An Attribute-Based Encryption Scheme to Secure Fog Communications

Alrawais, Arwa; Alhothaily, Abdulrahman; Hu, Chunqiang; Xing, Xiaoshuang; Cheng, Xiuzhen

doi:10.1109/access.2017.2705076

Cited by 136 publications

(54 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Arwa et al [1] proposed an attribute-based encryption scheme to maintain fog communications security. Designed to provide authentic, confidential communications among a group of fog nodes, it made use of a key-exchange protocol based on the CP-ABE algorithm.…”

Section: Communication Among Fog Nodesmentioning

confidence: 99%

An Encryption-Based Approach to Protect Fog Federations from Rogue Nodes

Alshehri

Panda

2019

Security, Privacy, and Anonymity in Computation, Communication, and Storage

View full text Add to dashboard Cite

People have used cloud computing approach to store their data remotely. As auspicious as this approach is, it brings forth many challenges: from data security to time latency issues with data computation as well as delivery to end users. Fog computing has emerged as an extension for cloud computing to bring data processing and storage close to end-users; however, it minimizes the time latency issue but still suffers from data security challenges. For instance, when a fog node providing services to end users is compromised, the users' data security can be violated. Thus, this paper proposes a secure and fine-grained data access control scheme by integrating the Ciphertext Policy Attribute-Based Encryption (CP-ABE) algorithm and blockchain concept to prevent fog nodes from violating end users' data security in a situation where a compromised fog node is being ousted. We also classify the fog nodes into fog federations, based on their attributes such as services and locations, to minimize the time latency and communication overhead between fog nodes and cloud server. Further, the exploitation and integration of the blockchain concept and the CP-ABE algorithm enables fog nodes in the same fog federation to perform the authorization process in a distributed manner. In addition, to solve time latency and communication overhead problems, we equip every fog node with an off-chain database to store most frequently accessed data files for specific time, and with an on-chain access control policies table (On-chain Files Tracking Table) which must be protected from being tampered by malicious (rogue) fog nodes. Therefore, blockchain plays a vital role here as it is tamper-proof by nature. We demonstrate our scheme's efficiency and feasibility by designing algorithms and conducting a security analysis. The provided analysis shows that the proposed scheme is efficient and feasible in ousting malicious (rogue) fog nodes.

show abstract

Section: Communication Among Fog Nodesmentioning

confidence: 99%

An Encryption-Based Approach to Protect Fog Federations from Rogue Nodes

Alshehri

Panda

2019

Security, Privacy, and Anonymity in Computation, Communication, and Storage

View full text Add to dashboard Cite

show abstract

“…However, the computation cost during encryption process was high. An efficient key exchange protocol [11] was proposed based on the CP-ABE technique to establish the secure communications among the users. This protocol was mainly proposed for encrypted key exchange based on CP-ABE that combines encryption and signature for achieving a fine-grained data access control, confidentiality, authentication and verifiability.…”

Section: Literature Surveymentioning

confidence: 99%

Round Trip Latency Based Authentication Scheme in Fog-Enabled Cloud Computing System

Nagarani¹,

Kousalya²

2019

IJRTE

View full text Add to dashboard Cite

In fog-enabled cloud computing framework, one of the most challenges is security promises due to the compromised passwords. To overcome this issue, different multifactor authentication schemes have been developed that requires additional authentication credentials along with the standard password to authenticate the login. Among those schemes, Communication Latency-based Authentication Scheme (CLAS) increases the protection of conventional web authentication schemes by leveraging the Round Trip network communication Latency (RTL) between clients and authenticators together with standard password. It uses RTL of clients to secure against password compromise. On the other hand, it can support compromise of either the password or the profiled location of a user. This makes it susceptible to same location attacks. As a result, an integration of additional profiling features is needed to attain more robust and flexible defense against password compromise. Hence in this paper, an extended CLAS is proposed that mainly investigates the mobility and same location challenges in CLAS. Initially, the legitimate login failures are solved by handling both selective and arbitrary mobility of users. For selective mobility case, CLAS generates an individual profile for each location and the user may be granted access if his/her real-time login profile matches any of the stored reference profiles. For arbitrary mobility case, CLAS is integrated with two-factor authentication mechanism to authenticate the user. In addition, the defense against Mimic attacks is improved by utility metric-based location anonymization and obfuscation of RTL algorithms. By using these algorithms, the user’s locations are anonymized and the values of RTL are obfuscated to defend against user compromise attempts for impersonating the RTL by getting nearer to the user location. Moreover, a keystroke dynamics measure is introduced with obfuscated RTL measures to effectively defend the same location attacks. This technique alleviates the potential impacts of network instabilities on RTL measurements. As well, it increases the authentication sample space and so improves the security guarantee of CLAS. Finally, the simulation outcomes illustrate that an extended CLAS has the ability to reduce both false positive and false negative rates.

show abstract

“…Second, it uses long-term keys that would not be updated or revoked. Authors in [19] propose a key exchange protocol based on policy-attribute encryption to provide confidentiality, authentication and access control to fog servers. In their architecture, a centralized key generator server is responsible for distributing keys to all entities, while cloud is responsible for defining access control policies.…”

Section: Related Workmentioning

confidence: 99%

Towards An Efficient Key Management and Authentication Strategy for Combined Fog-to-Cloud Continuum Systems

Kahvazadeh¹,

Masip-Bruin²,

Díaz³

et al. 2018

2018 3rd Cloudification of the Internet of Things (CIoT)

View full text Add to dashboard Cite

Fog-to-cloud systems have emerged as a novel concept intended to improve service performance by considering fog and cloud resources in a coordinated way. In such a heterogeneous scenario, security provisioning becomes necessary, hence novel security solutions must be designed to handle the highly distributed fog-to-cloud nature. In the security area, key distribution and authentication are referred to as two critical pillars for a successful security deployment. Unfortunately, traditional centralized key distribution and authentication approaches do not meet the particularities brought by a Fog-tocloud system due to its distributed nature. In this paper, we propose a novel distributed key management and authentication (DKMA) strategy to make Fog-to-cloud systems as secure as possible. The paper ends up presenting some results assessing the benefits of the proposed strategy in terms of traffic and delay reduction.

show abstract

An Attribute-Based Encryption Scheme to Secure Fog Communications

Cited by 136 publications

References 15 publications

An Encryption-Based Approach to Protect Fog Federations from Rogue Nodes

An Encryption-Based Approach to Protect Fog Federations from Rogue Nodes

Round Trip Latency Based Authentication Scheme in Fog-Enabled Cloud Computing System

Towards An Efficient Key Management and Authentication Strategy for Combined Fog-to-Cloud Continuum Systems

Contact Info

Product

Resources

About