Advanced
Enabling Fine-grained Access Control with Efficient Attribute Revocation and Policy Updating in Smart Grid
Enabling Fine-grained Access Control with Efficient Attribute Revocation and Policy Updating in Smart Grid
KSII Transactions on Internet and Information Systems (TIIS). 2015. Apr, 9(4): 1404-1423
Copyright © 2015, Korean Society For Internet Information
  • Received : January 31, 2015
  • Accepted : April 30, 2015
  • Published : April 30, 2015
Download
PDF
e-PUB
PubReader
PPT
Export by style
Share
Article
Author
Metrics
Cited by
TagCloud
About the Authors
Hongwei Li
State Key Laboratory of Information Security (Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093)
Dongxiao Liu
School of Computer Science & Engineering, University of Electronic Schience and Technology of China Chengdu, 610054 – China
Khalid Alharbi
Faculty of Business and Information Technology, University of Ontario Institute of Technology, Oshawa, ON, L1H7K4 – Canada
Shenmin Zhang
School of Computer Science & Engineering, University of Electronic Schience and Technology of China Chengdu, 610054 – China
Xiaodong Lin
Faculty of Business and Information Technology, University of Ontario Institute of Technology, Oshawa, ON, L1H7K4 – Canada

Abstract
In smart grid, electricity consumption data may be handed over to a third party for various purposes. While government regulations and industry compliance prevent utility companies from improper or illegal sharing of their customers’ electricity consumption data, there are some scenarios where it can be very useful. For example, it allows the consumers’ data to be shared among various energy resources so the energy resources are able to analyze the data and adjust their operation to the actual power demand. However, it is crucial to protect sensitive electricity consumption data during the sharing process. In this paper, we propose a fine-grained access control scheme (FAC) with efficient attribute revocation and policy updating in smart grid. Specifically, by introducing the concept of Third-party Auditor (TPA), the proposed FAC achieves efficient attribute revocation. Also, we design an efficient policy updating algorithm by outsourcing the computational task to a cloud server. Moreover, we give security analysis and conduct experiments to demonstrate that the FAC is both secure and efficient compared with existing ABE-based approaches.
Keywords
1. Introduction
C ompared to the traditional power grid, smart gird integrates power and communication networks to achieve a two-way communication [1 , 2] . Smart grid can improve the efficiency, sustainability and reliability between the energy producers and customers. As shown in Fig. 1 , a general structure of smart grid consists of six logical domains [3 - 5] . Each one of the four (Bulk Generation, Transmission, Distribution and User) can generate, store and deliver electricity in two-way. Control center (CC) is the core component of the smart grid which can manage all the electricity and information movement of the whole system. Users of three types (Home Area Network (HAN), Building Area Network (BAN), Industrial Area Network (IAN)) are connected to the smart grid system by Smart Meters. And the Markets are where grid assets are bought and sold [6 , 14] .
PPT Slide
Lager Image
General architecture of smart grid
The information flows in smart grid are of great significance [12 , 13] . CC collects the generation and consumption data from the generators and the consumers. These data can help CC make decisions on system-level to improve the efficiency of the electricity flows. In smart grid, users’ electricity data are collected by the smart meters and aggregated at the control center. Then, the control center intends to release the sensitive aggregated data to the markets that are very interested in them in a privacy-preserving manner. By analyzing the electricity usage information such as the air-conditioner or the television usage data in a specific period of time, the advertisers can obtain the time people usually watch TV in this area and then adjust their strategies. The television sellers can determine whether users prefer to watch videos online rather than watching televisions.
To handle the data release efficiently and securely, existing literature [7 , 8] adopt the Attribute-based Encryption (ABE) technique to provide fine-grained access control over the sensitive data. For practical uses, the proposed scheme must support attribute revocation since the role of the markets may dynamically change in the system. Fadlullah et al. [7] introduce Key-policy ABE technique to achieve a targeted data broadcast in smart grid but do not take the problem of attribute revocation into considerations. Ruj et al. [8] utilize ciphertext-policy ABE for data release in smart grid. However, their attribute revocation method lacks efficiency since it requires updating all the ciphertexts that contain the revoked attribute. Moreover, the access policy of the sensitive data may need to be updated. A naïve way is that CC retrieves the data and re-computes the ciphertext, which may incur heavy computation and communication cost.
On addressing the above issues, we propose a fine-grained access control scheme (FAC) with efficient attribute revocation and policy updating in smart grid in this paper.
Our Contributions. The contributions of this paper can be summarized as follows.
  • First, we utilize CP-ABE technique[17]to achieve a fine-grained data access control in smart grid. And by leveraging Third-party Auditor[16], the FAC could support efficient and secure attribute revocation.
  • Second, to meet the requirements for practical uses, we modify the policy updating algorithm in[23]for the access structure in the FAC. Moreover, by outsourcing most of the computation task to the cloud server, the policy updating algorithm is also efficient.
  • Third, we give a thorough security analysis and demonstrate that the FAC can achieve confidentiality and privacy, fine-grained access control, collusion resistance, and secure attribution revocation and policy updating. Then, we conduct real experiments and show that the FAC is more efficient in terms of functionalities as well as computation and communication overhead compared with existing scheme[7]and[8].
Compared with the preliminary conference version [14] of this paper, this journal version studies dynamic access policy updating problem for the control center. Specifically, we present the policy updating algorithm for the access control structure in the FAC to make the FAC more suitable for practical uses. Moreover, we show the policy updating algorithm is secure and efficient by giving the analysis and evaluation of the new scheme.
Organization. The remainder of this paper is organized as follows. In Section 2, the system model, security requirements and design goals are formalized. We recall bilinear pairing and CP-ABE in Section 3. In Section 4, we propose our FAC scheme. Its security analysis and performance evaluation of the FAC are shown in Section 5 and Section 6, respectively. In Section 7, we present related works. Finally, we conclude this paper in Section 8.
2. System Model, Security requirements and Design goals
- 2.1 System Model
The FAC consists of the following six entities: Certificate Authority (CA), Control Center (CC), Markets, Third Party Auditor (TPA), Cloud Sever (CS), and Attribute Authorities (AAs).
In smart grid, there are two types of networks including power network and communication network. In this paper, we mainly focus on the information flow between the control center and market. Specifically, the user electricity data are collected by the smart meters and aggregated at the control center. Then, the control center intends to distribute the sensitive aggregated to the markets securely and efficiently. On addressing the above problem, we utilize the attribute-based encryption and third-party auditor technique to outsource the data to the cloud server. Therefore, we introduce some other entities including certificate authority, attribute authorities, cloud server and third-party auditor. Specifically, CA is a globally trusted certificate authority and may be audited by the government office. CA would initialize the system by setting up the parameters for AAs and authenticating the markets. AAs are responsible for the attribute key generation including public attribute key for CC and private attribute key for markets. Every attribute is associated with a single AA, but each AA can manage a set of attributes.
As shown in Fig. 2 , to securely and efficiently distribute the electricity data to the markets, the system operates in the following steps. CC first obtains the public attribute keys from AAs. Then, CC defines the access policy for the different kinds of the aggregated user electricity data and encrypts them using public attribute keys before outsourcing them to CS. Markets may first register themselves in CA and obtain private attribute keys from the AAs according to their roles in the system. When markets intend to access the electricity data on the cloud server, they would ask TPA to check the legality of their identities to help the legal markets decrypt the data by generating a decryption Token.
PPT Slide
Lager Image
System model
When attribute revocation occurs and some of the market’s attribute keys may need to be changed, CA and AAs would assign a new set of private keys to the market and update the associated information in TPA. And when CC intends to update the access policy, CC would only need to generate the update token and send it to CS. CS would do the updating job using the old access policies.
- 2.2 Security Requirements
In the FAC, the control center is the core component of the smart grid and is run by the government. Therefore, we assume it to be trusted. And we assume CA is also trusted, but we still need to prevent it from decrypting the data. AAs and TPA are curious but honest, i.e., they execute the task assigned by CA and never collude with markets to get the unauthorized data. It is reasonable since TPA and AAs are audited by government offices. CS is also curious but honest [9 , 10] . Markets are dishonest and may collude to get access to the unauthorized data. Specifically, the security requirements in FAC cover the following four aspects [15] .
  • Confidentiality and Privacy:Since the aggregated electricity data contain sensitive information about the users, it should be kept secret from CS and unauthorized markets. Moreover, markets may want to keep their identities from being exposed to CS and AAs.
  • Fine-grained Access Control:Markets may be assigned a set of attributes according to its role in the system. To efficiently distribute the aggregated data, the access control policy should be fine-grained. In specific, CC pre-defines the access policy and encrypts the data. The access policy should support both “AND” and “OR” gate. Only a market with correct market attribute keys that satisfy the policy embedded in the ciphertext can decrypt the data.
  • Collusion Resistance:Since markets are not trusted in the system, two or more markets cannot combine their market attribute keys and get access to the data which they cannot access individually.
  • Secure Attribute Revocation and Policy Updating:A market cannot use the revoked market attribute keys to decrypt the data which they should not get access to. Moreover, the policy updating algorithm should not leak any useful information to CS.
- 2.3 Design goals
In order to design an efficient and secure fine-grained data release scheme in smart grid, our design goals should focus on the following aspects:
  • Covering All the Security Requirements:Under the security assumption introduced above, the proposed FAC should cover all the security requirements.
  • Efficient Decryption for Markets:By using the token-based decryption method, the proposed FAC should achieve efficient decryption for markets.
  • Efficient Attribute Revocation:By adopting the TPA technique, the proposed FAC should achieve efficient attribute revocation which incurs less cost than the existing scheme in computation and communication overhead.
  • Efficient Access Policy Updating:By outsourcing the computational task of access policy updating from CC to CS, the proposed FAC should achieve efficient policy updating at CC.
3. Preliminaries
- 3.1 Bilinear Paring
Let G , GT be two multiplicative cyclic groups of the same prime order q , and g be generator of group G . Suppose G and GT are equipped with a pairing, i.e., a non-degenerated and efficiently computable bilinear map e : G × G GT such that e(
PPT Slide
Lager Image
) = e ( P 1 , Q 1 ) ab GT for all a,b
PPT Slide
Lager Image
and any P 1 , Q 2 G . We can obtain more comprehensive descriptions of pairing technique through reference [18] .
- 3.2 Ciphertext-Policy Attribute-based Encryption
In ciphertext policy attribute-based encryption (CP-ABE) [17] , ciphertexts are created with an access structure (usually an access tree) which defines the access policy. A user can decrypt the data only if the attributes embedded in her attribute keys satisfy the access policy in the ciphertext. In CP-ABE, the encrypter holds the ultimate authority of the access policy [11] .
4. Proposed Scheme
In the FAC, the electricity data are already collected by the smart meters and aggregated by the control center. Then, the control center could first encrypt the data and outsource the data to the cloud server to enjoy a flexible and efficient data access service. Markets who are interested in the aggregated data could connect to the cloud server and access to the data with their attribute keys. In this section, we propose our FAC, which consists of the following seven phases: System Initialization, Market Attribute Keys Generation, Encryption by CC, Auditing by TPA, Decryption by Market, Attribute Revocation and Access Policy Updating.
Notations
PPT Slide
Lager Image
Notations
- 4.1 System Initialization
- 1)CA Setup
At the beginning of system initialization, CA selects a prime q , two cyclic groups G , GT of prime order q , a generator g of G , a map e : G × G GT , two functions H : {0,1}* → G , F : {0,1}* → Zq and a secure symmetric encryption algorithm Enc (), e.g., AES. In addition, CA defines a dictionary for all the attributes of the system. For attribute i , CA generates a global attribute id xi . Then CA chooses two random numbers β,γ ∈ Zq as the system master secret key and computes e ( g,g ) β , gγ , e ( g,g ) γ . Finally, CA publishes the system parameters as:
PPT Slide
Lager Image
- 2)AA Setup
CA distributes a set of attributes to each AA and makes sure that every two AAs do not manage the same attributes. Let Lj be the set of attributes that AAj manages. For each attribute xi Lj , AAj chooses two random numbers αxi , yxi Zq as the secret attribute key:
PPT Slide
Lager Image
Then AAj computes the public attribute key for each attribute xi Lj as
PPT Slide
Lager Image
- 3)Market Registration
If a market is legal in the system, CA assigns a global market id um to it. Then CA chooses a random number zm Zq and a random market version number vm Zq . And then CA generates a pair of global market key GMK and local market key LMK for the market um as follows:
PPT Slide
Lager Image
Next, CA sends the GMK , LMK to the market and{ um , vm } to TPA secretly. In addition, CA computes the market generation key MGK as follows:
PPT Slide
Lager Image
CA publishes MGK to AAs.
- 4.2 Market Attribute Keys Generation
AAs assign a set of attributes Im to this market according to its role. Then for each attribute xi Im , AAs generate the related market attribute key makxi,um using the market’s MGK as
PPT Slide
Lager Image
Finally, AAs send the maks to markets through a secure channel.
- 4.3 Encryption by CC
CC encrypts the aggregated electricity data, denoted as Data , by using a symmetric encryption key k . The encrypted data is represented as Enck ( Data ). Then CC constructs the Linear Secret-Sharing Schemes (LSSS) matrix R according to the pre-defined access policy [19] . Each row of R is associated with one attribute that is involved in the access policy. Then CC defines a map π , mapping the row of matrix R to the attributes. And then CC encrypts the symmetric key k using the related public attribute keys and system parameters as follows:
Step 1: CC chooses a random number s Zq and a random vector v
PPT Slide
Lager Image
with s as its first entry, where l represents the number of the attributes involved in the R and is equal to the number of rows in the R .
Step 2: For each row of R , CC computes λx = Rx · v , where Rx is the xth row of the matrix R . Then CC chooses a random vector ω ∈
PPT Slide
Lager Image
with 0 as its first entry and computes ωx = Rx · ω .
Step 3: For each row of R , CC chooses a random number kx Zq and computes the ciphertext as follows:
PPT Slide
Lager Image
where π ( x ) maps the xth row of R to attribute xi .
Step 4: The ciphertext Cph is as follows:
PPT Slide
Lager Image
Finally, CC sends the CT = { Enck ( Data ), Cph } to CS.
- 4.4 Auditing by TPA
All registered markets can query any interested encrypted data from CS. However, only if a market’s attributes satisfy the access policy embedded in the ciphertext and the market attribute keys maks contain the right market version number vm , the market um can decrypt the ciphertext with the help of TPA. Specifically, the Auditing by TPA phase consists of the following four steps:
Step1: The market um sends its market attribute keys maks and local market key LMK to TPA. TPA firstly checks the validity of maks by using the market version number vm which is generated in the Market Registration phase. TPA checks the following equation.
PPT Slide
Lager Image
Step 2: If equation (9) holds, TPA computes the set of attributes { π ( x ): x X } ∩ Im , where Im and X represent the attributes that the market um includes and the set of rows of LSSS matrix R in ciphertext CT , respectively. For these attributes, TPA checks if there is a subset X′ of them in which (1, 0, 0…, 0) is their linear combination. If yes, it computes a set of cx Zq such that
PPT Slide
Lager Image
= (1, 0,0∙∙∙,0), where Rx represents the xth row of R . Otherwise, the market’s attributes do not satisfy the access policy of ciphertext CT and decryption is impossible.
Step 3: TPA computes the dec ( x ) for each x as follows:
PPT Slide
Lager Image
Step 4: According to reference [17] ,
PPT Slide
Lager Image
and
PPT Slide
Lager Image
. TPA computes Token as
PPT Slide
Lager Image
- 4.5 Decryption by Market
Upon receiving the Token , the market um can simply decrypt the ciphertext C to get the symmetric key k by using its GMK as
PPT Slide
Lager Image
Then market um can use the symmetric key k to further decrypt the encrypted data Enck ( Data ).
- 4.6 Attribute Revocation
When a market’s role has been changed and some of its attributes are revoked, AAs need to re-compute a set of maks for the market. Firstly, CA chooses a new random market version number
PPT Slide
Lager Image
and secretly sends { um ,
PPT Slide
Lager Image
}to TPA. Then, CA computes the new local market key as:
PPT Slide
Lager Image
and sends it to the market. And then CA computes the market generation key as:
PPT Slide
Lager Image
and publishes MGK' to AAs. Finally, AAs re-compute the new mak for each non-revoked attribute of market um using the market’s new MGK' as
PPT Slide
Lager Image
Thus, the revoked market attribute keys are invalid for its outdate market version number vm . TPA cannot compute the Token for the market if it uses the revoked market attribute keys.
- 4.7 Access Policy Updating
In this subsection, we leverage the policy updating algorithm in [23] to achieve efficient updating operation. Specifically, when CC finds the access policy defined in LSSS [19] matrix is changed, it only needs to run the update key generation algorithm to construct the update keys and send them to CS. The update key generation algorithm is defined as follows.
Update Key Generation: The update key generation algorithm UKGen takes asinputs the old secret s, the previous access policy ( R,π ) with the previous random vector v,ω , and the new one ( R′,π′ ), where l′ represents the number of the attributes involved in the new access policy R′ and π′ represents the new map mapping the rows of R′to the associated attributes. Since π and π′ are non-injective, we define num π(x),R and num π(x),R′ as the number of attribute π ( x ) in R and R′ , respectively.
Step 1: CC runs the PolicyCompare algorithm to compare the new policy ( R′ ,π′ ) with the previous one ( R, π ) as follows.
PPT Slide
Lager Image
Step 2: Then CC obtains three sets of row indexes In 1,R′ , In 2,R′ , In 3,R′ of R′ , where In 1,R′ and In 2,R′ represent the set of row indexes y of R′ such that π′ ( y ) exists in R . Moreover, L 2,R′ will include those exceeding num π′(x),R′ num π′(x),R indexes y , If num π′(x),R′ num π′(x),R . In 3,R′ represents the set of indexes y such that π′ ( y ) is a new attribute. Let InR = {1, ∙∙∙, l } be the index set of the rows of R . Further, CC chooses two new random vectors v′,ω′
PPT Slide
Lager Image
with the old secretsand 0 as its first entry, respectively and computes
PPT Slide
Lager Image
and
PPT Slide
Lager Image
, where
PPT Slide
Lager Image
represents the yth row of new LSSS matrix R′ .
Step 3: CC computes the update key for each type of index y ∈[1, l′ ]. Specifically, they could be divided into three types. If ( y,x ) ∈ In 1,R' , it is Type1; If ( y,x ) ∈ In 2,R' , it is Type 2; If ( y,x ) ∈ In 3,R' , it is Type 3..
For Type 1, CC computes the update key as follows:
PPT Slide
Lager Image
And set
PPT Slide
Lager Image
.
For Type 2, CC first chooses random numbers
PPT Slide
Lager Image
, ay Zq and computes the update key as follows:
PPT Slide
Lager Image
For Type 3, CC chooses a number
PPT Slide
Lager Image
Zq , where
PPT Slide
Lager Image
= aykx and computes the update key as follows:
PPT Slide
Lager Image
Step 4: The update key UKData is constructed as
PPT Slide
Lager Image
Then, CC sends the update key UKData to CS.
Next, upon receiving the update key UKData , CS will update the ciphertext from the previous access policy to the new policy as follows:
For Type 1, CS updates the ciphertext as
PPT Slide
Lager Image
where
PPT Slide
Lager Image
= kx .
For Type2, CS updates the ciphertext as
PPT Slide
Lager Image
where
PPT Slide
Lager Image
= aykx .
For Type3, CS updates the ciphertext component as
PPT Slide
Lager Image
The ciphertext Cph′ is as follows:
PPT Slide
Lager Image
Finally, CS changes the CT as CT′ = { Enck ( Data ), Cph′ }
5. Security Analysis
Given the assumptions presented in Section 2, we analyze the security properties of the FAC. Specifically, our analysis focuses on how the FAC could achieve confidentiality and privacy, fine-grained access control, collusion resistance, and secure attribute revocation and policy updating.
- 5.1 Confidentiality and Privacy
The aggregated user electricity data are first encrypted using the symmetric encryption method. As long as the symmetric key is well kept and distributed, the confidentiality of the data would be well preserved. Note that, CS cannot decrypt the data since it does not know the market attribute keys kept by markets and market version number vm kept by TPA. In addition, though TPA does much decryption for the markets, it still cannot get access to the electricity data without the global market key GMK . That is, only a market with valid attributes that satisfy the access policy can decrypt the ciphertext. In the system, each AA is only in charge of one kind of attribute. That is, markets obtain their market attribute keys from different AAs and each AA only knows part of their attributes. Thus, single AA cannot recover all the markets’ attribute information. Moreover, markets communicate with AAs or TPA using their global market id, i.e., only CA knows markets’ true identities. Therefore, the confidentiality of the data and markets’ privacy are well protected in the FAC.
- 5.2 Find-grained Access Control
CC firstly defines the access policy and uses the corresponding public attribute keys to encrypt the symmetric key that is used to encrypt the electricity data before outsourcing it to CS. The access policy defined in LSSS [19] matrix supports complex Boolean operations including both AND and OR gate. For more details about the construction of the LSSS matrix, we direct the readers to reference [17] . That is, the FAC can achieve a fine-grained access control.
- 5.3 Collusion Resistance
In the FAC, markets are dishonest and may intend to combine their market attribute keys to get access to the electricity data which they cannot get access individually. To address this problem, AAs would generate market attribute keys with a market’s identity and the market version number vm . If two or more markets combine their market attribute keys to satisfy the ciphertext’s access policy,
PPT Slide
Lager Image
in the Auditing by TPA phase. Therefore, TPA would not compute Token for the colluding markets. Thus, the proposed FAC scheme is collusion-resistant.
- 5.4 Secure Attribute Revocation and Policy Updating
When attribute revocation happens and some of the market’s attribute are revoked, CA would choose a new random market version number
PPT Slide
Lager Image
and sends it to TPA. Then AAs re-calculate the market attribute keys for the non-revoked attributes of the market. We assume that a market tries to decrypt the ciphertext using the revoked market attribute key. Unfortunately, in the auditing by TPA phase,
PPT Slide
Lager Image
and
PPT Slide
Lager Image
cannot be computed correctly since the revoked market attribute key does not contain the true version number
PPT Slide
Lager Image
. During the policy updating operations, CC would first obtain the old access policy and then compute the updating token using public parameters. The aim of this token-based policy updating algorithm is to make full use of the ciphertext on the cloud server to reduce the computation cost in CC. That is, all the information leaked in the policy updating phase to the CS is some relationship between the old policies and the new policies. It is acceptable since knowing this does not mean that CS could further pry into the encrypted data. That is, the FAC could achieve secure attribute revocation and policy updating.
6. Performance Evaluation
In this section, we evaluate the performance of FAC in terms of functionality as well as computation and communication overhead.
Notations
PPT Slide
Lager Image
Notations
- 6.1 Functionality
As shown in Table 3 , we compare functionalities among the FAC, Ruj’s scheme [8] and Faslullah’s scheme [7] . Specifically, all the above schemes achieve access control over the outsourced data. However, Faslullah’s scheme [7] cannot achieve attribute revocation and policy updating while Ruj’s scheme [8] only supports attribute revocation. The FAC could achieve all the above functionalities.
Comparison of Functionalities
PPT Slide
Lager Image
Comparison of Functionalities
Further, we would compare Ruj’s and the FAC in terms of computation and communication overhead as follows.
- 6.2 Computation Overhead
In this subsection, we focus on the computation overhead of the FAC and compare it with Ruj’s scheme [8] . Since the performance is mainly affected by the time cost of exponentiation operations in G , exponentiation operation in GT and pairing operation, we ignore the other operations. And we give the notations of symbols that are used in this subsection in Table 2 .
As for the data encryption, time cost of the FAC and Ruj’s scheme [8] are almost the same, which are (2 Nc + 1) Tet + (3 Nc + 1) Te in the FAC and 2 NcTet + 2 NcTe in [8] , respectively. In the Decryption by Market phase, since most of the decryption computation are moved to TPA, the market um only needs to perform an exponentiation operation in GT to decrypt the decryption token, resulting in Tet time cost in the FAC. In Ruj’s scheme, the market needs to do all the decryption tasks, and the computation overhead is (2 Nc + 1) Tp + 5 NcTet [8] .
In the Attribute Revocation phase, when one of the market’s attributes is revoked, FAC only requires to re-compute a set of market attribute keys marks and local market key LMK for the non-revoked attributes of the market. That is, the computation overhead is 3( Nm,atrTe + Te ). However, in Ruj’s scheme which requires CS to update every ciphertext that contains the revoked attribute, the computation overhead is 3 N ct,atr(i) Tet .
In the policy updating phase, CC only needs to compute the update key for each type rather than re-compute the ciphertext. For Type 1, CC needs
PPT Slide
Lager Image
time; For Type 2, CC needs
PPT Slide
Lager Image
; For Type 3, CC needs
PPT Slide
Lager Image
time. The operations that cost most time are moved from CC to CS. Compared with the time cost for re-computing the ciphertext that cost (2 Nc + 1) Tet + (3 Nc + 1) Te , this token-based updating algorithm could significantly reduce the computation overhead of CC, especially when the new access policy is little different from the old one and CS could fully make use of the previous ciphertext. The comparison of computation overhead is shown in Table 4 .
Comparison of Computation overhead
PPT Slide
Lager Image
Comparison of Computation overhead
Moreover, we conduct simulation experiments on a 2.53Hz-processor, 4GB memory computing machine with MIRACL library [20] to study the execution time. In the FAC, we assume that market can include at most 20 attributes. That is, Nm,atr = 20. As for encryption phase shown in Fig. 3 , the FAC achieves almost the same cost compared with Ruj’s. This is reasonable since the encryption is only required once. The computation overhead of Decryption and Revocation of FAC and Ruj’s is shown in Fig. 4 and Fig. 5 . As we can see, the computation overhead for Decryption and Revocation in Ruj’s scheme linearly increase while they are constant in FAC. Then, we show the execution time of the policy updating phase in Fig. 6 . We denote
PPT Slide
Lager Image
. As we can see, updating operation for all the three types incurs less computation overhead compared with re-computing the ciphertext.
PPT Slide
Lager Image
Comparison of computation overhead for encryption
PPT Slide
Lager Image
Comparison of computation overhead for decryption
PPT Slide
Lager Image
Comparison of computation overhead for revocation
PPT Slide
Lager Image
Comparison of computation overhead for policy updating()
- 6.3 Communication Overhead
In this subsection, we mainly focus on the communication overhead of the attribute revocation. When one of the market’s attributes is revoked, the FAC only requires AAs to re-compute the market attribute keys for the market and send the keys to it, resulting in at most (2 Nm,atr + 1)| G | communication overhead. In Ruj’s scheme, it requires the CS to send all the ciphertexts that contain the revoked attribute to every non-revoked user which includes the revoked attribute, which incurs ( N ct,atr(i) N m,atr(i) + 1)| GT | size of transmitted messages.
If we choose a 160-bit G , and 960-bit GT with embedded degree 6 [20] , we can get the comparison of communication overhead between FAC and Ruj’s as shown in Fig. 7 . As we can see, the communication overhead in the FAC is constant while it is lineally increasing in Ruj’s scheme.
PPT Slide
Lager Image
Comparison of communication overhead for attribute revocation
7. Related Works
Much research effort has been directed to the security of smart grid recently. Li et.al. [1] propose an efficient privacy-preserving demand response scheme with adaptive key evolution in smart grid, which employs a homomorphic encryption to achieve privacy-preserving demand aggregation and efficient response. Yang et.al. [13] propose a ranked range query scheme in smart grid auction market, which can support both range query and ranked search.
Attribute-based encryption (ABE) is a promising technique that can achieve fine-grained access control of the encrypted data. The first ABE scheme is introduced by Sahai and Waters [21] . Then, Goyal et al. [22] classify ABE into two new forms Key-Policy ABE (KP-ABE) and Ciphertext-Policy ABE (CP-ABE). In KP-ABE, the attribute key is generated with access control policy and the ciphertext is associated with attributes. While in CP-ABE, the ciphertext is created with access policy. Later Lewko and Waters propose a multi-authority CP-ABE scheme [17] . However their work does not consider the attribute revocation and the policy updating problem. Yu et.al. [24] propose a secure, scalable, and fine-grained data access control scheme in cloud computing by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Yuan et.al. [25] propose a secure and constant cost public cloud storage auditing scheme with deduplication.
Some research works based on ABE technique have been directed to achieve access control in smart grid. Fadlullah et al. [7] utilize KP-ABE technique to achieve targeted broadcast in smart grid. But their scheme does not consider the revocation problem. Based on Lewko and Water’ ABE scheme [17] , Ruj et al. propose an access control infrastructure with revocation for smart grid [8] . However, in their scheme, attribute revocation incurs a heavy computation and communication overhead since it requires updating all the ciphertexts which contain the revoked attribute and sending them to every non-revoked user. Moreover, both the above schemes do not consider the policy updating problem. Yang et.al. [23] propose an efficient access control scheme with dynamic policy updating, which outsources the updating work to the cloud and supports different types of access policies.
8. Conclusion
In this paper, we proposed a fine-grained access control scheme (FAC) with efficient attribute revocation and policy updating in smart grid. The proposed FAC is more suitable for practical access control issues since it supports dynamic operations. Moreover, we gave thorough security analysis and demonstrated that the FAC can achieve high level security guarantees. In addition, performance evaluation and analysis show that the FAC is more efficient compared with the existing schemes through comprehensive experiments. For the future work, we would explore privacy-preserving data aggregation problem in smart grid.
BIO
Hongwei Li received his M.S. degree in Computer Application from Southwest Jiaotong University (SWJTU) and Ph.D. degree in Computer Software and Theory from University of Electronic Science and Technology of China (UESTC) in 2004 and 2008 respectively. From 2011 to 2012, he worked as a Postdoctoral Fellow at University of Waterloo, Canada. Currently, he is an associate professor at the School of Computer Science and Engineering, UESTC, China. His research interests include cryptography, and the secure smart grid. Dr. Li serves as the Associate Editor of Peer-to-Peer Networking and Applications, the Guest Editor for Peer-to-Peer Networking and Applications Special Issue on Security and Privacy of P2P Networks in Emerging Smart City. He also serves on the technical program committees for many international conferences such as IEEE INFOCOM, IEEE ICC, IEEE GLOBECOM, IEEE WCNC, etc. He is a member of IEEE, a member of China Computer Federation and a member of China Association for Cryptologic Research.
Dongxiao Liu received the B.S. degree from the School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China, in 2013, where he is currently pursuing the master's degree with the School of Computer Science and Engineering. He serves as a reviewer of Peer-to-Peer Networking and Application. His research interests include cryptography, cloud computing security, and the secure smart grid.
Khalid Nawaf Alharbi received the B.Sc. degree in Mathematics, Saudi Arabia, in 1999 and the Master of Information Technology Security (MITS) from University of Ontario Institute of Technology (UOIT), Canada, in 2012. He is an instructor at Northern Border University, Saudi Arabia and is currently working toward a Ph.D. degree in Computer Science, University of Ontario Institute of Technology (UOIT), Canada. His research interests include applied cryptography, and security and privacy issues in web applications, cloud computing, mobile social networks, and smart grid.
Shenmin Zhang is currently an undergraduate of the School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China, and will receive the B.S. degree in 2015. Her interests include cryptography, cloud computing security and outsourcing computation.
Xiaodong Lin received the Ph.D. degree in information engineering from Beijing University of Posts and Telecommunications, Beijing, China, in 1998 and the Ph.D. degree (with Outstanding Achievement in Graduate Studies Award) in electrical and computer engineering from the University of Waterloo, Waterloo, ON, Canada, in 2008. He is currently an associate professor of information security with the Faculty of Business and Information Technology, University of Ontario Institute of Technology, Oshawa, ON, Canada. His research interests include wireless network security, applied cryptography, computer forensics, software security, and wireless networking and mobile computing. Dr. Lin was the recipient of a Natural Sciences and Engineering Research Council of Canada (NSERC) Canada Graduate Scholarships (CGS) Doctoral and the Best Paper Awards of the 18th International Conference on Computer Communications and Networks (ICCCN 2009), the 5th International Conference on Body Area Networks (BodyNets 2010), and IEEE International Conference on Communications (ICC 2007). He is a senior member of the IEEE.
References
Li H. , Lin X. , Hang H. , Liang X. , Lu R. , Shen X. 2014 “Eppdr: An efficient privacy-preserving demand response scheme with adaptive key evolution in smart grid” IEEE Transactions on Parallel and Distributed Systems 25 (8) 2053 - 2064    DOI : 10.1109/TPDS.2013.124
Li H. , Lu R. , Zhou L. , Yang B. , Shen X. 2014 “An efficient merkle tree based authentication scheme for smart grid” IEEE Systems Journal 8 (2) 655 - 663    DOI : 10.1109/JSYST.2013.2271537
Li H. , Liang X. , Lu R. , Lin X. , Shen X. “Edr: An efficient demand response scheme for achieving forward secrecy in smart grid” in Proc. of GLOBECOM 2012 929 - 934
Liang H. , Choi B. , Zhuang W. , Shen X. “Towards optimal energy store-carry-and-deliver for phevs via v2g system” in Proc. of INFOCOM 2012 167 - 1682
Liang H. , Choi B. , Abdrabou A. , Zhuang W. , Shen X. 2012 “Decentralized economic dispatch in microgrids via heterogeneous wireless networks” IEEE journal on Selected Areas in communications 30 (6) 1061 - 1074    DOI : 10.1109/JSAC.2012.120705
Liu J. , Xiao Y. , Li S. , Liang W. , Chen C. 2012 “Cyber security and privacy issues in smart grids” IEEE Communications Surveys and Tutorials 14 (4) 981 - 997    DOI : 10.1109/SURV.2011.122111.00145
Fadlullah Z. M. , Kato N. , Lu R. , Shen X. , Nozaki Y. 2012 “Toward secure targeted broadcast in smart grids” IEEE Communications Magazine 50 (5) 150 - 156    DOI : 10.1109/MCOM.2012.6194396
Ruj S. , Nayak A. 2013 “A decentralized security framework for data aggregation and access control in smart grids” IEEE Transactions on Smart Grid 4 (1) 196 - 205    DOI : 10.1109/TSG.2012.2224389
Yang Y. , Li H. , Liu W. , Yang H. , Wen M. “Secure Dynamic Searchable Symmetric Encryption with Constant Document Update Cost” in Proc. of GLOBECOM 2014 775 - 780
Li H. , Yang Y. , Luan T. H. , Liang X. , Zhou L. , Shen X. S. “Enabling Fine-grained Multi-keyword Search Supporting Classified Sub-dictionaries over Encrypted Cloud Data” IEEE Transactions on Dependable and Secure Computing 2015
Li H. , Liu D. , Dai Y. , Luan T. H. , Shen X. S. 2015 “Enabling Efficient Multi-keyword Ranked Search over Encrypted Cloud Data through Blind Storage” IEEE Transactions on Emerging Topics in Computing 3 (1) 127 - 138    DOI : 10.1109/TETC.2014.2371239
Li H. , Yang Y. , Wen M. , Luo H. , Lu R. 2014 “EMRQ: An Efficient Multi-keyword Range Query Scheme in Smart Grid Auction Market” KSII Transactions on Internet and Information Systems 8 (11) 3937 - 3954
Yang Y. , Li H. , Wen M. , Luo H. , Lu R. “Achieving Ranked Range Query in Smart Grid Auction Market” in Proc. of ICC Sydney, Australia 2014 951 - 956
Liu D. , Li H. , Yang Y. , Yang H. “Achieving Multi-Authority Access Control with Efficient Attribute Revocation in Smart Grid” in Proc. of ICC 2014 634 - 639
Li H. , Dai Y. , Tian L. , Yang H. 2009 “Identity-Based Authentication for Cloud Computing” Lecture Notes of Computer Science (LNCS) 5931 157 - 166
Wang C. , Wang Q. , Ren K. , Lou W. “Privacy-preserving public auditing for data storage security in cloud computing” in Proc. of INFOCOM 2010 1 - 9
Lewko A. , Waters B. “Decentralizing attribute-based encryption” in Proc. of EUROCRYPT 2011 568 - 588
Boneh D. , Franklin M. 2001 “Identity-based encryption from the weil pairing,” inAdvances in Cryptology-CRYPTO Springer 213 - 229
Waters B. “Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization” Springer in Proc. of PKC 2011 53 - 70
“Miracl cryptographic sdk”
Sahai A. , Waters B. 2005 “Fuzzy identity-based encryption,” inAdvances in Cryptology–EUROCRYPT Springer 457 - 473
Goyal V. , Pandey O. , Sahai A. , Waters B. “Attribute-based encryption for fine-grained access control of encrypted data” ACM in Proc. of the 13th ACM conference on Computer and communications security 2006 89 - 98
Yang K. , Jia X. , Ren K. , Xie R. , Huang L. “Enabling efficient access control with dynamic policy updating for big data in the cloud” in Proc. of INFOCOM 2014 2013 - 2021
Yu S. , Wang C. , Ren K. , Lou W. “Achieving secure, scalable, and fine-grained data access control in cloud computing” in Proc. of INFOCOM 2014 1 - 9
Yuan J. , Yu S. “Secure and constant cost public cloud storage auditing with deduplication” in IEEE Conference on Communications and Network Security (CNS) 2013 145 - 153