Revocable and Privacy-Preserving Decentralized Data Sharing Framework for Fog-Assisted Internet of Things

Fog-assisted Internet of Things (IoT) can outsource the massive data of resource-constraint IoT devices to cloud and fog nodes (FNs). Meanwhile, it enables convenient and low time-delay data-sharing services, which relies heavily on high security of data confidentiality and fine-grained access control. Many efforts have been focused on this urgent requirement by leveraging ciphertext-policy attribute-based encryption (CP-ABE). However, when deployed in fog-assisted IoT systems for secure data sharing, it remains a challenging problem of how to preserve attribute privacy of access policy, and trace-then-revoke traitors (i.e., malicious users intending to leak decryption keys for illegal profits) efficiently and securely in such a large scale and decentralized environment with resource-constraint user devices, especially in consideration of misbehaving cloud and FNs. Therefore, in this article, we propose a revocable and privacy-preserving decentralized data-sharing framework (RPDDSF) by designing a large universe and multiauthority CP-ABE scheme with fully hidden access policy for secure data sharing in IoT systems to achieve user attribute privacy preserving with unbounded attribute universe and key escrow resistance suitable for large scale and decentralized environment. Based on this, with RPDDSF, anyone can efficiently expose the traitors and punish them by forward/backward secure revocation. Besides, RPDDSF is able to guarantee data integrity for both data owners (DOs) and users to resist misbehaving cloud and FNs, alongwith low computation overhead for resource-constraint devices. Finally, RPDDSF is proven to be secure with detailed security proofs, and its high efficiency and feasibility are demonstrated by extensive performance evaluations.