Privacy preserving spatio-temporal attribute-based encryption for cloud applications

Cloud computing offers scalable implementation of applications by sharing internet-based storage and computing resources. However, its ubiquitous nature introduces the security and privacy risks to sensitive data. Existing encryption techniques often rely on access control mechanisms to allow selective sharing of encrypted data. However, they don't efficiently support secure integration of space and time constraints in the authorization mechanism, rendering them unsuitable for dynamic cloud environments. In this paper, we propose a privacy-preserving spatio-temporal attribute-based access control technique for cloud-based applications. Our approach utilizes ciphertext policy attribute-based encryption (CP-ABE) with distributed key generation, geohashes for proximity detection, and fog server-based verification. The proposed cryptosystem generates decryption keys based only on the user's static attributes eliminating the need to manage user revocation due to frequent contextual changes. Time and location constraints are enforced through spatio-temporal locks in the access policy. Geohash enables defining authorized geographic areas while preserving user location privacy. Additionally, our system supports multiple attribute authorities for key generation, enhancing security by limiting user identity leakages and preventing key escrow attacks. Most of the decryption-related computations are outsourced to fog servers, thus, making the decryption independent of the number of attributes in the policies. The analysis of security and performance demonstrates the effectiveness of our scheme in practical cloud-based applications, enabling precise control over real-time data access while satisfying user privacy.