Professional Documents
Culture Documents
1 s20 S1389128621002474 Main - 221130 - 191957
1 s20 S1389128621002474 Main - 221130 - 191957
Computer Networks
journal homepage: www.elsevier.com/locate/comnet
Keywords: Fog computing is a revolutionary technology for the next generation to bridge the gap between cloud data
Mobile fog computing centers and end-users. Fog computing is not a counterfeit for cloud computing but a persuasive counterpart. It
Multi-authority attribute-based encryption also accredits by utilizing the network edge while still rendering the possibility to interact with the cloud.
Attribute revocation
Nevertheless, the features of fog computing are encountering several security challenges. The security of
end-users and/or fog servers brings a significant dilemma in implementing fog computing. Moreover, in
conventional cloud computing, the attribute-based encryption (ABE) technology is not appropriate for end-
users due to restricted computing resources, i.e., limited resources, high end-to-end delay, and transmission
capability. Hence, the revocation and outsourcing mechanisms become inappropriate between end-users and
cloud servers. In this regard, this paper recommends a multi-authority attribute-based encryption (MA-ABE)
technique to support revocation and outsource the attributes to fog computation. We present an attribute
revocation scheme based on cipher-text attribute-based encryption by introducing the attribute group keys.
In this process, the secret keys are dynamically altered and realized the requirement of immediate attribute
revocations. Hence, we provide the complete encryption and decryption process for end-users and fog servers
based on multi-authority, attribute revocation, and outsourcing computation, while most of the existing
scheme lack to incorporate all these parameters. Our scheme also outsources the complicated encryption and
decryption tasks to the fog server that significantly improves the overall computation efficiency compared to
the state-of-the-art work.
∗ Corresponding author at: Engineering Research Center of Intelligent Perception and Autonomous Control, Faculty of Information Technology, Beijing
University of Technology, Beijing, 100124, PR China.
E-mail addresses: sstu@bjut.edu.cn (S. Tu), muhammad.waqas@giki.edu.pk (M. Waqas), huangfm@emails.bjut.edu.cn (F. Huang), abbasg@giki.edu.pk
(G. Abbas), ziaul.h.abbas@giki.edu.pk (Z.H. Abbas).
https://doi.org/10.1016/j.comnet.2021.108196
Received 18 February 2021; Received in revised form 29 April 2021; Accepted 20 May 2021
Available online 27 May 2021
1389-1286/© 2021 Elsevier B.V. All rights reserved.
S. Tu et al. Computer Networks 195 (2021) 108196
ABE technology is not ideal for end-users with limited computing point is to utilize a version number to define the framework master
resources and complex operation [8]. key evolution process. At the same time, public key, private key, and
Besides the benefits brought by fog computing, the security issues cipher-text are all related to a version number. However, it requires
are yet to mature [9]. These include the data confidentiality and real-time proxies. In [25], the authors proposed the concept of the
access control for resource-constraint devices [10]. As fog servers are attribute group key. The system generates the corresponding group key
distributed on the network edge and less expensive as compared to according to the revocation list. Hence, only legitimate users can obtain
cloud servers, resource-constraint devices are more readily vulnerable the group key. The authors of [26] implemented attribute revocation
and low-trustworthy. Encrypting data in advance prior to upload is one using the attribute group key and proved that it is selective security
innovative way of solving such challenges. Hence, ABE’s concept is a under the standard model. However, its complex computing overhead
one-to-many cryptographic method that satisfies these criteria [11]. A is not suitable for devices with limited resources and cannot be directly
series of attributes can describe each entity. The encryptor does not used in fog computing. Moreover, the above works do not consider the
require recognizing the user’s specific identity information. However, outsourcing mechanisms in their work.
it only requires embedding the attribute or access structure into the With the rapid development of fog computing, the enterprises and
cipher-text during encryption. The users only decrypt the data when the individuals can outsource their sensitive data into the fog server where
users’ attribute meets the defined access structure. It has a process that they can enjoy high quality data storage and computing services in a
allows access control between secret keys and cipher-texts over data ubiquitous manner [27]. This is known as the outsourcing computa-
encryption through access policies and ascribed attributes. To decrypt tion paradigm. Recently, the problem for securely outsourcing various
the cipher-text, the ABE offers data owners the capability to specify the expensive computations or storage has attracted considerable attention
access policy over the range of users’ attributes. The data security and in the academic community [28,29]. In contrast, the authors of [30]
fine-grained access control must be ensured in this manner. proposed outsourcing decryption operations in attribute-based encryp-
The ABE technology is to embed a series of attributes or access tion technology. The authors proposed the CP-ABE privacy protection
control structures in the cipher-text by exploiting public key encryp- technique in [31]. The authors allow the devices to outsource cloud
tion. In this process, the attributes must satisfy the defined access service providers encryption and decryption without data leakage.
structure before decryption to describe the end-user’s identity char- However, the difficulty of the data owner’s access structure increases
acteristics. For instance, the authors in [12] classified the ABE into the computational overhead of the encryption. The authors of [32]
key policy attribute-based encryption and cipher-text policy ABE (CP- also introduced a general system of attribute-based encryption to out-
ABE) according to the access control structure’s location. In another source the decryption process to cloud servers. However, it leaves the
article [13], the authors proposed the attribute-based broadcast encryp- end-users with a constant number of calculations to decrypt the cipher-
tion for lightweight devices. In addition, the authors in [14] applied text. The scheme in [33] also illustrated the outsourced decryption
an attribute encryption method to fog computing to realize secure key mechanism to fog servers but did not achieve encryption outsourcing.
sharing between fog servers and cloud servers. However, these related Keeping the problems mentioned above in mind, we propose an MA-
and existing works do not explain the multi-authority and attribute ABE scheme to resolve the literature’s limitations that support attribute
revocation. revocation and computation outsourcing in fog computing. Due to the
In Multi-authority attribute-based encryption (MA-ABE), various limited computing resources of end-users, computing efficiency needs
attribute authorities (which may be independent of each other) control to be improved. Fog servers are located at the edge of the cloud,
different attribute universe. MA-ABE is also involved in the adminis- closer to the end-user, and most appropriate to serve as outsourcing
tration of attribute keys for decryption [15]. It provides the necessary agents [34]. The fog servers can perform a large amount of computing
platform to undertake the implementation of fine-grained access regu- to alleviate the end-users computational overhead. Hence, we propose
lation over shared data while achieving single-to-numerous encryption. an MA-ABE scheme that outsources both encryption and decryption
In recent years, research into MA-ABE has seen rapid advancement. The operations to fog servers. As a result, it significantly alleviates the
researchers believe that MA-ABE is a suitable solution to thwarting the computing burden of terminal equipment and improves overall compu-
key escrow problem as well as the problem of distributed management tational efficiency. The key contributions of our work are summarized
of attributes [16]. Furthermore, the data owner encrypts data under as follows.
the access structure over attributes and a set of attributes assigned
to users is embedded in users’ secret key. A user is able to decrypt • We describe a three-layer system model based on ‘‘cloud-fog-
if his attributes satisfy the cipher-text access structure. Hence, the terminal’’ and introduce the attribute-based encryption/
processes of user’s attribute revocation and grant are concentrated on decryption method of traditional cloud computing into fog com-
the authority and the data owner [17]. puting. Besides, we adopt the multi-authority mechanism and sup-
The authors of [18] proposed MA-ABE technique. In this work, the port large attribute domains that effectively adapt to distributed
MA-ABE consists of a completely trusted authorization center that could computing requirements.
decode the network’s cypher-text. Furthermore, the authors of [19] • For the problem of dynamic change of user attributes, we propose
proposed a protected MA-ABE scheme under the random oracle model an attribute revocation mechanism based on CP-ABE. It conducts
(ROM). In [20], the authors also suggested an MA-ABE scheme for the instant attribute revocation through the group key attribute
multi-authority to support large attribute domains. In another arti- and retains the control of fine-grained access.
cle [21], an MA-ABE technique is investigated to support decryption • Our proposed CP-ABE scheme supports the outsourcing mecha-
offloading compute-intensive tasks. However, it does not achieve en- nisms for both encryption and decryption process. It reduces the
cryption offloading compute-intensive tasks, and hence, it is not suit- computational burden of the end-users and improves the overall
able for fog environments. Although the authors incorporate the ABE computational efficiency of the system.
technique’s multi-authority, none of the existing methods realize the • We compare our scheme with an existing state-of-the-art scheme
attribute revocation and outsourcing computation in their work. [13]. The results indicate that our mechanism is reliable and
Due to the frequent changes of the user’s permissions, the sys- efficient than an existing method.
tem must revoke the user’s attributes [22]. In this regard, most of
the ABE schemes focus on how to implement more abundant access The rest of the paper is written as follows. After the introduction in
strategies. However, most of them also ignore the attribute revocation Section 1, the system model is explained in Section 2. Section 3 intro-
in the encryption stage [23]. For instance, the proxy re-encryption duces our suggested algorithm. The simulation results are presented in
technology is introduced into attribute revocation in [24]. The main Section 4. Finally, the paper is concluded in Section 5.
2
S. Tu et al. Computer Networks 195 (2021) 108196
The system and security models are discussed in this section. First, Our proposed MA-ABE technique includes six steps, i.e., initializa-
we propose a three-layer system model based on ‘‘cloud–fog-terminal’’ tion (𝑆𝑒𝑡𝑢𝑝), Key Generation (𝐾𝑒𝑦𝐺𝑒𝑛), Encryption (𝐸𝑛𝑐.),
as depicted in Fig. 1. The system model is comprised of central au- Re-Encryption (Re-Enc), Decryption (𝐷𝑒𝑐) and Attribute Revocation.
thority, attribute authority, cloud service provider, fog server, and
end-users. The fog servers are the base stations (BSs) and are responsi- 3.1. Phase 1: initialization (𝑆𝑒𝑡𝑢𝑝)
ble for connecting the end-users through the wireless network. In our
proposed system model, the central Authority (𝐶𝐴) is accountable to Let 𝑔 be a generator of 𝐺, and 𝑈 denotes the set (universe) of
set global public parameters (𝐺𝑃 ). In addition, it is responsible for attributes. 𝐴𝐼𝐷 denotes the set of all attribute authorities, and 𝑈 𝐼𝐷
both end-users and attributes authority (𝐴𝐴𝑠) registration queries. For denotes the set of global identities of all end-users. In the rest of the
each end-user, the 𝐶𝐴 creates a unique global user identity (𝑢𝑖𝑑) and initialization (𝑆𝑒𝑡𝑢𝑝) phase, we have the following steps.
a unique authority identity (𝑎𝑖𝑑) for every 𝐴𝐴.
The attribute authority (𝐴𝐴) performs the attribute authority’s duty 3.1.1. Global initialization (𝐺𝑙𝑜𝑏𝑎𝑙𝑆𝑒𝑡𝑢𝑝)
to control the end-users attributes. The 𝐴𝐴 can approve, revoke, and According to the security parameters (𝜆), 𝐶𝐴 chooses a bilinear
upgrade the user’s attributes in compliance with the end-users identity map, i.e., 𝑒 ∶ 𝐺 ∗ 𝐺 → 𝐺𝑇 , where 𝐺 and 𝐺𝑇 are two multiplicative
identifier and attribute characteristics. It is to be noted that every 𝐴𝐴 cyclic groups of prime order 𝑝. The function 𝐻 maps user identities
determines the public key (𝐴𝑃 𝐾) and provides end-users with secret 𝑢𝑖𝑑 𝜖 𝑈 𝐼𝐷 to the elements of 𝐺. Also, the function 𝐹 maps the users’
keys (𝐴𝑆𝐾). The cloud service provider (𝐶𝑆𝑃 ) has the data storage and attributes to the elements of 𝐺. The 𝑇 is the mapping of end-user
management functions’ responsibility, including data storage server attributes to the 𝐴𝐴. Hence, the global public parameters (𝐺𝑃 ) are
and data management server. In the attribute revocation stage, the given as follows.
revoked user’s access can be prevented by re-encrypting the cipher- ( )
𝐺𝑃 = 𝐺, 𝐺𝑇 , 𝑝, 𝑔, 𝑒, 𝑈 , 𝐴𝐼𝐷, 𝑈 𝐼𝐷, 𝐻, 𝐹 , 𝑇 . (1)
text by the 𝐶𝑆𝑃 . Moreover, the fog servers involved in the process of
encryption and decryption tasks. The data owners (𝐷𝑂𝑠) outsources a
part of the cipher-text to the fog servers, and the end-users outsources 3.1.2. Attribute authority initialization (𝐴𝐴𝑆𝑒𝑡𝑢𝑝)
a part of the decryption process. Consequently, it alleviates the compu- For the identity authority, i.e., 𝑎𝑖𝑑 𝜖 𝐴𝐼𝐷, 𝐴𝐴 chooses two random
tational burden of the end-users. The 𝐷𝑂𝑠 define the data access policy numbers, i.e., 𝛼𝑎𝑖𝑑 , 𝛽𝑎𝑖𝑑 𝜖 Z𝑝 and the corresponding public key (𝐴𝑃 𝐾)
that needs to be encrypted. It also specifies the authentic end-users that and secret key (𝐴𝑆𝐾) are generated as follows.
can access and define the scope of the authorized user. Once the end- ( )
𝐴𝑃 𝐾𝑎𝑖𝑑 = 𝑒 (𝑔, 𝑔)𝛼𝑎𝑖𝑑 , 𝑔 𝛽𝑎𝑖𝑑 , (2)
users identified, the private data can then be encrypted. The end-users
can download and decrypt the data from cloud server via fog servers and
if they want to access the data. The data can only be viewed by those ( )
𝐴𝑆𝐾𝑎𝑖𝑑 = 𝛼𝑎𝑖𝑑 , 𝛽𝑎𝑖𝑑 . (3)
who adhere to the access policies, thereby ensuring fine-grained access
control. In the next section, we will explain our proposed MA-ABE The overall description for the initialization (𝑆𝑒𝑡𝑢𝑝) phase is sum-
technique. marized in our proposed Algorithm 1.
3
S. Tu et al. Computer Networks 195 (2021) 108196
Algorithm 1 Phase 1: Initialization (𝑆𝑒𝑡𝑢𝑝) contained in the access policy, 𝑛 reflects the amount of computation
required for secret reconstruction, and function 𝜌 maps each row 𝑀𝑖
Require:
of 𝑀 to an attribute 𝜌 (𝑖). Next, the data owner sends access policy
𝑝: Prime order,
𝐴 = (𝑀, 𝜌) to the fog server. The following steps are involved in this
𝑔: Generators,
phase.
𝑒: A bilinear map,
𝑒 ∶ 𝐺 ∗ 𝐺 → 𝐺𝑇 ;
𝑈 : Set (universe) of attributes, 3.3.1. Fog node encryption (𝐹 𝑜𝑔𝐸𝑛𝑐.)
𝐴𝐼𝐷: Set of all attribute authorities, The fog server chooses a random number 𝑟1 , … , 𝑟𝑙 𝜖 Z𝑝 , and two
( )𝑇 ( )𝑇
𝑈 𝐼𝐷: Set of global identities of all users, random vectors 𝑧 = 0, 𝑧2 , … , 𝑧𝑛 and 𝑣 = 𝑠, 𝑣2 , … , 𝑣𝑛 , where 𝑠
∗
𝜖 Z𝑝 is the secret to being shared. It computes 𝜆𝑖 = 𝑀𝑖 𝑣 and 𝑤𝑖 =
𝐻: Maps user identities 𝑢𝑖𝑑 𝜖 𝑈 𝐼𝐷 to elements of 𝐺,
𝐹 : Maps users’ attributes to elements of 𝐺, 𝑀𝑖 𝑧, 𝑖 = 1, 2, … , 𝑙. The function 𝐻 maps each row 𝑀𝑖 of 𝑀 to the
𝑇 : Maps users’ attributes to the attribute authority, authority who issues attribute 𝜌 (𝑖). Consequently, it computes 𝐶1,𝑖 =
𝛼𝑎𝑖𝑑 , 𝛽𝑎𝑖𝑑 𝜖 Z𝑝 : random numbers, 𝑒 (𝑔, 𝑔)𝜆𝑖 𝑒 (𝑔, 𝑔)𝛼𝛿(𝑖) 𝑟𝑖 , 𝐶2,𝑖 = 𝑔 −𝑟𝑖 , 𝐶3,𝑖 = 𝑔 𝛽𝛿(𝑖) 𝑟𝑖 𝑔 𝑤𝑖 and 𝐶4,𝑖 = 𝐹 (𝜌 (𝑖))𝑟𝑖 ,
Ensure: the cipher-text is computed as follows.
( ) ( {
Compute 𝐺𝑃 = 𝐺, 𝐺𝑇 , 𝑝, 𝑔, 𝑒, 𝑈 , 𝐴𝐼𝐷, 𝑈 𝐼𝐷, 𝐻, 𝐹 , 𝑇 , 1
} )
𝐶𝑇𝑜𝑢𝑡 = 𝐴, 𝐶1,𝑖 , 𝐶2,𝑖 , 𝐶3,𝑖 , 𝐶4,𝑖 𝑖𝜖[𝑙] . (5)
for 𝑎𝑖𝑑 𝜖 𝐴𝐼𝐷 do
( )
Compute 𝐴𝑃 𝐾𝑎𝑖𝑑 = 𝑒 (𝑔, 𝑔)𝛼𝑎𝑖𝑑 , 𝑔 𝛽𝑎𝑖𝑑 ,
( ) 3.3.2. Data Owner Encryption (𝐷𝑂𝐸𝑛𝑐.)
Compute 𝐴𝑆𝐾𝑎𝑖𝑑 = 𝛼𝑎𝑖𝑑 , 𝛽𝑎𝑖𝑑 ,
end for The 𝐷𝑂 chooses a random 𝐷𝐾 ∈ Z𝑝 , and encrypts the data 𝑚
with 𝐷𝐾 using symmetric encryption algorithm 𝑆𝐸, denoted as 𝐶 =
𝑆𝐸𝐷𝐾 (𝑚). Then, it computes 𝐶0 = 𝐷𝐾 ⋅ 𝑒 (𝑔, 𝑔)𝑠 . The 𝐷𝑂 outputs to
cipher-text 𝐶𝑇 is given as
3.2. Phase 2: key generation (𝐾𝑒𝑦𝐺𝑒𝑛) ( { } )
𝐶𝑇 = 𝐴, 𝐶, 𝐶0 , 𝐶1,𝑖 , 𝐶2,𝑖 , 𝐶3,𝑖 , 𝐶4,𝑖 𝑖𝜖[𝑙] . (6)
The key generation (𝐾𝑒𝑦𝐺𝑒𝑛) algorithm includes two parts, i.e., the
The 𝐷𝑂 sends the cipher-text 𝐶𝑇 to the fog server, and the fog
private key generation algorithm and the attribute group key genera-
server uploads the received cipher-text 𝐶𝑇 to the 𝐶𝑆𝑃 , which then
tion algorithm. The entire process is as follows.
re-encrypts the cipher-text as summarized in Algorithm 3.
3.2.1. User private key generation (SKGen)
𝑆𝑢𝑖𝑑,𝑎𝑖𝑑 is a set of attributes owned by end-user 𝑢𝑖𝑑. For each Algorithm 3 Phase 3: Encryption (𝐸𝑛𝑐.)
attribute 𝑖𝜖𝑆𝑢𝑖𝑑,𝑎𝑖𝑑 , 𝐴𝐴 first chooses a random number 𝑡𝑖 𝜖 Z𝑝 . Then, Require:
it computes 𝐾𝑢𝑖𝑑,𝑖 = 𝑔 𝛼𝑎𝑖𝑑 𝐻 (𝑢𝑖𝑑)𝛽𝑎𝑖𝑑 𝐹 (𝑖)𝑡𝑖 and 𝐾𝑢𝑖𝑑,𝑖
′ = 𝑔 𝑡𝑖 . Finally, it 𝐴 = (𝑀, 𝜌): An access policy,
outputs the end-user secret key as given by 𝑟1 , … , 𝑟𝑙 𝜖 Z𝑝 : Random numbers,
({ } ) ( )𝑇
′ 𝑧 = 0, 𝑧2 , … , 𝑧𝑛 : A random vector,
𝑆𝐾𝑆,𝑢𝑖𝑑,𝑎𝑖𝑑 = 𝐾𝑢𝑖𝑑,𝑖 , 𝐾𝑢𝑖𝑑,𝑖 . (4) ( )𝑇
𝑖𝜖𝑆𝑢𝑖𝑑,𝑎𝑖𝑑 𝑣 = 𝑠, 𝑣2 , … , 𝑣𝑛 : A random vector,
𝐷𝐾: A random number,
3.2.2. Attribute group key generation (AttrGroupKeyGen)
𝑚: Data,
First, 𝐴𝐴 generates a binary 𝐾𝐸𝐾 tree for all users. In the 𝐾𝐸𝐾
𝑆𝐸: Symmetric encryption algorithm,
tree, each node is set to a random number [35]. Each end-user is
Ensure:
assigned to the leaf node of the tree. Afterwards, each end-user receives
Compute 𝐶 = 𝑆𝐸𝐷𝐾 (𝑚),
the path key 𝑃 𝐴𝑇 𝐻𝑡 from its leaf node to the tree’s root node [36].
{ Compute 𝐶0 = 𝐷𝐾 ⋅ 𝑒 (𝑔, 𝑔)𝑠 ,
For example, the path key of 𝑢2 is 𝑃 𝐴𝑇 𝐻2 = 𝐾𝐸𝐾9 , 𝐾𝐸𝐾4 , 𝐾𝐸𝐾2 ,
} for 𝑖 𝜖 [𝑙] do
𝐾𝐸𝐾1 . Finally, the attribute authority, 𝑎𝑖𝑑, selects random numbers
Compute 𝐶1,𝑖 = 𝑒 (𝑔, 𝑔)𝜆𝑖 𝑒 (𝑔, 𝑔)𝛼𝛿(𝑖) 𝑟𝑖 ,
𝐴𝐺𝐾𝑥 𝜖 Z𝑝 as attribute group keys as described in Algorithm 2. In the
Compute 𝐶2,𝑖 = 𝑔 −𝑟𝑖 ,
Re-Enc. phase, the path key is used by 𝐶𝑆𝑃 to encrypt the attribute
Compute 𝐶3,𝑖 = 𝑔 𝛽𝛿(𝑖) 𝑟𝑖 𝑔 𝑤𝑖 ,
group key.
Compute 𝐶4,𝑖 = 𝐹 (𝜌 (𝑖))𝑟𝑖 ,
( {
1 = 𝐴, 𝐶 , 𝐶 , 𝐶 , 𝐶
})
Compute 𝐶𝑇𝑜𝑢𝑡 4,𝑖 ,
( 1,𝑖
{
2,𝑖 3,𝑖
} )
Algorithm 2 Phase 2: Key Generation (𝐾𝑒𝑦𝐺𝑒𝑛)
Compute 𝐶𝑇 = 𝐴, 𝐶, 𝐶0 , 𝐶1,𝑖 , 𝐶2,𝑖 , 𝐶3,𝑖 , 𝐶4,𝑖 𝑖𝜖[𝑙] .
Require: end for
𝑡𝑖 𝜖 Z𝑝 : A random number;
Ensure:
for 𝑖 𝜖 𝑆𝑢𝑖𝑑,𝑎𝑖𝑑 do 3.4. Phase 4: Re-Encryption ( Re-Enc.)
Computes 𝐾𝑢𝑖𝑑,𝑖 = 𝑔 𝛼𝑎𝑖𝑑 𝐻 (𝑢𝑖𝑑)𝛽𝑎𝑖𝑑 𝐹 (𝑖)𝑡𝑖 ,
′ 𝜌 (𝑖) linked with the access policy 𝐴 of 𝐶𝑇 for each attribute.
Computes 𝐾𝑢𝑖𝑑,𝑖 = 𝑔 𝑡𝑖 ,
( ′
) The appropriate attribute group key 𝐴𝐺𝐾𝜌(𝑖) is utilized to re-encrypt
Compute 𝑆𝐾𝑆,𝑢𝑖𝑑,𝑎𝑖𝑑 = 𝐾𝑢𝑖𝑑,𝑖 , 𝐾𝑢𝑖𝑑,𝑖 , the ciphertext, 𝐶𝑇 . The re-encrypted ciphertext 𝐶𝑇 ′ is calculated as
end for follows.
( { )
Generates a binary KEK tree ∀ users, ( )𝐴𝐺𝐾𝜌(𝑖) }
Selects random numbers 𝐴𝐺𝐾𝑥 𝜖 Z𝑝 as attribute group keys. 𝐶𝑇 ′ = 𝐴, 𝐶, 𝐶0 , 𝐶1,𝑖 , 𝐶2,𝑖 , 𝐶3,𝑖 , 𝐶4,𝑖
′
= 𝐶4,𝑖 . (7)
𝑖𝜖[𝑙]
In the 𝐾𝐸𝐾 tree, 𝐶𝑆𝑃 selects the minimum root coverage set,
( )
3.3. Phase 3: encryption (𝐸𝑛𝑐.) i.e., 𝐾𝐸𝐾 𝐺𝑖 . It can cover all leaf nodes associated with the user
{ } ( ) {
set. For example, 𝐺𝑖 = 𝑢1 , 𝑢2 , 𝑢3 , 𝑢4 , 𝑢7 , 𝑢8 , and 𝐾𝐸𝐾 𝐺𝑖 = 𝐾𝐸𝐾2 ,
}
The encryption algorithm includes fog server encryption and 𝐷𝑂𝑠 𝐾𝐸𝐾7 . Finally, the header information is generated by
encryption algorithms. First, the 𝐷𝑂𝑠 defines an access policy 𝐴 = ( { ( )} )
(𝑀, 𝜌), where 𝑀 is the 𝑙 × 𝑛 matrix, where l is the number of attributes 𝐻𝑑𝑟 = ∀𝑦𝜖𝑌 ∶ 𝐸𝐾 𝐴𝐺𝐾𝜌(𝑦) 𝐾𝜖𝐾𝐸𝐾 (𝐺 ) , (8)
𝑦
4
S. Tu et al. Computer Networks 195 (2021) 108196
where Y is the set of attributes contained in the access policy and Algorithm 5 Phase 5: Decryption (𝐷𝑒𝑐.)
( )
𝐸𝐾 𝐴𝐺𝐾𝜌(𝑦) is symmetric encryption algorithms. The summary of the
Require:
overall process of phase 4 is given in Algorithm 4.
𝐴𝐺𝐾𝜌(𝑖) : Attribute group key,
𝑧 𝜖 Z𝑝 : A random number,
Algorithm 4 Phase 4: Re-Encryption (Re-Enc.)
Require: 𝐴𝐺𝐾𝜌(𝑖) : attribute group key, Ensure:
Ensure: for 𝜌 (𝑖) 𝜖 𝑆𝑢𝑖𝑑,𝑎𝑖𝑑 do
( ′ )1∕𝐴𝐺𝐾𝜌(𝑖)
for 𝑖 𝜖 [𝑙] do
( { ∗
′ ( )𝐴𝐺𝐾𝜌(𝑖) }) Compute 𝐾𝑢𝑖𝑑,𝜌(𝑖) = 𝐾𝑢𝑖𝑑,𝜌(𝑖)
{
,
}
𝐶𝑇 ′ = 𝐴, 𝐶, 𝐶0 , 𝐶1,𝑖 , 𝐶2,𝑖 , 𝐶3,𝑖 , 𝐶4,𝑖 = 𝐶4,𝑖 , ′ ∗
Compute 𝑆𝐾𝑆,𝑢𝑖𝑑,𝑎𝑖𝑑 = 𝐾𝑢𝑖𝑑,𝜌(𝑖) , 𝐾𝑢𝑖𝑑,𝜌(𝑖) ,
end for ( )
1 1∕𝑧
for 𝑦 𝜖 𝑌 do Compute 𝐾𝑢𝑖𝑑,𝜌(𝑖) = 𝐾𝑢𝑖𝑑,𝜌(𝑖) ,
({ ( )} ) ( )1∕𝑧
compute 𝐻𝑑𝑟 = 𝐸𝐾 𝐴𝐺𝐾𝜌(𝑦) 𝐾𝜖𝐾𝐸𝐾 (𝐺 ) . 2
Compute 𝐾𝑢𝑖𝑑,𝜌(𝑖) ∗
= 𝐾𝑢𝑖𝑑,𝜌(𝑖) ,
𝑦
end for { }
1
Compute 𝑂𝑆𝐾𝑆,𝑢𝑖𝑑 = 𝐾𝑢𝑖𝑑,𝜌(𝑖) 2
, 𝐾𝑢𝑖𝑑,𝜌(𝑖) ,
𝜌(𝑖)
3.5. Phase 5: Decryption (𝐷𝑒𝑐.) end for
for 𝑖 𝜖 [𝑙] do
′ 1∕𝑧
The decryption algorithm includes three parts, i.e., pre-decryption Compute 𝐶1,𝑖 = 𝐶1,𝑖 ,
′ 1∕𝑧
algorithm, fog server decryption algorithm, and user decryption algo- Compute 𝐶3,𝑖 = 𝐶3,𝑖 ,
( { ′ })
rithm. The following steps are involved in this phase. ′′ ′ ′
Compute 𝐶𝑇 = 𝐴, 𝐶, 𝐶0 , 𝐶1,𝑖 , 𝐶2,𝑖 , 𝐶3,𝑖 , 𝐶4,𝑖 ,
end for
3.5.1. Pre-decryption (pre-dec)
Compute 𝐵 = 𝑒 (𝑔, 𝑔)𝑠∕𝑧 ,
If the user attribute set does not satisfy the access policy, i.e., 𝑆𝑢𝑖𝑑 ∋ {
2 = 𝐴, 𝐶, 𝐶 , 𝐵 ,
}
Compute 𝐶𝑇𝑜𝑢𝑡 0
𝐴, end-user outputs invalid sign, i.e., ⊥. Otherwise, the end-user de- ( )𝑧
crypts the header information by using the intersection of the path key Compute𝐷𝐾 = 𝐶𝑜 ∕𝐵 = 𝐶0 ∕ 𝑒 (𝑔, 𝑔)𝑠∕𝑧 .
𝑧
and the minimum root node coverage set to obtain the attribute group
key. The end-user takes the attribute group key 𝐴𝐺𝐾𝜌(𝑖) to compute
( )1∕𝐴𝐺𝐾𝜌(𝑖)
∗
𝐾𝑢𝑖𝑑,𝜌(𝑖) ′
= 𝐾𝑢𝑖𝑑,𝜌(𝑖) . Finally, the user updates the private key 3.6. Phase 6: Attribute revocation
by
{ }
′ ∗ The attribute revocation phase is illustrated in algorithm 6 and
𝑆𝐾𝑆,𝑢𝑖𝑑,𝑎𝑖𝑑 = 𝐾𝑢𝑖𝑑,𝜌(𝑖) , 𝐾𝑢𝑖𝑑,𝜌(𝑖) . (9)
𝜌(𝑖)𝜖𝑆𝑢𝑖𝑑,𝑎𝑖𝑑 includes two parts, i.e., attribute group key update algorithm and
The user chooses the random number 𝑧 𝜖 Z𝑝 to compute 𝐾𝑢𝑖𝑑,𝜌(𝑖) 1 = cipher-text update algorithm. The attribute revocation phase has the
( )1∕𝑧 ( )1∕𝑧 following steps.
𝐾𝑢𝑖𝑑,𝜌(𝑖) 2 ∗
and 𝐾𝑢𝑖𝑑,𝜌(𝑖) = 𝐾𝑢𝑖𝑑,𝜌(𝑖) , and generate the outsourcing
private keys as given by 3.6.1. Attribute group key update (KeyUpdate)
{ }
1
𝑂𝑆𝐾𝑆,𝑢𝑖𝑑 = 𝐾𝑢𝑖𝑑,𝜌(𝑖) 2
, 𝐾𝑢𝑖𝑑,𝜌(𝑖) . (10) When user attribute 𝑥 is revoked, 𝐴𝐴 re-selects the new attribute
𝜌(𝑖)𝜖𝑆𝑢𝑖𝑑 group key 𝐴𝐺𝐾𝑥′ 𝜖 Z𝑝 for attribute 𝑥, then sends the new attribute group
Next, the user computes ′
𝐶1,𝑖
1∕𝑧 ′ =𝐶
= 𝐶1,𝑖 and 𝐶3,𝑖
1∕𝑧
, and modify the key and the updated attribute user group to 𝐶𝑆𝑃 .
3,𝑖
cipher-text as
( { } ) 3.6.2. Cipher-text update (CTUpdate)
𝐶𝑇 ′′ = 𝐴, 𝐶, 𝐶0 , 𝐶1,𝑖
′ ′
, 𝐶2,𝑖 , 𝐶3,𝑖 ′
, 𝐶4,𝑖 , [𝑙] = {1, 2, … , 𝑙} . (11) When 𝐶𝑆𝑃 receives a revocation request, it selects randomly 𝑟′1 , … ,
𝑖𝜖[𝑙] ( )𝑇 ( )𝑇
𝑟𝑙 ∈ Z𝑝 , 𝑣′ = 𝑠′ , 𝑣′2 , … , 𝑣′𝑛
′ and 𝑧′ = 0, 𝑧′2 , … , 𝑧′𝑛 , and computes
Finally, end-users outsourced the private key. The modified cipher- 𝜆′𝑖 = 𝑖 𝑣′ and 𝑤′𝑖 = 𝑖 𝑧′ . Then, it updates the cipher-text as
text is sent to the fog server.
⎛ 𝐴, 𝐶 = 𝑆𝐸𝐷𝐾 (𝑚) , 𝐶0 = 𝐷𝐾 ⋅ 𝑒 (𝑔, 𝑔)𝑠′ , ⎞
⎜ 𝜆′ 𝛼 𝑟′ ⎟
3.5.2. Fog Server Decryption (Fog.Dec)
{ } ⎜ ⎧ 𝐶1,𝑖 = 𝑒 (𝑔, 𝑔) 𝑖 𝑒 (𝑔, 𝑔) 𝛿(𝑖) 𝑖 , ⎫ ⎟
The fog server sets 𝐼 = 𝑥 ∶ 𝜌 (𝑥) 𝜖𝑆𝑢𝑖𝑑 and computes constants ⎜ ⎪ ′ ⎪ ⎟
{ } ∑ 𝐶 = 𝑔 𝑟𝑖 ,
𝑐𝑥 𝜖Z𝑝 𝑥𝜖𝐼 , such that 𝑥𝜖𝐼 𝑐𝑥 𝑀𝑥 = (1, 0, … , 0). It then computes 𝐶𝑇 ∗ = ⎜ ⎪ 2,𝑖 ′ ′
⎪ ⎟. (14)
⎜ ⎨ 𝐶3,𝑖 = 𝑔 𝛽𝛿(𝑖) 𝑟𝑖 𝑔 𝑤𝑖 , ⎬ ⎟
∏( ( ) ( ) ( ))𝑐𝑥 ⎜ ⎪ ( ) ′
′ 𝐴𝐺𝐾𝑢
⎪ ⎟
𝐵= ‘ ⋅ 𝑒 𝐾1
𝐶1,𝑥 ′
, 𝐶2,𝑥 ⋅ 𝑒 𝐻 (𝑢𝑖𝑑) , 𝐶3,𝑥 2
⋅𝑒 𝐾𝑢𝑖𝑑,𝜌(𝑖) ′
, 𝐶4,𝑥 , ⎜ ⎪⎩ 𝐶4,𝑖 = 𝐹 𝜌 (𝑖) 𝑖 𝑟 ⎪
⎭𝑖∈[𝑙] ⎟
𝑥𝜖𝐼
𝑢𝑖𝑑,𝜌(𝑖) ⎝ ⎠
∏( )𝑐
= 𝑒 (𝑔, 𝑔)𝜆𝑥 ∕𝑧 𝑒 (𝐻 (𝑢𝑖𝑑) , 𝑔)𝑤𝑥 ∕𝑧 𝑥 , Finally, the header information is regenerated as
𝑥∈𝐼 ( { ( )} )
𝐻𝑑𝑟 = ∀𝑦𝜖𝑌 ∶ 𝐸𝐾 𝐴𝐺𝐾𝜌(𝑦) ‘ (15)
= 𝑒 (𝑔, 𝑔)𝑠∕𝑧 . (12) ( ) .
𝐾𝜖𝐾𝐸𝐾 𝐺𝑦
2
{ }
Finally, the fog server sends the cipher-text 𝐶𝑇𝑜𝑢𝑡 = 𝐴, 𝐶, 𝐶0 , 𝐵 to
the end-user. 4. Performance analysis
3.5.3. User decryption (user dec.) We illustrate the security analysis and computational analysis in the
2 from the fog server, then
After the user receives the cipher-text 𝐶𝑇𝑜𝑢𝑡 performance analysis section.
compute,
( )𝑧 4.1. Security analysis
𝐷𝐾 = 𝐶𝑜 ∕𝐵 𝑧 = 𝐶0 ∕ 𝑒 (𝑔, 𝑔)𝑠∕𝑧 , (13)
Users can decrypt plain-text 𝑚 by using symmetric key 𝐷𝐾 as summa- The security analysis is divided into three aspects, i.e., data confi-
rized in Algorithm 5. dentiality, anti-collusion, and forward/backward security.
5
S. Tu et al. Computer Networks 195 (2021) 108196
6
S. Tu et al. Computer Networks 195 (2021) 108196
Fig. 2. Computing overhead of the KeyGen algorithm. Fig. 4. Computing overhead of the Dec algorithm.
Fig. 3. Computing overhead of the Enc algorithm. Fig. 5. The computational overhead of the attribute revocation algorithm.
attribute per 𝐴𝐴 is 20. Furthermore, the difference of key generation attributes per 𝐴𝐴, i.e., 20, the operation time is less than 0.1s in our
time is 0.25s between our proposed scheme and work are done in [13], case. Hence, our proposed scheme is better than the scheme presented
when the number of attribute per 𝐴𝐴 is 8.
in [13]. The results indicate that our proposed scheme outsources most
Fig. 3 describes the encryption algorithm’s operation time versus the
of the computation to the fog server for encryption and decryption
number of attributes per 𝐴𝐴. It is noticed that the operation time of
operations. Consequently, it decreases the overhead computation. Our
the encryption algorithm of schemes [13] increases linearly with the
proposed scheme is more acceptable for those devices with limited
number of attributes per 𝐴𝐴. On the other hand, the operation time
computing resources and, hence, meets fog applications’ requirements.
of the encryption algorithm of our scheme is approximately constant
Our final experiment is regarding the computation time and the
even if the number of attributes per 𝐴𝐴 increases. This is because,
number of revoked attributes. The computational overhead of the
in our proposed scheme, the encryption process is outsourced to the
attribute revocation algorithm is shown in Fig. 5. Observe from Fig. 5,
fog servers. For instance, the operation time of encryption algorithm
the operation time for the revocation algorithm increases linearly with
is 2.1s in the case of [13] at 20 attributes per 𝐴𝐴. At the same
the increase in the number of attributes to be revoked.
attributes per 𝐴𝐴, i.e., 20, the encryption process’s operation time is
approximately 0.5s. This shows that the operation time of encryption
in our proposed case is 1.5s lower than the existing scheme in [13]. 5. Conclusion
Hence, it is concluded that our proposed scheme outperforms [13].
From Fig. 4, it can be seen that the operation time of 𝐷𝑒𝑐. algorithm Several problems exist in the attribute-based encryption mechanism
of scheme [13] increases linearly with the increase of the number of at- for fog environments, such as the attribute revocation, computational
tributes. On the other side, the operation time of 𝐷𝑒𝑐. algorithm of our efficiency, and security issue of a single authorization center. There-
scheme is constant. This is because the decryption process is outsourced fore, we proposed multi-authority attribute-based encryption (MA-ABE)
to the fog servers. For example, the operation time of decryption scheme that supports an efficient attribute revocation, which out-
process is 1s at 20 attributes per 𝐴𝐴 in case of [13]. At the same sources a part of the encryption and decryption operations to the
7
S. Tu et al. Computer Networks 195 (2021) 108196
fog servers. Hence, the outsourcing process reduces the computational [17] J. Zhao, P. Zeng, K.K.R. Choo, An efficient access control scheme with out-
overhead of the end-users. After security analysis in our proposed sourcing and attribute revocation for fog-enabled E-health, IEEE Access 9 (2021)
13789–13799.
scheme, we also analyzed the computational overhead through simu-
[18] S. Banerjee, B. Bera, A.K. Das, S. Chattopadhyay, M.K. Khan, J.J.P.C. Rodrigues,
lation results. The results indicate that our proposed scheme has better Private blockchain-envisioned multi-authority CP-ABE-based user access control
efficiency and reliability than the existing scheme and meets the appli- scheme in IIoT, Comput. Commun. 169 (2021) 99–113.
cation requirements of the actual fog environment. The communication [19] P.S.K. Oberko, V.H.K.S. Obeng, H. Xiong, A survey on multi-authority and
delays and the energy consumption due to the transmission process are decentralized attribute-based encryption, J. Ambient Intell. Humaniz. Comput.
(2021).
not considered in this work. Thus, we will consider the communications
[20] Y. Rouselakis, B. Waters, Efficient statically-secure large-universe multi-
delay and energy consumptions in the future work. . authority attribute-based encryption, in: International Conference on Financial
Cryptography and Data Security, 2015, pp. 315–332.
Declaration of competing interest [21] Z. Liu, Z.L. Jiang, X. Wang, S.M. Yiu, Practical attribute-based encryption:
Outsourcing decryption, attribute revocation and policy updating, J. Netw.
Comput. Appl. 108 (2018) 112–123.
The authors declare that they have no known competing finan-
[22] R. Guo, G. Yang, H. Shi, Y. Zhang, D. Zheng, O-R-CP-ABE: An efficient and
cial interests or personal relationships that could have appeared to revocable attribute-based encryption scheme in the cloud-assisted IoMT system,
influence the work reported in this paper. IEEE Internet Things J. (2021).
[23] S. Tu, Y. Huang, C.M.S. Magurawalage, L. Peng, Z. Zhou, Access control system
Acknowledgments based cloudlet and ABE on mobile cloud, Internet Technol. 17 (7) (2016)
1443–1451.
[24] Y. Tu, G. Yang, J. Wang, Q. Su, A secure, efficient and verifiable multimedia
This work is supported in part by the Beijing Natural Science data sharing scheme in fog networking system, Cluster Comput. 24 (2021)
Foundation, China (No. 4212015), Natural Science Foundation of China 225–247.
(No. 61801008), China Ministry of Education - China Mobile Scientific [25] J. Hur, D.K. Noh, Attribute-based access control with efficient revocation in
data outsourcing systems, IEEE Trans. Parallel Distrib. Syst. 22 (7) (2010)
Research Foundation (No. MCM20200102), China Postdoctoral Sci-
1214–1221.
ence Foundation (No. 2020M670074), Beijing Municipal Commission [26] S. Wang, X. Zhang, Y. Zhang, Efficient revocable and grantable attribute-based
of Education Foundation (No. KM201910005025). encryption from lattices with fine-grained access control, IET Inf. Secur. 12 (2)
(2018) 141–149.
References [27] H. Zheng, J. Shao, G. Wei, Attribute-based encryption with outsourced decryption
in blockchain, Peer-to-Peer Netw. Appl. 13 (2020) 1643–1655.
[28] S. Tu, et al., Tracking area list allocation scheme based on overlapping
[1] K. Tange, M. De Donno, X. Fafoutis, N. Dragoni, A systematic survey of industrial
community algorithm, Comput. Netw. 173 (2020) 107182.
internet of things security: requirements and fog computing opportunities, IEEE
[29] J. Li, et al., Efficient and secure outsourcing of differentially private data
Commun. Surv. Tutor. 22 (4) (2020) 2489–2520, (Fourthquarter).
publishing with multiple evaluators, IEEE Trans. Dependable Secure Comput.
[2] Y. Meng, S. Tu, J. Yu, F. Huang, Intelligent attack defense scheme based on
(2020).
DQL algorithm in mobile fog computing, J. Vis. Commun. Image Represent. 65
[30] M. Green, S. Hohenberger, B. Waters, et al., Outsourcing the decryption of abe
(2019) 102656.
ciphertexts, in: USENIX Security Symposium, vol. 2011, no. 3, 2011.
[3] S. Tu, M. Waqas, S.U. Rehman, M. Aamir, O.U. Rehman, Z. Jianbiao, C.C. Chang,
[31] J. Li, Y. Zhang, J. Ning, X. Huang, G.S. Poh, D. Wang, Attribute based encryption
Security in fog computing: A novel technique to tackle an impersonation attack,
with privacy protection and accountability for cloudIoT, IEEE Trans. Cloud
IEEE Access 6 (2018) 74993–75001.
Comput. (2020).
[4] M. Waqas, Y. Niu, Y. Li, M. Ahmed, D. jin, S. Chen, Z. Han, A comprehensive sur-
[32] X. Mao, J. Lai, Q. Mei, K. Chen, J. Weng, Generic and efficient constructions
vey on mobility-aware D2D communications: principles, practice and challenges,
of attribute-based encryption with verifiable outsourced decryption, IEEE Trans.
IEEE Commun. Surv. Tutor. 22 (3) (2020) 1863–1886, (thirdquarter).
[5] S. Xu, J. Yuan, G. Xu, Y. Li, X. Liu, Y. Zhang, Z. Ying, Efficient ciphertext-policy Dependable Secure Comput. 13 (5) (2015) 533–546.
attribute-based encryption with blackbox traceability, Inform. Sci. 538 (2020) [33] C. Zuo, J. Shao, G. Wei, M. Xie, M. Ji, CCA-secure ABE with out-
19–38. sourced decryption for fog computing, Future Gener. Comput. Syst. 78 (2018)
[6] M. Waqas, M. Ahmed, J. Zhang, Y. Li, Confidential information ensurance 730–738.
through physical layer security in device-to-device communication, in: IEEE [34] M. Sulaiman, Z. Halim, M. Lebbah, M. Waqas, S. Tu, An evolutionary computing-
Global Communications Conference, GLOBECOM, Abu Dhabi, U.A.E, 2019, pp. based efficient hybrid task scheduling approach for heterogeneous computing
1–7. environment, J. Grid Comput. 19 (11) (2021).
[7] M. Waqas, M. Ahmed, Y. Li, D. Jin, S. Chen, Social-aware secret key generation [35] L. Li, Z. Wang, N. Li, Efficient attribute-based encryption outsourcing scheme
for secure device-to-device communication via trusted and non-trusted relays, with user and attribute revocation for fog-enabled IoT, IEEE Access 8 (2020)
IEEE Trans. Wireless Commun. 17 (6) (2018) 3918–3930. 176738-176749.
[8] Y. Zhang, R.H. Deng, S. Xu, J. Sun, Q. Li, D. Zheng, Attribute-based encryption [36] W. Zhao, X. Dong, Z. Cao, J. Shen, A revocable publish-subscribe scheme using
for cloud computing access control: A survey, ACM Comput. Surv. 53 (4) (2020) CP-ABE with efficient attribute and user revocation capability for cloud sys-
41. tems, in: IEEE 2nd International Conference on Electronics and Communication
[9] M. Haus, M. Waqas, A.Y. Ding, Y. Li, S. Tarkoma, J. Ott, Security and privacy Engineering, ICECE, Xi’an, China, 2019, pp. 31–35.
in device-to-device (D2D) communication: A review, IEEE Commun. Surv. Tutor. [37] M. Tanveer, G. Abbas, Z.H. Abbas, et al., Securing 6LoWPAN using authenticated
19 (2) (2017) 1054–1079, (Secondquarter). encryption scheme, Sensors 20 (9) (2020) 2707.
[10] S. Tu, M. Waqas, Y. Meng, S. Rehman, I. Ahmad, A. Koubaa, Z. Halim, M. Hanif, [38] M. Zeng, Y. Li, K. Zhang, M. Waqas, D. Jin, Incentive mechanism design
C.C. Chang, C. Shi, Mobile fog computing security: A user-oriented smart attack for computation offloading in heterogeneous fog computing: A contract-based
defense strategy based on DQL, Comput. Commun. 160 (2020) 790–798. approach, in: IEEE International Conference on Communications, ICC, Kansas
[11] M. Waqas, Y. Niu, M. Ahmed, Y. Li, D. Jin, Z. Han, Mobility-aware fog computing City, MO, USA, 2018, pp. 1–6.
in dynamic environments: Understandings and implementation, IEEE Access 7 [39] M. Sulaiman, Z. Halim, M. Waqas, D. Aydin, A hybrid list-based task scheduling
(2018) 38867–38879. scheme for heterogeneous computing, J. Supercomput. (2021).
[12] M. Ali, J. Mohajeri, M.R. Sadeghi, X. Liu, A fully distributed hierarchical [40] A. Bag, D. Basu Roy, S. Patranabis, D. Mukhopadhyay, Flexipair: An auto-
attribute-based encryption scheme, Theoret. Comput. Sci. 815 (2020) 25–46. mated programmable framework for pairing cryptosystems, IEEE Trans. Comput.
[13] Y. Rouselakis, B. Waters, Efficient statically-secure large-universe multi-authority (2021).
attribute-based encryption, in: Financial Cryptography and Data Security, in: [41] S. Tu, et al., Reinforcement learning assisted impersonation attack detection
Lecture Notes in Computer Science, vol. 8975, Springer, Berlin, Heidelberg, 2015. in device-to-device communications, IEEE Trans. Veh. Technol. 70 (2) (2021)
[14] A. Alrawais, A. Alhothaily, C. Hu, X. Xing, X. Cheng, An attribute-based 1474–1479.
encryption scheme to secure fog communications, IEEE Access 5 (2017) [42] S. Lauer, On several verifiable random functions and the q-decisional bilin-
9131–9138. ear Diffie-Hellman inversion assumption, in: Proceedings of the 5th ACM on
[15] Y. Hei, J. Liu, H. Feng, D. Li, Y. Liu, Q. Wu, Making MA-ABE fully accountable: A ASIA Public-Key Cryptography Workshop, APKC’18, Association for Computing
blockchain-based approach for secure digital right management, Comput. Netw. Machinery, New York, NY, USA, 2018, pp. 45–51.
191 (2021) 108029.
[16] L. Zhang, J. Ren, Y. Mu, B. Wang, Privacy-preserving multi-authority
attribute-based data sharing framework for smart grid, IEEE Access 8 (2020)
23294–23307.