A Privacy Protection Scheme for IoT Big Data

Full text

Turn on search term navigation

This work is licensed under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.

1. Introduction

The development of emerging computing technologies (e.g., cloud computing) have brought opportunity for various industries, such as hyperspectral remote sensing image algorithms [1, 2], classification algorithms [3], matrix operations under linear systems [4, 5], and data generated by Internet of Things (IoT) devices. If the data in a solution is stored in the cloud or the calculation is outsourced to the cloud, the local storage and calculation pressure will be greatly reduced. Among them, for IoT big data, because IoT devices generate huge amounts of data, the structure of the traditional machine learning model is relatively simple, which can no longer meet the new needs of IoT applications. Thus, deep learning technology has been widely used in IoT applications [6], e.g., smart home [7], smart city [8, 9], and autonomous driving [10].

In the scenario of applying deep learning technology to big data in the IoT, in order to train a neural network, large amounts of data need to be obtained from the IoT devices. For example, crowdsensing systems collect data that comes from sensors embedded on personally owned mobile devices [11]. These data may contain sensitive information of some users. However, IoT networks are becoming more vulnerable to various web attacks [12]. Obviously, once they “share” these IoT data with the same field, they are likely to lose control of this data. If these data containing private information are leaked, and there is a lack of effective protection mechanism in the process of IoT search [13], it may cause irreversible harm to the people whose information is leaked. For example, in the field of healthcare, human physiological data collected by wearable IoT devices are put into deep learning models, which can predict the physical condition of patients [14–17]. Once these data are leaked, it will not only cause a patient’s economic loss but also endanger life [18]. In the field of autonomous driving, the prediction system of deep learning may be maliciously interfered. Once location privacy data is obtained maliciously, it may cause traffic safety problems and bring troubles to society [19]. It can be seen that how to protect users’ private data still faces severe challenges for projects that use deep learning to assist IoT applications, and it is a problem that must be solved.

At present, many solutions have been proposed to solve the big data privacy protection problem in machine learning [20] or deep learning. Generally, these schemes are divided into three categories: federated learning [21, 22], encryption-based technologies [23–26], and differential privacy technologies [27, 28], as shown in Figure 1. Figure 1 shows the working principles of three different types of privacy protection. Among them, encryption-based technologies mainly use direct encryption of data, such as using homomorphic encryption algorithms or setting access control on data uploaded to cloud servers. However, in actual situations, data owners not only want to share training data with others but also want to guarantee data security. Although homomorphic encryption solution realizes the encryption of data, it cannot meet the needs of multiuser data sharing when sharing data in the same field, and it cannot achieve one-to-many fine-grained communication. In attribute-based encryption, only users who meet the access strategy set by the owner can obtain the data, which can achieve more flexible access control. Therefore, to handle the problem of the incompatibility of secure storage and fine-grained sharing of IoT big data in deep learning, an attribute-based encryption solution can be introduced. Among them, the encryption of the ciphertext strategy is more suitable to be used in this scenario than the key-based encryption due to the characteristics of the ciphertext contact access strategy and key contact access structure.

[figure omitted; refer to PDF]

In the actual data sharing scenario, due to the numerous attributes of the visitor, there are many departments in the enterprise engaged in the IoT, so the attribute fluidity is relatively large. Access users obtain the key through their own identity attribute information. If the attribute used to represent the identity does not have a valid period, it means that even if an employee resigns or a department merges, it will not affect the access rights of the resigned employee or the original department staff, and these employees can still obtain data through their own identity attributes. If a resigned employee sells IoT big data in exchange for economic benefits, it will not only endanger the interests of the company but also harm people’s personal safety. This shows that it is necessary to set the validity period for each user attribute. The attribute will be cancelled when it expires. Moreover, many current solutions allow users to access unlimited times within the set time. To prevent the number of visits from being abused, it is necessary to limit the number of visits within the set time. By limiting the user’s access period and access frequency, to a certain extent, it is possible to reduce the occurrence of data leakage caused by the sale of data information by employees or outsiders using decryption attributes to access big data of the Internet of Things.

We consider the data privacy problems of big data generated in the field of IoT for mobile computing and use attribute revocation idea [29, 30], then propose an IoT big data privacy protection scheme based on time and the number of decryption restrictions. This scheme combines homomorphic encryption and attribute-based encryption. In summary, the main contributions of this paper are as follows:

(1) We propose a scheme that limits attribute usage time and user decryption frequency. By setting the attribute version number for each attribute as a mark, it is compared with the local time to determine whether the time has expired and realize the revocation. Besides, it limits the number of user accesses by establishing a user decryption frequency table and setting access tokens.

(2) We combine homomorphic encryption with ciphertext-based attribute-based encryption technology, which makes this solution more effective in improving data confidentiality without affecting neural network model training.

(3) We analyse the security of the scheme in a real deployment.

The remainder of the paper is organized as follows. After introducing the related work in Section 2, we provide related technologies used in this paper in Section 3. Section 4 describes the design of our scheme. We analyse security and effectiveness of our scheme in Section 5. Finally, Section 6 concludes this study.

2. Related Work

Although deep learning has brought great convenience to human life, its application is inseparable from data. If some IoT data involves the user’s private information, once it is leaked, it will cause property and life safety issues. More and more solutions [31–34] are proposed to solve data security issues, which are implemented by not directly processing data. In addition, people can also protect their privacy by processing data. Lv et al. [35] proposed a secure transaction framework based on the blockchain, which uses the encryption mechanism of the blockchain to ensure information security, but it does not achieve fine-grained access control. Lindell et al. [36] proposed that two parties can process data sets collaboratively without revealing their privacy. Agrawal et al. [37] proposed a scheme that implements the function of outsourcing data to others for data mining tasks. This scheme is confirmed that it does not reveal the data owner’s private information during the outsourcing process. Homomorphic encryption technology is considered to be the most effective and most direct means of protecting user privacy [38]. It can directly perform operations, and the results can be consistent with the results of plaintext operations. In 2007, Orlandi et al. [39] introduced homomorphic encryption technology and multiparty secure computing technology to feed the encrypted data into the neural network model for training, which not only ensured the consistency of the plaintext and ciphertext calculation results but also considered security. In [40], the authors proposed a neural network model that uses encrypted data for training. At the same time, in this scheme, it is also proved that cloud services can be used to put encrypted data into the neural network for prediction operations, and the results are returned from the cloud in the form of ciphertext. In [41], the authors improved the scheme [40] and proved that encrypted data can also train neural networks.

In addition to directly encrypting big data, there are also many solutions for setting access control to the data protection layer. In [42], the author created the first CP-ABE solutions, the access policy and ciphertext are sent to the receiver together. Due to the existence of user or attribute revocation problems, research on revocation of ABE has always received extensive attention. Shi et al. [43] proposed a scheme under a hierarchical cryptosystem. Once the attributes are revoked, the public key, private key, and ciphertext of the scheme need to be updated, so the revoking efficiency of this scheme is not high. In [44, 45], the authors pointed out that the private key can be divided into two parts. If the attribute is revoked, the two keys need to be updated, and it is necessary to reencrypt the ciphertext and header files, so the cost of revocation is relatively large. In [46], the authors proposed a user revocation scheme based on a time limit, but it did not achieve fine-grained attribute revocation. In [47], the authors proposed a scheme for using smart contracts to revoke attributes. In addition to these revocation schemes, the purpose of revocation can also be realized by limiting the number of user visits. In [48], the authors proposed a scheme that decryption frequency can be limited. But the function of this scheme is a bit single. While sharing IoT big data that can be used for neural network training, users can adopt a scheme that combines homomorphic encryption and CP-ABE. The solution proposed in [49] has proved that combining the two technologies in such scenarios can not only reduce the risk of data leakage but also reduce the number of key communications. However, in the field of deep learning-assisted IoT applications, there are very few solutions that can combine these technologies to limit user access time and specify the number of user accesses.

3. Preliminaries

3.1. Bilinear Maps

Suppose there is a large prime number $p$ and two cyclic groups $G_{1}$ and $G_{2}$ , their orders are both $p$ , and $g$ is a generator of $G_{1}$ . Then, there is a mapping $e : G_{1} \times G_{1} ⟶ G_{2}$ from $G_{1}$ to $G_{2}$ , and it has the following properties [50]:

(1) Bilinearity: $e g^{a}, g^{b} = e g^{b}, g^{a} = e {g, g}^{a b}$ for $\forall a, b \in Z_{p}^{*}$ and $\forall u, v \in G_{1}$

(2) Nondegeneracy: there exists $x, y \in G_{1}$ , such that $e x, y \neq 1$ , where 1 is the identity element of group $G_{2}$

(3) Computability: for $\forall u, v \in G_{1}, e u, v$ can be calculated by an effective algorithm.

Then, we call the above mapping $e$ a bilinear mapping. In general, the cyclic group $G_{1}$ is an additive cyclic group, and the cyclic group $G_{2}$ is a multiplicative cyclic group.

3.2. Diffie-Hellman Problem

For the additive cyclic group $G_{1}$ in the above bilinear map $e$ , there are the following difficult problems in cryptography and discrete mathematics, various cryptosystems based on bilinear mapping are built on the basis of these difficult problems.

Definition 1 (discrete logarithm problem (DL)).

If there are any two elements $g$ and $Y$ , $g \in G_{1}$ , $Y \in G_{1}$ , and satisfy $Y = g^{k}$ , where $k \in Z_{p}^{*}$ , it is difficult to calculate the value of $k$ .

Definition 2 (computational Diffie-Hellman problem (CDH)).

Given that a triplet is $g, g^{a}, g^{b}$ , where $g$ is a generator of group $G_{1}$ , $a, b \in Z_{p}^{*}$ , it is difficult to calculate the value of $g^{a b}$ .

Definition 3 (decisional Diffie-Hellman problem (DDH)).

If there is a four-tuple $g, g^{a}, g^{b}, g^{c}$ , where $g$ is a generator, $a, b, c \in Z_{p}^{*}$ , it is difficult to determine whether $c = a b \mod p$ is true.

Because the above three types of problems are based on group $G_{1}$ , they are all regarded as group $G_{1}$ problems.

3.3. DBDH Assumption

Given that a five-tuple is [ $g, g^{a}, g^{b}, g^{c}, Z$ ], where $g$ is a generator of group $G_{1}$ , $a, b, c \in_{R} Z_{P}$ , $Z \in G_{2}$ , it is difficult to determine whether $Z = e {g, g}^{a b c}$ is true.

3.4. Access Structure

The structure is a set of judgment conditions, usually expressed as $Γ$ , which contains several attribute elements in the attribute set $A$ and threshold logic operators (such as OR and AND). If there is an attribute set that satisfies the judgment condition, this attribute set is called an authorized set, otherwise, we called it an unauthorized set. Let $P = P_{1}, P_{2}, \dots, P_{n}$ be the entity set of $n$ participants. For $\forall B, C$ , if $B \in C$ and $B \subseteq C$ , there is $C \in A$ , then, the set $A \subseteq 2^{P_{1}, P_{2}, \dots, P_{n}}$ is monotonous. An access structure is a nonempty subset of { $P_{1}, P_{2}, \dots, P_{n}$ }, namely, $A \subseteq 2^{P_{1}, P_{2}, \dots, P_{n}}$ \{ $ϕ$ }. In this proposed solution, the identity information of each user can be described by multiple attributes, such as company, department, and position, which are all his attributes.

3.5. Secure Two-Party Computing Protocol

A secure two-party computing protocol [51–53] means that in a network environment with a low safety factor, two participants can obtain the value of a function after collaborative calculation. Then, they can also obtain the desired value from each other according to this agreement. However, apart from knowing the value of oneself, other information cannot be derived. Through this agreement, it can be ensured that the privacy of the participants themselves will not be leaked when they do not trust each other, which improves program security.

3.6. Homomorphic Encryption

Definition $E k, a$ means using an encryption algorithm to encrypt $a$ , the key is $k$ , and $F$ means a certain algorithm of homomorphic encryption, if there is an effective algorithm $I$ , it can be satisfied: $E k, F a_{1}, a_{2}, \dots, a_{n} = I k, F E a_{1}, E a_{2}, \dots, E a_{n}$ . It means that $E$ is homomorphic to $F$ .

4. The Proposed System

4.1. System Solution

In our proposed solution, there exist six types of entities: IoT device, cloud server, data user, attribute authorization centre, key generation centre, and time server. The scheme model is shown in Figure 2.

[figure omitted; refer to PDF]

From Figure 2, we can know that the data owner can encrypt all kinds of data from IoT devices and upload the data to CSP. The access user makes an access request to the cloud server. Legitimate users can download document set from the cloud server and decrypt it. CSP and KGC jointly generate keys for users through continuous interaction. The time server is responsible for detecting whether the time sent to it by other entities has expired or has been forged or tampered with.

4.2. System Algorithms

We let group $G$ be a bilinear group, let $g$ be a generator in group $G$ . Let $e : G \times G ⟶ G_{1}$ be a bilinear mapping. We choose three hash functions in this scheme: $H : {0, 1}^{*} ⟶ G$ , so that each attribute can be mapped to the group, $H_{1} : G_{1} ⟶ Z_{P}^{*}$ , and $H_{2} : {0, 1}^{*} ⟶ {0, 1}^{*}$ . In addition, for any $i \in Z_{P}^{*}$ , an attribute set $A$ , the Lagrangian coefficient is defined as $∆_{i, A} x = \prod_{j \in A, j \neq i} x - j / i - j$ .

(1) $Setup λ ⟶ {PK}_{KGC}, {MK}_{KGC}, {PK}_{CSP}, {MK}_{CSP}, {PK}_{sign}, {MK}_{sign}$ . First, the security parameter $λ$ is used to generate three pairs of public and private keys, which are the key generation centre’s key pair ${PK}_{KGC}, {MK}_{KGC}$ , the cloud server’s key pair ${PK}_{CSP}, {MK}_{CSP}$ , and the public and private key pair for digital signature ${PK}_{sign}, {MK}_{sign}$ . KGC randomly selects $β \in_{R} Z_{P}^{*}$ and sets $h = g^{β}$ , so ( ${PK}_{KGC} = h, {MK}_{KGC} = β$ ). At the same time, KGC also selects a random number $γ \in_{R} Z_{P}^{*}$ , so that the public and private key pair used for digital signature is ${PK}_{sign} = g^{γ}, {MK}_{sign} = γ$ . CSP randomly selects $α \in_{R} Z_{P}^{*}$ , it sets ( ${PK}_{CSP} = e {g, g}^{α}$ , ${MK}_{CSP} = g^{α}$ ). Second, CSP allocates initialization information other than public and private keys for users accessing IoT data, including setting the unique identity of the $i$ th user as $u_{i}$ , where $u_{i} \in Z_{P}^{*}$ . A list $L$ is stored in the cloud server, which contains the user’s unique mark $u_{i}$ , the number of user visits $σ$ , and the state-related mark $K_{c}$ . Third, KGC selects a random secret value $r_{j} \in Z_{P}^{*}$ for the user, and AAC selects a mark $v_{i} \in Z_{P}^{*}$ for each attribute. Therefore, the system public key is $PK = G, g, h, f = g^{1 / β}, e {g, g}^{α}$ , and the master key is $MK = α, β$ . The initial value of $σ$ is set to 0.

(2) $KeyGen PK, MK, {MK}_{sign}, A, U_{i}, st ⟶ {SK}_{u_{t}}$ . In this part, the digital signature private key ${MK}_{sign}$ , the user’s attribute set $A$ , and the attribute version key $U_{i}$ , and outputs the user’s decryption key. The following four parts are included:

(a) Generate attribute version key. This part is executed by AAC. AAC randomly selects any value $t_{i} \in Z_{P}^{*}$ for each attribute, and $t_{i}$ is used as a parameter for subsequent use, so the attribute version key is set to $U_{i} = v_{i} t_{i}$ , and the attribute version key is generated and sent to CSP.

(b) Generate partial user keys. This part is formed by the simultaneous operation of KGC and CSP via introducing a secure two-party computing protocol. First, KGC takes the parameters ( $r_{j}, β$ ) as input, and CSP takes the parameter $α$ as input. Through calculation, $x = α + r_{j} β$ is obtained, and the result is output to CSP. CSP selects a random number $δ \in Z_{P}^{*}$ , calculates $A = g^{x δ} = g^{α + r_{j} β δ}$ , and sends the calculation result to KGC. When KGC receives the result, calculate $B = A^{1 / β^{2}} = {g^{α + r_{j} β δ}}^{1 / β^{2}} = g^{α + r_{j} δ / β}$ , and finally, the result $B$ is sent to CSP. CSP calculates ${SK}_{C} = B^{1 / δ} = g^{α + r_{j} / β}$ from the received result $B$ . KGC inputs the set attribute version key and outputs partial user’s private key ( ${SK}_{k} = \forall λ \in A, D_{λ} = g^{r_{j}} H λ^{U_{i}}, D_{λ}^{*} = g^{U_{i}}$ ). The partial user’s decryption key is composed of a combination of the private key generated by CSP and KGC: $SK = {SK}_{C}, {SK}_{k} = D = g^{α + r_{j} / β}, \forall λ \in A, D_{λ} = g^{r_{j}} \cdot H λ^{U_{i}}, D_{λ}^{*} = g^{U_{i}}$

(c) In this part of the algorithm, $K_{p} = g^{1 / H_{2} s t + u_{i}}$ , $K_{c} = E^{1 / H_{2} s t + u_{i}}$ , $K_{c}$ is the output value of the algorithm VRF [54], $K_{p}, K_{c}$ refer to the calculation and detection scheme of the algorithm VRF. Therefore, the final decryption key is ${SK}_{u_{t}} = SK, st, K_{c}, K_{p} = D = g^{α + r_{j} / β}, \forall λ \in A, D_{λ} = g^{r_{j}} \cdot H λ^{U_{i}}, D_{λ}^{*} = g^{U_{i}}, st, K_{c}, K_{p}$ , the generated decryption key is sent to the user.

(d) Set the expiration time $T_{t}$ for each attribute and digitally sign $T_{t}$ $ξ = g^{1 / H_{2} T_{t} + γ}$ .

(3) HKeyGen (). This algorithm generates the key of a homomorphic encryption algorithm. This scheme uses the DGHV encryption algorithm. In this algorithm, the key is selected as follows: we choose a randomly generated positive prime number as the key $p$ , where $p \in 2^{η^{2} - 1}, 2^{η^{2}}$ .

(4) $Encryption PK, Γ, M, p ⟶ {CT}^{*}$ . This algorithm first inputs the system public key and access policy tree $Γ$ , homomorphic encryption key $p$ , and plaintext message $M$ . Then, this algorithm outputs encrypted ciphertext ${CT}^{*}$ . First, the data owner uses the homomorphic encryption key $p$ to encrypt the plaintext $M$ . The specific operation is as follows: they choose two random numbers $q, r$ , where $p \in 2^{η^{s} - 1}, 2^{η^{s}}, r \in 2^{η - 1}, 2^{η}$ , $p / 2 > 2 r, q ≫ p$ . The ciphertext of the document set is calculated by formula $p q + 2 r + M$ , $M$ is expressed in binary, and the generated ciphertext is uploaded. Second, the data owner encrypts the homomorphic key and uploads the key with attribute access control to the cloud. The data owner regards the attributes as leaf nodes, the root node of the tree is $R$ , and the other nodes are threshold logic operators. The encryption operation performs from the root node and, from top to bottom, produces a linked order for each node, which is $d_{x}$ polynomial $q_{x}$ . If $n_{x}$ is the threshold of nonleaf nodes, then there is a relation $d_{x} = n_{x} - 1$ . Then, they select a random value $s \in Z_{P}^{*}$ , set the polynomial on the root node to $q_{R} 0 = s$ , and use the homomorphic encryption key $p$ to encrypt the plaintext, and use the encryption result to calculate $C = Enc p \cdot e {g, g}^{α s}, \hat{C} = h^{s}$ . Let the polynomial of other nodes be $q_{x} 0 = q_{p x} index x$ , where $index x$ represents the number associated with any node $x$ . The order of nodes is indicated from left to right. In the entire access policy tree, the information carried by each leaf node must be calculated, $C_{λ} = g^{q_{λ} 0}$ , $C_{λ}^{*} = H λ^{q_{λ} 0}$ . Then, the final ${CT}^{*}$ is ${CT}^{*} = Γ, C = Enc p \cdot e {g, g}^{α s}, \hat{C} = h^{s}, \forall λ \in J : C_{λ} = g^{q_{λ} 0}, C_{λ}^{*} = H λ^{q_{λ} 0}$ .

(5) $TimeCheck {SK}_{u_{t}}, S, T_{t}, ξ, {PK}_{sign}$ . In this part of the algorithm, after the time server receives the validity period of the attribute, it first needs to verify it with digital signature technology to check whether it has been forged or tampered with and verify it with the following calculation method: $\begin{matrix} (1) & e g^{H_{2} T_{t}} \cdot {PK}_{sign}, ξ = e g^{H_{2} T_{t}} \cdot g^{γ}, g^{1 / H_{2} T_{t} + γ} = e g^{H_{2} T_{t} + γ}, g^{1 / H_{2} T_{t} + γ} = e g, g . \end{matrix}$

If the verification is successful, it means that the attribute has not been forged or tampered with. The time server compares the validity period $T_{t}$ with the present time to determine whether the attribute has exceeded the validity period. If it has not expired, you need to continue to execute step 6. If it expires, the attribute needs to be revoked. On the contrary, if the verification fails, it means that the validity period $T_{t}$ has been maliciously modified, then return $⊥$ .

(6) $GenToken u_{i}, st, {ctr}_{\max} ⟶ B_{T}$ : after verifying the attribute validity period $T_{t}$ , it also needs to verify the user’s access times, but the difference is that even if a certain attribute fails, the user still has the possibility of access rights, but if the access times exceed the set threshold, then the user does not have the right to access IoT resource data. This algorithm makes the user’s unique identity $u_{i}$ , the user’s current state $st$ , and the maximum allowed number of decryption ${ctr}_{\max}$ into a token and sends the token to the cloud server.

(7) $Predecryption {SK}_{u_{t}}, B_{T} ⟶ timeindex$ . In this part, the cloud server first detects $e g^{H_{2} s t} * g^{u_{i}}, K_{p} = E$ and $K_{c} = e g, K_{p}$ after receiving the token with information. If it meets the verification conditions, CSP will detect the number of decryption $σ + 1 \leq {ctr}_{\max}$ in the list $L$ , if it is satisfied, let $σ = σ + 1$ , update $K_{c}$ at this time and store it in the list $L$ , and then, the user and CSP continue to perform step 8. Then, let $timeindex = 1$ , otherwise, $timeindex = ⊥$ . If $timeindex = ⊥$ , it means accessing users can no longer access IoT big data even if they have access rights.

(8) $Decryption {SK}_{u_{t}}, {CT}^{*} ⟶ p$ . This part of the algorithm is executed by the decryption user and is divided into the following four parts:

(a) When the node $x$ in the access policy tree belongs to the leaf node in the access policy tree, let $i = att x$ , it means that the attribute corresponding to the node $x$ computes $\begin{matrix} (2) & DecryptNode {SK}_{u_{t}}, {CT}^{*}, x = \frac{e D_{i}, C_{x}}{e D_{i}^{*}, C_{x}^{*}} = \frac{e {g, g}^{q_{x} 0 r_{j} + U_{i}}}{e {g, g}^{q_{x} 0 U_{i}}} = e {g, g}^{r_{j} q_{x} 0} . \end{matrix}$

If the attribute is not in the user’s attribute set, return $⊥$ .

(b) When $λ$ belongs to a nonleaf node in the structure tree, we let $S_{x}$ be the set of child nodes of each node $z$ of size $k_{x}$ . When $F_{z}$ exists and the user’s current decryption frequency meet the requirements, then compute $\begin{matrix} (3) & F_{x} = \prod_{z \in S_{x}} {F_{z}}^{timeindex ∆_{i}, S_{x}^{'}} = \prod_{z \in S_{x}} {e {g, g}^{r_{j} q_{z} 0}}^{∆_{i}, S_{x}^{'}} = \prod_{z \in S_{x}} {e {g, g}^{r_{j} q_{parent z} index z}}^{∆_{i}, S_{x}^{'}} = e {g, g}^{r_{j} q_{λ} 0} . \end{matrix}$

If the root node $R$ in this structure tree is replaced by the $x$ node in the above formula, it can be computed as $A = DecryptNode {SK}_{u_{t}}, {CT}^{*}, R = e {g, g}^{r_{j} s}$ .

(c) When the user’s attribute set meets the requirements, decryption is performed: $\begin{matrix} (4) & Dec \frac{C}{e \hat{C}, D / A} = Dec \frac{e {g, g}^{α s} \cdot Enc p}{e h^{s}, g^{α + r_{j} / β} / e {g, g}^{r_{j} s}} = Dec \frac{e {g, g}^{α s} \cdot Enc M}{e h^{s}, g^{α + r_{j} / β} / e {g, g}^{r_{j} s}} = Dec \frac{e {g, g}^{α s} \cdot Enc M}{e {g, g}^{α s}} = p \end{matrix}$

(d) After the data visitor obtains the homomorphic key $p$ , users can obtain the document set by using the homomorphic key $p$ .

(9) $Revocation$ . When the attribute is revoked, this algorithm is executed. In the algorithm, it consists of three parts:

(a) First, KGC randomly selects a reencryption parameter $ψ$ , which is assigned to AAC, CSP, and users whose attributes have been revoked, so that they can update relevant component information in time. Receiving the update information, AAC updates the attribute version keys $U_{i}^{'}$ of the revoked attributes that it manages, $U_{i}^{'} = v_{i} t_{i}^{'}$ .

(b) The next step is to update the user key. CSP obtains the reencryption parameters allocated in the previous step and regenerates the user’s latest version key together with KGC. The updated user key is ${SK}_{u_{t}} = D = g^{α + r_{j} / β}, D_{λ^{'}} = g^{r_{j}} \cdot H {ψ λ}^{U_{i}^{'}}, D_{λ^{'}}^{*} = g^{U_{i}^{'}}, \forall λ \in A \ λ^{'} : D_{λ} = g^{r_{j}} \cdot H λ^{U_{i}}, D_{λ}^{*} = g^{U_{i}}, st, K_{c}, K_{p}$ .

(c) The third step is to update the ciphertext. In this part, CSP first selects a random cipher value $s^{'} \in Z_{P}^{*}$ to ensure forward security and then updates the relevant components of the ciphertext after receiving the reencryption parameters. The updated ciphertext is $\begin{matrix} (5) & {CT}^{*} = Γ, C = e {g, g}^{α s + s^{'}} \cdot {Enc}_{k} M, \hat{C} = h^{s + s^{'}}, \forall λ \in J : C_{λ} = g^{q_{λ} 0 + s^{'}}, C_{λ}^{*} = H {ψ λ}^{q_{λ} 0 + s^{'}} λ = λ^{'}, C_{λ}^{*} = H λ^{q_{λ} 0 + s^{'}} λ \neq λ^{'} \end{matrix}$

5. Safety and Efficiency Analysis

5.1. Solution Security Analysis

5.1.1. Confidentiality

The confidentiality of this scheme is achieved through two aspects. On the one hand, the attributes of the user must be able to meet the policy set by data owner. If the access policy is not met, then the attributes cannot be used to calculate $e {g, g}^{r_{j} s}$ , so it can prevent unauthorized users from stealing sensitive data. On the other hand, while generating the user’s key, to reduce the condition impact of low safety factor and untrustworthy, a secure two-party computing protocol is used to protect the related information of the private key from being obtained by anyone other than itself.

5.1.2. Forward Security

Since each user is set to limit decryption frequency, when users access data, if they meet the requirements of the access policy, they also need to send a token carrying the number of times of decryption to the cloud server. If the number of accesses exceeds the limit, then the user can no longer be decrypted, which ensures forward security.

5.1.3. Collusion Resistance

Users need to use their own attributes to calculate $e {g, g}^{r_{j} s}$ . If users with different permissions want to create a conspiracy attack, then KGC and CSP will generate partial decryption keys through a secure two-party calculation protocol $D = g^{α + r_{j} / β}, D_{λ} = g^{r_{j}} \cdot H λ^{U_{i}}, D_{λ}^{*} = g^{U_{i}}$ , where $u_{i}$ is a unique random value for each user, so even if the attackers collude, they cannot calculate the value of $e {g, g}^{r_{j} s}$ .

5.1.4. Chosen-Plaintext Attack

Proof.

We consider that there exists a polynomial adversary $A$ that is able to break this solution and algorithm $B$ that can overcome the DBDH problem with the advantage of $ε$ .

Initialization: adversary $A$ selects an access structure tree $Τ$ and sends this access strategy tree to challenger $B$ , and challenger $B$ executes the Setup () initialization algorithm. This part of the process is as follows:

Randomly select four values to calculate $e {g, g}^{a b} e {g, g}^{x} = e {g, g}^{α}$ , where $a, b, c, x ϵ Z_{P}^{*}$ .

For each attribute $λ ϵ A$ , select a random value $ℓ_{i} ϵ Z_{P}^{*}$ , when the attribute does not exist in the access structure tree $T$ , we set $Y_{i} = H^{1 / ℓ_{i}}$ , $y_{i} = b / ℓ_{i}$ , if the attribute exists in the access structure tree $T$ , we let $Y_{i} = g^{ℓ_{i}}$ and $y_{i} = ℓ_{i}$ .

The public key $PK = G, h, g, f = g^{1 / β}, e {g, g}^{α}$ is published, and challenger $B$ keeps the private key $MK = α, β$ .

Phase 1: after challenger $B$ obtains the public key, adversary $A$ can issue a query request. Adversary $A$ selects an attribute set $s = λ_{i} ∣ λ_{i} \in T$ and $u_{i}$ and submits the information to challenger $B$ to apply for a private key. Challenger $B$ randomly selects $r_{i}, U_{i}$ generates the corresponding private key. The calculation process is as follows: $\begin{matrix} (6) & SK = D = g^{a b + x + r_{j} / β}, D_{λ} = g^{r_{j}} \cdot H λ^{U_{i}}, D_{λ}^{*} = g^{U_{i}} . \end{matrix}$

If the number of decryptions meets the requirements, $st, K_{c}, K_{p}$ will not affect the final decryption effect.

Challenge: adversary $A$ has obtained the access control tree $Τ$ at this time and then submits two plaintexts of the same length to challenger $B$ . By comparing the attribute sets, if the attribute set sent in the previous step does not meet the structure tree $Τ$ , then the two plaintexts are set to $m_{0}, m_{1}$ , and the two plaintexts are sent to challenger $B$ along with the access strategy tree. Then, $B$ randomly selects $p \in a, b$ , calculate: $\begin{matrix} (7) & C_{0} = Enc M_{p} \cdot e {g, g}^{α s} = Enc M_{p} \cdot e {g, g}^{a b + x s} = Enc M_{p} \cdot e {g, g}^{a b s} e {g, g}^{x s} = Enc M_{p} \cdot e {g, g}^{a b s} \cdot e g^{x}, g^{s}, \\ \tilde{C_{0}} = h^{s}, \forall λ \in J : \tilde{C_{λ}} = g^{q_{λ} 0}, \tilde{C_{λ}^{*}} = H λ^{q_{λ} 0} . \end{matrix}$

Challenger $B$ sends this information to $A$ .

Phase 2: $A$ can always ask $B$ for private key-related information, and then, $A$ guesses the ciphertext and needs to give his own guess value $p^{'}$ .

Guess: if $p^{'} = p^{'}$ , then DBDH is established, the advantage is $p_{r} p^{'} = p^{'} ∣ e {g, g}^{a b c} = ε + 1 / 2$ , if $p^{'} \neq p^{'}$ , the ciphertext cannot be judged, and the advantage is $p_{r} p^{'} \neq p^{'} ∣ e {g, g}^{ϑ} = 1 / 2$ . In summary, $p_{r} g, g^{a}, g^{b}, g^{c}, e {g, g}^{a b c} = 1 - p_{r} g, g^{a}, g^{b}, g^{c}, e {g, g}^{ϑ} = 1 \geq ε$ . It shows that this scheme can realize that no adversary can break the scheme with a nonnegligible advantage in polynomial time.

5.2. Theoretical Comparison

Our scheme is compared with other schemes in terms of revocation mechanism, time limit, number of decryption limits, and anticollusion. The comparison results are shown in Table 1.

Table 1

Functional comparison.

Schemes	Revocability	Time	Number	Collusion	Ciphertext operability
[55]	User and attribute	×	×	✓	×
[46]	User	✓	×	✓	×
[48]	User	×	✓	✓	×
[47]	Attribute	✓	×	✓	×
[49]	None	×	×	✓	✓
[56]	Attribute	×	×	✓	×
Our scheme	User and attribute	✓	✓	✓	✓

From Table 1, it can be seen that in [46–49, 56], the revocation schemes proposed by the authors do not fully meet the revocation needs. Although in [55] the authors proposed a scheme that can support user revocation and attribute revocation, in the scenario we mentioned, it is also a requirement that the ciphertext can be operated. This scheme in [49] realizes that users can operate on ciphertext, but it is not suitable for scenarios where attributes need to be revoked. Our scheme realizes two revocation functions, solves the basic system security problem, and achieves the ciphertext operable function. What is more, we also consider two factors: time and frequency of decryption.

Our scheme is compared with other schemes in terms of key generation efficiency, decryption efficiency, and revocation efficiency. $e$ is the exponential calculation cost, and $p$ is the bilinear pair calculation cost. The comparison results are shown in Table 2.

Table 2

Cost comparison.

Schemes	Secret key cost	Decryption cost		Revocation
Schemes	Secret key cost	User	CSP	Attribute-cost	User-cost
[55]	$3 e$	3p	×	$3 n + 1 p$	$n p$
[56]	$4 e$	×	$e$	$e$	×
Our scheme	$O 5 n$	$O n$	$O n$	$O 5 n$	$O 1$

It can be seen that in [55] only the user performs the decryption operation and in [56] only CSP performs the decryption operation, which will cause one-side pressure. Our scheme can effectively reduce the amount of user tasks by placing part of the decryption task on the cloud server. Also, in [55], while realizing user revocation, the cost is $n p$ . However, in our scheme, if the user is revoked after judgment, the user only needs to be removed from the list $L$ , thus, its computational complexity is better than the schemes [55, 56]. Although the cost of generating the key is relatively high due to the use of a two-party security protocol, the security of the key is guaranteed through this multiparty cooperation method.

6. Conclusions

Since important personal privacy may be leaked while storing and sharing IoT big data on the cloud, we have proposed an IoT big data privacy protection scheme based on time and decryption frequency limitation, the solution realizes the revocation within the time range and the revocation within the range of decryption times. The access control is set by the combination of homomorphic encryption and attribute-based encryption. In our scheme, legitimate users with a homomorphic encryption key can obtain the original data, and users without a homomorphic encryption key can perform operation training on the homomorphic ciphertext. Our scheme does not only affect the training of the neural network model but also improves the confidentiality of the data. At the same time, the security of the system is improved by introducing a secure two-party agreement. Through theoretical analysis, we found that our scheme realizes two revocation functions, solves the basic system security problem, and achieves the ciphertext operable function. While realizing user revocation, the computational complexity is preferable to other schemes. Besides, our scheme can effectively reduce the amount of user tasks by placing part of the decryption task on the cloud server. Therefore, our scheme can not only ensure safety but also improve efficiency. In the next step, we plan to combine the advantages of decentralization and anonymity of blockchain to protect big data in the Internet of Things in a distributed storage environment.

Acknowledgments

This work was partially supported by the National Natural Science Foundation of China Project (Nos. 61701170 and U1704122), the Key Scientific and Technological Project of Henan Province (Nos. 202102310340 and 202102210352), the Young Elite Scientist Sponsorship Program by Henan Association for Science and Technology (No. 2020HYTP008), the Foundation of University Young Key Teacher of Henan Province (Nos. 2019GGJS040 and 2020GGJS027), and the Key Scientific Research Project of Colleges and Universities in Henan Province (No. 21A110005).

References

[1] W. Huang, Y. Xu, X. Hu, Z. Wei, "Compressive hyperspectral image reconstruction based on spatial–spectral residual dense network," IEEE Geoscience and Remote Sensing Letters, vol. 17 no. 5, pp. 884-888, DOI: 10.1109/LGRS.2019.2930645, 2019.

[2] W. Huang, Y. Huang, H. Wang, Y. Liu, H. J. Shim, "Local binary patterns and superpixel-based multiple kernels for hyperspectral image classification," IEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing, vol. 13, pp. 4550-4563, DOI: 10.1109/JSTARS.2020.3014492, 2020.

[3] L. Peng, H. Zhang, H. Hassan, Y. Chen, B. Yang, "Accelerating data gravitation-based classification using GPU," Journal of Supercomputing, vol. 75 no. 6, pp. 2930-2949, DOI: 10.1007/s11227-018-2253-5, 2019.

[4] X. Zhang, F. Ding, E. Yang, "State estimation for bilinear systems through minimizing the covariance matrix of the state estimation errors," International Journal of Adaptive Control and Signal Processing, vol. 33 no. 7, pp. 1157-1173, DOI: 10.1002/acs.3027, 2019.

[5] X. Zhang, L. Xu, F. Ding, T. Hayat, "Combined state and parameter estimation for a bilinear state space system with moving average noise," Journal of the Franklin Institute, vol. 355 no. 6, pp. 3079-3103, DOI: 10.1016/j.jfranklin.2018.01.011, 2018.

[6] H. Ren, H. Li, Y. Dai, K. Yang, X. Lin, "Querying in Internet of Things with privacy preserving: challenges, solutions and opportunities," IEEE Network, vol. 32 no. 6, pp. 144-151, DOI: 10.1109/MNET.2018.1700374, 2018.

[7] E. Park, Y. Cho, J. Han, S. J. Kwon, "Comprehensive approaches to user acceptance of Internet of Things in a smart home environment," IEEE Internet of Things Journal, vol. 4 no. 6, pp. 2342-2350, DOI: 10.1109/JIOT.2017.2750765, 2017.

[8] A. Zanella, N. Bui, A. Castellani, L. Vangelista, M. Zorzi, "Internet of things for smart cities," IEEE Internet of Things Journal, vol. 1 no. 1, pp. 22-32, DOI: 10.1109/JIOT.2014.2306328, 2014.

[9] P. Gope, R. Amin, S. K. Hafizul Islam, N. Kumar, V. K. Bhalla, "Lightweight and privacy-preserving RFID authentication scheme for distributed IoT infrastructure with secure localization services for smart city environment," Future Generation Computer Systems, vol. 83, pp. 629-637, DOI: 10.1016/j.future.2017.06.023, 2017.

[10] Y. Tian, K. Pei, S. Jana, B. Ray, "DeepTest: automated testing of deep-neural-network-driven autonomous cars," Proceedings of the 40th International Conference on Software Engineering, pp. 303-314, DOI: 10.1145/3180155.3180220, .

[11] M. Li, Y. Sun, H. Lu, S. Maharjan, Z. Tian, "Deep reinforcement learning for partially observable data poisoning attack in crowdsensing systems," IEEE Internet of Things Journal, vol. 7 no. 7, pp. 6266-6278, DOI: 10.1109/JIOT.2019.2962914, 2020.

[12] C. Luo, Z. Tan, G. Min, J. Gan, W. Shi, Z. Tian, "A novel web attack detection system for Internet of Things via ensemble classification," IEEE Transactions on Industrial Informatics, vol. 17 no. 8, pp. 5810-5818, DOI: 10.1109/TII.2020.3038761, 2020.

[13] J. Qiu, Z. Tian, C. Du, Q. Zuo, S. Su, B. Fang, "A survey on access control in the age of internet of things," IEEE Internet of Things Journal, vol. 7 no. 6, pp. 4682-4696, DOI: 10.1109/JIOT.2020.2969326, 2020.

[14] R. Poplin, A. V. Varadarajan, K. Blumer, Y. Liu, M. V. McConnell, G. S. Corrado, L. Peng, D. R. Webster, "Prediction of cardiovascular risk factors from retinal fundus photographs via deep learning," Nature Biomedical Engineering, vol. 2 no. 3, pp. 158-164, DOI: 10.1038/s41551-018-0195-0, 2018.

[15] H. Li, Y. Yang, T. H. Luan, X. Liang, L. Zhou, X. S. Shen, "Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data," IEEE Transactions on Dependable and Secure Computing, vol. 13 no. 3, pp. 312-325, DOI: 10.1109/TDSC.2015.2406704, 2016.

[16] G. Cheng, C. Yang, X. Yao, L. Guo, J. Han, "When deep learning meets metric learning: remote sensing image scene classification via learning discriminative CNNs," IEEE Transactions on Geoscience and Remote Sensing, vol. 56 no. 5, pp. 2811-2821, DOI: 10.1109/TGRS.2017.2783902, 2018.

[17] A. Rachedi, A. Benslimane, "Multi-objective optimization for security and QoS adaptation in wireless sensor networks," 2016 IEEE International Conference on Communications (ICC),DOI: 10.1109/icc.2016.7510879, .

[18] W. Zhou, Y. Jia, A. Peng, Y. Zhang, P. Liu, "The effect of IoT new features on security and privacy: new threats, existing solutions, and challenges yet to be solved," IEEE Internet of Things Journal, vol. 6 no. 2, pp. 1606-1616, DOI: 10.1109/jiot.2018.2847733, 2018.

[19] M. Amoozadeh, A. Raghuramu, C.-n. Chuah, D. Ghosal, H. M. Zhang, J. Rowe, K. Levitt, "Security vulnerabilities of connected vehicle streams and their impact on cooperative driving," IEEE Communications Magazine, vol. 53 no. 6, pp. 126-132, DOI: 10.1109/MCOM.2015.7120028, 2015.

[20] M. Shafiq, Z. Tian, A. K. Bashir, X. du, M. Guizani, "CorrAUC: a malicious bot-IoT traffic detection method in IoT network using machine learning techniques," IEEE Internet of Things Journal, vol. 8 no. 5, pp. 3242-3254, DOI: 10.1109/jiot.2020.3002255, 2021.

[21] G. Xu, H. Li, S. Liu, K. Yang, X. Lin, "VerifyNet: secure and verifiable federated learning," IEEE Transactions on Information Forensics and Security, vol. 15, pp. 911-926, DOI: 10.1109/tifs.2019.2929409, 2019.

[22] L. Jiang, X. Lou, R. Tan, J. Zhao, "Differentially private collaborative learning for the IoT edge," In Proceedings of the 2019 International Conference on Embedded Wireless Systems and Networks (EWSN '19), 2019.

[23] M. Hao, H. Li, X. Luo, G. Xu, H. Yang, S. Liu, "Efficient and privacy-enhanced federated learning for industrial artificial intelligence," IEEE Transactions on Industrial Informatics, vol. 16 no. 10, pp. 6532-6542, DOI: 10.1109/TII.2019.2945367, 2019.

[24] G. Xu, H. Li, Y. Dai, K. Yang, X. Lin, "Enabling efficient and geometric range query with access control over encrypted spatial data," IEEE Transactions on Information Forensics and Security, vol. 14 no. 4, pp. 870-885, DOI: 10.1109/TIFS.2018.2868162, 2019.

[25] H. Li, D. Liu, Y. Dai, T. H. Luan, S. Yu, "Personalized search over encrypted data with efficient and secure updates in mobile clouds," IEEE Transactions on Emerging Topics in Computing, vol. 6 no. 1, pp. 97-109, DOI: 10.1109/TETC.2015.2511457, 2018.

[26] X. Li, S. Liu, F. Wu, S. Kumari, J. J. P. C. Rodrigues, "Privacy preserving data aggregation scheme for mobile edge computing assisted IoT applications," IEEE Internet of Things Journal, vol. 6 no. 3, pp. 4755-4763, DOI: 10.1109/jiot.2018.2874473, 2018.

[27] N. Papernot, S. Song, I. Mironov, A. Raghunathan, K. Talwar, U. Erlingsson, Scalable Private Learning with PATE, 2018.

[28] C. Xu, J. Ren, L. She, Y. Zhang, Z. Qin, K. Ren, "EdgeSanitizer: locally differentially private deep inference at the edge for mobile data analytics," IEEE Internet of Things Journal, vol. 6 no. 3, pp. 5140-5151, DOI: 10.1109/JIOT.2019.2897005, 2019.

[29] J. Hur, "Improving security and efficiency in attribute-based data sharing," Transactions On Knowledge And Data Engineering, vol. 25 no. 10, pp. 2271-2282, DOI: 10.1109/TKDE.2011.78, 2013.

[30] J. Y. Wang, X. J. Zhou, "An attribute-based encryption scheme for ciphertext policy that supports attribute revocation," Computer Engineering,DOI: 10.19678/j.issn.1000-3428.0058105, 2020.

[31] Y. Sun, Z. Tian, M. Li, S. Su, X. Du, M. Guizani, "Honeypot identification in softwarized industrial cyber-physical systems," IEEE Transactions on Industrial Informatics, vol. 17 no. 8, pp. 5542-5551, DOI: 10.1109/tii.2020.3044576, 2020.

[32] Y. Pang, L. Peng, Z. Chen, B. Yang, H. Zhang, "Imbalanced learning based on adaptive weighting and Gaussian function synthesizing with an application on android malware detection," Information Sciences, vol. 484, pp. 95-112, DOI: 10.1016/j.ins.2019.01.065, 2019.

[33] V. Ravindranath, S. Ramasamy, R. Somula, K. S. Sahoo, A. H. Gandomi, "Swarm intelligence based feature selection for intrusion and detection system in cloud infrastructure," 2020 IEEE Congress on Evolutionary Computation (CEC),DOI: 10.1109/cec48606.2020.9185887, .

[34] D. Xu, J. Pan, X. Du, B. Wang, M. Liu, Q. Kang, "Massive fishing website URL parallel filtering method," IEEE Access, vol. 6, pp. 2378-2388, DOI: 10.1109/access.2017.2782847, 2018.

[35] L. Lv, Z. Yang, L. Zhang, Q. Huang, Z. Tian, "Multi-party transaction framework for drone services based on alliance blockchain in smart cities," Journal of Information Security and Applications, vol. 58 no. 4,DOI: 10.1016/j.jisa.2021.102792, 2021.

[36] Y. Lindell, B. Pinkas, "Privacy preserving data mining," Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology, 2000.

[37] R. Agrawal, R. Srikant, "Privacy-preserving data mining," Proceedings of the 2000 ACM SIGMOD international conference on Management of data - SIGMOD '00,DOI: 10.1145/342009.335438, .

[38] T. Plantard, W. Susilo, Z. Zhang, "Fully homomorphic encryption using hidden ideal lattice," IEEE Transactions on Information Forensics and Security, vol. 8 no. 12, pp. 2127-2137, DOI: 10.1109/TIFS.2013.2287732, 2013.

[39] C. Orlandi, A. Piva, M. Barni, "Oblivious neural network computing via homomorphic encryption," EURASIP Journal on Information Security, vol. 2007 no. 1,DOI: 10.1186/1687-417X-2007-037343, 2007.

[40] N. Dowlin, G. B. Ran, K. Laine, K. Lauter, M. Naehrig, J. Wernsing, "CryptoNets: applying neural networks to encrypted data with high throughput and accuracy," International Conference on Machine Learning, pp. 201-210, .

[41] E. Hesamifard, H. Takabi, M. Ghasemi, "Privacy-Preserving Machine Learning in Cloud," Proceedings of the 2017 on cloud computing security workshop, pp. 39-43, .

[42] M. Chase, "Multi-authority attribute based encryption," Conference on Theory of Cryptography, 2007.

[43] J. Shi, C. Huang, K. He, X. Shen, "ACS-HCA: an access control scheme under hierarchical cryptography architecture," Chinese Journal of Electronics, vol. 28 no. 1, pp. 52-61, DOI: 10.1049/cje.2018.10.002, 2019.

[44] J. Li, W. Yao, J. Han, Y. Zhang, J. Shen, "User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage," IEEE Systems Journal, vol. 12 no. 2, pp. 1767-1777, DOI: 10.1109/jsyst.2017.2667679, 2017.

[45] S. Wang, K. Guo, Y. Zhang, "Traceable ciphertext-policy attribute-based encryption scheme with attribute level user revocation for cloud storage," PLoS One, vol. 13 no. 9, article e0203225,DOI: 10.1371/journal.pone.0203225, 2018.

[46] G. Dilxat, S. Y. Han, A. Gulmira, H. Nurmamat, "Time-based user revocation CP-ABE scheme," Journal of Xinjiang University(Natural Science Edition), vol. 36 no. 3, pp. 324-329, 2019.

[47] X. Qin, Y. Huang, Z. Yang, X. Li, "An access control scheme with fine-grained time constrained attributes based on smart contract and trapdoor," 2019 26th International Conference on Telecommunications (ICT),DOI: 10.1109/ict.2019.8798859, .

[48] J. Ning, Z. Cao, X. Dong, K. Liang, H. Ma, L. Wei, "Auditable σ -time outsourced attribute-based encryption for access control in cloud computing," IEEE Transactions on Information Forensics and Security, vol. 13 no. 1, pp. 94-105, DOI: 10.1109/tifs.2017.2738601, 2018.

[49] Y. Tan, L. Lu, J. Y. Wang, "Ciphertext-policy attribute encryption scheme based on homomorphic encryption," Computer Engineering and Applications, vol. 55 no. 19, pp. 115-120, 2019.

[50] J. Li, Y. Wang, Y. Zhang, J. Han, "Full verifiability for outsourced decryption in attribute based encryption," IEEE Transactions on Services Computing, vol. 13 no. 3, pp. 478-487, DOI: 10.1109/tsc.2017.2710190, 2020.

[51] Y. Tang, D. Y. Xu, "A secure two-party computation problem based on the convolution," Journal of Guizhou University(Natural Ences), vol. 33 no. 1, pp. 52-57, 2016.

[52] M. Chase, S. S. M. Chow, "Improving privacy and security in multi-authority attribute-based encryption," Proceedings of the 16th ACM conference on Computer and communications security - CCS '09, pp. 121-130, DOI: 10.1145/1653662.1653678, .

[53] S. S. M. Chow, "Removing escrow from identity-based encryption," International Workshop on Public Key Cryptography, 2009.

[54] Y. Dodis, A. Yampolskiy, "A verifiable random function with short proofs and keys," Public Key Cryptography - PKC 2005,DOI: 10.1007/978-3-540-30580-4_28, 2005.

[55] X. Li, S. Tang, L. Xu, H. Wang, J. Chen, "Two-factor data access control with efficient revocation for multi-authority cloud storage systems," IEEE Access, vol. 5, pp. 393-405, DOI: 10.1109/access.2016.2609884, 2017.

[56] Z. T. Jiang, J. Huang, S. Hu, Z. Xu, "Fully-outsourcing CP-ABE scheme with revocation in cloud computing," Computer Science, vol. 46 no. 7, pp. 114-119, 2019.

Word count: 6812

Show less

Copyright © 2021 Lei Zhang et al. This work is licensed under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.

Abstract

Various applications of the Internet of Things assisted by deep learning such as autonomous driving and smart furniture have gradually penetrated people’s social life. These applications not only provide people with great convenience but also promote the progress and development of society. However, how to ensure that the important personal privacy information in the big data of the Internet of Things will not be leaked when it is stored and shared on the cloud is a challenging issue. The main challenges include (1) the changes in access rights caused by the flow of manufacturers or company personnel while sharing and (2) the lack of limitation on time and frequency. We propose a data privacy protection scheme based on time and decryption frequency limitation that can be applied in the Internet of Things. Legitimate users can obtain the original data, while users without a homomorphic encryption key can perform operation training on the homomorphic ciphertext. On the one hand, this scheme does not affect the training of the neural network model, on the other hand, it improves the confidentiality of data. Besides that, this scheme introduces a secure two-party agreement to improve security while generating keys. While revoking, each attribute is specified for the validity period in advance. Once the validity period expires, the attribute will be revoked. By using storage lists and setting tokens to limit the number of user accesses, it effectively solves the problem of data leakage that may be caused by multiple accesses in a long time. The theoretical analysis demonstrates that the proposed scheme can not only ensure safety but also improve efficiency.

Details

Title

A Privacy Protection Scheme for IoT Big Data Based on Time and Frequency Limitation

Author

Zhang, Lei¹

; Huo, Yu²

; Ge, Qiang³; Ma, Yuxiang²

; Liu, Qiqi⁴; Ouyang, Wenlei⁴

¹ Henan Key Laboratory of Big Data Analysis and Processing, Henan University, Kaifeng 475004, China; Institute of Data and Knowledge Engineering, Henan University, Kaifeng 475004, China; School of Computer and Information Engineering, Henan University, Kaifeng 475004, China
² Henan Key Laboratory of Big Data Analysis and Processing, Henan University, Kaifeng 475004, China; School of Computer and Information Engineering, Henan University, Kaifeng 475004, China
³ Institute of Data and Knowledge Engineering, Henan University, Kaifeng 475004, China; School of Computer and Information Engineering, Henan University, Kaifeng 475004, China
⁴ School of Computer and Information Engineering, Henan University, Kaifeng 475004, China

Editor

Lihua Yin

Publication year

2021

Publication date

2021

Publisher

John Wiley & Sons, Inc.

e-ISSN

15308677

Source type

Scholarly Journal

Language of publication

English

DOI

https://doi.org/10.1155/2021/5545648

ProQuest document ID

2554895671

A Privacy Protection Scheme for IoT Big Data Based on Time and Frequency Limitation

Jump to:

Full text

Abstract

Details

Suggested sources