A fine-grained bilateral access control scheme under policy and attribute hiding for cloud-fog-assisted IoT

Abstract

Cloud-fog computing-based Internet of Things (IoT) applications can store and analyze numerous data resources, but they also face security risks such as untrustworthy cloud servers and unauthorized data access. To protect data privacy and achieve fine-grained access control, Ciphertext-Policy Attribute-based Encryption (CP-ABE) technology has been widely adopted. However, two critical challenges remain in practical applications: how to prevent sensitive attributes from leaking user privacy during data sharing and how to filter the target ciphertexts from massive encrypted data. Therefore, this paper proposes a Fine-Grained Bilateral Access Control Scheme under Policy and Attribute Hiding for Cloud-Fog-Assisted IoT (BAC-PAH), allowing both data owners and visitors to define access policies for outsourced data autonomously. Specifically, a policy-attribute hiding method based on the cuckoo filter and the ElGamal encryption algorithm is designed to realize privacy protection of the access policy and the attribute set. Based on this, a fine-grained bilateral access control scheme based on CP-ABE is developed to ensure accurate matching and authorized decryption of the target ciphertexts, thereby achieving flexible many-to-many access control. Finally, we derive the security proof using game hopping and demonstrate the superiority of BAC-PAH through extensive experiments.