Lin Han-Yu, Tsai Tung-Tso, Ting Pei-Yih, Chen Ching-Chung
Department of Computer Science and Engineering, National Taiwan Ocean University, Keelung 202, Taiwan.
Sensors (Basel). 2022 Jun 1;22(11):4223. doi: 10.3390/s22114223.
In a fog-enabled IoT environment, a fog node is regarded as the proxy between end users and cloud servers to reduce the latency of data transmission, so as to fulfill the requirement of more real-time applications. A data storage scheme utilizing fog computing architecture allows a user to share cloud data with other users via the assistance of fog nodes. In particular, a fog node obtaining a re-encryption key of the data owner is able to convert a cloud ciphertext into the one which is decryptable by another designated user. In such a scheme, a proxy should not learn any information about the plaintext during the transmission and re-encryption processes. In 2020, an ID-based data storage scheme utilizing anonymous key generation in fog computing was proposed by some researchers. Although their protocol is provably secure in a proof model of random oracles, we will point out that there are some security flaws inherited in their protocol. On the basis of their work, we further present an improved variant, which not only eliminates their security weaknesses, but also preserves the functionalities of anonymous key generation and user revocation mechanism. Additionally, under the Decisional Bilinear Diffie-Hellman (DBDH) assumption, we demonstrate that our enhanced construction is also provably secure in the security notion of IND-PrID-CPA.
在支持雾计算的物联网环境中,雾节点被视为终端用户与云服务器之间的代理,以减少数据传输延迟,从而满足更多实时应用的需求。一种利用雾计算架构的数据存储方案允许用户在雾节点的协助下与其他用户共享云数据。具体而言,获得数据所有者重新加密密钥的雾节点能够将云密文转换为可被另一个指定用户解密的密文。在这样的方案中,代理在传输和重新加密过程中不应了解有关明文的任何信息。2020年,一些研究人员提出了一种在雾计算中利用匿名密钥生成的基于身份的数据存储方案。尽管他们的协议在随机预言机的证明模型中被证明是安全的,但我们将指出他们的协议中存在一些继承的安全缺陷。在他们工作的基础上,我们进一步提出了一个改进的变体,它不仅消除了他们的安全弱点,还保留了匿名密钥生成和用户撤销机制的功能。此外,在判定性双线性迪菲 - 赫尔曼(DBDH)假设下,我们证明了我们增强后的构造在IND-PrID-CPA安全概念下也是可证明安全的。
