A Fine-Grained User-Divided Privacy-Preserving Access Control Protocol in Smart Watch
<p>The sales of smart watches.</p> "> Figure 2
<p>The information interaction process of the smart wearable device.</p> "> Figure 3
<p>Attack model.</p> "> Figure 4
<p>System model.</p> "> Figure 5
<p>The data flow of FPAS.</p> "> Figure 6
<p>The time spent on data transmission and data processing.</p> "> Figure 7
<p>The time spent on accessing control.</p> ">
Abstract
:1. Introduction
- How do we resist the illegal device connection, in case the Bluetooth hacking vulnerability affects identify authentication?
- How do we resist the information leakage in data processing by an non-credible cloud?
- How do we realize secure information sharing with different people reducing the authentication steps as much possible?
- Is it suitable for low computational devices?
- Each device has the unique codes media access control (MAC) and universally-unique identifier (UUID). We can utilize and save the unique codes to avoid the illegal connection of malicious devices.
- In order to implement information sharing, it is a good idea to use cipher-policy attribute-based encryption (CP-ABE) in the public cloud [21]. The fine-grained access control structure can be decided by the encryption part [22]. Moreover, this fine-grained access control not only refers to restrictions on the person accessing private data, but also to partial sharing of personal information.
- We also consider the differences in computing power of the smart watch. To be suitable for a low-computing power device, we make the cloud undertake the complex encryption and homomorphic computation. The smart watch is only responsible for some basic computations.
- We propose a framework for protecting personal private information in a smart watch, even though the cloud server is untrusted. The framework can compute and share data confidentially without leaking private user information.
- FPAS delivers a part of the complex operations to the cloud without leaking private data, which reduces the device’s computing resource consumption.
- Our solution reduces the risk of illegal application connection between the smart watch and the App.
- Our proposed solution has good expansibility such that it can ignore the different terminals.
2. Related Work
3. Preliminaries
3.1. Ciphertext-Policy Attribute-Based Encryption
3.2. Proxy Re-Encryption
4. Definition of Our Scheme
4.1. Attack Model
- Illegal application connection: Roman Unuchek [41] found that many common smart wearable devices allow the third party App to invisibly connect. This process can execute commands and even obtain data. The reason why the illegal connection attack is possible is that the pairing method between smart wearable devices and smartphones is not by authentication. According to the study, special unauthorized Apps can be installed on Android 4.3, which can pair with smart devices from specific manufacturers. The user needs to confirm the pairing before establishing a connection. However, the victim cannot know whether it is associated with his/her device or someone else’s device.
- Unauthorized control: Studies have shown that an attack can send a specific command to the Lenovo watch x to set multiple alarms or forge a call alert because of lacking user rights’ control [42]. Under normal circumstances, the user can only send information and instructions to the bound smart watch by himself/herself. However, some users also can operate the unbound watches, because the cloud server does not judge the identity and the instructions.
- Private data leakage: We assume that the cloud and the data requester are honest, but curious; this means they would obey the workflow, but want to obtain other entities’ private information. Meanwhile, it is surprising that most transmission data channels between smart watches and the cloud server are public and unencrypted [43]. An attacker can obtain user information by sniffing. Moreover, even if user data traffic is encrypted, the cloud server can attempt to decrypt with a powerful computational capability. Besides, other users attempt to use their own attributes to obtain the private key for decrypting information.
4.2. System Model
4.3. Working Process
- 1:
- A smart watch connects with the management App through scanning the quick response code (QR code) in the smart watch. The App obtains the MAC value and UUID of the smart watch to form a unique smart watch identity through the communication protocol. The App uses the hash function and saves the unique identity in the list. The App generates a key pair and sends the public key to the smart watch.
- 2:
- It would generate new keys unless the smart watch disconnects. If repairing, the APP must authenticate the MAC and UUID of the watch. If the unique identity matches, proceed to Step 1.3. Otherwise, the device is considered unsafe and disconnects.
- 1:
- The smart watch collects location information and personal health information of the wearer, including steps walked and heart rate, and encrypts the data by the public key of the App.
- 2:
- The smart watch sends the encrypted data to the App.
- 1:
- After receiving the data, the primary user can change the encrypted data by to the encrypted data by and send it to the cloud.
- 2:
- The cloud adopts the homomorphic computation and re-encryption for obtaining the final computing result . The re-encryption step can transfer the ciphertext that the primary user can decrypt.
- 3:
- The cloud sends the computing result to the App.
- 4:
- The App can decrypt the computing result by his/her private key.
- 1:
- The secondary user applies the data access authority.
- 2:
- In order to ensure that the shared data can only be accessed by the authorized requester by the primary user, the primary user encrypts the decryption key through the ciphertext policy based on the access control tree. Then, the App sends the encrypted key to the requester.
- 3:
- The cloud sends the ciphertext, which is homeomorphically computed and re-encrypted, to the requester.
- 4:
- The requesters first decrypts the ciphertext and gets the key only if their own attribute set satisfies the access control structure. Then, the requesters decrypt the final computing result when they obtain .
4.4. Concrete Construction
- *
- System setup: All entities except the smart watch call the algorithm KeyGen. The APP and the users call the algorithm CP-ABE-setup to complete the initialization of the homo-re-encryption and CP-ABE.
- *
- KeyGen: Let k be a security parameter and p, q be two large primes. Due to the property of safe primes, we can choose two primes and , which satisfy . We compute and choose a generator g with order , which can be chosen by selecting a random number and computing . The value can be used to decrypt the encrypted data, but we decided to conceal it from the whole system. In FPAS, we can use key pair to encrypt and decrypt data. The App and the CCS generate their key pairs: and and then negotiate their Diffie–Hellman key . To support encrypted data processing, is public in the whole system. The public system parameters include .
- *
- CP-ABE-Setup: The setup algorithm chooses a bilinear group of prime order p with generator g. Then, it picks two random exponents . The public key is , and the master key MK is .
- *
- System matching: After the smart watch connects with the App, the smart watch sends to the App. the App saves it into a list.
- *
- Watch-KeyGen: The APP calls the algorithm that lets , be two large primes and calculates and . Let be co-prime. Then, choose d such that . The public key is , and the private key . The App sends to the smart watch.
- *
- Watch-Enc: The smart watch uses the public key to encrypt m and send it to the App.
- *
- Data uploading: The App can change the encrypted data to by choosing a random and sending it to the cloud:
- *
- Data processing: After receiving the encrypted data from the App, the CSSdoes some homomorphic comparison operations to get the ciphertext results. If the encrypted data exceed an encrypted threshold , this means the CCS needs to send a warming and the re-encrypted result to the primary user and other authorized users. The data are encrypted by the App by choosing a random as follows:
- *
- Accessing authorization: The data owner of the App just wants to share his/her personal information with someone who satisfies his/her access condition. He/she will encryption his/her private key with the encryption algorithm CP-ABE.
- *
- Data acquisition: When the primary user receives the outsourced computing result, he/she can decryption directly by his/her private key .
5. Security Analysis
6. Performance Analysis
7. Conclusions
Author Contributions
Funding
Conflicts of Interest
Abbreviations
IoT | Internet of Things |
PIN | Personal identification number |
MAC | Media access control |
UUID | Universally-unique identifier |
CP-ABE | Cipher-policy attribute-based encryption |
QR code | Quick response code |
References
- Insider, B. The Smartwatch Report. Available online: https://www.businessinsider.com/smartwatch-and-wearables-research-forecasts-trends-market-use-cases-2016-9 (accessed on 9 June 2016).
- Ra, H.; Ahn, J.; Yoon, H.; Yoon, D.; Son, S.H.; Ko, J. I am a “Smart” watch, Smart Enough to Know the Accuracy of My Own Heart Rate Sensor. In Proceedings of the 18th International Workshop on Mobile Computing Systems and Applications, HotMobile 2017, Sonoma, CA, USA, 21–22 February 2017; pp. 49–54. [Google Scholar] [CrossRef]
- IDC: China’s Smart Watch Market Grew Rapidly in the Third Quarter of 2018, up 72% Year-on-Year. Available online: https://www.idc.com/getdoc.jsp?containerId=prCHC44586018 (accessed on 24 December 2018).
- Germany Bans Children’s Smartwatches. Available online: https://www.bbc.com/news/technology-42030109 (accessed on 17 November 2017).
- Significant Security Flaws in Smartwatches for Children. Available online: https://www.forbrukerradet.no/side/significant-security-flaws-in-smartwatches-for-children/ (accessed on 18 October 2017).
- New Bluetooth Hack Affects Millions of Devices from Major Vendors. Available online: https://thehackernews.com/2018/07/bluetooth-hack-vulnerability.html (accessed on 5 July 2018).
- Liu, Y.; Kong, L.; Cao, Y.; Sarafian, V.; Cheng, L.; Chen, G. Stop Unauthorized Access to Your Smart Devices. In Proceedings of the 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS), Singapore, 11–13 December 2018; pp. 228–235. [Google Scholar]
- He, D.; Kumar, N.; Khan, M.K.; Wang, L.; Shen, J. Efficient privacy-aware authentication scheme for mobile cloud computing services. IEEE Syst. J. 2018, 12, 1621–1631. [Google Scholar] [CrossRef]
- Mo, F.; Zhou, J.; Yi, S. Adapting the navigation interface of smart watches to user movements. Int. J. Hum. Comput. Interact. 2017, 33, 460–474. [Google Scholar] [CrossRef]
- Tian, D.; Xu, X.; Tao, Y.; Wang, X. An improved activity recognition method based on smart watch data. In Proceedings of the 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), Guangzhou, China, 21–24 July 2017; Volume 1, pp. 756–759. [Google Scholar]
- Lee, Y.; Yang, W.; Kwon, T. Data Transfusion: Pairing Wearable Devices and Its Implication on Security for Internet of Things. IEEE Access 2018, 6, 48994–49006. [Google Scholar] [CrossRef]
- Tang, J.; Cui, Y.; Li, Q.; Ren, K.; Liu, J.; Buyya, R. Ensuring security and privacy preservation for cloud data services. ACM Comput. Surv. (CSUR) 2016, 49, 13. [Google Scholar] [CrossRef]
- Zhang, Y.; Xiang, Y.; Huang, X.; Chen, X.; Alelaiwi, A. A matrix-based cross-layer key establishment protocol for smart homes. Inf. Sci. 2018, 429, 390–405. [Google Scholar] [CrossRef]
- Zhou, X.; Liu, J.; Wu, Q.; Zhang, Z. Privacy preservation for outsourced medical data with flexible access control. IEEE Access 2018, 6, 14827–14841. [Google Scholar] [CrossRef]
- Sajid, A.; Abbas, H.; Saleem, K. Cloud-assisted IoT-based SCADA systems security: A review of the state of the art and future challenges. IEEE Access 2016, 4, 1375–1384. [Google Scholar] [CrossRef]
- Feng, B.; Ma, X.; Guo, C.; Shi, H.; Fu, Z.; Qiu, T. An efficient protocol with bidirectional verification for storage security in cloud computing. IEEE Access 2016, 4, 7899–7911. [Google Scholar] [CrossRef]
- Wang, X.; Xiong, C.; Pei, Q.; Qu, Y. Expression preserved face privacy protection based on multi-mode discriminant analysis. CMC Comput. Mater. Contin. 2018, 57, 107–121. [Google Scholar] [CrossRef]
- Kim, S.; Lee, I. IoT device security based on proxy re-encryption. J. Ambient Intell. Hum. Comput. 2018, 9, 1267–1273. [Google Scholar] [CrossRef]
- Rohloff, K.; Polyakov, Y. An end-to-end security architecture to collect, process and share wearable medical device data. In Proceedings of the 2015 17th International Conference on E-health Networking, Application & Services (HealthCom), Boston, MA, USA, 14–17 October 2015; pp. 615–620. [Google Scholar]
- Paillier, P. Public-key cryptosystems based on composite degree residuosity classes. In International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberg, Germany, 1999; pp. 223–238. [Google Scholar]
- Xue, K.; Chen, W.; Li, W.; Hong, J.; Hong, P. Combining Data Owner-Side and Cloud-Side Access Control for Encrypted Cloud Storage. IEEE Trans. Inf. Forensics Secur. 2018, 13, 2062–2074. [Google Scholar] [CrossRef]
- Hu, C.; Li, W.; Cheng, X.; Yu, J.; Wang, S.; Bie, R. A secure and verifiable access control scheme for big data storage in clouds. IEEE Trans. Big Data 2018, 4, 341–355. [Google Scholar] [CrossRef]
- Lee, Y.; Yang, W.; Kwon, T. POSTER: Watch out your smart watch when paired. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA, 30 October–3 November 2017; pp. 2527–2529. [Google Scholar]
- Do, Q.; Martini, B.; Choo, K.K.R. Is the data on your wearable device secure? An Android Wear smartwatch case study. Softw. Pract. Exp. 2017, 47, 391–403. [Google Scholar] [CrossRef]
- Khedr, A.; Gulak, G. Securemed: Secure medical computation using gpu-accelerated homomorphic encryption scheme. IEEE J. Biomed. Health Inform. 2018, 22, 597–606. [Google Scholar] [CrossRef]
- Fang, L.; Susilo, W.; Ge, C.; Wang, J. Public key encryption with keyword search secure against keyword guessing attacks without random oracle. Inf. Sci. 2013, 238, 221–241. [Google Scholar] [CrossRef] [Green Version]
- Guo, W.; Shao, J.; Lu, R.; Liu, Y.; Ghorbani, A.A. A privacy-preserving online medical prediagnosis scheme for cloud environment. IEEE Access 2018, 6, 48946–48957. [Google Scholar] [CrossRef]
- Petrlic, R.; Sorge, C. Privacy-Preserving Digital Rights Management based on Attribute-based Encryption. In Proceedings of the 2014 6th International Conference on New Technologies, Mobility and Security (NTMS), Dubai, UAE, 30 March–2 April 2014; pp. 1–5. [Google Scholar]
- Li, J.; Lin, X.; Zhang, Y.; Han, J. KSF-OABE: outsourced attribute-based encryption with keyword search function for cloud storage. IEEE Trans. Serv. Comput. 2017, 10, 715–725. [Google Scholar] [CrossRef]
- Ding, W.; Yan, Z.; Deng, R. Privacy-preserving data processing with flexible access control. IEEE Trans. Dependable Secur. Comput. 2017. [Google Scholar] [CrossRef]
- Liu, Y.; Zhang, Y.; Ling, J.; Liu, Z. Secure and fine-grained access control on e-healthcare records in mobile cloud computing. Future Gener. Comput. Syst. 2018, 78, 1020–1026. [Google Scholar] [CrossRef]
- Yan, Z.; Li, X.; Wang, M.; Vasilakos, A.V. Flexible data access control based on trust and reputation in cloud computing. IEEE Trans. Cloud Comput. 2017, 5, 485–498. [Google Scholar] [CrossRef]
- Ge, C.; Susilo, W.; Wang, J.; Huang, Z.; Fang, L.; Ren, Y. A key-policy attribute-based proxy re-encryption without random oracles. Comput. J. 2016, 59, 970–982. [Google Scholar] [CrossRef]
- Ge, C.; Susilo, W.; Wang, J.; Fang, L. Identity-based conditional proxy re-encryption with fine grain policy. Comput. Stand. Interfaces 2017, 52, 1–9. [Google Scholar] [CrossRef]
- Fang, L.; Ge, C.; Huang, Z.; Wang, J. Privacy preserving cloud data sharing system with flexible control. Comput. Electr. Eng. 2018, 70, 978–986. [Google Scholar] [CrossRef]
- Li, H.; Huang, Q.; Ma, S.; Shen, J.; Susilo, W. Authorized Equality Test on Identity-Based Ciphertexts for Secret Data Sharing via Cloud Storage. IEEE Access 2019, 7, 25409–25421. [Google Scholar] [CrossRef]
- Bethencourt, J.; Sahai, A.; Waters, B. Ciphertext-policy attribute-based encryption. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP ’07), Berkeley, CA, USA, 20–23 May 2007; pp. 321–334. [Google Scholar]
- Cui, Y.; Huang, Q.; Huang, J.; Li, H.; Yang, G. Ciphertext-Policy Attribute-Based Encrypted Data Equality Test and Classification. IACR Cryptol. ePrint Arch. 2018, 2018, 1058. [Google Scholar] [CrossRef]
- Ge, C.; Susilo, W.; Fang, L.; Wang, J.; Shi, Y. A CCA-secure key-policy attribute-based proxy re-encryption in the adaptive corruption model for dropbox data sharing system. Des. Codes Cryptog. 2018, 86, 2587–2603. [Google Scholar] [CrossRef]
- Ge, C.; Xia, J.; Wu, A.; Li, H.; Wang, Y. A Source Hiding Identity-Based Proxy Reencryption Scheme for Wireless Sensor Network. Secur. Commun. Netw. 2018, 2018, 6395362. [Google Scholar] [CrossRef]
- Unuchek, R. How I Hacked My Smart Bracelet. Available online: https://securelist.com/how-i-hacked-my-smart-bracelet/69369/ (accessed on 26 March 2015).
- Spring, T. Lenovo Watch X Riddled with Security Vulnerabilities. Available online: https://threatpost.com/lenovo-watch-x-riddled-with-security-vulnerabilities/141822/ (accessed on 13 February 2019).
- Connected Wristwatch Allows Hackers to Stalk, Spy On Children. Available online: https://threatpost.com/connected-wristwatch-allows-hackers-to-stalk-spy-on-children/139118/ (accessed on 15 November 2018).
- Fang, L.; Susilo, W.; Ge, C.; Wang, J. Chosen-ciphertext secure anonymous conditional proxy re-encryption with keyword search. Theor. Comput. Sci. 2012, 462, 39–58. [Google Scholar] [CrossRef] [Green Version]
- Xie, X.; Yuan, T.; Zhou, X.; Cheng, X. Research on trust model in container-based cloud service. Comput. Mater. Contin. 2018, 56, 273–283. [Google Scholar]
- Weng, J.; Deng, R.H.; Ding, X.; Chu, C.K.; Lai, J. Conditional proxy re-encryption secure against chosen-ciphertext attack. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, Sydney, Australia, 10–12 March 2009; pp. 322–332. [Google Scholar]
Symbols | Explanations |
---|---|
k, p, q, n | The system parameters; |
The key pair of data | |
The public key of the App | |
The public key of the primary user and CCS | |
m | The data collected by the smart watch |
The ciphertext of m under | |
The ciphertext of m under PK | |
The ciphertext of m under homomorphic computing | |
The re-encrypted ciphertext of m | |
t | The threshold of the system |
The decryption key | |
The encrypted key by CP-ABE | |
N | The quantity of data |
n | The length of data |
The number of attributes |
Qualcomm Snapdragon Wear 2100 Chip | Smart Phone with Android 7.0 | Cloud | |
---|---|---|---|
Encrypt the data | 48.12 ms | 56.78 ms | 5.32 ms |
Homomorphic computing | − | − | 31.40 ms |
Decrypt the data | − | 24.56 ms | − |
Re-encrypt the data | − | − | 13.42 ms |
Key generation | − | 30.52 ms | − |
Total time | 48.12 ms | 111.86 ms | 50.14 ms |
© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Fang, L.; Li, M.; Zhou, L.; Zhang, H.; Ge, C. A Fine-Grained User-Divided Privacy-Preserving Access Control Protocol in Smart Watch. Sensors 2019, 19, 2109. https://doi.org/10.3390/s19092109
Fang L, Li M, Zhou L, Zhang H, Ge C. A Fine-Grained User-Divided Privacy-Preserving Access Control Protocol in Smart Watch. Sensors. 2019; 19(9):2109. https://doi.org/10.3390/s19092109
Chicago/Turabian StyleFang, Liming, Minghui Li, Lu Zhou, Hanyi Zhang, and Chunpeng Ge. 2019. "A Fine-Grained User-Divided Privacy-Preserving Access Control Protocol in Smart Watch" Sensors 19, no. 9: 2109. https://doi.org/10.3390/s19092109
APA StyleFang, L., Li, M., Zhou, L., Zhang, H., & Ge, C. (2019). A Fine-Grained User-Divided Privacy-Preserving Access Control Protocol in Smart Watch. Sensors, 19(9), 2109. https://doi.org/10.3390/s19092109