Efficient and fine-grained access control with fully-hidden policies for cloud-enabled IoT

Ciphertext-Policy Attribute-Based Encryption (CP-ABE) enables fine-grained access control on ciphertexts, making it a promising approach for managing data stored in the cloud-enabled Internet of Things. But existing schemes often suffer from privacy breaches due to explicit attachment of access policies or partial hiding of critical attribute content. Additionally, resource-constrained IoT devices, especially those adopting wireless communication, frequently encounter affordability issues regarding decryption costs. In this paper, we propose an efficient and fine-grained access control scheme with fully hidden policies (named FHAC). FHAC conceals all attributes in the policy and utilizes bloom filters to efficiently locate them. A test phase before decryption is applied to assist authorized users in finding matches between their attributes and the access policy. Dictionary attacks are thwarted by providing unauthorized users with invalid values. The heavy computational overhead of both the test phase and most of the decryption phase is outsourced to two cloud servers. Additionally, users can verify the correctness of multiple outsourced decryption results simultaneously. Security analysis and performance comparisons demonstrate FHAC's effectiveness in protecting policy privacy and achieving efficient decryption.