Secure Data Sharing Scheme Based on Dual Attribute Conversion for Cloud-Assisted IoT

The Internet of Things (IoT) often relies on the cloud services for data sharing. To ensure the confidentiality of data, proxy re-encryption (PRE) is always applied when encrypting outsourced data. However, the existing conditional PRE schemes lack support for attaching weights to conditions, thus limiting the flexibility of re-encryption privilege management. To address this issue, we propose a cloud-sharing scheme based on the dual attribute conversion (DAC-CSS) specifically designed for IoT applications. The DAC-CSS scheme utilizes PRE techniques to convert identity-based encryption (IBE) ciphertext into attribute-based encryption (ABE) ciphertext. We design the condition policies for PRE based on the data attributes and their weights. This allows the proxy to convert only the IBE ciphertext that satisfies the conditions and generates ABE ciphertext. We construct user access policies based on the user attributes and their weights to ensure that only users satisfying the access policies can decrypt the ABE ciphertext. Based on the extended decisional parallel bilinear Diffie-Hellman exponent (EDPBDHE) assumption, we prove that the proposed scheme achieves security against adaptively chosen ciphertext attacks based on the access policy and identity selection (selective-CCA2) under the random oracle model (ROM). The experiments demonstrate that the proposed scheme gains high computational efficiency.