Your browser does not fully support modern features. Please upgrade for a smoother experience.
Attribute-Based Data Access Control in Resource-constrained Environments: History
View Latest Version
Please note this is an old version of this entry, which may differ significantly from the current revision.
Contributor: Shuwang Wang , Guofeng Lin

The elastic computing has significantly facilitated communication and collaboration among all stakeholders, but security is still a major concern in public cloud environment. Attribute based encryption (ABE) can implement fine-grained access control on encrypted data, but most ABE schemes involve in much complex computation to guarantee robust security. It is hard to enable consistent ABE encryption and decryption among resource-constrained nodes. It is a practical and fundamental problem to realize lightweight ABE owing to constrained computing resources and storage capacity of terminal devices.

  • attribute-based encryption
  • resrouce-constrained environment
  • data sharing
  • access control

1. Introduction

The elastic computing is a groundbreaking technology that establishes a global network of interconnected machines enabling the ability to communicate and sharing data via the cloud. It has significantly facilitated communication and collaboration among all stakeholders, but security is still a major concern in public cloud environment. Data managed by off-premise infrastructure is highly threatened by attackers and human interventions to increase the financial benefits and also sensitive medical data theft in increases for third-party use[1]. Along with the explosive growth and widespread integration of edge computing and Internet of Things (IoT) devices, achieving fine-grained access control for shared data on resource-constrained devices has emerged as a significant research focus. Attribute based encryption (ABE)[2] can implement fine-grained access control on encrypted data, which is such a cryptographic primitive suitable for secure and flexible data sharing. In the ABE, relationship between user and ciphertext is fuzzily described by a tuple of attribute set and access policy. Original data can be extracted from ciphertext only when attribute set satisfies access policy. There are two types of ABE schemes, namely ciphertext policy attribute based encryption (CP-ABE)[3] and key policy attribute based encryption (KP-ABE)[2]. However, most ABE schemes involve in much complex computation to guarantee robust security, which lead to a time-consuming process. And the access policy is built at cost of complex structure to achieve rich expressiveness. Owing to the large amount of data, the limited resources such as low bandwidth and high communication latency[4], it is hard to enable consistent ABE encryption and decryption among resource-constrained nodes. It is a practical and fundamental problem to realize lightweight ABE owing to constrained computing resources and storage capacity of terminal devices.

2. Evolution of Attribute-Based Encryption

The first ABE is proposed by Sahai and Waters[5], who first use attribute set to respectively represent the fuzzy identity of user and the access policy of ciphertext. Only when two attribute sets are similar enough, user can successfully decrypt the ciphertext. This work laid a good foundation for ABE, which is potentially suitable for establishing secure access control. Goyal et. al.[2] proposed a formal definition of ABE. By introducing an access tree they propose a key policy scheme (KP-ABE). Each private key is associated with an access policy and each ciphertext is associated with an attribute set. Bethencourt et. al.[3] propose a different ciphertext policy scheme (CP-ABE), in which each ciphertext is associated with an access policy and each private is associated with an attribute set. CP-ABE provides flexible access control on encrypted data by allowing the encryptor to define access policy, but much more computation overhead is required.

3. Efficiency Optimization for ABE schemes

Extensive research has been conducted to alleviate the computational and storage overhead of ABE. Early efforts, such as the CP-ABE scheme proposed by Waters[6], established a foundation for expressive access control, though the costs of encryption and decryption remained linearly dependent on policy complexity. To address these overheads, Odelu et al.[7] designed a CP-ABE with constant-size private keys and ciphertexts, while Oualha and Nguyen[8] introduced pre-computation techniques to shift heavy calculations before the encryption phase. In multi-authority scenarios, Pleata et al.[9] and Xu et al.[10] enhanced efficiency through hierarchical mechanisms and proxy re-encryption for fine-grained revocation. Furthermore, to mitigate the key escrow problem in single-authority systems, Hur[11] and later Zhang et al.[12] utilized two-party computation, whereas Lin et al.[13] proposed collaborative key management protocols to prevent illegal key exposure. A significant milestone in efficiency optimization is the introduction of outsourcing mechanisms. Green et al.[14] pioneered outsourced decryption (OD-ABE) to delegate intensive pairings to high-performance servers. This was further refined by Lai et al.[15] and Lin et al.[16], who introduced verifiability to ensure the integrity of outsourced results. Recent frameworks, such as those by Tu et al.[17], now support the simultaneous outsourcing of both encryption and decryption. Karati et al.[18] presented a novel scheme without pairing but with the loss of policy expressiveness. In the era of IoT and 6G, this trend has evolved towards Cloud-Fog-Edge architectures. Sun et al.[19] and Sasikumar et al.[20] shifted the heavy lifting of cryptographic operations to local fog or edge nodes, enabling IoT devices to perform only simple group operations. Additionally, Vinnarasi and Dayana[21] applied modified sandpiper optimization (MSO) to find optimal parameters for key generation, further reducing the computational overhead. They also present an enhanced gravitational search to quickly converge to an optimal set of revoked keys. However, these state-of-the-art outsourcing paradigms often introduce high dependency on the availability of edge layers. Our work addresses this limitation by proposing an efficient pairing-free paradigm that simplifies the underlying access policy logic, ensuring that terminal devices can maintain high performance even in autonomous environments.

The expressiveness of access policies is also a cornerstone of fine-grained control in ABE schemes. Traditional constructions, such as those by Waters[6] and Ostrovsky et al.[22], primarily rely on Boolean formulas or Linear Secret Sharing Schemes (LSSS) to represent complex access structures. While powerful, these methods often result in ciphertext size and computational overhead that grows fast with the number of attributes and logic gates. To mitigate this, several recent works have explored policy simplification. For instance, Lin et al.[8], and more recently Sun et al.[19] designed lightweight schemes for fog-assisted IoT environments. However, these schemes often sacrifice policy flexibility or still involve heavy bilinear pairing operations, which remain a bottleneck for resource-constrained devices. A promising alternatives is the weighted attribute-based encryption, which assigns numerical weights to attributes to simplify the gate logic. Although existing WABE paradigms[23][24][25] offer better compactness than standard tree-based policies, they frequently operate under a weak security model or fail to eliminate the expensive pairing computations. Distinct from these prior efforts, we introduce a simplified weighted access policy that not only achieves rich expressiveness with a significantly reduced structure but also operates in a pairing-free environment. This approach ensures high computational efficiency while maintaining a robust security model, specifically tailored for the dynamic requirements of cloud data sharing.

References

  1. Almuseelem, W.; Continuous and mutual lightweight authentication for zero-trust architecture-based security framework in cloud-edge computing-based healthcare 4.0. J. Theor. Appl. Inf. Technol 2024, 102, 66-83, .
  2. Vipul Goyal; Omkant Pandey; Amit Sahai; Brent Waters. Attribute-based encryption for fine-grained access control of encrypted data; Association for Computing Machinery (ACM): New York, NY, United States, 2006; pp. 89-98.
  3. John Bethencourt; Amit Sahai; Brent Waters. Ciphertext-Policy Attribute-Based Encryption; Institute of Electrical and Electronics Engineers (IEEE): Piscataway, NJ, United States, 2007; pp. 321-334.
  4. Xiulong Liu; Zhiyuan Zheng; Hao Xu; Zhelin Liang; Gaowei Shi; Chenyu Zhang; Keqiu Li; Enabling Consistent Sensing Data Sharing Among IoT Edge Servers via Lightweight Consensus. IEEE Trans. Comput. 2025, 74, 2045-2057, .
  5. Amit Sahai; Brent Waters. Fuzzy Identity-Based Encryption; Springer Nature: Durham, NC, United States, 2005; pp. 457-473.
  6. Brent Waters. Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization; Springer Nature: Durham, NC, United States, 2011; pp. 53-70.
  7. Vanga Odelu; Ashok Kumar Das; Y. Sreenivasa Rao; Saru Kumari; Muhammad Khurram Khan; Kim-Kwang Raymond Choo; Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment. Comput. Stand. Interfaces 2017, 54, 3-9, .
  8. Nouha Oualha; Kim Thuat Nguyen. Lightweight Attribute-Based Encryption for the Internet of Things; Institute of Electrical and Electronics Engineers (IEEE): Piscataway, NJ, United States, 2016; pp. 1-6.
  9. Daniel Pletea; Saeed Sedghi; Meilof Veeningen; Milan Petkovic. Secure distributed key generation in attribute based encryption systems; Institute of Electrical and Electronics Engineers (IEEE): Piscataway, NJ, United States, 2015; pp. 103-107.
  10. Xu, X. L.; Zhou, J. L.; Wang, X. H.; et al.; Multi-authority proxy re-encryption based on CPABE for cloud storage systems. Journal of Systems Engineering and Electronics 2016, 27, 211-223, .
  11. Junbeom Hur; Improving Security and Efficiency in Attribute-Based Data Sharing. IEEE Trans. Knowl. Data Eng. 2011, 25, 2271-2282, .
  12. Zhiting Zhang; Peng Zeng; Bofeng Pan; Kim-Kwang Raymond Choo; Large-Universe Attribute-Based Encryption With Public Traceability for Cloud Storage. IEEE Internet Things J. 2020, 7, 10314-10323, .
  13. Guofeng Lin; Hanshu Hong; Zhixin Sun; A Collaborative Key Management Protocol in Ciphertext Policy Attribute-Based Encryption for Cloud Data Sharing. IEEE Access 2017, 5, 9464-9475, .
  14. Green, M.; Hohenberger, S.; and Waters, B. Outsourcing the decryption of {ABE} ciphertexts; In 20th USENIX security symposium (USENIX Security 11).
  15. Junzuo Lai; Robert H. Deng; Chaowen Guan; Jian Weng; Attribute-Based Encryption With Verifiable Outsourced Decryption. IEEE Trans. Inf. Forensics Secur. 2013, 8, 1343-1354, .
  16. Suqing Lin; Rui Zhang; Hui Ma; Mingsheng Wang; Revisiting Attribute-Based Encryption With Verifiable Outsourced Decryption. IEEE Trans. Inf. Forensics Secur. 2015, 10, 2119-2130, .
  17. Shanshan Tu; Muhammad Waqas; Fengming Huang; Ghulam Abbas; Ziaul Haq Abbas; A revocable and outsourced multi-authority attribute-based encryption scheme in fog computing. Comput. Networks 2021, 195, 108196, .
  18. Arijit Karati; Ruhul Amin; G. P. Biswas; Provably Secure Threshold-Based ABE Scheme Without Bilinear Map. Arab. J. Sci. Eng. 2016, 41, 3201-3213, .
  19. Sun, Y.; Du, X.; Niu, S.; and et al.; A lightweight attribute-based signcryption scheme based on cloud-fog assisted in smart healthcare. PLOS ONE 2024, 19, e0297002, .
  20. A. Sasikumar; Logesh Ravi; Malathi Devarajan; A. Selvalakshmi; Abdulaziz Turki Almaktoom; Abdulaziz S. Almazyad; Guojiang Xiong; Ali Wagdy Mohamed; Blockchain-Assisted Hierarchical Attribute-Based Encryption Scheme for Secure Information Sharing in Industrial Internet of Things. IEEE Access 2024, 12, 12586-12601, .
  21. A. Preethi Vinnarasi; R. Dayana; OSL-ABE: an optimal secure and lightweight attribute-based encryption method for blockchain-enabled IoT-based healthcare systems. Neural Comput. Appl. 2024, 37, 123-148, .
  22. Rafail Ostrovsky; Amit Sahai; Brent Waters. Attribute-based encryption with non-monotonic access structures; Association for Computing Machinery (ACM): New York, NY, United States, 2007; pp. 195-203.
  23. Ximeng Liu; Jianfeng Ma; Jinbo Xiong; Qi Li; Jun Ma. Ciphertext-Policy Weighted Attribute Based Encryption for Fine-Grained Access Control; Institute of Electrical and Electronics Engineers (IEEE): Piscataway, NJ, United States, 2013; pp. 51-57.
  24. Guofen Lin; Hanshu Hong; Yunhao Xia; Zhixin Sun. An Expressive, Lightweight and Secure Construction of Key Policy Attribute-Based Cloud Data Sharing Access Control; IOP Publishing: Bristol, United Kingdom, 2017; pp. 012010.
  25. Hang Li; Keping Yu; Bin Liu; Chaosheng Feng; Zhiguang Qin; Gautam Srivastava; An Efficient Ciphertext-Policy Weighted Attribute-Based Encryption for the Internet of Health Things. IEEE J. Biomed. Heal. Informatics 2021, 26, 1949-1960, .
More
©Text is available under the terms and conditions of the Creative Commons-Attribution ShareAlike (CC BY-SA) license; additional terms may apply. By using this site, you agree to the Terms and Conditions and Privacy Policy.
This entry is offline, you can click here to edit this entry!
Academic Video Service
Feedback