As a versatile technique, cloud-fog computing extends the traditional cloud server to offer various on-demand data services. Maintaining data confidentiality is one of the most crucial requirements for data services, many cryptosystems have been proposed to reserve information privacy against such an untrusted environment. However, in cloud-fog computing, how to confidentially and efficiently share data and fetch desirable data without expensive data decryption for resource-constrained end-devices is challenging. In this paper, we propose a cloud-fog system for the Internet-of-Things (IoT) ecosystem by introducing a cryptographic primitive called server-aided revocable bilateral attribute-based encryption (SRB-ABE). Our solution is a secure and lightweight bilateral access control system with dynamic user groups, including (1) fine-grained data user and data owner access control simultaneously; (2) outsourced data source identification; (3) server-aided user revocation with publicly updatable ciphertexts; and (4) lightweight data decryption mechanism with one exponentiation computation. We present the formal definition and concrete construction of SRB-ABE with security proofs to build cloud-fog systems. The extensive comparison and experimental analysis demonstrate that our construction has superior functionality and comparable performance than the most relevant solutions.

中文翻译：

---

服务器辅助的双边访问控制，用于与动态用户组安全共享数据


作为一种通用技术，云雾计算扩展了传统云服务器以提供各种按需数据服务。维护数据机密性是数据服务最关键的要求之一，已经提出了许多密码系统来针对这种不可信的环境保留信息隐私。然而，在云雾计算中，如何在资源有限的终端设备上保密、高效地共享数据并获取所需的数据而不需要昂贵的数据解密是一项挑战。在本文中，我们通过引入一种称为服务器辅助可撤销双边属性加密（SRB-ABE）的加密原语，提出了一种用于物联网（IoT）生态系统的云雾系统。我们的解决方案是一个安全、轻量级的具有动态用户组的双边访问控制系统，包括（1）同时进行细粒度的数据用户和数据所有者访问控制； （二）外包数据来源标识； (3) 使用可公开更新的密文进行服务器辅助的用户撤销； (4)具有一次求幂计算的轻量级数据解密机制。我们提出了 SRB-ABE 的形式定义和具体构造，并提供了构建云雾系统的安全证明。广泛的比较和实验分析表明，我们的结构比最相关的解决方案具有卓越的功能和可比的性能。