaluation results demonstrate the practice of our solution scheme.