Privacy preserving data access scheme for IoT devices

摘要

Attribute-based encryption schemes provide read access to data based on users' attributes. In these schemes, user privacy is compromised as the access policies are visible. This privacy issue has been addressed in literature by enabling the data owner to obfuscate the policy in a setting where a single authority generates decryption keys. However, a single authority can figure out the hidden access policy which violates user privacy. We present PPDAS, a scheme which overcomes these limitations and makes two contributions. Firstly, we present a mechanism which supports fine-grained read and write operations in a setting where decryption keys are generated by multiple attribute authorities, and the access policy is hidden from all unauthorized entities including the attribute authorities. Our scheme is also accompanied with a user revocation mechanism. Secondly, we show that it is possible to adapt the scheme for accessing data through resource-constrained devices such as smart watches and IoT devices through extensive experimental evaluations.