The evolution of communication technologies, exemplified by the Internet of Things (IoT) and cloud computing, has significantly enhanced the speed and accessibility of Public Safety (PS) services, critical to ensuring the safety and security of our environment. However, these advancements also introduce inherent security and privacy challenges. In response, this research presents a novel and adaptable access control scheme tailored to PS services in cloud-supported IoT environments. Our proposed access control protocol leverages the strengths of Key Policy Attribute Based Encryption (KP-ABE) and Identity-Based Broadcast Encryption (IDBB), combining them to establish a robust security framework for cloud-supported IoT in the context of PS services. Through the implementation of an Elliptic Curve Diffie-Hellman (ECDH) scheme between entities, we ensure entity authentication, data confidentiality, and integrity, addressing fundamental security requirements. A noteworthy aspect of our lightweight protocol is the delegation of user private key generation within the KP-ABE scheme to an untrusted cloud entity. This strategic offloading of computational and communication overhead preserves data privacy, as the cloud is precluded from accessing sensitive information. To achieve this, we employ an IDBB scheme to generate secret private keys for system users based on their roles, requiring the logical conjunction ('AND') of user attributes to access data. This architecture effectively conceals user identities from the cloud service provider. Comprehensive analysis validates the efficacy of the proposed protocol, confirming its ability to ensure system security and availability within acceptable parameters.

翻译：通信技术的演进，以物联网和云计算为代表，显著提升了公共安全服务的速度与可及性，这对保障环境安全至关重要。然而，这些进步也带来了固有的安全与隐私挑战。为此，本研究提出了一种新颖且可扩展的访问控制方案，专门用于云支持物联网环境下的公共安全服务。所提出的访问控制协议融合了密钥策略属性基加密与身份基广播加密的优势，为公共安全服务场景下的云支持物联网构建了稳健的安全框架。通过实体间实施椭圆曲线Diffie-Hellman协议，我们确保了实体认证、数据机密性和完整性，满足了基本安全需求。该轻量级协议的一个显著特点是，将KP-ABE方案中用户私钥生成任务委托给不可信的云实体。这种计算与通信开销的战略性卸载在保护数据隐私的同时，避免了云访问敏感信息。为实现此目标，我们采用IDBB方案根据用户角色生成系统用户的秘密私钥，要求用户属性的逻辑与操作才能访问数据。该架构有效隐藏了用户身份，使其不被云服务提供商所知。全面分析验证了所提协议的有效性，确认其能在可接受参数范围内保障系统安全性与可用性。