CUPS : secure opportunistic cloud of things framework based on attribute-based encryption scheme supporting access policy update

The ever-growing number of Internet connected devices, coupled with the new computing trends, namely within emerging opportunistic networks, engenders several security concerns. Most of the exchanged data between the Internet of Things (IoT) devices are not adequately secured due to resource constraints on IoT devices. Attribute Based Encryption is a promising cryptographic mechanism suitable for distributed environments, providing flexible access control to encrypted data contents. However, it imposes high decryption costs, and does not support access policy update, for highly dynamic environments. This paper presents CUPS, an ABE-based framework for opportunistic cloud of things applications, that securely outsources data decryption process to edge nodes in order to reduce the computation overhead on the user side. CUPS allows end-users to offload most of the decryption overhead to an edge node and verify the correctness of the received partially decrypted data from the edge node. Moreover, CUPS provides the access policy update feature with neither involving a proxy-server, nor re-encrypting the enciphered data contents and redistributing the users' secret keys. The access policy update feature in CUPS does not affect the size of the message received by the end-user which reduces the bandwidth and the storage usage. Our comprehensive theoretical analysis proves that CUPS outperforms existing schemes in terms of functionality, communication and computation overheads.