Privacy-Preserving Distributed Data Access Control for CloudIoT

The Edge-Fog-Cloud interplay in the Internet-of-Things (IoT) leads to many exciting data-sharing applications that use access control systems as primary requirements. To ensure a fine-grained data access control for such data-sharings on untrusted storage (e.g., Cloud), Attribute-Based Encryption (ABE) is a promising tool. To address privacy concerns in such ABE-based access control systems, we propose a new Privacy-preserving Distributed data Access control (PDAC) in CloudIoT. Our PDAC improves the previous privacy-preserving distributed ABE systems in three aspects. The first introduces a new user's anonymity approach against the colluding untrusted (honest-but-curious) authorities. The second presents a novel policy-hiding mechanism that efficiently preserves the privacy of policy-forming attributes (metadata) against colluding parties. The third introduces an independent-authorities system for our privacy-preserving improvements, where an authority can join and leave the system without reinitializing other authorities. Moreover, our PDAC offloads the user's computations over the Cloud servers for efficiency enhancement. We prove the security of our PDAC through formal analysis. Then, we present empirical results on different classes of mobile devices, including a laptop and a smartphone.