Professional Documents
Culture Documents
Abstract— Internet of Things (IoT) and Cloud Computing its scope to the real world through IoT in a more dynamic and
paradigm is a next wave in the era of computing and it has been distributed way to deliver new applications and services in a
identified as one of the emerging technologies in the field of real time scenario at large scale. Consequently, the integration
Computer Science and Information Technology. It has been of IoT and Cloud, the complementary technologies enhance
understood from the review reports that integration of IoT and the smart environment to reach the heights of availing any
Cloud Computing is in its infantile phase and it has not been services and applications anywhere, anytime, any firm and any
extended to all application domains due to its inadequate security device irrespective of any underlying technology [7]. Since,
architecture. Hence, this paper builds an integrated, secured and
the integration of IoT and Cloud in its developmental stage, it
intelligent architecture for the IoT and Cloud Computing is
has not been implemented in all the fields. The review of
envisaged to offer secure smart services and applications
anywhere, anytime, any firm, any device and any network
literature articulates the state of the art in this field with its
independent of any underlying technologies with one IoT enabled diversified application domains in creating the smart
Acute Smart Card (ASC). ASC eases the secure access of environment and the challenges in deploying this new scenario
diversified applications and services distributed in a cloud to all the fields [8]. The significant challenges to be resolved
environment with one Special Identification (SID) number per with the existing smart applications are interoperability,
citizen through the intelligent systems and also Utilize & uniquely security, QoS, load balancing, mobility, IPv6 deployment, data
combine KP-ABE (Key Policy Attribute-Based Encryption), lazy management solution and acceptability of IoT and Cloud
re-encryption to achieve Scalable, Fine-Grained access control on applications by users and citizens [9]. Several research works
out sourced data in the cloud. have been carried out to address these issues faced in creating
the smart environment and to extend the same for all
Keywords— IOT, Acute Smart Card (ASC), Special Identification application domains, but so far no proposed work seems to be
(SID), KP-ABE (Key Policy Attribute- Based Encryption) integrated and secured. Hence, in this paper a secured and
clever architecture for integrating Internet of Things and
I. INTRODUCTION Cloud Computing is proposed. Furthermore, we observe that
there are also cases in which cloud users themselves are
Internet of Things (IoT) and Cloud Computing play a vital
content providers. They publish data on cloud servers for
role in the field of Information Technology [1]. Internet of
sharing and need fine-grained data access control in terms of
things is not a single technology, it is the concept in which
which user (data consumer) has the access privilege to which
many of the new things are getting networked and connected
types of data. In the healthcare case, for example, a medical
anytime, anyplace, with anything and anyone ideally using
center would be the data owner who stores millions of
any path or network and any service in a heterogeneous
healthcare records in the cloud. It would allow data consumers
environment [2]. In contrast, Cloud Computing is
such as doctors, patients, researchers and etc, to access various
characterized by virtual world with unlimited capability in
types of healthcare records under policies admitted by HIPAA.
terms of storage and Processing power. According to National
To enforce these access policies, the data owners on one hand
Institute of Standard and Technology (NIST), “Cloud
would like to take advantage of the abundant resources that
Computing is a model for enabling convenient, on demand
the cloud provides for efficiency and economy; on the other
network access to a shared pool of configurable computing
hand, they may want to keep the data contents confidential
resources that can be rapidly provisioned and released with
against cloud servers. As a significant research area for system
minimal management effort or cloud provider interaction”.
protection, data access control has been evolving in the past
Though the IoT and Cloud Computing have emerged as
thirty years and various techniques [6]–[9] have been
independent technology, merging these two have brought
developed to effectively implement finegrained access control,
renaissance in the field of future networks. Internet of Things
which allows flexibility in specifying differential access rights
is enhanced by the unlimited capabilities and resources of
of individual users. Traditional access control architectures
cloud to compensate its technological constraints such as
usually assume the data owner and the servers storing the data
storage and processing. On the other hand, cloud has extended
are in the same trusted domain, where the servers are fully
and Y = e(g, g)y , y ∈ Zp . While P K is 1) System Level Operations: System level operations in our
publicly known to all the parties in the proposed scheme are designed as follows. System Setup In
system, M K is kept as a secret by the authority this operation, the data owner chooses a security parameter κ
party. Encryption This algorithm takes a message M, and calls the algorithm level interface A Setup (κ), which
the public key P K, and a set of attributes I as input. outputs the system public parameter PK and the system master
It outputs the cipher text E with the following format: key MK. The data owner then signs each component of PK
and sends PK along with these signatures to Cloud Servers.
E = (I , E˜ , {Ei }i∈I )
2) Algorithm level operations: Algorithm level operations
where E˜ = M Y s , include eight algorithms: ASetup, AEncrypt, AKeyGen,
ADecrypt, AUpdateAtt, AUpdateSK, AUpdateAtt4File, and
Ei = T s , and AMinimalSet. As the first four algorithms are just the same as
Setup, Encryption, Key Generation, and Decryption of the
s is randomly chosen from Zp . standard KP-ABE respectively, we focus on our
implementation of the last four algorithms. Fig.5 depicts two
Decryption This algorithm takes as input the of the four algorithms. In order to achieve secure, scalable and
cipher text E fine-grained access control on outsourced data in the cloud,
encrypted under the attribute set I , the user’s secret key we utilize and uniquely combine the following advanced
SK for access tree T , and the public key P K . It first cryptographic techniques:
computes e(Ei , ski ) = e(g, g)pi (0)s for leaf nodes. Then,
it aggregates these pairing results in the KP-ABE, lazy re-encryption. More specifically, we associate
Bottom-up manner using the polynomial interpolation each data file with a set of attributes, and assign each user an
technique. Finally, it may recover the blind factor Y s = e(g, expressive access structure which is defined over these
g)ys and output the message M if and only if I satisfies T . attributes. To enforce this kind of access control, we utilize
Please refer to for more details on KP-ABE algorithms is an KPABE to escort data encryption keys of data files. Such a
enhanced KP-ABE scheme which supports user secret key construction enables us to immediately enjoy fine-grainedness
accountability than its subordinate loops. In order to achieve of access control. However, this construction, if deployed
secure, scalable and fine-grained access control on outsourced alone, would introduce heavy computation overhead and
data in the cloud, we utilize and uniquely combine the cumbersome online burden towards the data owner, as he is in
following advanced cryptographic techniques: KP-ABE, lazy charge of all the operations of data/user management.
re-encryption. More specifically, we associate each data file Specifically, such an issue is mainly caused by the operation
with a set of attributes, and assign each user an expressive of user revocation, which inevitably requires the data owner to
access structure which is defined over these attributes. To re-encrypt all the data files accessible to the leaving user, or
enforce this kind of access control, we utilize KPABE to even needs the data owner to stay online to update secret keys
escort data encryption keys of data files. Such a construction for users. To resolve this challenging issue and make the
enables us to immediately enjoy fine-grainedness of access construction suitable for cloud computing, we uniquely
control. However, this construction, if deployed alone, would combine Lazy re-encryption with KPABE.
introduce heavy computation overhead and cumbersome
online burden towards the data owner, as he is in charge of all For clarity we will present our proposed scheme in two levels:
the operations of data/user management. Specifically, such an System Level and Algorithm Level. At system level, we
issue is mainly caused by the operation of user revocation, describe the implementation of high level operations, i.e.,
which inevitably requires the data owner to re-encrypt all the System Setup, New File Creation, New User Grant, and User
data files accessible to the leaving user, or even needs the data Revocation, File Access, File Deletion, and the interaction
owner to stay online to update secret keys for users. To resolve Between involved parties. At algorithm level, we focus on the
this challenging issue and make the construction suitable for implementation of low level algorithms that are invoked by
cloud computing, we uniquely combine Lazy re-encryption system level operations.
with KPABE.
1) System Level Operations: System level operations in our throughput is illustrated in Fig. 3. The graph generated
proposed scheme are designed as follows. System Setup In corresponding to the data is presented in below.
this operation, the data owner chooses a security parameter κ
and calls the algorithm level interface A Setup (κ), which
outputs the system public parameter PK and the system master
key MK . The data owner then signs each component of PK
and sends PK along with these signatures to Cloud Servers.