Ecc-bAsed ScalablE Revocation(EASER) scheme for selective sharing in resource-constrained devices

IoT is one of the most promising technologies in modern industry. IoT devices are resource-constrained and hence require eﬃcient and lightweight encryption schemes to provide data security. Fine-grained selective access control is required to share sensitive data with diﬀerent stakeholders. There must be support for scalable revocation to revoke unsolicited users and provide uninterrupted access to valid users. In this paper, we pro-pose a novel lightweight E cc b A sed S calabl E R evocation (EASER) CP-ABE scheme. It extends an existing CP-ABE-CSSK to mitigate a key collusion attack and extends it for scalable revocation without any need for any redistribution of keys, re-encryption of ciphertext, or requirement of any revocation lists beforehand. EASER CP-ABE scheme is lightweight and pairing-free with constant -size secret keys. Detailed qualitative and quantitative analysis of the EASER CP-ABE scheme proves that it outperforms the existing related schemes with acceptable storage and computational overheads.


Introduction
IoT has gained widespread utility in the healthcare sector.Resource-constrained implantable medical devices can be engrafted within a person for continuous monitoring and logging various parameters inside the body (Jovanov et al, 2005;Ullah et al, 2012).There can also be battery-powered portable health sensors gathering vitals for the patient and mobile devices to retain health information on a health card.These IoT devices can retain the medical vitals of a patient and can share with the desired healthcare professionals for accurate diagnostics and rehabilitation (Tang et al, 2006) as discussed in subsection 1.1.Since this sector is relatively new and evolving, many challenges are to be solved before a smooth, reliable system exists.One such challenge is to ensure privacy and security in a data-sharing network.Healthbased IoT devices must encrypt all user's health data with limited access to any legal user.Standard encryption techniques such as symmetric and asymmetric algorithms can secure the data.However, both suffer from the drawback of sharing a common key with a group of users and lack selective access control.These encryption techniques are unsuitable for an environment where several users must access the encrypted data selectively based on their roles.
Attribute-Based Encryption (ABE) (Sahai and Waters, 2005) is a technique that efficiently supports oneto-many communication using public-key encryption.It defines a user's identity using a set of strings as descriptive attributes.ABE provides fine-grained access control of data by encrypting it with a set of attributes through which a data owner can specify the intended receivers.ABE schemes are classified into two variants : Key Policy Attribute-Based Encryption (KP-ABE) (Goyal et al, 2006;Sahai A, 2005;Attrapadung et al, 2011) and Ciphertext Policy Attribute-Based Encryption (CP-ABE) (Bethencourt et al, 2007).In a KP-ABE scheme, the user secret key associates with the access policy, while the ciphertext contains the attributes.The ciphertext can be decrypted by a secret key only if its access policy satisfies the ciphertext attributes.In a CP-ABE scheme, the user secret key contains the attributes while the ciphertext holds the access policy.A user can decrypt the ciphertext only if its secret key attributes satisfy the ciphertext's access policies.Since in CP-ABE schemes, the data owner has full control over access control, unlike the KP-ABE schemes where it has to trust the secret key distributor for accuracy of secret key policies, they are more suitable to provide fine-grained access control.
Many ABE schemes (Odelu et al, 2017b;Li et al, 2016Li et al, , 2017) ) use bilinear pairings, which are computationally expensive.However, some ABE schemes are pairing free and use RSA (Odelu et al, 2017a), or Elliptic Curve Cryptography (ECC) (Odelu and Das, 2016).The key storage overhead of ECC-based schemes is around onetenth of the RSA-based schemes.An ECC point multiplication is much more efficient than modular exponentiation or a bilinear mapping operation.Hence, due to an indispensable requirement of low storage and computational overheads, we consider the ECC-based ABE schemes in this paper.Qin et al (2020) proposed a constant-time decryption scheme for Vehicular Ad-hoc Networks by outsourcing the decryption computation to a third-party server.However, the scheme is based on KP-ABE, and it has complex system complexity, which is dependent on a thirdparty server for the majority of storage and calculations.Ding et al (2018) proposed an ECC-based Pairing Free (PF-CP-ABE) scheme, which uses an attribute authority server to generate keys and revoke a given user or a particular attribute.However, this method brings too much dependency upon the proxy server, which should, ideally, assist the decryption only partially.Sowjanya and Dasgupta (2020) proposed a CP-ABE scheme based on Elliptic Curve Cryptography without bilinear pairing for Wireless Body Area Networks denoted as the WBAN-CP-ABE scheme in this paper.The WBAN-CP-ABE scheme (Sowjanya and Dasgupta, 2020) provides a similar feature of user revocation using a third-party server, putting many dependencies on the server.Odelu and Das (2016) proposed a CP-ABE-based Constant Sized Secret Key (CP-ABE-CSSK) scheme in an ECC setting with linear time complexity for both encryption and decryption.It provides constant storage for secret keys and is pairing-free.However, it is susceptible to key collusion attack (Herranz, 2017) due to the lack of entropy in the user secret keys.
Table 4 provides a detailed comparison between different ECC-based CP-ABE schemes for features and computational overheads, respectively.Although all the schemes offer linear time complexity for both encryption and decryption, the WBAN-CP-ABE scheme (Sowjanya and Dasgupta, 2020) has the least encryption time while the CP-ABE-CSSK scheme (Odelu and Das, 2016) has the least decryption time.For portable IoT devices where the read-to-write ratio is very high for a one-to-many broadcast system, we need efficient decryption with the least storage required for secret keys, while a slightly higher encryption overhead is tolerable.Hence, we consider extending the CP-ABE-CSSK scheme (Odelu and Das, 2016) in this paper.
Also, a secure resource-constrained system needs to have an efficient mechanism to revoke unsolicited users from the system without disrupting legitimate users' functioning (Sethia et al, 2017).Conventional methods require complete re-encryption and redistribution of keys, which becomes a bottleneck for the whole system, and interrupts access to valid users.None of the previous ECC-based CP-ABE schemes support scalable revocation (Sethia et al, 2017) which is essential for uninterrupted access to resource-constrained IoT devices.

Architecture
To further elaborate the requirement for selective sharing of health data and scalable revocation, we consider a healthcare system where different stakeholders get selective access to health information using resource-constrained medical devices, such as wearable health sensors and Fig. 1: Architecture for selective access from resource-constrained health devices healthcard on the patient mobile device.Fig. 1 represents the architecture of the proposed healthcare system.
In this architecture, the system administrator assigns roles to each stakeholder and distributes their respective secret keys.It encrypts and stores the patient's healthrelated data in the patient's smartphone or the associated health sensors.A stakeholder can access the health information from the patient mobile device using lowenergy wireless communication such as Bluetooth or Near Field Communication (NFC).After securing access to the health device's encrypted data, the stakeholder requests the Proxy server for proxy components required for partial decryption and scalable revocation.The proxy server retains the revocation list and sends the proxy component according to the revocation status of the user.The proxy component, when invalid, denies access to revoked users through the failure of the decryption process.It secures devices from adversaries and also allows uninterrupted access to valid users.

Our Contribution
The primary contributions made in this paper are as follows : -Design and implementation of a novel lightweight proxy-based CP-ABE scheme called the Ecc bAsed ScalablE Revocation (EASER) CP-ABE scheme for resource-constrained IoT and smart-card devices.It uses a proxy server to support partial decryption for scalable revocation (Sethia et al, 2017).It can revoke malicious users without interrupting valid users' access to medical devices.-Mitigate an existing key collusion attack (Herranz, 2017) on the CP-ABE-CSSK (Odelu and Das, 2016) scheme.
-Detailed security analysis for the proposed EASER CP-ABE scheme.-Use cases where the EASER CP-ABE scheme can best utilise the scalable revocation feature with selective access control for portable resource-constrained IoT devices.-Detailed performance analysis of the EASER CP-ABE scheme to illustrate its lightweight feature.

Organization of paper
Section 2 presents the construction of the proposed EASER CP-ABE scheme.Section 3 gives a use case demonstrating a possible scenario where our scheme can prove to be effective.Section 4 gives a brief explanation of the existing key-collusion attack (Herranz, 2017), which we have mitigated in our EASER CP-ABE scheme.Section 5 discusses the analysis of our scheme against Chosen Ciphertext Attack (CCA), key-collusion attack, and replay attacks.Section 6 and section 7 concludes the paper with a quantitative analysis and conclusion respectively.

Proposed EASER CP-ABE Scheme
This work proposes a novel lightweigth Ecc-bAsed ScalablE Revocation (EASER CP-ABE) scheme.It improves Odelu and Das (2016)'s CP-ABE-CSSK scheme for a key collusion attack (Herranz, 2017) and also extends it to provide Scalable Revocation (Sethia et al, 2017).It uses a trusted Main Server and a Proxy Server.
Table 1 enumerates the notations for the proposed EASER CP-ABE scheme.

Proxy Server
The proxy server contains partial secret keys of all users interacting with the system.It also maintains a list of all revoked users.Whenever a user tries to de-Fig.2: Flow of events for partial decryption by Proxy Server crypt, it must obtain a proxy component from the proxy server to complete the decryption process.The proxy components cause the failure of decryption for only revoked users.The proxy server delivers the proxy component to a user via a secured channel which is encrypted using a mutually generated session key.The proposed EASER CP-ABE scheme prevents replay attacks by using challenge-response between the proxy server and a user.Algorithm 1 shows how a user device seeks ciphertext from a portable device, along with proxy component from the proxy server, to access data.Fig. 2 further illustrates the flow of events for decryption with the help of the Proxy server.

Phases of the EASER CP-ABE scheme 2.2.1 Setup Phase
The setup phase is the initialisation phase.The size n of the universe of attributes U identifies how many different attributes are present in the secret keys and the ciphertext.A bit 1 or 0 denotes whether an attribute is present or absent respectively in the key; n = 4 signifies four attributes in a user's key and system policy that encrypts the data.A sample attribute definition can be {'IT Professional?','joined before march 2016?', 'In an ongoing project?', 'Access to top-secret files?' }.A sample attribute set can be A = {1 0 1 0}.In the same way a sample policy for encryption can be P = {0 0 1 0}.In this case, since the attributes satisfy the given access policy, the user with this attribute set can successfully decrypt the ciphertext.If the policy is P = {0 1 1 0}, then the user will not be able to decrypt since the attribute set A does not satisfy the Policy P. Steps : 1. Choose the parameters for an Elliptic Curve group G = {p, E p (a, b), P }, where P is the base point on the curve and p is some large prime number which defines the field Z p of the curve.The order of the curve generated must be prime in order to allow ECC scalar division.2. Within the finite field of p generate three random numbers α, k 1 and k 2 such that {α, k 1 , k 2 } = 0. Calculate the following ∀i ∈ 0, 1 . . .n : ) where σ is some large random number, M is the message to be encrypted, | x | denotes the length of a string x.

Using the above values generate the Global Secret
Key (GSK ) and the Global Public Key (GPK ) ∀i ∈ 0, 1, . . ., n as follows:

KeyGen Phase
This phase assigns user id (uid j ) to the user j.It takes as input the GSK, the GPK and the credentials of a user to generate a user secret key k p corresponding to each uid j .
1. Let A = {a 1 , a 2 , . . ., a n } be the attribute set for the user.Compute : 3. Send the user id uid j and third user secret key as the component to the proxy server.The user's secret key k u will be k u = {u 1 , u 2 }. 4. Output the complete key k p as k p = {uid j , k u , A}.

Encryption Phase
It takes the plaintext, access policy, and GPK as input.Standard AES algorithm encrypts the plaintext, and the EASER CP-ABE scheme encrypts the AES key. 1. Generate a random AES key K and use it to encrypt the input plaintext to produce an AESciphertext. 2. Generate a random number σ and another random number σ m ∈ {0,1} | σ | .3. Compute the following: 4. For the access policy P = {b 1 , b 2 , . . ., b n } , compute the following: The polynomial function f (x, P) is of degree at-most n.Let f i denote the coefficient of x i in f (x, P) . 5. Compute the following: The decryption phase modifies the Odelu and Das (2016)'s CP-ABE-CSSK scheme's decryption phase for scalable revocation.It takes as input the ciphertext and a user's secret key to generate the AES key K.The AES key then decrypts the ciphertext and generates the original plaintext message.
1.If access policy P is not a subset of the attribute set A, then abort.2. Compute the values U and V as follows: = (r u + k 1 f (α, A))(r m k 2 f (α, P)P ) 3. Send U , V along with uid to the proxy server.The proxy server sends a proxy component Q back to the user to assist partial decryption and scalable revocation.
Proxy Server: It generates a proxy component and sends them to the client device to grant necessary access permissions.The proxy server maintains a list of user ids as well as a portion of their secret key components (u 3 • f (α, A)) as discussed in the KeyGen phase 2.2.2.The proxy server does the following to generate the proxy component: 3.2.The proxy server checks if the user id uid j is registered and has not been revoked.
-Case No Revocation For a valid user, calculate proxy component Q as: where is the partial key of the user, which is stored on the proxy server and F (α) = f (α,P) f (α,A) .The proxy server uses the users's stored key to compute and return the proxy component Q to the client.
-Case Revocation If user id uid j is present in the revocation list, compute proxy component Q as : where B is some random number = u 3 f (α, A).
Return Q to the user so that decryption fails, as shown in point 6.
4. Evaluate the expression for F (x) as: Let F i be the coefficient of x i in F (x). Since P ⊆ A, F 0 ≥ 1. 5. Calculate the value of W using the expression: Invalid proxy component for revocation ′ is the original K, else abort with failure status.8. Treat the obtained K ′ as the AES-key to decrypt the ciphertext, given as input in the Decryption Phase, to produce the expected original file.
Algorithm 3 summarizes the steps required in the decryption phase.

Use case
The COVID-19 pandemic brought new instances of security threats within the premises of the smart healthcare sector.Today, a single complete medical profile data is worth more than an individual's social security details.Several security breaches have leaked medical data impacting numerous people.The EASER CP-ABE scheme (Fig. 1) can prove to be vital in securing medical devices and medical data in a resource-constrained environment.By employing selective data access, the attack surface of the whole system narrows down.Also, if a stakeholder is no more a valid user, the efficient user revocation functionality easily restricts that user from further accessing any data in the system.

Application of EASER CP-ABE scheme
A patient's smart-card-based portable health folder (Sethia et al, 2014) can contain data in the form of prescriptions, reports, medication lists from different hospitals as well as body sensors as shown in the architecture in Fig. 1 in section 1.A valid health professional can access the data as per the authorized roles.Consider various sample stakeholders : Nurse, Doctor, Lab Technician, Pharmacist, and Emergency; who can access the health data from medical devices directly.Table 2 describes a sample role-based access structure in which various stakeholders have varying read/write access to data from different sections of the health data.The EASER CP-ABE scheme encrypts the health data to differentiate between a read and a write request using the method proposed by Sethia et al (2017).Say, a Patient (P) arrives at a hospital complaining of restlessness and chest pain.A nurse(N) first reads about P 's past diseases and her medicines, using her secret keys.After measuring P 's temperature and updating the vitals, the assigned doctor (D) immediately recommends a COVID-19 and other lab tests.A lab technician (L) performs the test and writes the data to P 's healthfolder using his secret keys.After confirming a case of COVID-19, D writes the findings into the Diseases section and introduces P to the first batch of medication using his write access for the Medicines section.A pre-configured robot (R) delivers the prescribed medicines on time to P and sanitise her room regularly.Note that R has no access to read lab reports or different diseases a patient was/is suffering.The same goes for a Pharmacist who has minimal access to any of the patient's health data.The whole process of reading/modifying private data can be made contactless using NFC-based modules or Bluetooth.
Table 3 provides a sample write-policy which, when combined with AND-based access-tree structure, will create a restrictive environment for data similar to the situation depicted above.If the policy {01001} encrypts the Disease section, then only the doctor can decrypt it using its attribute set {1111}.Any stakeholder can be revoked and denied access to the medical information by the system administrator, who can request the proxy server to mark that person as revoked.As explained in section 2.2.4, the proxy server provides the wrong proxy component to a revoked user leading to failure in data decryption.Hence, the proposed EASER CP-ABE scheme allows scalable revocation and uninterrupted access to valid users by fulfilling all constraints for scalable revocation.
4 Attack on CP-ABE-CSSK (Odelu and Das, 2016) scheme Herranz (2017) demonstrated how Odelu and Das (2016)'s CP-ABE-CSSK scheme is vulnerable to key collusion attack by a group of attackers.This attack permits the adversaries to collude existing secret keys to generate a new valid key.
In the CP-ABE-CSSK scheme, a user secret key has two components u 1 and u 2 as : becomes the final user secret key.According to Herranz (2017), the secret key k u lacks enough randomness i.e. despite r u and t u being random, the final values u 1 and u 2 are not independent as shown in equation 33.
The adversary makes two queries in the form of equation 33 to compute X = − k2 k1 (mod p) and The attack is divided into three steps: 1. Obtain values of X and Y A Make queries for attribute sets A 1 , A 2 and A 3 and compute sets (X,Y A1 ), (X,Y A2 ) and (X,Y A3 ).
2. Generate Y B using Y A 's As the function f (x, A) is product of multiple terms, for different attribute sets, we can combine them to compute new f () values.Say, if n = 3, P = {100} and A 1 = {001}, A 2 = {110}, A 3 = {010}.For an attribute set B = {101}, which satisfies the policy P, the following equality holds : Use the value of (X, Y B ), to generate the secret key k u by choosing a random value of u 1 and generate u 2 using equation 33.(b) Use this secret key to perform successful decryption of the ciphertext.The proposed EASER CP-ABE scheme mitigates this attack as discussed in the following section 5.

Selective Game
CP-ABE selective game proves the security strength of corresponding CP-ABE schemes.The Chosen Ciphertext Attack (CCA) test for indistinguishability of two messages encrypted using a CP-ABE scheme under a chosen-plaintext attack (IND-CPA).The game between an adversary A and a challenger B is similar as in the CP-ABE-CSSK scheme (Odelu and Das, 2016): -Initialisation: A declares an n-bit challenge access policy P' using which the encryption is to be performed.-Setup: B runs the Setup phase to obtain the (GSK, GPK) pair.It then sends the GPK to A .-Query: A can make multiple queries for decryption keys k u i corresponding to attribute sets A 1 , A 2 , . . ., A ω subjected to a condition that no attribute set should satisfy the access policy P'.-Challenge: A generates two plaintexts M 0 and M 1 having equal lengths and submits it for the challenge.B randomly chooses a bit b ∈ {0, 1} by flipping a fair coin and replies by sending the ciphertext generated after encrypting message M b with P'. -Query: The query is repeated multiple times with different attribute sets.
-Guess: A guesses b g , the value of b in the challenge round, and wins the game if b g = b.
In this game the advantage ǫ of A is defined by ǫ = P b g = b -1 2

Security against threats
We analyse the proposed EASER CP-ABE scheme's security, which is an extension to the CP-ABE-CSSK (Odelu and Das, 2016) scheme.The primary goal is to establish that this scheme is resistant to key collusion attacks.
-Security against key-collusion attack: EASER CP-ABE scheme fixes the attack Herranz (Herranz, 2017) in the CP-ABE-CSSK (Odelu and Das, 2016) scheme.The secret key k u = (u 1 , u 2 ) given to a user is calculated using the equations: where r u and t u are random values, k 1 and k 2 are system private keys common to all users and f (α, A) is a value constant for all users having the same attribute set A. By re-arranging the equations, we get Substituting X for − k2 k1 and k2 k1 r u + t u by γ we get In the equation 37, u 2 and u 1 is known to an adversary, X is constant but unknown while γ is variable for each user.For any system of l such equations, there will always be l + 1 unknowns.Hence, there is no deterministic way to solve for X.Also, the equations 34 & 35 form a system of l linear equations with l + 2 unknowns.Therefore, inorder to solve for k 1 and k 2 , the attacker needs to correctly guess r u , t u and f (α, A) which, given the large range of input possible, is highly improbable.As an another line of defense, the EASER CP-ABE scheme escrows a part of the user secret keys u 3 to the proxy server so that even if a group of attackers succeed in generating a new valid secret key k u , the corresponding u 3 will always be secure considering the absence of any method to determine all of r u , t u , k 1 and k 2 simultaneously to calculate u 3 as Hence, the proposed EASER CP-ABE scheme is secure from Key Collusion attacks.-Resistance to replay attacks: In the proposed EASER CP-ABE scheme, a secure HTTPS channel helps generate a session key between the User Device and the resource-constrained IoT portable Device.Both use the HTTPS session key to exchange challenge and response using a randomly generated NONCE.The portable device sends a challenge, including the nonce, to the proxy server via the user device.The proxy server then sends a response and the proxy components to the user device.The user device further keeps the proxy component and forwards the response to the portable device to validate it.The portable device validates the response to ensure there is no replay attack to access the ciphertext and then forwards the ciphertext to the user device.Hence, the User Device cannot replay the old proxy component to decrypt Portable Device's ciphertext.

Performance Analysis
This work implements the proposed EASER CP-ABE and the CPABE-CSSK (Odelu and Das, 2016) schemes on an Intel (R) Core (TM) i5-7200U CPU @ 2.50GHz quad-core processor.and equation ( 21) each contribute n + 2 multiplications.This way, for the Encryption phase, we have a total (3n − | P | + 5) ECC scalar multiplications.Since the encryption phase of the EASER CP-ABE scheme is similar to that of the CP-ABE-CSSK scheme, both schemes have an encryption time complexity of (3n − | P | + 5)T ecm G.
In the case of decryption, step 2 contributes two multiplications, and step 3.2 needs one multiplication (scalar division is effectively a modular inverse followed by scalar multiplication) for both revocation and no-revocation case; step 5 contributes (n − | P |), point 6 needs one, and step 7 needs additional two multiplications.This way, we have total (n − | P | + 6) ECC scalar multiplications in the decryption phase.
For performance comparison, let the number of attributes, n = 1000, the number of bits in A = 600 and the number of bits in P = 500.Table 5 uses these values and compares computation times for the different ECC-based CP-ABE schemes.The decryption time for EASER CP-ABE scheme is around the same or less than the other CP-ABE schemes and has the feature of Constant Sized Secret Keys and Scalable User Revocation.Fig. 3 illustrates the impact of the number of attributes on the execution times of the Encryption and the Decryption phase of various discussed CP-ABE schemes.For each number of attributes, n, we take the length of policy, | P |, as half of the corresponding n value i.e. n/2.Results indicate that the decryption time of the proposed EASER-CP-ABE scheme is very similar to CP-ABE-CSSK scheme (Odelu and Das, 2016) scheme.The WBAN-CP-ABE scheme (Sowjanya and Dasgupta, 2020) performs best in Encryption and worst in decryption.Since the work focuses on the feasibility of decryption on resource-constrained device that access the IoT device, lower decryption time is required.Also as compared to the other schemes, the dependency of EASER  CP-ABE Scheme on the third party server is minimal only for partial decryption.None of the other schemes except EASER-CP-ABE scheme support scalable revocation.
Table 6 compares the impact of the number of attributes on the storage for the user's secret keys.The WBAN-CP-ABE (Sowjanya and Dasgupta, 2020) and the PF-CP-ABE (Ding et al, 2018) schemes have key size linearly proportional to the number of attributes.Hence, for a moderately large value of n, the space requirement will become a bottleneck considering storage constraints on the portable IoT device.The proposed EASER CP-ABE scheme has constant-sized keys, which makes it well suited for practical portable resource-constrained IoT devices.
Hence, the proposed EASER CP-ABE scheme provides scalable revocation and attack mitigation.Furthermore, the minimal computational and storage overhead makes our proposed scheme very battery efficient for a resource-constrained device.

Conclusion and Future Scope
This paper presents an ECC-based lightweight EASER CP-ABE scheme for smart-card-based resource-constrained portable IoT devices to provide selective access-control and scalable revocation with the help of a proxy server.It provides uninterrupted access to valid users, even on the revocation of adversaries, without any overheads.Unlike previous ECC-based CP-ABE schemes, the EASER CP-ABE scheme has significantly less dependency on the server because it only stores a portion of the user's secret keys with minimal computations required to produce the proxy component required for each decryption.The EASER CP-ABE scheme uses ECC point multi-plication instead of complex bilinear-pairings, because of which the battery requirements are also low.It has constant-sized secret keys, limiting the storage requirement for each user's secret keys irrespective of the number of attributes defined in the system.The security analysis proves that the proposed scheme is resistant to key collusion attacks and replay attacks.The EASER CP-ABE can benefit the smart-medicare industry, where smart body-sensors continuously interact with multiple users and store all the real-time data into a personal portable smart-card-based health folder.Various healthcare professionals can access this data based on the roles they are designated.
In the future, we intend to implement the proposed EASER CP-ABE scheme on Single Board Computer (SBC) based Raspberry Pi and smart cards to fine-tune it further for practical applications and flexible user interaction.In addition, we also plan to introduce a mechanism for conditional authentication (Qin et al, 2020) which can serve both the purpose of integrity and authenticity in the system.
2. The user device and portable device generates a new session key K P S .3. Portable device generates challenge Ch = E(k P S , N S ), where N S : NONCE, E() : an encryption function, and sends it to the user device.4. The user device forwards the Challenge Ch and a request for the proxy component to the proxy server, which sends back the response R = E(K P S , N S − 1) and the respective proxy component.5. User device keeps the proxy component and forwards R to portable device.6. Upon successful validation of the response R, the portable device sends the ciphertext to the user device.7. User device proceeds with decryption of obtained ciphertext with the proxy component received in step 4. 8.The decryption completes if proxy component is correct, else aborts gracefully.

Fig. 3 :
Fig. 3: Comparison of execution time of (a) Encryption Phase and (b) Decryption Phase of the ECC-based CP-ABE schemes

Table 1 :
List of notations p (a,b),P} Algorithm 1 Proxy Component access algorithm Input: Connection request from a user device to a resourceconstrained portable IoT device.1. User device requests ciphertext from portable device.
Algorithm 2 Encryption algorithm Input: Plaintext, Access Policy, GPK 1. Generate a random AES key K to encrypt the input plaintext, and the EASER CP-ABE encrypts the AES key. 2. Generate a random number σ m .3. Compute r m , k m and f(x,P).4. Compute P m,i , K 1,m , K 2,m , C σ m and C m .6. Output the ciphertext C in a new file.2. Within the finite field Z p , generate two random numbers r u and t u .Compute the following values:

Table 2 :
Role-based read/write access to data for various stakeholders

Table 3 :
Sample Write-policy for various stakeholders

Table 4 :
Comparison of theoretical time complexity

Table 5 :
Comparison of computation times

Table 6 :
Comparison of Secret Key size for 80-bits of security