The rapid development of cloud and fog computing accompanied by the deployment of the Internet of Things (IoT) ensure big data collection from various sources, including humans, devices, and assets. The core of any smart city project is IoT, which is actually a three-tier service: data, devices, and connectivity, where big data is the center of the IoT environment. The biggest challenge to cloud and fog computing is not in technology, but in privacy and security. Thus, security issues become the prime target of all cloud system deployments, especially when the IoT scenario is in use. In cloud computing system environments, users should only access data if they possess a set of credentials. Various methods for enforcing such policies are aimed at employing trusted servers to store the data and execute access control. These scenarios have big obstacles regarding security: “if any server storing the data is compromised, then the confidentiality of the [whole set of] data will be compromised” too [1]. Further, the person in possession of the secret data should be able to choose an access policy based on specific knowledge of the underlying data. The person also may not know the exact identities of all other users who should be able to access the data, and the person only has “a way to describe them in terms of ... credentials” [1]. This type of expressive access control is traditionally used with a trusted server storing data locally. Although replicating data across networks has advantages in performance, this approach has no way of guaranteeing the security of data in the cloud using traditional methods.

The authors recognize the problem of traditional security models in using data remotely, and focus their study on new security paradigms. It should be noted that “most existing public key encryption methods allow a [security subject] to encrypt data to a particular user, but are unable to efficiently handle more expressive types of encrypted access control” [1]. There is room for another approach, known as ciphertext-policy attribute-based encryption, where a user’s private key is associated with an arbitrary number of attributes expressed as strings. When a security subject encrypts a message, it specifies an associated access structure over attributes. A user will only be able to decrypt a ciphertext if that user’s attributes pass through the ciphertext’s access structure.

Since data storage and cloud servers cannot be fully trusted, there is a need for new solutions for access control of cloud data. A smart city environment consists of a huge network of devices and humans connected to data servers; each has dedicated functions and credentials for specific devices or users. The authors effectively present “secure and efficient access control of cloud data for smart cities” using ciphertext policy attribute-based encryption. They find that “user and attribute revocation is a challenge issue in cloud storage systems” where users may change frequently. “To achieve flexible and efficient access control, [the authors propose] several schemes [for] proxy re-encryption.” Ensuring flexible and efficient access control is dominantly the subject of several security schemes based on ciphertext-policy attribute-based encryption. This issue is covered by the authors’ novel approach, providing a new mathematical model relating to the ciphertext-policy attribute-based encryption scheme. They improved the model, including previous works on proxy re-encryption. These works are about proxy re-encryption developed in practice, but the authors found that for efficient cloud data sharing and user revocation, some sort of proxy-assisted ciphertext-policy attribute-based encryption scheme should be introduced.

The authors present their approach and design of a new proxy-assisted multi-authority ciphertext-policy attribute-based encryption scheme with efficient decryption to realize data access control in cloud storage systems, and they designed an efficient user and attribute revocation method for it. They also concisely present an analysis of the performance, flexibility, and efficiency that their security model provides. Further, it is accompanied by a well-presented mathematical model, making this work a must-read for anyone involved in data security.