A Flexible Access Control with User Revocation in Fog-Enabled Cloud Computing

The major challenging task in the fog-enabled cloud computing paradigm is to ensure the security for accessing the data through cloud and fog nodes. To solve this challenge, a Flexible Access Control using Elliptic Curve Cryptography (FAC-ECC) protocol has been developed in which the user data are encrypted by multiple asymmetric keys. Such keys are handled by both users and fog nodes. Also, data access is controlled by encrypting the data through the user. However, the main problem is to guarantee the privacy and security of resources after processing of User Revocation (UR) by data owners. The issue of UR is needed to consider for satisfying the dynamic change of user access in different applications like healthcare systems, e-commerce, etc. Therefore in this article, a FAC-UR-ECC protocol is proposed to control the data access and realize the UR in fog-enabled cloud systems. In this protocol, a revocable key aggregate-based cryptosystem is applied in the fog-cloud paradigm. It is an extension of the key-aggregate cryptosystem such that a user is revoked if his/her credential is expired. First, the subset-cover model is combined into FAC-ECC protocol to design an efficient revocable key-aggregate encryption depending on multi-linear maps which realizes the user's access control and revocation. It can simplify the user's key management efficiently and delegate various clients with decryption permission. Also, it can accomplish revocation of user access privileges and the FAC efficiently. By using this protocol, both the user's secret key and the ciphertext are preserved in a fixed size. The security of accessing the data is highly enhanced by updating the ciphertext through the data owners successfully. At last, the experimental results exhibit the efficiency of FAC-UR-ECC compared to the FAC-ECC protocol.