An efficient reusable attribute-based signature scheme for mobile services with multi access policies in fog computing

Fog computing is an emergent computing paradigm that supports the mobility and geographic distribution of Internet of Things (IoT) nodes and delivers context-aware applications with low latency to end-users. In fog computing, the critical obstacle restricting widespread deployment is security and privacy, especially how to build a lightweight fine-grained message authentication scheme in fog computing. In this paper, we first propose and give the formalization definition to a new variant of the attribute-based signature primitive (ABS), which we called Verifier-Policy Attribute-based Signature (VP-ABS). Distinct from the traditional ABS, in our VP-ABS primitive, the signature generated by the signer is decoupled with the access policy, which means the signer can generate a signature associated with some of his own attributes. Therefore, our VP-ABS can be reusable for multiple access policies. Then we also give a concrete VP-ABS construction over Type-3 pairing under Linear Secret Sharing Scheme (LSSS) policy which supports both AND and OR access gates. In addition, we rigorously prove our VP-ABS scheme is existentially unforgeable in the selective policy model under the adaptive chosen message attack (sP-EUF-CMA). Next, we give the feature comparison and theoretical analysis to our VP-ABS scheme as well as some other representative attribute authentication schemes to show the comprehensiveness of our scheme. To prove the correctness of the theoretical analysis and test the actual performance, we also do simulation experiments. Finally, we use our VP-ABS scheme to build an attribute-based fine-grained message authentication scheme for fog nodes in mobile microservices architecture with multiple access policies.