0% found this document useful (0 votes)

50 views15 pages

A Scalable and Auditable Secure Data Sharing Scheme With Traceability For Fog-Based Smart Logistics - Done

This document proposes a new scheme called LUTPDS for secure data sharing in fog-based smart logistics systems. Existing solutions have limitations regarding large data volumes, scalability across multiple clouds, user privacy, and data integrity. LUTPDS aims to simultaneously achieve data access control, integrity protection, traceability of misuse, privacy preservation, and scalability. It utilizes a large universe multi-authority ciphertext-policy attribute-based encryption scheme with access policy hiding and traceability. Online/offline encryption and verifiable outsourced decryption provide high efficiency. The scheme is designed to address the security and performance challenges of fog-based smart logistics applications.

Uploaded by

Adrian Blades

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

50 views15 pages

A Scalable and Auditable Secure Data Sharing Scheme With Traceability For Fog-Based Smart Logistics - Done

Uploaded by

Adrian Blades

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 15

This article has been accepted for publication in IEEE Internet of Things Journal.

This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2022.3220850

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 1

A Scalable and Auditable Secure Data Sharing

Scheme with Traceability for Fog-Based Smart
Logistics
Yanbo Yang, Jiawei Zhang, Ximeng Liu, Senior Member, IEEE and Jianfeng Ma, Member, IEEE

Abstract—Smart Logistics (s-Logistics) has become more and advanced into a new era with the help of the Internet of
more popular driven by intelligent Internet of Things (IoT) Things (IoT) technique which deploys pervasive smart IoT
which deploys pervasive smart devices in s-Logistics systems. The devices in supply chains and transportation systems to gather
explosive growth of s-Logistics data collected by these resource-
limited IoT devices enables Fog-based s-Logistics that provides significant data (i.e, s-Logistics data) from cargo, workflow
data outsourcing and sharing services via multiple clouds within and transportation vehicles for status monitoring, tracking,
small latency. Nevertheless, it also gives rise to prominent security analysis, route optimization, predication, etc [3]. As a result,
risks of user privacy leakage considering malicious users and the s-Logistics data are growing exposively in these systems
data integrity violation with untrusted cloud servers, which are and it is no longer appropriate to store these data locally in
severe to s-Logistics systems and cannot be addressed by simple
encryption. To solve these issues, in this paper, we propose an IoT devices [4]. Thus, how to store and share the s-Logistics
efficient Large Universe and Traceable Privacy-preserving Data data of big volume and high value is a serious problem for
Sharing (LUTPDS) for Fog-based s-Logistics. It simultaneously s-Logistics besides its advantages.
achieves data access control, data integrity protection, key escrow To deal with the difficulties and satisfy the requirements of
and abuse resistance, user privacy preserving and scalability. We short time-delay in s-Logistics applications, many solutions
devise a large universe and multi-authority Ciphertext-Policy
Attribute-Based Encryption (CP-ABE) scheme in which access adopt the architecture of Cloud-Fog-IoT shown in Fig 1 for
policy hiding mechanism is used for user privacy preserving, data storage and sharing in s-Logistics systems (i.e, Fog-based
while white-box tracing and certificateless public data integrity s-Logistics) [5]. It not only enables small latency in data
auditing techniques are employed to resist key abuse and escrow access with Fog Computing but also can alleviate local burden
problems. In addition, online/offline encryption and verifiable of resource-constraint IoT devices by providing unlimited
outsourced decryption are leveraged for high efficiency and
cloud encryption is utilized to extend to multiple clouds. In resources and convenient data outsourcing and sharing services
the end, we formally prove the security of our scheme for via cloud [6], [7]. However, the scalability problems and exten-
indistinguishability of chosen plaintext attack (IND-CPA) security sive security concerns have been more and more prominent.
and traceability. Detailed performance evaluation with extensive The resources of a single cloud may be insufficient for the
experiments shows that our scheme is practicable for s-Logistics fast growing s-Logistics data [8]. Moreover, as to the security
compared with existing schemes.
concerns, for one thing, s-Logistics data are outsourced in
Index Terms—Fog-based Smart logistics, multi-authority CP- cloud and shared across large amounts of users which may
ABE, public data integrity auditing, verifiable outsourced de- cause data leakage via unauthorized access [9]. For another
cryption, traceability.
thing, users’ data are maintained by cloud which can easily
reveal the private information embedded in s-Logistics data
I. I NTRODUCTION or even violate the integrity of these data by deleting those
unfrequently accessed records for cost saving or hiding the
N OWADAYS, Smart Logistics (s-Logistics) plays an es-
sential role in modern e-commerce and retail industry
and has become more and more popular in people’s daily lives
fault of data loss caused by software or hardware malfunctions
[10], [11]. Therefore, it is urgent to protect the confidentiality,
due to its intelligence and convenience [1]. More than 86% of fine-grained access control and integrity of users’ data in Fog-
consumers respect s-Logistics as an important part of their based s-Logistics.
online shopping experience [2]. Recently, many pioneering s- As a countermeasure to data confidentiality and fine-grained
Logistics platforms, e.g., Amazon, Alibaba, etc, have been access control, many cloud data sharing schemes [12]–[15]
have been proposed using Ciphertext-Policy Attribute-Based
J. Zhang and J. Ma are with the School of Cyber Encryption (CP-ABE) [16]. In general CP-ABE schemes, data
Engineering and the State Key Laboratory of Integrated
Services Networks, Xidian University, Xi’an, China (e-mail: is encrypted for confidentiality and stored in cloud together
[email protected];[email protected];[email protected]). with specific access policies for fine-grained access control
Y. Yang is with the School of Information Engineering, Inner Mon- [17]. Nevertheless, existing CP-ABE schemes still confront
golia University of Science & Technology and the State Key Laboratory
of Integrated Services Networks, Xidian University, Xi’an, China (email: many limitations when directly leveraged in s-Logistics sys-
[email protected]) tem. First of all, the s-Logistics systems are usually in large
X. Liu is with the College of Computer and Big Data, Fuzhou University, scale which requires large attribute universe. Gao et al. [18]
Fuzhou 350116, China, and the State Key Laboratory of Integrated Services
Networks, Xidian University, Xi’an, China (e-mail: [email protected]) presented a CP-ABE scheme for data sharing supporting large
J. Zhang is the co-first author and corresponding author. attribute universe but suffered from severe low efficiency and

© 2022 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: University of Technology Jamaica. Downloaded on January 24,2023 at 17:52:14 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in IEEE Internet of Things Journal. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2022.3220850

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 2

Cloud CA/AA way, they cannot guarantee the fine-grained access control and
Attacker
high efficiency.
Storage Center Storage Center
As a summary, when adopting Cloud-Fog-IoT architecture
for s-Logistics data sharing, data security including access
DB Servers
Serv
rv
vver
ers DB Serv
Servers
v rs
ver
ve control and integrity protection is essential and incurs several
Attacker
problems. To break through the aforementioned limitations,
in this paper, we propose a Large Universe and Traceable
Fog
Privacy-preserving Data Sharing (LUTPDS) scheme to address
Attacker the problems of data sharing in s-Logistics system including
Node Node Node Ciphertext
scalability, user privacy leakage in access policy, key-escrow
and key abuse problems, bounded attribute universe, data
integrity violation and low efficiency. In particular, our main
IoT Gatewayy
contributions are listed as follow:
• LUTPDS achieves scalability, key escrow and key abuse
Trator
resistance, unbounded attribute universe and user privacy
S
School
preserving in access policies at the same time for s-
Hous Mall
House Logistics data sharing in multiple clouds by devising a
Transportation
Smart
mart Device
Sma
Smart
S t Cit
City multi-authority and fully hidden access policy CP-ABE
scheme with white-box user tracing mechanism.
• To guarantee the data integrity and eliminate the high
Fig. 1: An example of Cloud-Fog-IoT architecture
computation and storage burden in resource-limited IoT
devices of s-Logistics systems, LUTPDS integrates the
certificateless public data integrity auditing mechanism
super complexity with predict encryption mechanism. Mean- and online/offline technique together with verifiable out-
time, the studies in [19], [20] proposed two large universe sourced decryption into the designed CP-ABE scheme in
CP-ABE schemes for data sharing but failed to resist the key a non-trivial way.
escrow and abuse problems caused by centralized attribute • We present formal security analysis for LUTPDS to
authority. Zhang et al. [21] solved the problems in large show that it is static secure in random oracle model
universe CP-ABE schemes by integrating multi-authority and and full traceable. Moreover, the detailed performance
white-box tracing mechanism but it faces the bottleneck of low evaluation with extensive simulation experiments by im-
efficiency in computation. The work [22] proposed another plementations demonstrates that LUTPDS is practicable
multi-authority CP-ABE with large attribute universe, but it and suitable for Fog-Based s-Logistics.
cannot support flexible and expressive access policy. Thus,
Therefore, with the proposed LUTPDS for Fog-based s-
practical data sharing scheme in s-Logistics should provide
Logistics data sharing, the data access control can be guar-
efficient, key escrow and key abuse free mechanism with large
anteed in the first place with features of fine granularity,
attribute universe.
distributed environment, large attribute universe and attribute
Furthermore, the cleartext access policies stored in cloud in privacy preserving, together with data integrity protection and
conventional CP-ABE schemes may reveal user privacy [19]. higher efficiency for practical applications.
For example, in s-Logistics systems, the access policy ”{Name The rest of this paper is organized as follows. We review
= Lee, Position = Doctor, Ientity = 1234-56789, Address some related work in Section II. In Section III, we present the
= 77 Massachusetts Avenue}” declares the authorization for summary of notations and definitions used in our proposal.
access but reveals the user’s privacy including the identity, Section IV gives the system and threat model of our scheme
address information and cloud servers or attackers can infer the together with formal system definition and security model.
privacy of authorized users, which is unacceptable for users. Based on this, we describe in detail the constructions of our
Zhang et al. [23] proposed a partially policy-hidden CP-ABE proposed scheme in Section V. In Section VI, we analyze the
scheme for user privacy preserving but incured low efficiency security of our scheme and present its performance evaluation.
with composite ordered bilinear groups. To improve efficiency, Finally, the conclusion of our work is summarized in Section
[24], [25] proposed two privacy-preserving CP-ABE schemes VII.
based on prime ordered bilinear groups and Wang et al. [26]
further improved their efficiency with outsourced computing
technique. However, all of these schemes still suffered from II. R ELATED W ORK
key escrow problem. Fan et al. [27] solves the problem with In this section, we will introduce some related work in the
multi-authority mechanism, but it lacks the support for large field of smart logistics and ABE-based data access control.
universe and integrity protection for shared data in untrusted Then, we give a comparison between some state-of-the-art data
cloud which may bring about security risks to s-Logistics access control schemes with our proposal.
systems. Although the schemes in [11], [28]–[31] proposed These days, Smart Logistics has become prevalent all over
several excellent data shariing schemes with public data in- the world and the necessity in people’s daily lives with its high
tegrity protection mechanism in centralized or decentralized quality and convenience in shopping, corresponding and cargo

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 3

transporting, etc. Benefited from IoT, mobile communication, these schemes cannot guarantee the data integrity in regard to
cloud computing, s-Logistics is developing into a new era. untrusted cloud. Recently, Cui et al. [28] raised a key escrow
Lee et al. [32] proposed a smart logistics system based on free public data auditing scheme in data sharing. Then, Garg
IoT for warehouse management. Then, Wen et al. [33] studied et al. [31] improved the efficiency in public data auditing
the robotics control and communication in smart logistics and the works in [11], [29], [30] make some progress in
and Su et al. [34] researched the vehicle routing for smart solving untrusted auditor. However, they cannot address the
logistics systems. To deal with the problem of the sharing fine-grained access in data sharing and have no ability of
and outsourcing of s-Logistics data of huge volume to reduce scalability for multiple clouds to hold explosive growing s-
the heavy burden in IoT devices and improve the quality of Logistics data.
service, the works in [1] and [4] present the idea of Cloud-
based s-Logistics systems. However, most of the existing s- TABLE I: Function Comparison
Logistics technologies do not consider the severe security and
Scheme F1 F2 F3 F4 F5 F6 F7 F8 F9
privacy concerns on s-Logistics data sharing which need to be Scheme [21] X × × × × X X X ×
urgently addressed for further application. Scheme [50] X X × × × × X × ×
The promising CP-ABE enables confidentiality and flexible Scheme [43] X × × X X × X × ×
fine-grained access control in data sharing [16]. Nevertheless, Scheme [28] × × X × × × × × ×
Scheme [31] × × X × × × × × ×
its centralized authority incurs single point failure and key
Scheme [29] × × X × × × × × X
escrow problem, which motivates multi-authority CP-ABE Scheme [37] X × × X X × X × ×
or decentralized CP-ABE [35]–[37], but these schemes also Scheme [19] X X × × X X × X ×
face the bottleneck of bounded attributes. Thus, Rouselakis Scheme [27] X X × X X × X × ×
et al. [38] proposed large universe CP-ABE with the feature LUTPDS X X X X X X X X X
of unbounded attributes and flexibility, which motivates the Note. F1 : Fine-grained access control; F2 : User privacy preserving; F3 :
Data integrity auditing; F4 : Online/offline encryption; F5 : Outsourced
following works, e.g. [19], [20]. To achieve both key escrow decryption; F6 : User tracing; F7 : Multiple authorities; F8 : Large attribute
and abuse resistance and large universe, recently, Zhang et universe; F9 : Scalability to multiple clouds.
al. [21] proposed a CP-ABE scheme by combining multi-
authority CP-ABE [39] and large universe together with white- To seek a solution for data sharing in Fog-based s-Logistics
box traceability, and Banerjee et al. [22] presented another that can support data confidentiality, fine-grained access con-
decentralized CP-ABE supporting large universe and with trol, data integrity, efficient encryption and decryption, key
constant-size key and ciphertext. However, they still suffer escrow and key abuse free, large attribute universe and scala-
from the issue of low efficiency. bility at the same time, we devise our scheme LUTPDS, while
To reduce the computation cost in encryption, the first most of existing schemes cannot satisfy these requirement of
online/offline ABE scheme was proposed by [40], in which s-Logistics – see Table I for the advantages of LUTPDS.
the encrytion process is divided into two phrase: online and
offline phrase that takes on all major computation costs III. P RELIMINARIES
of online while the resource-constrained devices are being In this section, we provide the notations and definitions
charged. Based on this, the schemes in [41], [42] designed used in our work including access structure and complexity
the fully secure and verifiable mechanism for online/offline assumptions.
encryption, respectively and Li et al. [43] developed it into
intermediate pool technique. With respect to the cost for
A. Notations
decryption, Green et al. [44] introduced the idea of outsourced
decryption into ABE. Later, Lai et al. [45] developed a Throughout this paper, we use the following notations
verifiable outsourced decryption ABE scheme to guarantee the described in Table II.
correctness of outsourced decryption in untrusted cloud and TABLE II: Notation Descriptions
motivated the following works in [37], [46] to alleviate the
burden in end devices for decryption. Notations Descriptions
Since user privacy risk is a long-time concern in CP-ABE Zp an integer set modulo a prime number p
schemes considering the cleartext access policy in ciphertexts [l1, l2] set {l1, l1 + 1, · · · , l2} containing consecutive integers
[n] the set that contains {1, · · · , n}
[47], the hidden policy CP-ABE schemes come as a solution.
|S| the size of the set S
To hide the sensitive information in access policy, Zhang et Ua , U A attribute universe and authority universe
al. [23] proposed a CP-ABE scheme with partially hidden GP R the global public key
access policy supporting large universe and expressive policy. P KGID public key of user GID
To reduce its high computation with composite bilinear group, SKGID secret key of user GID
DKGID,S user decryption key
Cui et al. [48] proposed an identical scheme based on prime T KGID,S user transformation key
order groups with verifiable outsourced decryption. For higher IT intermediate ciphertext pool for encryption
security, Zhou et al. [49] proposed a fully hidden policy CP- CT, CTt final ciphertext and transformed ciphertext
0
ABE but introduces high computation cost. Then, the works CTt part of transformed ciphertext for data integrity auditing
00
in [27], [50] proposed two efficent and key escrow free CP- CTt transformed ciphertext components for user decryption
ABE schemes that supports fully hidden policy. However,

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 4

B. Access Structure A. System and Threat Model

Definition 1. (Access Structure [5]). Let L1 , · · · , Ln be a set In our system, as shown in Fig.2, we introduce seven differ-
of entities. M is a subset of 2{L1 ,··· ,Ln } . On condition that ent entities: Smart Logistics Cloud (SLC), Central Authority
∀E, F : if E ∈ M and E ⊆ F, then F ∈ M holds, (CA), Attribute Authorities (AA), Public Auditing Server
M is monotonic. The access structure is such a collection of (PAS), Fog Nodes (FN), Data Owner (DO) and Data User
the nonempty subsets in L1 , · · · , Ln \∅. The component set of (DU).
M are defined as authorized sets used to describe authorized
• SLC provides users with centralized data outsourcing and
users, and others are unauthorized sets.
sharing services as well as unlimited storage and compu-
tational resources. It also supports cloud encryption and
C. Linear Secret Sharing Schemes (LSSS)
decryption for multiple cloud scalability and key escrow
Definition 2. (LSSS [17]). LSSS is the expression of access resistance.
structure over the attribute universe Ua . It is defined as (A, ρ) • CA is in charge of system initialization by generating
including a x × y share-generating matrix A over Zp and a global public parameters and master keys for the whole
map ρ from each row Ax of A into an attribute in Ua . Given system. It also provides a part of secret key generation
a secret value s and a vector ϑ = (s, θ2 , · · · , θy )T , where for users to resist key escrow.
θ2 , · · · , θy ∈R Zp , then ξx = Ax · ϑ is a share of s. Moreover, • AA is a key entity that takes charges of user attributes
forV any authorized set L ∈ (A, ρ) and I = {k|ρ(k) ∈ management and decryption distribution. There are multi-
P k ∈ [x]}, there exists a constancePset {ωk }k∈I satisfies
L ple AAs in the system, each of which manages a disparate
k∈I ωk Ak = (1, 0, · · · , 0) and thus k∈I ωk ξx = s. set of attributes in the system to address single point
failure and key escrow problems.
D. Cryptographic Background and Complexity Assumptions • PAS is responsible for data integrity auditing by inter-
Definition 3. (Bilinear Maps [13]): Assuming X1 and X2 are action with SLC in the challenge and response mode
two multiplicative cyclic groups of prime order p and f is a to protect the outsourced s-Logistics data from being
generator of group X1 . ê : X1 × X1 → X2 is considered to violated by corrupted cloud servers.
be a bilinear map if it satisfies: 1) • FN is an entity that is deployed in the merge of SLC
1) Bilinear: ê(f x , hy ) = ê(f, h)xy , ∀x, y ∈ Zp , h ∈ X1 . and can supply outsourced decryption service for users
2) Non-degenerate: ê(f, f ) 6= 1. to achieve short time-delay in data access and eliminate
3) Computable: ê is feasible to be computed. high computation in smart devices of s-Logistics.
• DO collects important information from devices of Smart
Definition 4. (q-DPBDHE2 assumption [39]). Given T = Logistics System and uploads the massive s-Logistics
i i
(X1 , p, ê, f, f a , {f b }i∈[2q],i6=q+1 , {f cj b }(i,j)∈[2q,q],i6=q+1 , data to SLC through FN which are encrypted with
abi c /c
0
{f a/ci }i∈[q] , {f j j }
(i,j,j 0 )∈[q+1,q,q],j6=j 0 ), we can define designated access policy for data confidentiality and fine-
q+1
the q-DPBDHE2 problem as differentiating ê(f, f )ab from grained access control. Moreover, DO can prepare offline
Z ∈R X2 . If no Probabilistic Polynomial Time (PPT) al- ciphertext components while devices are accessing the
gorithm can solve the q-DPBDHE2 problem with a non- power source and generate final ciphertext online after
neglighble advantage, q-DPBDHE2 assumption holds. the data is given to save computational cost.
• DU access the shared ciphertexts of s-Logistics data from
Definition 5. (l-SDH assumption [25]). Assuming a (l + 1)- SLC and downloads the transformed ciphertexts through
2 l
tuple (h, hx , hx , · · · , hx ), the l-SDH problem is to output a FN if he is authorized. DU can further output plaintext of
2 l
pair (c, h1/1+c ) ∈ Zp × Gx . If |Pr [A(h, hx , hx , · · · , hx ) = s-Logistics data he needs after verification. Besides, the
(c, h1/x+c )]| ≥ ε for an algorithm A randomly choosing x ∈ traitor of DU that illegally leaks his decryption key for
Zp , then the advantage for an algorithm solving the problem benefit will be traced by anyone of the system.
is ε.
In our system of LUTPDS, PAS and DO are regarded as
If no probabilistic polynomial time (PPT) algortihm A can
the fully trusted entities while the FN is considered to be
solve the l-SDH problem with the advantage at least ε, then
untrusted which is curious about the transmitted ciphertext
the l-SDH assumption holds.
and may intentionally leak or modify the content of data
Definition 6. (Computational Diffie-Hellman (CDH) assump- when executing outsourced decryption. CA, AAs and SLC
tion [28]). Given the muliplicative group G∗ of prime order are regarded as semi-honest entity which prefers to perform
p with its generator g0 ∈ G∗ and g x , g y ∈R G∗ , where honestly but may disclose the private data in an “honest-but-
x, y ∈R Zp , the CDH problem is to output g xy ∈ G∗ . If it can curious” manner. CA and AAs are in charge of key generation
be solved with negligible advantage, then CDH assumption for user and bring about the risk of key escrow by collusion to
holds. master the whole secret keys and decryption keys of users in
order to illegally access the outsourced data. SLC maintains
IV. P ROBLEM F ORMULATION large amounts of user data and has the ability to eavesdrop
In this section, we present the system model and threat shared s-Logistics data or even violates the data integrity
model of our proposal first. At the end, we give its formal by accident or on purpose. Besides, malicious DU may be
system definition and security model. unauthorized to access the sensitive data, whereas can also try

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 5

Smart Logistics Cloud

SKL PKL CA
Storage Center Storage Center
Cloud Public
Decryption Parameters
Servers DB Servers DB
...
Outsourced Cloud
Decryption encryption/decryption AA1 AAn

Secret Key
Data Auditing FN FN
Ciphertext Decryption
Key
PAS Data Access
Hidden
Policy Data Data Upload TK

City B Trace
City C City A

Data User Data User Traitor

Data Owner

Fig. 2: The system model of LUTPDS for s-Logistics

to break the data security and privacy of DO. In this paper, DO CA AAj SLC FN DU PAS
we declare that the SLC and AAs cannot collude with each Initialization SetupGlobal SetupAA SetupSLC

other, which is reasonable in real-world applications.

UKeyGen
UKeyGen
Registration DKeyGen

TKeyGen

B. System Definition Encryptoff

Encryption
We present the formal definition of our proposal that Encrypton
Data Upload

consists of several algorithms. In system initialization phase, Data Forward

SetupGlobal algorithm is executed by CA to initiate the system Data access Data access

Cloud
and SetupAA algorithm is used to set up each AA while Decryption
Data Integrity Auditing

SetupSLC algorithm is run for SLC initialization. In user Download Audit

Decryption Transform
enrollment phase, U KeyGen algorithm is utilized to generate Download

user key pair by CA and DKeyGen algorithm is executed by Verification

Result

AA to distribute decryption key for users while T KeyGen Decryption

is run by users for transformation key generation. In data

Key Sanity Check
encryption phase, Encryptof f and Encrypton algorithms ex- User Tracing
User Identification

ecute together for efficient data encryption. In data decryption

phase, FN leverages T ransf orm algorithm for outsourced
decryption. After successful verification by PAS with Audit Fig. 3: The workflow of LUTPDS
algorithm, DU can use Decrypt algorithm to recover data
plaintext. In the whole system, any entity can achieve public
user tracing with T race algorithm. 1) Static security: The static security of our proposal
with multiple authority allows that a set of authorities to be
Fig.3 shows the general workflow of LUTPDS which in-
corrupted chosen by adversary. The static security is defined as
cludes different phases of system initialization, user enroll-
following with interactions of an adversary A and a challenger
ment, data encryption, data decryption and user tracing, as
C:
well as the algorithms defined in System Definition IV-B.
• Setup. The challenger C runs SetupGlobal to initiate the
system and generates the global public key GP R which
C. Security Model is sent to the adversary A.
• Phase 1. The adversary A chooses a set of corrupted
The security requirements of LUTPDS need the static secu- authorities AAC ⊂ UA and generates the public keys
rity, traceability and data integrity security which are defined of these authorities by itself. Then, it issues following
as follows. queries:

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 6

– It selects the authorities that are not corrupted as – H0 query: A issues this query for H0 to C.
AAN ⊂ UA for their authority public keys. – H2 query: A issues this query for H2 to C.
– It chooses a set of valid users {GIDi }i∈[m] for their – SK1 query: A issues this query with global identity
public and secret key pairs. GID for SKGID,1 to C.
– It issues a set of transformation key queries – SK2 query: A issues this query with global identity
with global identity and attribute set pairs GID for SKGID,2 to C.
{(GIDT i , Si )}i∈[n] , where Si ⊂ Ua and – S query: A issues this query with file F for signature
f1 (Si ) AAC = ∅. generation to C which then executes U KeyGen and
• Challenge. The adversary A submits two equal-length Encrypton algorithms to generates the signatures for
messages M0 , M1 and a challenging access policy (A, ρ) F . At the end, C returns the signatures back to A.
to C. Note that the Si in Phase 1 and the attribute • Challenge: C is in the role of auditor and sends the
set SAAC mastered by corrupted authorities does not challenge request Rc = {k, vk }k∈[n] to A as a prover
satisfy (A, ρ). The challenger C responses the queries of for data possession proof.
A with authority public keys {AP Kj }j∈AAN and user • Forge: A sends the data posession proof Rp under the
decryption keys {DKGIDi ,Si }i∈n with corresponding challenge request Rc . A breaks the security only if Rp
transformation keys. It also outputs the corresponding can pass the auditing of C with non-negligible probability.
ciphertext CT by randomly picks a bit b ∈ {0, 1} and
Definition 9. LUTPDS secure in data auditing against a
encrypting Mb with encryption algorithm.
corrupted CA if no PPT adversary can break the data auditing
• Guess. The adversary A outputs the guess b0 of b. If
game with non-negligible advantage.
b0 = b, it wins the game and the advantage is defined as
below:
1 V. T HE P ROPOSED S CHEME FOR F OG - BASED S -L OGISTICS
AdvA = |Pr[b0 = b] − |.
2 In this section, we describe first the overview of the
Definition 7. LUTPDS has static security against statically techniques utilized in LUTPDS for s-Logistics data access
corrupted authorities in random oracle model if no PPT control together with its workflow and then present its concrete
adversary can break the static security game with a non- construction.
negligible advantage.
2) Traceability: The traceability of our scheme is modeled A. Overview of techniques in LUTPDS
through a security game between adversary A and challenger To address the problems of data sharing in Cloud-Fog-based
C as follows: s-Logistics, we adopt the setting of Fog-based IoT architecture
Init: C executes SetupGlobal , SetupAA algorithm to initiates for short time-delay in service provision. Considering data se-
the system and sends the global public key GP R and authority curity, we devise the LUTPDS scheme based on CP-ABE with
public key {AP Kj } to A. multi-authority and verifiable outsourced decryption to realize
Key Query: A conducts n queries for decryption key gen- efficient data sharing in large scale s-Logistics systems. In our
eration with (GID1 , S1 ), proposal, to avoid user collision, each user in such a distributed
· · · , (GIDn , Sn ), where GIDi and Si are the global identity architecture is bound up with a Global Identity (GID) [21].
and attribute set, respectively. Then, C runs DKeyGen to To resist key abuse, any malicious user who aims to gain
derive decryption keys for A illegal interest by leaking their decryption key to unauthorized
Key Forgery: A outputs a decryption key DK ∗ . outsiders will be revealed by white-box tracing mechanism.
If A can win the game, then for a well-formed As a solution for key escrow problem with corrupted CA and
decryption key DK ∗ , T race(GP R, DK ∗ , {AP Kj }) ∈ / AAs, we leverage the certificateless mechanism and multi-
{null, GID1 , · · · , GIDn }. Thus, the advantage of A in win- authority CP-ABE to prevent user secret key and decryption
ning the game is: keys from being mastered by a central authority and single
attribute authority, respectively. However, the authorities in
AdvA = Pr [T race(GP R, DK ∗ , {AP Kj }) ∈
/ {null,
multi-authority CP-ABE schemes may collude to recover the
GID1 , · · · , GIDn }]. information of user decryption keys. To this end, we design
Definition 8. LUTPDS has traceability if no PPT adversary the cloud-side encryption and decryption to further resist key
can break the above game with a non-negligible advantage. escrow problem, which can also support the setting of multiple
cloud for scalability. Moreover, to reduce the overhead in
3) Data Auditing Security: Here, we give the formal defi- data encryption, we introduce online/offline technique. Fur-
nition of data auditing security game between a PPT adversary thermore, to achieve user privacy preserving in access policy
A acting as a corrupted CA and a challenger C. embedded in ciphertexts and attribute set in transformed keys,
• Setup: The challenger C initiates the system by executing we leverage the one-way anonymous key agreement protocol
SetupGlobal to generate global public key GP R which [27] to hide the cleartext in attributes of access policies and
are sent to A. user attribute sets. To resist corrupt cloud servers in SLC that
• Phase 1: The adversary A submits following queries to may compromise the integrity of outsourced data and the key
C. escrow problem, we integrate the certificateless public data

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 7

integrity auditing and cloud-assisted encryption into our data secure channel. Finally, the user gets the secret key
access control scheme. SKGID = {SKGID,1 , SKGID,2 } and publishes the
public key P KGID .
B. Concrete Construction • DKeyGen(GP R, GID, SGID , {ASKj }) →
1) System Initialization: CA generates system public pa- DKGID,S : Given the user global identity GID
rameters and master keys for the whole system. Each attribute and his attribute set SGID as well as the master key
authority and SLC also create their public and secret key pair {ASKj } of attribute authorities that each attribute
for initialization. atti ∈ SGID belongs to (different attribute in SGID
may belong to the same authority), each corresponding
• SetupGlobal (κ) → GP R: Given the security parameter
authority AAj (j = H(atti )) executes the following
κ, CA executes following initiation steps:
steps:
– CA creates a big primes p of κ bits and generates
– For each atti ∈ SGID , the corresponding authority
a bilinear group (G∗ , G∗T , p, g, ê), where G∗ , G∗T are
AAj chooses µGID , νGID ∈R Zp and generates the
two multiplicative cyclic groups with order p, g is a
secret attribute key components DKGID,i for user
generator of G∗ and ê : G∗ × G∗ → G∗T is a bilinear
GID according to attribute set SGID , where
map. It then calculates Y = ê(g, g).
– CA defines two functions f1 : Ua → UA from αj
attribute universe Ua to authority universe UA and DGID,i,1 = g aj +GID+bj µGID ·
f2 : [l] → UA that maps a row of the matrix in βj

access policy to attribute authority. Then, it picks H0 (GID) aj +GID+bj µGID H1 (atti )νGID ,
kc ∈R Zp as the secret key of CA and computes its DGID,2 = GID, DGID,i,3 = µGID ,
public key P Kc = g0kc .
DGID,i,4 = g νGID , DGID,i,5 = g (aj +bj µGID )νGID
– CA also chooses hash functions H : {0, 1}∗ →
G∗T , H0 : {0, 1}∗ → G∗ , H1 : Ua → G∗ , H2 : – Finally, the user GID gets the decryption key
{0, 1}∗ → Zp and a pair of symmetric encryption al- DKGID,S = {S, {DKGID,i }atti ∈SGID } via secure
gorithm (Encs , Decs ) with an element g0 , u ∈R G∗ . channel.
– Finally, CA publishes the global public key as • T KeyGen(GP R, DKGID,S , SKGID ) → T KGID,S :
GP R = {G∗ , G∗T , ê, g, g0 , u, p, Y, (Encs , Decs ), Given the decryption key DKGID,S and the secret key
f1 , f2 , H, H0 , H1 , H2 , P Kc }. SKGID of user GID, each user generates the trans-
• SetupAA (GP R) → {AP Ki , ASKi }: Each attribute formation key T KGID,S for outsourced decryption by
authority AAi ∈ UA randomly selects αi , βi , ai , bi ∈ Zp . following steps:
Then, it computes ê(g, g)αj . Finally, it publishes its – It computes the transformation key components as:
public key AP Ki = {ê(g, g)αi , g βi , g ai , g bi } and keeps
their master key ASKi = {αi , βi , ai , bi , θi } privately. K0 = H0 (DGID,2 )SKGID,1 ,
0
• AttHidden(GP R, S, {ASKj }) → S : On inputting an ∀atti ∈ S :
attribute set S and the secret keys {ASKj } of authorities KGID,i,1 = (DGID,i,1 )SKGID,1 ,
corresponding to attribute atti ∈ S, AA computes the KGID,2 = DGID,2 ,
0 0
hidden attribute set S as atti = ê(g aj , H0 (atti )θj ),
where j = f1 (atti ), that is, atti is managed by authority KGID,i,3 = DGID,i,3 ,
AAj . KGID,i,4 = (DGID,i,4 )SKGID,1 ,
• SetupSLC (GP R, IDL ): On inputting the identity IDL KGID,i,5 = (DGID,i,5 )SKGID,1
of each storage center in SLC, the algorithm initiates the 0
SLC by generating the secret key SKL = kl ∈R Zp and – Then, each user generates the hidden attribute set S
computing the public key P KL = g0kl of the distributed according to S by interacting with the authorities that
storage center in SLC. in charge of each atti ∈ S and executes the algo-
0

2) User Enrollment: CA distributes the part of secret key rithm AttHidden(GP R, S, {ASKj }) to obtain S .
with which each user obtains his complete secret key. Each Thus, no other parties can distinguish each attribute
AA creates the decryption key for users after receiving their of the user.
enrollment requestments by which users can generate their – Finally, the user generates his transformation key
0

transformation keys for outsourced decryption in Fog. T KGID,S = {GID, S , K0 , {KGID,i,1 , KGID,i,2 ,
• U KeyGen(GP R, GID) → {P KGID , SKGID }: Given
KGID,i,3 , KGID,i,4 , KGID,i,5 }i∈S }.
the global identity GID of a user, CA selects kGID ∈R 3) Data Encryption: DO encrypts the collected s-Logistics
Zp as a part of secret key SKGID,1 = kGID of records based on a designated hidden access policy and
the user GID and computes corresponding public key outsources the final ciphertext to SLC for data sharing through
P KGID = g0kGID . Then, after receiving the enrollment FN.
request of user GID, CA computes SKGID,2 = kc · • Encryptof f (GP R, SKGID ) → IT : DO randomly picks
H2 (GID) as another part of secret key of the user the secret value s ∈ Zp and symmetric key ks ∈R Zp of
SK
GID. CA sends SKGID,2 to the user GID through Encs to compute C0 = ks · ê(P KL GID,1 , H0 (IDL )) ·

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 8

ê(g, g)s and Cv = H(ê(g, g)s ), where P KL , IDL are identity of the file and GID and P Ko are the
the public key and identity of the storage center in SLC. identity and the public key of DO.
0 0
Then, DO chooses λx , θx , ϑx ∈R Zp and calculates – Finally, DO outputs the ciphertext CT =
0 0 0 0 0 0
Cx,1 = ê(g, g)λx , Cx,2 = g θx , Cx,3 = g ϑx . Finally, {ζ, A , Cs , σs , Cv , C0 , {Cx,1 , Cx,2 , Cx,3 , Cx,4 ,
the algorithm constucts the intermediate ciphertext pool Cx,5 , Cx,6 , Cx,7 , Cx,8 }x∈[l] } which is uploaded to
IT = {IT0 , IT1 }, where IT0 = {ks , s, C0 , Cv } and SLC. Before adopting the ciphertext, SLC ver-
0 0 0 0 0
IT1 = {λx , θx , ϑx , Cx,1 , Cx,2 , Cx,3 }. ifies its correctness by checking the signature
?
• Encrypton (GP R, SKGID , IT, F, A, {P Kj }) → CT : of file tag ζ and the equation ê(σi , g0 ) =
H2 (GID)H2 (Ci )
Given the intermediate ciphertext pool IT , the data file â(H0 (IDf ||i), P Ko )ê(u , P Kc ),
F with a designated LSSS access policy (A, ρ) and where P Ko is the public key of DO. If the cipher-
public keys of corresponding authorities, DO executes as text CT is valid, SLC accepts it and finishes data
following: outsourcing.
– First of all, DO chooses a random tuple 4) Data Decryption: DU accesses the shared ciphertexts in
{ks , s, C0 , Cv } from IT0 . For each block fi ∈ F SLC through FN. Then, the storage center of SLC partially
(suppose F has n blocks), it computes the encrypted decrypts the ciphertexts and offloads decryption to FN as well
file as Cs = {Ci }fi ∈F , where Ci = Encs (ks , fi ) as data integrity auditing to PAS. With the transformation key
with symmetric encryption algorithm Encs in and the ciphertexts, FN transforms the ciphertexts into trans-
GP K. formed ciphertexts which are used to recover the plaintexts by
– Then, for LSSS access policy A = (A, ρ), where A DU with their secret key.
is a l × m share-generating matrix and ρ is the cor- • T ransf orm(GP R, CT, T KGID,S , P Ko , IDL , SKL )
responding map from each row Ax of A to a certain → CTt : Given the transformation key T KGID,S of the
attribute attx ∈ Ua (that is, ρ(Ax ) = attx , for each DU GID and the cipertext CT with the public key P Ko
x ∈ [l]), we can get the index j = f1 (attx ) of the of DO as well as the identity IDL and secret key SKL of
corresponding attribute authority AAj in charge of the storage center, FN conducts the following procedures:
the attribute attx . The algorithm selects l random tu- – The storage center of SLC computes C0 =
0
0 0 0 0 0
ples from IT1 as {λx , θx , ϑx , Cx,1 , Cx,2 , Cx,3 }x∈[l] . C0 /ê(P KoSKL , H0 (IDL )) and gets the fully hidden
– DO constructs two random vectors 0
access policy A = {A, ρ} from CT with its hidden
0 0 0
γ = {s, γ2 , · · · , γm } and γ = {0, γ2 , · · · , γm }, attribute set Aa . Then, from the transformation key
0
where γi , γi ∈R Zp for i ∈ [m]. Thus, it can get T KGID,S , FN can fetch the hidden user attribute set
λx = Ax · γ which is the share component of s for 0
S . Thus, it can rebuild a index T set I ⊂ [l] of the
each attribute ρ(x) corresponding to x-th row Ax , rows in A by calculating I = Sa S .
0
0
and ϑx = Ax · γ which is the share component – Then, FN finds a set ofPconstances {ωx ∈ Zp } which
of 0 for each attribute of access policy. Moreover, makes the equation x∈I ωx Ax = (1, 0, · · · , 0)
the algorithm computes the ciphertext components holds if the DU GID is authorized. For each row
according to A for each x ∈ [l] as below: x ∈ I of access policy, the algorithm computes:

0 0
Cx,1 = Cx,1 · ê(g, g)αf2 (x) θx , Cx,2 = Cx,2 , Qx = Cx,1 · Y Cx,7 ,
0
Cx,3 = g βf2 (x) θx Cx,3 , Cx,4 = H1 (ρ(x))θx , ê(K0 , Cx,3 · g Cx,8 )
Rx = K K
Cx,5 = g af2 (x) θx , Cx,6 = g bf2 (x) θx , ê(KGID,ρ(x),1 , Cx,2GID,2 Cx,5 Cx,6GID,ρ(x),3 )
0 0
Cx,7 = λx − λx , Cx,8 = ϑx − ϑx K
GID,ρ(x),2
· ê(KGID,ρ(x),4 KGID,ρ(x),5 , Cx,4 )
– Next, DO calculates the fully hidden access policy by – Next, according to the constances {ωx }, SLC com-
hiding the attribute set Sa related to the LSSS policy putes the following equation:
A. To this end, DO interacts with corresponding
authorities that charge the attributes in Sa with
Y Y
Q= (Qx )ωx , R = (Rx )ωx
algorithm AttHidden(GP R, Aa , {ASKj }) to get x∈I x∈I
the fully hidden attribute set Sa and construct the
0
fully hidden access policy A . – Finally, FN outputs the transformed ciphertext
0
– Further, DO computes the signature for CTt = {ζ, Cs , σs , Cv , C0 , Q, R}, in which the
0
each encrypted file block Ci ∈ Cs as CTt = {ζ, Cs , σs } are sent to PAS for integrity
00
σi = H0 (IDf ||i)SKGID,1 uSKGID,2 H2 (Ci ) , auditing and CTt = {ζ, C0 , Cv , Q, R} are sent to
where SKGID,1 , SKGID,2 is the secret key of DU for decryption.
0
DO. Thus, the algorithm obtains the signature • Audit(GP R, CTt ) → Cs /null: Given the encrypted
σs = {σi }Ci ∈Cs . Then, it calculates the file tag file blocks Cs = {C1 , · · · , Cn } and its corresponding
as ζ = IDf ||GID||P Ko ||Sig(IDf ||GID||P Ko ), signature set σs = {σ1 , · · · , σn }, PAS interacts with SLC
where Sig is a signature algorithm, IDf is the for data integrity auditing as follows:

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 9

– PAS checks the validity of file tag ζ by signature A. Security

verification algorithm and gets the corresponding This section presents detailed security proof for our LUT-
file identifier IDf and the DO’s identity GID with PDS in terms of static security of indistinguishability against
public key P Ko . chosen plaintext attack (IND-CPA), traceability and data au-
– PAS then selects vk ∈R Zp for each index k ∈ I, diting security.
where I ⊂ [n], and builds a challenge request Rc = 1) Static Security:
{k, vk } which is sent to SLC.
– SLC P generates corresponding proof Theorem 1. If the RW scheme in [39] is static secure against
Q by computing statically corrupted authorities in random oracle model, then
A = k∈I vk H2 (Ck ) and B = k∈I σkvk . It then
builds a proof response as Rp = {A, B} which is our proposed LUTPDS is static secure on condition that q-
sent back to PAS. DPBDHE2 assumption holds in the same model.
– PAS verifies the proof Rp by following equations: Proof. Suppose a PPT adversary A that can win the static
?
Y security game of our LUTPDS with advantage , then we
ê(B, g0 ) = ê( H0 (IDf ||k)vk , P Ko )· can build a simulator B to break the RW scheme with same
k∈I advantage. Let the challenger of RW scheme is C.
A·H2 (GID)
ê(u , P Kc ) • Setup. The challenger C runs GlobalSetup of RW
If the above equation holds, PAS sends ζ, Cs to DU scheme to initiate the system and generates the global
for decryption; otherwise, it abandons the ciphertexts public key GP = {p, G∗ , g, H0 , H1 , Ua , UA , f1 , f2 }
and outputs null. which is sent to the simulator B. The simulator B
•
00
Decrypt(GP R, Cs , CTt , SKGID ) → F : Given the selects a random element g0 ∈ G∗ , random values
transformed ciphertext (Cs , Cv , C0 , R) and the secret key kc , kl ∈R Zp and sends GP R = {G∗ , ê, g, g0 , p, Y =
SKGID of the user GID, DU first calculates T = ê(g, g), f1 , f2 , H, H0 , H1 , P Kc = g0kc } as well as cloud
Q · R1/SKGID,1 . If the equation H(T ) = Cv holds, the public key P KL = g0kl to the adversary A.
outsourced decryption is correct and DU calculates as • Phase 1. The adversary A chooses a set of corrupted

following: authorities AAC ⊂ UA and generates the public key of

these authorities by itself as {P KC } which is sent to B.
ks∗ = C0 /T, fi = Decs (ks∗ , Ci ) Then, it issues following queries to B:
– It selects the authorities that are not corrupted as
in which it gets the symmetric key ks∗ and recovers the
AAN ⊂ UA for their authority public keys.
plaintext fi of the file IDf with symmetric decryption
– It chooses a set of valid users {GIDi }i∈[m] for their
algorithm Decs and Ci ∈ Cs .
public and secret key pairs.
5) User Tracing: The global identity associated with ma- – It issues a set of decryption queries with global
licious users of leaked decryption keys will be exposed by identity and attribute set pairs {(GIDi , Si )}i∈[n] ,
embedding the exact identities into the decryption keys of where Si ⊂ Ua and f1 (Si ) AAC = ∅.
T
users.
• Challenge. The adversary A submits two equal-length
• T race(GP R, DKGID,S , {AP Kj }) → GID/null:
messages M0 , M1 and a challenging access policy (A, ρ)
Given the leaked decryption key DKGID,S , the global
to C. Note that the Si in Phase 1 and the attribute set
public key GP R and the public key of corre-
SAAC mastered by corrupted authorities does not satisfy
sponding authority public keys {AP Kj }, any entity
(A, ρ). Then, the simulator B acts as below:
of the system first check if DKGID,S is in the
form of DKGID,S = {S, {DKGID,i }atti ∈SGID } and – It submits the public keys {AP KC } of corrupted
DKGID,i = {DGID,i,1 , DGID,i,2 , DGID,i,3 , DGID,i,4 , authorities and the queries for the public keys of
DGID,i,5 }. Then, it runs the following check as: non-corrupted authorities AAN to C. B also for-
Key Sanity Check: ∃atti ∈ S, s.t. wards the global identity and attribute set pairs
{(GIDi , Si )}i∈[n] to C for corresponding decryption
DGID,i,1 , DGID,i,4 , DGID,i,5 ∈ G∗ , keys. In addition, B sends Mb and the challenging
DGID,i,2 , DGID,i,3 ∈ Zp , access policy (A, ρ) to C for corresponding cipher-
ê(g, DGID,i,5 ) = ê(DGID,i,4 , g aj · (g bj )DGID,i,3 ), text, where the bit b ∈R {0, 1}.
– After receiving the authority public keys
ê(DGID,i,1 , g aj g DGID,i,2 (g bj )DGID,i,3 ) = ê(g, g)aj · ∗
{AP Kj }j∈AAN , the decryption keys {DKGID i ,Si
D
ê(H0 (DGID,i,2 ), g βj )ê(H1 (ρ(i)), DGID,i,4
GID,i,2
DGID,i,5 ) ∗ αj
= {DGIDi ,k = g H0 (GIDi ) H1 (attk ) βj µGIDi
,
0
where j = f1 (atti ). The algorithm outputs the identity of DGIDi ,k = g µGIDi }attk ∈Si } and the challenging
the malicious user GID if its decryption key DKGID,S ciphertext CT ∗ = {C0∗ = Mb · ê(g, g)s , {Cx,1 ∗
=
λx αf2 (x) θx ∗ θx ∗
passes the key sanity check. Otherwise, it outputs null. ê(g, g) ê(g, g) , Cx,2 = g , Cx,3 =
∗
g βf2 (x) θx g ϑx , Cx,4 = H1 (ρ(x))θx }}, the simmulator
VI. S ECURITY AND P ERFORMANCE A NALYSIS B selects µ̂GIDi ∈R Zp and generates the secret
In this section, we show the detailed analysis of our proposal key as SKGIDi ,1 = kGIDi ∈R Zp , the decryption
from the view of security and performance. key DGIDi ,Si as:

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 10

1
Key Query. A submits the global identity and attribute
∗
DGIDi ,k,1 = (DGID ) aj +GIDi +bj µ̂GIDi , set pair {(GIDi , Si )}{i ∈ [n]} to B for the corresponding
i ,k
decryption key query. To respond the adversary A, B creates
DGIDi ,2 = GIDi , DGIDi ,i,3 = µ̂GIDi ,
1
two empty lists L1 , L2 and executes following steps:
0
DGIDi ,k,4 = (DGIDi ,k ) aj +GIDi +bj µ̂GIDi , • OH0 : If a tuple (GID, rGID , g rGID ) ∈ L1 , B responds
aj +bj DGID ,i,3 0 0
DGIDi ,k,5 = DGIDi ,k,4 i g rGID , else, it responds g rGID by selecting rGID ∈R Zp
0 0

and corresponding transformation key T KGIDi ,Si as and adding the tuple (GID, rGID , g rGID ) to L1 .
: • OH1 : If a tuple (atti , ri , g ri ) ∈ L2 , B responds g ri , else,
0 0
it responds g ri by selecting ri ∈R Zp and adding the
0 0
tuple (atti , ri , g ri ) to L2 .
K0 = H0 (DGIDi ,2 )SKGIDi ,1 ,
∀attk ∈ Si : As to (GIDi , Si ), for each attk ∈ Si and j = f1 (attk ) ∈
Ua , B sends (GIDi , j) to C to acquire the signature (µ, πi =
KGIDi ,k,1 = (DGIDi ,k,1 )SKGIDi ,1 , 1
g aj +GIDi +bj µ ), where µ ∈R Zp . Then, B picks ν ∈R Zp and
KGIDi ,2 = DGIDi ,2 , KGIDi ,k,3 = DGIDi ,k,3 , calculates
KGIDi ,k,4 = (DGIDi ,k,4 )SKGIDi ,1 ,
αj +βj rGIDi ri ν
KGIDi ,k,5 = (DGIDi ,k,5 )SKGIDi ,1 DGIDi ,k,1 = πi g
αj βj

For those pairs {(GIDi , Si )}m≤i≤n , the simulator =g aj +GIDi +bj µ

H0 (GIDi ) aj +GIDi +bj µ H1 (attk )ν ,
B acts its own key generation algorithms. DGIDi ,2 = GIDi , DGIDi ,k,3 = µ,
– It then computes the challenging ciphertext as CT =
SKGIDi ,1 DGIDi ,k,4 = g ν , DGIDi ,k,5 = g (aj +bj µ)ν
{C0 = C0∗ · ê(P KL , H0 (IDL )), {
∗ ∗ ∗
Cx,1 = Cx,1 , Cx,2 = Cx,2 , Cx,3 = Cx,3 , Cx,4 =
a b and sets DGIDi ,Si = {{DGIDi ,k,1 , DGIDi ,k,3 , DGIDi ,k,4 ,
∗ f2 (x) f2 (x)
Cx,4 , Cx,5 = Cx,2 , Cx,6 = Cx,2 }x∈[l] } and DGIDi ,k,5 }attk ∈Si , DGIDi ,2 , } which is sent to A.
sends the authority public keys {AP Kj }j∈AAN , Key Forgery. A submits a decryption key DK ∗ to B. If the
transformation keys {T KGIDi ,Si } and challenging forged decryptionkey DK ∗ passes the Key Sanity Check and
ciphertext CT to A. T race(GP R, DK ∗ , {AP Kj }) ∈ / {null, GID1 , · · · , GIDn },
• Guess. The adversary A outputs the guess b0 of b and the following equations holds that
thus B outputs the same guess to C.
Therefore, if A can win the static security of our LUTPDS
with advantage , the simulator B can break RW scheme ê(g, DGID,k,5 ) = ê(DGID,k,4 , g aj · (g bj )DGID,k,3 ), (1)
with the same advantage. As a result of this reduction, if q- ê(DGID,k,1 , g g aj DGID,k,2
(g )bj DGID,k,3
)=
DPBDHE2 assumption holds, RW is static secure and so does aj βj
oour LUTPDS. ê(g, g) · ê(H0 (DGID,2 ), g )·
GID,2 D
ê(H1 (ρ(i)), DGID,k,4 DGID,i,5 ) (2)
2) Traceability: In this part, we show the reduction of the
traceability of our LUTPDS scheme to Boneh-Boyen scheme
After querying the random oracles OH0 , OH1 , B gets the
in [51].
tuple (GID, rGID , g rGID ) from L1 and (k, rk , g rk ) from
Theorem 2. If the Boneh-Boyen scheme is secure against L2 . Let DGID,k,4 = g θ , according to Eq.1, DGID,k,5 =
strong existential forgery, then our LUTPDS scheme is fully g (aj +bj DGID,k,3 )θ and according to Eq.2, B can get
traceable if l-SDH assumption holds.
αj +βj rGID +rk θ(aj +GID+bj DGID,k,3 )
aj +GID+bj DGID,k,3
Proof. If there exists a PPT adversary A that can break the DGID,k,1 = g
traceability game with non-negligible advantage ε, then we αj +βj rGID
rk
can construct a simulation B that have the ability to break the = g aj +GID+bj DGID,k,3 DGID,k,4
security of Boneh-Boyen (BB) scheme under adaptive chosen
1
message attack with advantage ε. Suppose C is the challenger Thus, B can obtain π =
D
( DGID,k,1
rk ) αj +βj rGID =
of BB scheme and G∗ , G∗T are two bilinear groups of prime 1
GID,k,4

order p with a bilinear map ê : G∗ ×G∗ → G∗T and a generator g aj +GID+bj DGID,k,3
and the pair (DGID,k,3 , π) which is the
g ∈ G∗ . signature of DGID,2 . As T race(GP R, DK ∗ , {AP Kj }) ∈ /
Init. C initiates BB scheme and sends its public key {null, GID1 , · · · , GIDn }, DGID,2 ∈/ {null, GID1 , · · · ,
{G∗ , G∗T , p, g, g aj , g bj } to B which initiates the whole system GIDn }. We know that B can construct a signature on
by creating the global public key GP R = {G∗ , G∗T , p, g, Y = DKGID,2 without querying for C and breaks the BB scheme
ê(g, g), f1 , f2 , H0 , H1 } and the attribute authorities by pick- with the same advantage ε as A.
ing αj , βj ∈R Zp to generate the authority public key as If l-SDH assumption holds, BB scheme is strong existential
AP Kj = {ê(g, g)αj , g βj , g aj , g bj }, where j ∈ UA . B sends forgery secure under adaptive chosen message attack and thus,
the GP R and {AP Kj } to adversary A. our scheme is fully traceable.

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 11

3) Data Auditing Security: Thus, we have the following equation:

Theorem 3. If no PPT adversary can win the data auditing 0
security game with non-negligible advantage, LUTPDS is ê(B /B, g0 ) = ê(u4A·h2 , P Kc )
secure in data auditing against a corrupted CA on condition = ê((g0y g a )4A·h2 , P Kc )
that the CDH assumption holds.
= ê(g a4A·z , g0 ) · ê(g0xy , g0 )4A·h2
Proof. If any PPT adersary A can win the integrity game 0 0
with non-negligible advantage , then the challenger B of where 4A = A − A,. Therefore, g0xy = (B · B −1 ·
1
CDH instance (g0 , g0x , g0y ) can break the CDH assumption with g −a4A·z ) 4A·h2 mod p and C can acquire the solution
identical advantage. for CDH problem if 4A · h2 6= 0 mod p with probability
• Setup: The challenger B initiates the system by gener- 1− p1 . which is in contradiction to CDH assumption. As a
ating the global public key GP R = {G∗ , g0 , P Kc = result, if A can win the game then C can break the CDH
g0x , H0 , H2 , u = g0y g a }, where a ∈R Zp . Then C sents assumption with non-negligible probability.
GP R to A.
• Phase 1: The adversary A submits following queries
adaptively to B which creates several empty lists B. Performance
L0 , L2 , Lk1 , Lk2 , Ls for response generation.
Here, we theoretically analyze the computation and storage
– H0 query: A issues this query with GID for H0 to
complexity of our LUTPDS and evaluate its actual perfor-
C which responds with (GID, h0 ) if it exists in L0 ,
mance with experiments implementation by comparing with
otherwise, it selects h0 ∈R G∗ and adds (GID, h0 )
several existing state-of-the-art schemes in [21], [27].
into L0 .
1) Theoretical Analysis: In this section, we thoroughly
– H2 query: A issues this query with IDf for H2 to C
analysis the complexity of our scheme in theory with compari-
which then returns (IDf , h2 ) back to A is it exists
son to the state-of-the-art schemes [21], [27] in detail from the
in L2 , or else, it picks h2 ∈R Zp and adds (IDf , h2 )
aspects of storage complexity including Public Parameters Size
into L2 .
(PP Size), Secret User Key Size (SKey Size), Transformation
– SK1 query: A issues this query with global identity
Key Size (TKey Size), Ciphertext Size (CT Size) and computa-
GID for SKGID,1 to C which responds with the
tion complexity containing Key Generation, Encryption, User
tuple (GID, y) if it exists in Lk1 , otherwise, it
Decryption, Outsourced Decryption. We first stipulate some
chooses a random value y ∈ Zp and adds (GID, y)
denotions:
to Lk1 .
∗ ∗
– SK2 query: A issues this query with global identity • E1 , E2 : exponentiation in G and GT .

GID for SKGID,2 to C which in turn sends the A • P : computation of the pairing function ê.

with a tuple (GID, z) if it exists in Lk1 , otherwise, it • l, |I|: the rows and complexity of access policy.

chooses a random value z ∈ Zp and adds (GID, z) • |S|, |Ua |: the size of user attribute set S and attribute

to Lk2 . universe Ua .
∗ ∗ ∗ ∗
– S query: A issues this query with (GID, Ck ) for • |G |, |GT |: the length of elements in group G and GT .

signature generation of the encrypted file block Ck • |Zp |: the length of element in Zp .

to C which then programs the above queries to • |A|, |F |: the number of authorities and file blocks.

get hash values h0 , h2 of H0 and H2 as well as The comparison result is summarized in Table III and Table
partial secret key SKGID,2 = z and set P KGID = IV.
g0y , P Kc = g0x . Finally, C obtains the public key and Table III shows the computation complexity comparison
user secret key SKGID for signature generation with in the aforementioned schemes. With respect to the key
Encrypton algorithm. generation cost, our scheme and [27] cost more than [21] as
• Challenge: C is in the role of auditor and sends the a result of attribute hiding, which incurs a slight extra cost of
challenge request Rc = {k, vk }k∈[n] to A acting as a |S|P to AAs. Our scheme needs more (2|S| − 3|A|)E1 than
prover for data possession proof for file IDf with its [27], thus, the growth rate in our scheme is more although
ciphertexts Cs = {Ci }fi ∈F . For a honest prover, it will the key generation cost may be less when |S| is small. As for
generates the correct proof response (A, B) under the encryption cost, the growth rate to the complexity of access
challenge request Rc which can pass the auditing as: policy l is the least in our scheme, thus the encryption cost in
Y v our scheme is growing slowest of all and when |F | is small,
ê(B, g0 ) = ê( h0k , P Ko ) · ê(uA·h2 , P Kc ) its encryption cost is also the least. Due to the outsourced
k∈I decryption, the cost for out decryption in our scheme is more
• Forge: A sends a data posession proof Rp = (A , B ) 6=
0 0 0 than that of [27] as a result of traceability, while the user
(A, B) under the challenge request Rc . which can also decryption cost in our scheme is the least and that of [27]
pass the auditing as : costs more (|A| − 1)E2 than our scheme.
In regard to the storage complexity comparison shown in
0
0
Table IV, the authority public key cost in our scheme and
Y v
ê(B , g0 ) = ê( h0k , P Ko ) · ê(uA ·h2 , P Kc )
k∈I
[21] are both costant and far less than [27] which costs a linear

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 12

TABLE III: Computation Complexity Comparison

Scheme KeyGen Encryption User Decryption Out Decryption

Scheme [21] 5|S|E1 6lE1 + (2l + 1)E2 3|I|E1 + |I|E2 + 3|I|P −−
Scheme [27] (3|S| + 4|A|)E1 + |S|P (5l + 2)E1 + (l + 1)E2 |A|E2 2|I|E2 + (4|I| + |A|)P
LUTPDS (5|S| + |A|)E1 + |S|P (4l + 2|F |)E1 + lE2 E2 4|I|E1 + 3|I|E2 + 3|I|P

TABLE IV: Storage Complexity Comparison

Scheme PP Size TKey Size SKey Size CT Size

Scheme [21] 3|G∗ | + |G∗T | −− 3|S||G∗ | + 2|S||Zp | 5l|G∗ | + (l + 1)|G∗T |
(|Ua | + 1)|G∗ |
Scheme [27] (2|S| + 2|A|)|G∗ | |A||Zp | (3l + 1)|G∗ | + (3l + 1)|G∗T | + |Zp |
+(|Ua | + 1)|G∗T |
(|F | + 5l)|G∗ | + (l + 1)|G∗T |
LUTPDS 3|G∗ | + |G∗T | (3|S| + 1)|G∗ | + 2|S||Zp | 2|Zp |
+(2l + 1)|Zp |

storage complexity for authority public key with the size of ponentiation operations in decryption key generation and does
attribute universe. Thus, the flexibility in [27] is less than the not pose much burden on AAs. Moreover, Fig.4(b) depicts the
others. Moreover, the storage cost for transformation key in user secret key storage cost comparison of the above schemes.
our scheme is slightly |S||Zp | more than that of [27] due to As our scheme and [27] employ the outsourced decryption,
the extra cost for traceability, but the cost for user secret key in they greatly reduce the storage cost for user secret key in
our scheme is the least, which saves much storage burden for smart devices of s-Logistics, while that of [21] is linear to the
end devices. With respect to the size of ciphertext, our scheme increase of the size of user attribute set |S|. Our scheme cost
introduces some extra cost for online/offline encryption and the least storage of all for user secret key as it is not affected by
the signatures used in data integrity auditing, which supports the number of authorities |A|. Furthermore, Fig.4(c) shows the
higher security level and efficiency in encryption. comparison of the storage cost for transformation key between
2) Performance Evaluation: To precisely evaluate the per- our scheme and [27] as the scheme in [21] does not need a
formance of our scheme, we implement our scheme and the transformation key. When the size of user attribute set |S| is
schemes in [21], [27] and summarize the comparison of their small, our scheme cost less storage and when |S| grows it will
actual computation and storage cost in Fig.4 with extensive exceed the cost in [27] which seldomly appears in real-world
experimental simulations. applications. In addition, our scheme and [21] cost much less
In our experiments, we implement and develop these storage for authority public key than that of [27] as the latter
schemes using Java Programming Language with the Java does not support large attribute universe, which is shown in
Pairing-Based Cryptography library (JPBC) [52] which is the Fig.4(d).
wrapper of the Stanford Pairing-Based Cryptography Library To assess the time and storage cost in encryption, from
(PBC) and can support pairing, exponential, addition, multi- Figs.4(e) and 4(f), we can analyze the encryption time cost
plication and inversion operations in finit field and groups. in the above schemes in diverse setting of the file number |F |
In our implementations, we use the Type A pairing defined to assess its effect in encryption cost. It is obvious that the
over a 160-bit elliptic curve group over 512-bit finite field, time cost in the three schemes are linear to the complexity
that is, the supersingular elliptic curve E(Fp ) : y 2 = x3 + x of access policy l in encryption. The encryption time cost in
with embedding degree 2, where p is a 512-bit Solinas prime. [21] is the most. For the sake of online/offline technique, the
Moreover, we employ two servers equipped with Windows10 growth rate in our scheme is smaller than the others, thus,
system on Intel Core i5 CPU 2.13 GHz and 8.00-GB RAM although the scheme [27] costs less than our scheme when
to act as multiple clouds and two laptops with Intel Core i5 l is small, it exceeds ours when l > 20 and |F | is set as a
CPU and 6.00-GB RAM to act as the Fog Node and end general 5. If |F | is set with a big value, the time cost for
device. In addition, to assess the storage cost of user secret encryption in our scheme is more than that of [27], which is
key and transformation key as well as the time cost in key not the general case in real-world applications. Similarly, we
generation, we set the size of user attribute set in a range of assess the ciphertext storage cost in Figs.4(g) and 4(h) with the
|S| = {5, 50} while in the storage cost of ciphertext and time same setting as in encryption time evaluation. We observe that
cost for encryption and decryption, the complexity of access the storage cost for ciphertext in all schemes are proportion to
policy is set as l = |I| = {10, 50}. For the evaluation of the complexity of access policy l and that of our scheme cost
authority public key size, the size of attribute universe is set slightly more than other two as it brings about extra storage
as |Ua |. cost for signatures used in data integrity auditing.
To analyze the time and storage cost in key generation, To evaluate the time cost in outsourced and user decryption,
Fig.4(a) shows the key generation time cost comparison be- in Figs.4(i) and 4(j) which depicts the outsourced decryption
tween our LUTPDS and [21], [27]. We notice that due to the time cost in fog side under different settings of authority
introduction of user tracing mechanism and attribute hiding number |A| = [5, 10], as the scheme [21] fails to support
algorithm, the time cost in our scheme is slightly more than outsourced decryption, we make a comparison between our
that of the other two schemes as it brings only two extra ex- scheme and [27]. We observe that the time cost in both

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 13

Size of authority public key (bytes)

Size of transformation key (bytes)
Size of user secret key (bytes)
Time for key generation (ms)
7000 Our scheme 20000 Our scheme 20000
Our scheme 25000 Our scheme
6000
Scheme [19] Scheme [19] Scheme [25] Scheme [19]
Scheme [25] Scheme [25] 20000 Scheme [25]
5000 15000 15000

4000 15000
10000 10000
3000 10000
2000
5000 5000
5000
1000

0 0 0
10 20 30 40 50 5 10 15 20 25 30 35 40 45 50 5 10 15 20 25 30 35 40 45 50 50 60 70 80 90 100
Size of user attribute set Size of user attribute set Size of user attribute set Size of attribute universe
(a) Key generation time cost (b) User key storage cost (c) Transformation key storage cost (d) Global public key storage cost

5000 5000
Our scheme Our scheme Our scheme Our scheme

Size of ciphertext (Kbytes)

40000 40000
Time for encryption (ms)

Scheme [19] Time for encryption (ms) Scheme [19] 35000

Scheme [19] 35000
Scheme [19]
4000 Scheme [25] 4000 Scheme [25] Scheme [25] Scheme [25]
30000 30000
25000 25000
3000 3000
20000 20000

2000 2000 15000 15000

10000 10000

1000 1000 5000 5000

0 0
10 15 20 25 30 35 40 45 50 10 15 20 25 30 35 40 45 50 10 15 20 25 30 35 40 45 50 10 15 20 25 30 35 40 45 50
Complexity of access policy Complexity of access policy Complexity of ccess policy Complexity of ccess policy
(e) Encryption time when |F | = 5 (f) Encryption time when |F | = 10 (g) Ciphertext size when |F | = 5 (h) Ciphertext size when |F | = 10
Time for outsourced decryption (ms)

Time for outsourced decryption (ms)

3000 4000

Time for user decryption (ms)

3000 Our scheme Our scheme 3500 Our scheme Our scheme
Scheme [25] 2500
Scheme [25] Scheme [19] 3500
Scheme [19]
3000
2500 Scheme [25] 3000 Scheme [25]
2500
2000 2500
2000
2000 2000
1500 1500 1500 1500
1000 1000
1000 1000
500 500
500 500 0 0
10 15 20 25 30 35 40 45 50 10 15 20 25 30 35 40 45 50 10 15 20 25 30 35 40 45 50 10 15 20 25 30 35 40 45 50
Complexity of access policy Complexity of access policy Complexity of access policy Complexity of access policy
(i) OutDec time when |A| = 5 (j) OutDec time when |A| = 10 (k) Decryption time when |A| = 5 (l) Decryption time when |A| = 10

Fig. 4: Comparison of the actual efficiency.

schemes are linear to the increase of the complexity of access integrity auditing at the same time by devising a novel CP-
policy |I| in outsourced decryption. Our scheme costs slightly ABE scheme. It can achieve scalability, key-escrow and abuse
more time than [27] which is also affected by the number of resistance, large attribute universe and data integrity compared
authorities |A|. In terms of the end devices, , Figs.4(k) and 4(l) with existing schemes. Due to the online/offline and verifiable
shows the comparison of the time cost for user decryption. outsourced decryption techniques, LUTPDS can eliminate the
The time cost in [21] is proportional to the growing of |I| high computation cost in CP-ABE and resist untrusted Fog
while that of the other two are nearly constant and far less. Nodes in outsourced decryption with an authenticated code.
Specifically, due to the outsourced decryption, our scheme and Benefited from certificateless public data integrity auditing
[27] achieves smaller time cost for decryption, in which the mechanism, the data integrity can be guaranteed with the
latter is also affected by |A|, thus, our LUTPDS costs the least assistance of a trusted auditor in the setting of untrusted
time in user decryption. cloud servers. Moreover, the security analysis and thorough
To summarize, the results of our experimental simulations performance evaluation show that our proposal is secure and
indicate that our LUTPDS is flexible and versatile. It is also practicable for Fog-based s-Logistics systems with resource-
efficient in terms of the encryption cost, user decryption cost, restraint IoT devices compared with existing schemes.
user key cost with far smaller and constant cost for public. In our future work, we would dedicate into the efficient
Besides, it is the only scheme that supports fine-grained data attribute and user revocation in data sharing scheme for Fog-
access control and data integrity auditing as well as scalability, Based IoT environment.
user privacy-preserving, key escrow and abuse resistance and
large universe simultaneously. Therefore, LUTPDS scheme
is more suitable for data sharing in Fog-Based s-Logistics ACKNOWLEDGMENT
systems with resource-constraint smart devices.
This work is supported by Natural Science Foundation of
Inner Mongolia, China, 2020 (No. 2020LH06007), Innovation
VII. C ONCLUSION Fund of Inner Mongolia University of Science and Technology,
In this paper, we propose a scalable Large Universe and China (No.2019QDL-B51) and Inner Mongolia Major sci-
Traceable Privacy-preserving Data Sharing (LUTPDS) scheme ence and technology projects: artificial intelligence application
for Fog-based s-Logistics over multiple clouds that can sup- technology and product research, development Application
port data confidentiality, fine-grained access control and data Research and demonstration in modern pastures (2019ZD025).

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 14

R EFERENCES [24] H. Cui, R. H. Deng, J. Lai, X. Yi, and S. Nepal, “An efficient
and expressive ciphertext-policy attribute-based encryption scheme with
[1] X. Tang, “Research on smart logistics model based on internet of things partially hidden access structures, revisited,” Computer Networks, vol.
technology,” IEEE Access, vol. 8, pp. 151 150–151 159, 2020. 133, pp. 157–165, 2018.
[2] T. Gregor, M. Krajcovic, and D. Wiecek, “Smart connected logistics,” [25] D. Han, N. Pan, and K.-C. Li, “A traceable and revocable ciphertext-
Procedia Engineering, vol. 192, pp. 265–270, 2017. policy attribute-based encryption scheme based on privacy protection,”
[3] M. Humayun, N. Jhanjhi, B. Hamid, and G. Ahmed, “Emerging smart IEEE Transactions on Dependable and Secure Computing, 2020.
logistics and transportation using iot and blockchain,” IEEE Internet of [26] S. Wang, H. Wang, J. Li, H. Wang, J. Chaudhry, M. Alazab, and H. Song,
Things Magazine, vol. 3, no. 2, pp. 58–62, 2020. “A fast cp-abe system for cyber-physical security and privacy in mo-
[4] Y. Ding, M. Jin, S. Li, and D. Feng, “Smart logistics based on the internet bile healthcare network,” IEEE Transactions on Industry Applications,
of things technology: an overview,” International Journal of Logistics vol. 56, no. 4, pp. 4467–4477, 2020.
Research and Applications, pp. 1–23, 2020. [27] K. Fan, H. Xu, L. Gao, H. Li, and Y. Yang, “Efficient and privacy pre-
[5] J. Zhang, T. Li, M. S. Obaidat, C. Lin, and J. Ma, “Enabling efficient data serving access control scheme for fog-enabled iot,” Future Generation
sharing with auditable user revocation for iov systems,” IEEE Systems Computer Systems, vol. 99, pp. 134–142, 2019.
Journal, 2021. [28] M. Cui, D. Han, J. Wang, K.-C. Li, and C.-C. Chan, “Arfv: An
[6] Y. Guan, J. Shao, G. Wei, and M. Xie, “Data security and privacy in efficient shared data auditing scheme supporting revocation for fog-
fog computing,” IEEE Network, vol. 32, no. 5, pp. 106–111, 2018. assisted vehicular ad-hoc networks,” IEEE Transactions on Vehicular
[7] K.-P. Yu, L. Tan, M. Aloqaily, H. Yang, and Y. Jararweh, “Blockchain- Technology, 2020.
enhanced data sharing with traceable and direct revocation in iiot,” IEEE [29] Y. Xu, C. Zhang, G. Wang, Z. Qin, and Q. Zeng, “A blockchain-enabled
transactions on industrial informatics, 2021. deduplicatable data auditing mechanism for network storage services,”
[8] T. Shi, H. Ma, G. Chen, and S. Hartmann, “Location-aware and budget- IEEE Transactions on Emerging Topics in Computing, 2020.
constrained service deployment for composite applications in multi- [30] K. Fan, Z. Bao, M. Liu, A. V. Vasilakos, and W. Shi, “Dredas: Decen-
cloud environment,” IEEE Transactions on Parallel and Distributed tralized, reliable and efficient remote outsourced data auditing scheme
Systems, vol. 31, no. 8, pp. 1954–1969, 2020. with blockchain smart contract for industrial iot,” Future Generation
[9] C. Feng, K. Yu, A. K. Bashir, Y. D. Al-Otaibi, Y. Lu, S. Chen, and Computer Systems, vol. 110, pp. 665–674, 2020.
D. Zhang, “Efficient and secure data sharing for 5g flying drones: a [31] N. Garg, S. Bawa, and N. Kumar, “An efficient data integrity auditing
blockchain-enabled approach,” IEEE Network, vol. 35, no. 1, pp. 130– protocol for cloud computing,” Future Generation Computer Systems,
137, 2021. vol. 109, pp. 306–316, 2020.
[10] K. Fan, Q. Pan, K. Zhang, Y. Bai, S. Sun, H. Li, and Y. Yang, “A secure [32] C. Lee, Y. Lv, K. Ng, W. Ho, and K. Choy, “Design and application
and verifiable data sharing scheme based on blockchain in vehicular of internet of things-based warehouse management system for smart
social networks,” IEEE Transactions on Vehicular Technology, vol. 69, logistics,” International Journal of Production Research, vol. 56, no. 8,
no. 6, pp. 5826–5835, 2020. pp. 2753–2768, 2018.
[11] N. Lu, Y. Zhang, W. Shi, S. Kumari, and K.-K. R. Choo, “A secure and [33] J. Wen, L. He, and F. Zhu, “Swarm robotics control and communica-
scalable data integrity auditing scheme based on hyperledger fabric,” tions: Imminent challenges for next generation smart logistics,” IEEE
Computers & Security, vol. 92, p. 101741, 2020. Communications Magazine, vol. 56, no. 7, pp. 102–107, 2018.
[12] J. Li, Y. Zhang, X. Chen, and Y. Xiang, “Secure attribute-based data [34] Y. Su and Q.-m. Fan, “The green vehicle routing problem from a smart
sharing for resource-limited users in cloud computing,” Computers & logistics perspective,” IEEE Access, vol. 8, pp. 839–846, 2019.
Security, vol. 72, pp. 1–12, 2018. [35] A. Lewko and B. Waters, “Decentralizing attribute-based encryption,”
[13] J. Zhang, J. Ma, T. Li, and Q. Jiang, “Efficient hierarchical and time- pp. 568–588, 2011.
sensitive data sharing with user revocation in mobile crowdsensing,” [36] K. Yang and X. Jia, “Expressive, efficient, and revocable data access
Security and Communication Networks, vol. 2021, 2021. control for multi-authority cloud storage,” IEEE Transactions on Parallel
[14] J. Zhang, J. Ma, Y. Yang, X. Liu, and N. N. Xiong, “Revocable and and Distributed Systems, vol. 25, no. 7, pp. 1735–1744, 2014.
privacy-preserving decentralized data sharing framework for fog-assisted [37] S. J. De and S. Ruj, “Efficient decentralized attribute based access
internet of things,” IEEE Internet of Things Journal, 2021. control for mobile clouds,” IEEE Transactions on Cloud Computing,
[15] J. Zhang, Y. Yang, X. Liu, and J. Ma, “An efficient blockchain- vol. 8, no. 1, pp. 124–137, 2020.
based hierarchical data sharing for healthcare internet of things,” IEEE [38] Y. Rouselakis and B. Waters, “Practical constructions and new proof
Transactions on Industrial Informatics, 2022. methods for large universe attribute-based encryption,” pp. 463–474,
[16] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute- 2013.
based encryption,” in 2007 IEEE symposium on security and privacy [39] Y. Rouselakis and B. Waters, “Efficient statically-secure large-universe
(SP’07). IEEE, 2007, pp. 321–334. multi-authority attribute-based encryption,” in International Conference
[17] J. Zhang, J. Ma, Z. Ma, N. Lu, and D. Wei, “Efficient hierarchical data on Financial Cryptography and Data Security. Springer, 2015, pp.
access control for resource-limited users in cloud-based e-health,” in 315–332.
2019 International Conference on Networking and Network Applications [40] S. Hohenberger and B. Waters, “Online/offline attribute-based encryp-
(NaNA), 2019. tion,” pp. 293–310, 2014.
[18] S. Gao, G. Piao, J. Zhu, X. Ma, and J. Ma, “Trustaccess: A trustworthy [41] P. Datta, R. Dutta, and S. Mukhopadhyay, “Fully secure online/offline
secure ciphertext-policy and attribute hiding access control scheme based predicate and attribute-based encryption,” pp. 331–345, 2015.
on blockchain,” IEEE Transactions on Vehicular Technology, vol. 69, [42] H. Ma, R. Zhang, Z. Wan, Y. Lu, and S. Lin, “Verifiable and excul-
no. 6, pp. 5784–5798, 2020. pable outsourced attribute-based encryption for access control in cloud
[19] P. Zeng, Z. Zhang, R. Lu, and K.-K. R. Choo, “Efficient policy-hiding computing,” IEEE Transactions on Dependable and Secure Computing,
and large universe attribute-based encryption with public traceability for vol. 14, no. 6, pp. 679–692, 2017.
internet of medical things,” IEEE Internet of Things Journal, 2021. [43] Q. Xu, C. Tan, W. Zhu, Y. Xiao, Z. Fan, and F. Cheng, “Decentralized
[20] J. Zhao and P. Zeng, “Efficient and large universe ciphertext-policy attribute-based conjunctive keyword search scheme with online/offline
attribute-based encryption with black-box traceability for ehealth,” in encryption and outsource decryption for cloud computing,” Future
The International Conference on Cyber Security Intelligence and Ana- Generation Computer Systems, vol. 97, pp. 306–326, 2019.
lytics. Springer, 2020, pp. 480–485. [44] M. Green, S. Hohenberger, B. Waters et al., “Outsourcing the decryption
[21] K. Zhang, H. Li, J. Ma, and X. Liu, “Efficient large-universe multi- of abe ciphertexts.” in USENIX Security Symposium, vol. 2011, no. 3,
authority ciphertext-policy attribute-based encryption with white-box 2011.
traceability,” Science in China Series F: Information Sciences, vol. 61, [45] J. Lai, R. H. Deng, C. Guan, and J. Weng, “Attribute-based encryption
no. 3, p. 032102, 2018. with verifiable outsourced decryption,” IEEE Transactions on Informa-
[22] S. Banerjee, S. Roy, V. Odelu, A. K. Das, S. Chattopadhyay, J. J. tion Forensics and Security, vol. 8, no. 8, pp. 1343–1354, 2013.
Rodrigues, and Y. Park, “Multi-authority cp-abe-based user access con- [46] H. Wang, D. He, and J. Han, “Vod-adac: Anonymous distributed fine-
trol scheme with constant-size key and ciphertext for iot deployment,” grained access control protocol with verifiable outsourced decryption in
Journal of Information Security and Applications, vol. 53, p. 102503, public cloud,” IEEE transactions on services computing, vol. 13, no. 3,
2020. pp. 572–583, 2017.
[23] Y. Zhang, D. Zheng, and R. H. Deng, “Security and privacy in smart [47] H. Cui, R. H. Deng, G. Wu, and J. Lai, “An efficient and expressive
health: Efficient policy-hiding attribute-based access control,” IEEE ciphertext-policy attribute-based encryption scheme with partially hid-
Internet of Things Journal, vol. 5, no. 3, pp. 2130–2145, 2018. den access structures,” vol. 10005, pp. 19–38, 2016.

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 15

[48] H. Cui, R. H. Deng, J. Lai, X. Yi, and S. Nepal, “An efficient Jianfeng Ma received the B.S. degree in computer
and expressive ciphertext-policy attribute-based encryption scheme with science from Shaanxi Normal University in 1982,
partially hidden access structures, revisited,” Computer Networks, vol. and M. S. degree in computer science from Xid-
133, pp. 157–165, 2018. ian University in 1992, and the Ph. D. degree in
[49] Z. Zhou, D. Huang, and Z. Wang, “Efficient privacy-preserving computer science from Xidian University in 1995.
ciphertext-policy attribute based-encryption and broadcast encryption,” Currently he is the directer of Department of Cyber
IEEE Transactions on Computers, vol. 64, no. 1, pp. 126–138, 2015. engineering and a professor in School of Cyber
[50] H. Zhong, W. Zhu, Y. Xu, and J. Cui, “Multi-authority attribute-based Engineering, Xidian University. He has published
encryption access control scheme with policy hidden for cloud storage,” over 150 journal and conference papers. His research
Soft Computing, vol. 22, no. 1, pp. 243–251, 2018. interests include information security, cryptography,
[51] D. Boneh and X. Boyen, “Short signatures without random oracles and and network security.
the sdh assumption in bilinear groups,” Journal of cryptology, vol. 21,
no. 2, pp. 149–177, 2008.
[52] A. De Caro and V. Iovino, “jpbc: Java pairing based cryptography,” in
Proceedings of the 16th IEEE Symposium on Computers and Commu-
nications, ISCC 2011, Kerkyra, Corfu, Greece, June 28 - July 1, 2011,
pp. 850–855.

Yanbo Yang received the B.S. and Ph.D degrees

in School of Telecommunications Engineering from
Xidian University, China, in 2006 and 2014, respec-
tively. Now He is lecture in Information Engineering
School of Inner Mongolia University of science
and technology, China. He is currently pursuing
the fusion application of UAV/UGV, Blockchain
technology, big data and machine learning in Indus-
trial Internet area. Yanbo Yang is the corresponding
author.

Jiawei Zhang received the B.S. and M.S. degrees

in School of Telecommunications Engineering from
Xidian University, China, in 2007 and 2010, re-
spectively, and the Ph.D. degree in School of Com-
puter Science and Technology in Xidian University,
China, in 2021. He is currently a Lecturer with
the School of Cyber Engineering, Xidian University.
His current research interests include access control,
data security, cloud and edge security, blockchain,
cryptography and network security.

Ximeng Liu (S’ 13-M’ 16-SM’ 21) received the

B.Sc. degree in electronic engineering from Xidian
University, Xi’an, China, in 2010 and the Ph.D.
degree in Cryptography from Xidian University,
China, in 2015. Now he is the full professor in
the College of Mathematics and Computer Science,
Fuzhou University. He was a research fellow at the
School of Information System, Singapore Manage-
ment University, Singapore. He has published more
than 250 papers on the topics of cloud security and
big data security including papers in IEEE TC, IEEE
TIFS, IEEE TDSC, IEEE TPDS, IEEE TKDE, IEEE IoT Journal, and so on.
He awards “Minjiang Scholars” Distinguished Professor, “Qishan Scholars”
in Fuzhou University, and ACM SIGSAC China Rising Star Award (2018).
His research interests include cloud security, applied cryptography and big
data security.

Concise Guide to OTN optical transport networks
From Everand
Concise Guide to OTN optical transport networks
alasdair gilchrist
4/5 (2)
City of Seattle Generative Artificial Intelligence Policy
No ratings yet
City of Seattle Generative Artificial Intelligence Policy
5 pages
Towards An Integrated Digital Forensic Investigation Framework For An IoT-Based Ecosystem
No ratings yet
Towards An Integrated Digital Forensic Investigation Framework For An IoT-Based Ecosystem
6 pages
Network Coding and Signcryption for Cloud Data Integrity
From Everand
Network Coding and Signcryption for Cloud Data Integrity
Noah Joan
No ratings yet
Study Guide Cisco 300-915 DEVIOT Developing Solutions using Cisco IoT and Edge Platforms Exam
From Everand
Study Guide Cisco 300-915 DEVIOT Developing Solutions using Cisco IoT and Edge Platforms Exam
Anand Vemula
No ratings yet
Study Guide for the Cisco 300-440 ENCC Designing and Implementing Cloud Connectivity Exam.
From Everand
Study Guide for the Cisco 300-440 ENCC Designing and Implementing Cloud Connectivity Exam.
Anand Vemula
No ratings yet
Cybersecurity in Cloud Computing
From Everand
Cybersecurity in Cloud Computing
Akula Achari
No ratings yet
Li 等 - 2022 - A Privacy-Preserving Storage Scheme for Logistics
No ratings yet
Li 等 - 2022 - A Privacy-Preserving Storage Scheme for Logistics
17 pages
Cisco 300-740 SCAZT Designing and Implementing Secure Cloud Access for Users and Endpoints Study Guide
From Everand
Cisco 300-740 SCAZT Designing and Implementing Secure Cloud Access for Users and Endpoints Study Guide
Anand Vemula
No ratings yet
IGNOU MCS 227 Cloud Computing and IoT Previous Years Solved Papers
From Everand
IGNOU MCS 227 Cloud Computing and IoT Previous Years Solved Papers
Manish Soni
No ratings yet
Cloud computing: Moving IT out of the office
From Everand
Cloud computing: Moving IT out of the office
BCS, The Chartered Institute for IT
No ratings yet
Cloud Computing
From Everand
Cloud Computing
Dr. Nirvikar Katiyar
No ratings yet
An Attribute-Based Encryption Scheme To Secure Fog Communications
No ratings yet
An Attribute-Based Encryption Scheme To Secure Fog Communications
9 pages
Designing Secure and Scalable IoT Systems: Definitive Reference for Developers and Engineers
From Everand
Designing Secure and Scalable IoT Systems: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
SD-WAN Demystified: Empowering Your Network for Success
From Everand
SD-WAN Demystified: Empowering Your Network for Success
Maula Issa
5/5 (1)
CCSP - Certified Cloud Security Professional Exam Insights
From Everand
CCSP - Certified Cloud Security Professional Exam Insights
SUJAN
No ratings yet
Shedding Light on Cloud Computing
From Everand
Shedding Light on Cloud Computing
Gregor Petri
5/5 (1)
Cloud Computing Made Simple: Navigating the Cloud: A Practical Guide to Cloud Computing
From Everand
Cloud Computing Made Simple: Navigating the Cloud: A Practical Guide to Cloud Computing
Poonam Devi
No ratings yet
S P - P I TD C - F C E: Ecurity and Rivacy Reservation of O Ata in Loud OG Omputing Nvironment
No ratings yet
S P - P I TD C - F C E: Ecurity and Rivacy Reservation of O Ata in Loud OG Omputing Nvironment
11 pages
Study Guide - 100-150 CCST-Networking Cisco Certified Support Technician – Networking
From Everand
Study Guide - 100-150 CCST-Networking Cisco Certified Support Technician – Networking
Anand Vemula
No ratings yet
Fog Computing (Internet of Things) : Ankit Ap
No ratings yet
Fog Computing (Internet of Things) : Ankit Ap
27 pages
Transportation Management Land & Sea, Aviation and Infrastructure Concepts: Analyzing the influence of Covid on company processes
From Everand
Transportation Management Land & Sea, Aviation and Infrastructure Concepts: Analyzing the influence of Covid on company processes
BoD - Books on Demand
No ratings yet
Data Management and Security in Blockchain Systems
From Everand
Data Management and Security in Blockchain Systems
Sonali Vyas
No ratings yet
An Introduction to SDN Intent Based Networking
From Everand
An Introduction to SDN Intent Based Networking
alasdair gilchrist
5/5 (1)
Cloud: Get All The Support And Guidance You Need To Be A Success At Using The CLOUD
From Everand
Cloud: Get All The Support And Guidance You Need To Be A Success At Using The CLOUD
John Hawkins
No ratings yet
Computer Science Self Management: Fundamentals and Applications
From Everand
Computer Science Self Management: Fundamentals and Applications
Fouad Sabry
No ratings yet
IoT Security Engineering
From Everand
IoT Security Engineering
MAXWELL DRAKE
No ratings yet
Enterprise Data Protection with Rubrik: Definitive Reference for Developers and Engineers
From Everand
Enterprise Data Protection with Rubrik: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
Emerging Technologies in Telecommunications
From Everand
Emerging Technologies in Telecommunications
Matthew N. O. Sadiku
No ratings yet
The Ultimate Guide to Unlocking the Full Potential of Cloud Services: Tips, Recommendations, and Strategies for Success
From Everand
The Ultimate Guide to Unlocking the Full Potential of Cloud Services: Tips, Recommendations, and Strategies for Success
Rick Spair
No ratings yet
Istio in Depth: Definitive Reference for Developers and Engineers
From Everand
Istio in Depth: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
Communication and Network Security: CISSP, #4
From Everand
Communication and Network Security: CISSP, #4
Selwyn Classen
No ratings yet
Building Web3 Applications with Moralis: Definitive Reference for Developers and Engineers
From Everand
Building Web3 Applications with Moralis: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
Securing Cloud Services - A pragmatic guide: Second edition
From Everand
Securing Cloud Services - A pragmatic guide: Second edition
Lee Newcombe
No ratings yet
Sysdig Secure for Cloud-Native Protection: The Complete Guide for Developers and Engineers
From Everand
Sysdig Secure for Cloud-Native Protection: The Complete Guide for Developers and Engineers
William Smith
No ratings yet
Digital Technologies – an Overview of Concepts, Tools and Techniques Associated with it
From Everand
Digital Technologies – an Overview of Concepts, Tools and Techniques Associated with it
Editor IJSMI
No ratings yet
Mastering Cloud Computing With Best Practices
From Everand
Mastering Cloud Computing With Best Practices
Manish Soni
No ratings yet
Study Guide Designing Cisco Data Centre Infrastructure (300-610) Exam
From Everand
Study Guide Designing Cisco Data Centre Infrastructure (300-610) Exam
Anand Vemula
No ratings yet
Designing Cisco Security Infrastructure 300-745 Study Guide
From Everand
Designing Cisco Security Infrastructure 300-745 Study Guide
Anand Vemula
No ratings yet
Cloud-Based Multi-Modal Information Analytics
From Everand
Cloud-Based Multi-Modal Information Analytics
Tanushri Kaniyar
No ratings yet
Fly.io Application Deployment and Edge Architecture: The Complete Guide for Developers and Engineers
From Everand
Fly.io Application Deployment and Edge Architecture: The Complete Guide for Developers and Engineers
William Smith
No ratings yet
Quantum Networks: The Future of Computer Communication
From Everand
Quantum Networks: The Future of Computer Communication
Manoj RC
No ratings yet
Cloud Computing A Beginners Guide to Expertise
From Everand
Cloud Computing A Beginners Guide to Expertise
Manish Soni
No ratings yet
Stergiou 2018
No ratings yet
Stergiou 2018
24 pages
Comptia Cloud+ CV0 - 004: 715 Questions and Explanation
From Everand
Comptia Cloud+ CV0 - 004: 715 Questions and Explanation
Arabella Kushner
No ratings yet
Securing The Cloud Ecosystem
From Everand
Securing The Cloud Ecosystem
Muhammed Olanrewaju
No ratings yet
Cloud Computing: Harnessing the Power of the Digital Skies: The IT Collection
From Everand
Cloud Computing: Harnessing the Power of the Digital Skies: The IT Collection
Christopher Ford
No ratings yet
Cloud Computing: The Untold Origins of Cloud Computing (Manipulation, Configuring and Accessing the Applications Online)
From Everand
Cloud Computing: The Untold Origins of Cloud Computing (Manipulation, Configuring and Accessing the Applications Online)
William Cormier
No ratings yet
Private 5G: A Systems Approach
From Everand
Private 5G: A Systems Approach
Larry L Peterson
No ratings yet
Mobile Neural Network Framework in Practice: The Complete Guide for Developers and Engineers
From Everand
Mobile Neural Network Framework in Practice: The Complete Guide for Developers and Engineers
William Smith
No ratings yet
CloudQuery for Cloud Asset Analysis: The Complete Guide for Developers and Engineers
From Everand
CloudQuery for Cloud Asset Analysis: The Complete Guide for Developers and Engineers
William Smith
No ratings yet
REMOTE ACCESS VPN- SSL VPN: A deep dive into SSL VPN from basic
From Everand
REMOTE ACCESS VPN- SSL VPN: A deep dive into SSL VPN from basic
MAMTA DEVI
5/5 (1)
Enhancing Io TSecurityand Privacyinthe Cloud
No ratings yet
Enhancing Io TSecurityand Privacyinthe Cloud
10 pages
Efficient Attribute-Based Encryption Outsourcing S 221130 143512
No ratings yet
Efficient Attribute-Based Encryption Outsourcing S 221130 143512
12 pages
Paper 8
No ratings yet
Paper 8
15 pages
Efficient ECC-Based Authentication Scheme For Fog-Based IoT Environment
No ratings yet
Efficient ECC-Based Authentication Scheme For Fog-Based IoT Environment
17 pages
Efficient Ecc-Based Authentication Scheme For Fog-Based Iot Environment
No ratings yet
Efficient Ecc-Based Authentication Scheme For Fog-Based Iot Environment
17 pages
Design of An Efficient and Secure Authentication Scheme For Cloud-Fog-Device Framework Using Key Agreement and Management
No ratings yet
Design of An Efficient and Secure Authentication Scheme For Cloud-Fog-Device Framework Using Key Agreement and Management
20 pages
Lepra 2
No ratings yet
Lepra 2
6 pages
A Review of Intrusion Detection and Prevention Systems in Fog Computing Environment
No ratings yet
A Review of Intrusion Detection and Prevention Systems in Fog Computing Environment
6 pages
A Cross Tenant Access Control (CTAC) Model For Cloud Computing - Formal Specification and Verification - IEEE Journals & Magazine - IEEE Xplore
No ratings yet
A Cross Tenant Access Control (CTAC) Model For Cloud Computing - Formal Specification and Verification - IEEE Journals & Magazine - IEEE Xplore
3 pages
Adhoc Networks Me
No ratings yet
Adhoc Networks Me
20 pages
Validating Cloud Infrastructure Changes by Cloud Audits
No ratings yet
Validating Cloud Infrastructure Changes by Cloud Audits
8 pages
Cloud Security Auditing Challenges and Emerging Approaches
No ratings yet
Cloud Security Auditing Challenges and Emerging Approaches
7 pages
An Efficient Auditing Scheme For Data Storage Security in Cloud
No ratings yet
An Efficient Auditing Scheme For Data Storage Security in Cloud
5 pages
An Improved Digital Evidence Acquisition Model For The Internet of Things Forensic I A Theoretical Framework
No ratings yet
An Improved Digital Evidence Acquisition Model For The Internet of Things Forensic I A Theoretical Framework
6 pages
S9L28 Anatomy of A Secure Connection
No ratings yet
S9L28 Anatomy of A Secure Connection
6 pages
Development Application Form and Checklist Version 3
No ratings yet
Development Application Form and Checklist Version 3
13 pages
Kuji Kiri Study
No ratings yet
Kuji Kiri Study
25 pages
New York US - Gauntlet Tester Data Hardware Consent
No ratings yet
New York US - Gauntlet Tester Data Hardware Consent
9 pages
NCM 210 LECT - Ethical Considerations
No ratings yet
NCM 210 LECT - Ethical Considerations
3 pages
(Publication) MSU-RMC-01FR02 Publication in Journals Application Form
No ratings yet
(Publication) MSU-RMC-01FR02 Publication in Journals Application Form
4 pages
Bilal Rahhali Homework
No ratings yet
Bilal Rahhali Homework
4 pages
Four Theories of The Press
No ratings yet
Four Theories of The Press
22 pages
We Use Cookies To Optimize Site Functionality and Give You The Best Possible Experience
100% (1)
We Use Cookies To Optimize Site Functionality and Give You The Best Possible Experience
14 pages
King 2006 Online Counselling The Motives and Experiences of Young Who Choose Internet Than f2f Counselling
No ratings yet
King 2006 Online Counselling The Motives and Experiences of Young Who Choose Internet Than f2f Counselling
7 pages
Swot Analysis
No ratings yet
Swot Analysis
1 page
Ethics of Data Privacy and Surveillance in The Digital Age
No ratings yet
Ethics of Data Privacy and Surveillance in The Digital Age
8 pages
(Data Privacy) G.R. No. 247348
No ratings yet
(Data Privacy) G.R. No. 247348
1 page
Privacy Statement InnoCore Pharmaceuticals
No ratings yet
Privacy Statement InnoCore Pharmaceuticals
3 pages
Application Processing Summary: Data Extracted From: Https://serviceonline - Gov.in/uidai/ On 2024-12-10 13:05:15.885
No ratings yet
Application Processing Summary: Data Extracted From: Https://serviceonline - Gov.in/uidai/ On 2024-12-10 13:05:15.885
8 pages
Brown V Google Complaint
No ratings yet
Brown V Google Complaint
22 pages
Application Form - To Accompany CV
No ratings yet
Application Form - To Accompany CV
1 page
Environment-Behaviour Studies in The Classroom: Sandra Horne Martin, University of Central England
No ratings yet
Environment-Behaviour Studies in The Classroom: Sandra Horne Martin, University of Central England
13 pages
Dodi 2000 26
No ratings yet
Dodi 2000 26
17 pages
Diabelli Allegretto C
No ratings yet
Diabelli Allegretto C
1 page
Camera Surveillance Policy
No ratings yet
Camera Surveillance Policy
4 pages
BSC Year1sem1 Information Security
No ratings yet
BSC Year1sem1 Information Security
27 pages
Mollybrooke Chaturbate Newmollybrooke LISSETH YURANY VALENCIA CASTILLO
No ratings yet
Mollybrooke Chaturbate Newmollybrooke LISSETH YURANY VALENCIA CASTILLO
93 pages
Constitutional Law II Syllabus SY 2023 24
No ratings yet
Constitutional Law II Syllabus SY 2023 24
32 pages
NPC 21 054 RGC v. JK Incorporated and Recovery Inc
No ratings yet
NPC 21 054 RGC v. JK Incorporated and Recovery Inc
17 pages
F1 CES Revision Exercise
No ratings yet
F1 CES Revision Exercise
4 pages
Data Privacy Act and Patient's Bill of Rights
No ratings yet
Data Privacy Act and Patient's Bill of Rights
4 pages
IT Devices Best Practices - 050411
No ratings yet
IT Devices Best Practices - 050411
47 pages
Data Privacy Fundamentals
No ratings yet
Data Privacy Fundamentals
16 pages

A Scalable and Auditable Secure Data Sharing Scheme With Traceability For Fog-Based Smart Logistics - Done

Uploaded by

A Scalable and Auditable Secure Data Sharing Scheme With Traceability For Fog-Based Smart Logistics - Done

Uploaded by

This article has been accepted for publication in IEEE Internet of Things Journal.

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 1

A Scalable and Auditable Secure Data Sharing

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 2

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 3

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 4

B. Access Structure A. System and Threat Model

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 5

Smart Logistics Cloud

Data User Data User Traitor

Fig. 2: The system model of LUTPDS for s-Logistics

other, which is reasonable in real-world applications.

B. System Definition Encryptoff

consists of several algorithms. In system initialization phase, Data Forward

SetupSLC algorithm is run for SLC initialization. In user Download Audit

user key pair by CA and DKeyGen algorithm is executed by Verification

AA to distribute decryption key for users while T KeyGen Decryption

is run by users for transformation key generation. In data

ecute together for efficient data encryption. In data decryption

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 6

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 7

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 8

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 9

– PAS checks the validity of file tag ζ by signature A. Security

following: authorities AAC ⊂ UA and generates the public key of

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 10

For those pairs {(GIDi , Si )}m≤i≤n , the simulator =g aj +GIDi +bj µ

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 11

3) Data Auditing Security: Thus, we have the following equation:

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 12

TABLE III: Computation Complexity Comparison

Scheme KeyGen Encryption User Decryption Out Decryption

TABLE IV: Storage Complexity Comparison

Scheme PP Size TKey Size SKey Size CT Size

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 13

Size of authority public key (bytes)

Size of ciphertext (Kbytes)

Size of ciphertext (Kbytes)

Scheme [19] Time for encryption (ms) Scheme [19] 35000

2000 2000 15000 15000

1000 1000 5000 5000

Time for outsourced decryption (ms)

Time for user decryption (ms)

Time for user decryption (ms)

Fig. 4: Comparison of the actual efficiency.

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 14

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 15

Yanbo Yang received the B.S. and Ph.D degrees

Jiawei Zhang received the B.S. and M.S. degrees

Ximeng Liu (S’ 13-M’ 16-SM’ 21) received the

You might also like