Efficient CCA2 Secure Flexible and Publicly-Verifiable Fine-Grained Access Control in Fog Computing

Fog computing enables computation, storage, applications, and network services between the Internet of Things and the cloud servers by extending the Cloud Computing paradigm to the edge of the network. When protecting information security in Fog computing, advanced security with low latency, wide-spread geographical distribution support, and high flexibility should be taken in to considertion first, because of its huge number of nodes. In this paper, we propose a new cryptographic primitive, named CCA2 secure publicly-verifiable revocable large-universe multi-authority attribute-based encryption (CCA2-PV-R-LU-MA-ABE), to achieve flexible fine-grained access control in Fog computing. In this primitive, end nodes in fogs generate private keys from multiple authorities that might be differentiated by their geographical locations or functions, and their attributes can be denoted by any strings in the large universe, which meets diverse needs in practical Fog applications. In addition, the accessibility of nodes can be revoked efficiently even by resource-limited devices. To ensure the validity of ciphertext, this primitive supports public verification and only valid ciphertext can be stored or transmitted. Based on the primitive and the feature of Fog computing, we construct a concrete CCA2-PV-R-LU-MA-ABE scheme. We define the security model of this primitive, which is much more secure than the CPA-secure scheme. Finally, we compare the efficiency of the proposed concrete scheme with that of the existing CPA-secure scheme by both theoretical and experimental analysis, and the results show that the extra consumption of efficiency to improving CPA to CCA2 is considerably low. The proposed scheme is highly secure, flexible, and efficient enough to be deployed in practical Fog computing.