Skip to main content

Research Repository

Advanced Search

Footsteps in the fog: Certificateless fog-based access control

Frimpong, Eugene; Michalas, Antonis; Ullah, Amjad


Eugene Frimpong

Antonis Michalas


The proliferating adoption of the Internet of Things (IoT) paradigm has fuelled the need for more efficient and resilient access control solutions that aim to prevent unauthorized resource access. The majority of existing works in this field follow either a centralized approach (i.e. cloud-based) or an architecture where the IoT devices are responsible for all decision-making functions. Furthermore, the resource-constrained nature of most IoT devices make securing the communication between these devices and the cloud using standard cryptographic solutions difficult. In this paper, we propose a distributed access control architecture where the core components are distributed between fog nodes and the cloud. To facilitate secure communication, our architecture utilizes a Certificateless Hybrid Signcryption scheme without pairing. We prove the effectiveness of our approach by providing a comparative analysis of its performance in comparison to the commonly used cloud-based centralized architectures. Our implementation uses Azure – an existing commercial platform, and Keycloak – an open-source platform, to demonstrate the real-world applicability. Additionally, we measure the performance of the adopted encryption scheme on two types of resource-constrained devices to further emphasize the applicability of the proposed architecture. Finally, the experimental results are coupled with a theoretical analysis that proves the security of our approach.

Journal Article Type Article
Acceptance Date Jul 31, 2022
Online Publication Date Aug 6, 2022
Publication Date 2022-10
Deposit Date Aug 15, 2022
Publicly Available Date Aug 15, 2022
Journal Computers & Security
Print ISSN 0167-4048
Publisher Elsevier
Peer Reviewed Peer Reviewed
Volume 121
Article Number 102866
Keywords Access control, Fog computing, Attribute-based access control, Internet of things, Certificateless cryptography
Public URL


You might also like

Downloadable Citations