Guo, Chong, Bei, Gong, Badshah, Akhtar, Ai, Xin, Alasmary, Hisham, Waqas, Muhammad ORCID: https://orcid.org/0000-0003-0814-7544 and Khan, Muhammad ORCID: https://orcid.org/0000-0002-5752-6420 (2026) SUAD: a secure attribute-based data sharing framework with user-controlled key management for Cloud-assisted IoT. ACM Transactions on Privacy and Security (TOPS), 29 (2):25. pp. 1-29. ISSN 2471-2566 (Print), 2471-2574 (Online) (doi:10.1145/3803801)

Preview

PDF (Open Access Article) 53298 WAQAS_SUAD_A_Secure_Attribute-Based_Data_Sharing_Framework_(OA)_2026.pdf - Published Version Available under License Creative Commons Attribution. Download (12MB) | Preview

Abstract

Cloud computing supports the Internet of Things (IoT) in handling diverse and large-scale data. However, outsourcing data control to the cloud raises security concerns, particularly in key management. Although Ciphertext-Policy Attribute-Based Encryption (CP-ABE) preserves data confidentiality, it entrusts key management to a centralized attribute authority, resulting in the key escrow problem. Furthermore, existing CP-ABE schemes lack mechanisms for key verification and identity authentication, leaving IoT systems susceptible to key errors and impersonation attacks. To overcome these limitations, we propose Secure and User-autonomous Attribute-based Data Sharing (SUAD) for cloud-assisted IoT. The SUAD scheme transfers key management from the authority to data users themselves, thereby eliminating key escrow. Built on a data user-centric architecture, the SUAD scheme removes the decryption privilege of the attribute authority. To prevent key forgeries and operational errors, we design a correctness verification mechanism covering five critical keys and the decryption result, along with a two-way interactive authentication protocol based on the Schnorr scheme for reliable identity verification. The SUAD scheme further supports dynamic user management, enabling user logout, replacement, and joining while optimizing maintenance overhead through periodic updates. We formally prove that SUAD achieves selective IND-CCA security in the random oracle model. Both theoretical analysis and experimental evaluations demonstrate that SUAD enhances user autonomy and strengthens security without incurring additional encryption or decryption costs, confirming its practicality for IoT deployments.

Item Type:	Article
Uncontrolled Keywords:	Cloud-assisted IoT, ciphertext-policy attribute-based encryption, access control, user-autonomous key management, two-way authentication, key verification
Subjects:	Q Science > Q Science (General) Q Science > QA Mathematics Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty / School / Research Centre / Research Group:	Faculty of Engineering & Science Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS)
Last Modified:	30 Apr 2026 14:17
URI:	https://gala.gre.ac.uk/id/eprint/53298

Actions (login required)

View Item

Downloads