Everything Under Control: Secure Data Sharing Mechanism for Cloud-Edge Computing

Cloud-edge computing is a new paradigm for data sharing. Many computation tasks are assigned to multiple edge nodes to mitigate the computing burden of the cloud and data is also outsourced to them to provide real-time services for IoT devices. However, two major issues remain, namely data privacy and real-world deployment. According to the data privacy rights and principles that stated by General Data Protection Regulation (GDPR), data access control, restriction of data processing and finding inaccuracy data are critical issues that should be tackled in cloud-edge computing. Besides, since there are various types of devices and many of them are resource-constrained, how to efficiently apply deployment in cloud-edge computing is challenging for practice. In this work, we propose a new cryptographic primitive Controllable Outsourced Attribute-Based Proxy Re-Encryption (COAB-PRE) and a universal WebAssembly-based implementation framework for cross-platform deployment. In particular, COAB-PRE achieves bilateral and distributed access control whereby data producers and data consumers can both specify policies the other party must satisfy without a centralized access control server. The property, that we called controllable delegation, restricts the data processing on the edge nodes. COAB-PRE also supports comprehensive verifiability to find out a wrong result produced by the edge nodes and locate the misbehaved one. Moreover, we further discussed the potential property of COAB-PRE and put forward an improved scheme with high efficiency on devices. We also implemented our scheme using the approach and deployed it on different devices for experiment. All theoretical and experimental results indicate that our solution is secure and practical, and our implementation is suitable for cloud-edge computing.