Comment on “Secure Data Access Control With Ciphertext Update and Computation Outsourcing in Fog Computing for Internet of Things”

In this comment paper, we point out a security flaw in a data access control system which is built on ciphertext-policy attribute-based encryption (CP-ABE) and attribute-based signature schemes. In particular, we show that the underlying CP-ABE is vulnerable to the collusion attack. As a result, malicious users can collaborate to decrypt a ciphertext, which they are not authorized to decrypt.