Achieving adaptively secure data access control with privacy protection for lightweight IoT devices

The Internet of things (IoT) technology has been used in a wide range of fields, ranging from industrial manufacturing to daily lives. The IoT system contains numerous resource-constrained lightweight devices such as wireless sensors and radio frequency identification (RFID) tags. A massive amount of sensitive data is generated and transmitted by these devices to a variety of users. The complexity of the IoT system places a high demand on security. Therefore, it is necessary to develop an encryption scheme with access control to provide flexible and secure access to the sensitive data. The ciphertext policy attribute-based encryption (CP-ABE) scheme is a potential solution. However, the long ciphertext as well as the slow encryption and decryption operations in traditional ABE schemes make it inappropriate for most IoT systems, which require low latency and contain many devices with limited memory size and computing capability. In this paper, we propose a modified CP-ABE scheme with constant length of ciphertext and low computation overhead in the encryption and decryption phases. Additionally, our scheme is proven to be adaptively secure under the standard model. Moreover, two enhanced schemes are developed to prevent authorized users from leaking data and protect the privacy of data owners by combining chameleon hash, bloom filters and CP-ABE, respectively. Finally, the experimental evaluation and analysis prove the feasibility of our scheme.