An Encryption-Based Approach to Protect Fog Federations from Rogue Nodes

  • Mohammed AlshehriEmail author
  • Brajendra PandaEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11611)


The cloud computing paradigm has revolutionized the concept of computing and has gained a huge attention since it provides computing resources as a service over the internet. As auspicious as this model is, it brings forth many challenges: everything from data security to time latency issues with data computation and delivery to end users. To manage these challenges with the cloud, a fog computing paradigm has emerged. In the context of the computing, fog computing involves placing mini clouds close to end users to solve time latency problems. However, as fog computing is an extension of cloud computing, it inherits the same security and privacy challenges encountered by traditional cloud computing. These challenges have accelerated the research community’s efforts to find effective solutions. In this paper, we propose a secure and fine-grained data access control scheme based on the ciphertext-policy attribute-based encryption (CP-ABE) algorithm to prevent fog nodes from violating end users’ confidentiality in situations where a compromised fog node has been ousted. In addition, to provide decreased time latency and low communication overhead between the Cloud Service Provider (CSP) and the fog nodes (FNs), our scheme classifies the fog nodes into fog federations (FF), by location and services provided, and each fog node divides the plaintext to be encrypted into multiple blocks to accelerate the time when retrieving ciphertext from the CSP. We demonstrate our scheme’s efficiency by carrying on a simulation and analyzing its security and performance.


Fog computing Rogue node Secure data communication Fine-grained access control 


  1. 1.
    Beimel, A.: Secure schemes for secret sharing and key distribution. Technion-Israel Institute of Technology, Faculty of Computer Science (1996)Google Scholar
  2. 2.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334. IEEE (2007)Google Scholar
  3. 3.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). Scholar
  4. 4.
    Bonomi, F., Milito, R., Zhu, J., Addepalli, S.: Fog computing and its role in the Internet of Things. In: Proceedings of the First Edition of the MCC Workshop on Mobile Cloud Computing, pp. 13–16. ACM (2012)Google Scholar
  5. 5.
    Caro, A., Iovino, V.: Java pairing-based cryptography library (2013)Google Scholar
  6. 6.
    Deng, R., Lu, R., Lai, C., Luan, T.H.: Towards power consumption-delay tradeoff by workload allocation in cloud-fog computing. In: 2015 IEEE International Conference on Communications (ICC), pp. 3909–3914. IEEE (2015)Google Scholar
  7. 7.
    Fox, A., et al.: Above the clouds: a Berkeley view of cloud computing. Department Electrical Engineering and Computer Sciences, University of California, Berkeley, Rep. UCB/EECS 28(13) (2009)Google Scholar
  8. 8.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)Google Scholar
  9. 9.
    Green, M., Hohenberger, S., Waters, B., et al.: Outsourcing the decryption of ABE ciphertexts. In: USENIX Security Symposium, vol. 2011 (2011)Google Scholar
  10. 10.
    Hu, C., Li, H., Huo, Y., Xiang, T., Liao, X.: Secure and efficient data communication protocol for wireless body area networks. IEEE Trans. Multi-Scale Comput. Syst. 2, 94–107 (2016)CrossRefGoogle Scholar
  11. 11.
    Huang, Q., Yang, Y., Wang, L.: Secure data access control with ciphertext update and computation outsourcing in fog computing for Internet of Things. IEEE Access 5, 12941–12950 (2017)CrossRefGoogle Scholar
  12. 12.
    Jiang, Y., Susilo, W., Mu, Y., Guo, F.: Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing. Futur. Gener. Comput. Syst. 78, 720–729 (2018)CrossRefGoogle Scholar
  13. 13.
    Li, J., Jin, J., Yuan, D., Palaniswami, M., Moessner, K.: Ehopes: data-centered fog platform for smart living. In: 2015 International Telecommunication Networks and Applications Conference (ITNAC), pp. 308–313. IEEE (2015)Google Scholar
  14. 14.
    Li, J., Yao, W., Zhang, Y., Qian, H., Han, J.: Flexible and fine-grained attribute-based data storage in cloud computing. IEEE Trans. Serv. Comput. 10(5), 785–796 (2017)CrossRefGoogle Scholar
  15. 15.
    Li, J., Zhang, Y., Chen, X., Xiang, Y.: Secure attribute-based data sharing for resource-limited users in cloud computing. Comput. Secur. 72, 1–12 (2018)CrossRefGoogle Scholar
  16. 16.
    Lynn, B.: The pairing-based cryptography (PBC) library (2010)Google Scholar
  17. 17.
    Mao, X., Lai, J., Mei, Q., Chen, K., Weng, J.: Generic and efficient constructions of attribute-based encryption with verifiable outsourced decryption. IEEE Trans. Dependable Secur. Comput. 13, 533–546 (2016)CrossRefGoogle Scholar
  18. 18.
    Ning, J., Cao, Z., Dong, X., Wei, L., Lin, X.: Large universe ciphertext-policy attribute-based encryption with white-box traceability. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 55–72. Springer, Cham (2014). Scholar
  19. 19.
    Ning, J., Dong, X., Cao, Z., Wei, L., Lin, X.: White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes. IEEE Trans. Inf. Forensics Secur. 10(6), 1274–1288 (2015)CrossRefGoogle Scholar
  20. 20.
    Ruj, S., Nayak, A., Stojmenovic, I.: DACC: distributed access control in clouds. In: 2011 International Joint Conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-11 (TrustCom 2011), pp. 91–98. IEEE (2011)Google Scholar
  21. 21.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). Scholar
  22. 22.
    Sookhak, M., Yu, F.R., Khan, M.K., Xiang, Y., Buyya, R.: Attribute-based data access control in mobile cloud computing. Future Gener. Comput. Syst. 72(C), 273–287 (2017)CrossRefGoogle Scholar
  23. 23.
    Stojmenovic, I., Wen, S., Huang, X., Luan, H.: An overview of fog computing and its security issues. Concurr. Comput.: Pract. Exp. 28(10), 2991–3005 (2016)CrossRefGoogle Scholar
  24. 24.
    Tysowski, P., Hasan, M.: Hybrid attribute-based encryption and re-encryption for scalable mobile applications in clouds. IEEE Trans. Cloud Comput. 1, 172–186 (2013)CrossRefGoogle Scholar
  25. 25.
    Wang, H.: Identity-based distributed provable data possession in multicloud storage. IEEE Trans. Serv. Comput. 2, 328–340 (2015)CrossRefGoogle Scholar
  26. 26.
    Wang, H., Wu, Q., Qin, B., Domingo-Ferrer, J.: Identity-based remote data possession checking in public clouds. IET Inf. Secur. 8(2), 114–121 (2014)CrossRefGoogle Scholar
  27. 27.
    Xiao, M., Zhou, J., Liu, X., Jiang, M.: A hybrid scheme for fine-grained search and access authorization in fog computing environment. Sensors 17(6), 1423 (2017)CrossRefGoogle Scholar
  28. 28.
    Yi, S., Li, C., Li, Q.: A survey of fog computing: concepts, applications and issues. In: Proceedings of the 2015 Workshop on Mobile Big Data, pp. 37–42. ACM (2015)Google Scholar
  29. 29.
    Yi, S., Qin, Z., Li, Q.: Security and privacy issues of fog computing: a survey. In: Xu, K., Zhu, H. (eds.) WASA 2015. LNCS, vol. 9204, pp. 685–695. Springer, Cham (2015). Scholar
  30. 30.
    Yu, S., Ren, K., Lou, W.: FDAC: toward fine-grained distributed data access control in wireless sensor networks. IEEE Trans. Parallel Distrib. Syst. 22(4), 673–686 (2011)CrossRefGoogle Scholar
  31. 31.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 IEEE Proceedings of Infocom, pp. 1–9. IEEE (2010)Google Scholar
  32. 32.
    Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 261–270. ACM (2010)Google Scholar
  33. 33.
    Zuo, C., Shao, J., Wei, G., Xie, M., Ji, M.: CCA-secure ABE with outsourced decryption for fog computing. Futur. Gener. Comput. Syst. 78, 730–738 (2018)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.University of ArkansasFayettevilleUSA

Personalised recommendations