OAC-HAS: outsourced access control with hidden access structures in fog-enhanced IoT systems

Fog computing is recently a novel distributed computing paradigm that performs a significant achievement in the latency-sensitive smart Internet of Things (IoT) applications. However, the security and privacy issues, such as data leakage, still challenge the wide deployment of fog computing infrastructure. To guarantee data confidentiality and meanwhile achieving fine-grained access control, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) promises to provide a flexible access policy for securely sharing data among users, fog nodes, and cloud center. However, due to the complicated cryptographic operations, CP-ABE has met a significant drawback that requires heavy computation resources on the user-side. In this paper, we propose an outsourced access control scheme with hidden access structures, named OAC-HAS, in fog-enhanced IoT systems. The contributions of our OAC-HAS scheme are three-folds. Firstly, we introduce a fog-cloud computing (FCC) environment which has the outsourcing capability. Then, we design an outsource verification mechanism to guarantee the correctness of executing cryptographic operations on the fog nodes. Finally, we also provide a privacy guarantee that prevents information leakage from the access structures. Security analysis and experimental results show that the proposed OAC-HAS scheme achieves flexible access policy, privacy-preserving, and high efficiency in fog-enhanced IoT systems.