Service Outsourcing in F2C Architecture with Attribute-based Anonymous Access Control and Bounded Service Number

摘要

F2C (fog-to-cloud) enables service providers to rent the low-cost cloud/fog resources to publish their services, and the fog nodes, which are deployed at the edge, can provide short-latency service to users. However, new security threats come along with this new computing paradigm, where the access control and trusted payment are concerned in this work. We propose a privacy-preserving authentication scheme. By integrating k-times anonymous authentication (k-TAA) and attribute-based access control, in our proposed scheme, service providers can autonomously determine a fine-grained access policy and the maximal access times for authorized users. Thus, users who satisfy the access policy can receive benefits of this service for certain number of times without leaking any private information. Our authentication phase has a low latency because it is offloaded to the fog as what the service does. This paper presents a lightweight and trusted billing mechanism using Merkle Hash Tree (MHT), which can detect the cloud's service forgery with high probability, without costing too much of service provider's bandwidth and computation. Rigorous security analysis proves that the proposed scheme is secure against malicious users, fogs, and cloud, and the experimental results show the significant performance advantage on both the delay reduction and service providers' cost saving.