Anonymous decentralized attribute-based access control for cloud-assisted IoT

Attribute-Based Encryption (ABE) has emerged as powerful cryptographic tools to bring fine-grained access control with widespread applications such as Cloud-assisted IoT data sharing. Subsequently, decentralized ABE with untrusted attribute authorities is proposed to remove the online Trusted Author...

Full description

Saved in:
Bibliographic Details
Published in:Future generation computer systems 2020-09, Vol.110, p.45-56
Main Authors: Nasiraee, Hassan, Ashouri-Talouki, Maede
Format: Article
Language:English
Subjects:
Attribute-based encryption
Cloud-assisted IoT
Decryption outsourcing
Hidden policy
Privacy
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Attribute-Based Encryption (ABE) has emerged as powerful cryptographic tools to bring fine-grained access control with widespread applications such as Cloud-assisted IoT data sharing. Subsequently, decentralized ABE with untrusted attribute authorities is proposed to remove the online Trusted Authority (TA). In the decentralized architecture, a user as a data customer (e.g., IoT-device) submits his attributes to the untrusted authorities to get the private keys. In the architecture, user’s privacy, against the untrusted authorities, is a significant challenge that must be ensured (e.g., E-health Cloud application). In this paper, we address the privacy issue in the decentralized ABE and propose a novel anonymous and decentralized attribute-based encryption in the standard model. It preserves the user’s anonymity against the authorities in an efficient manner. In our solution, we use cryptographic accumulators to verify the user’s attributes anonymously. Then, we include the accumulator in the ciphertext to ensure the ABE access control against unauthorized users. Moreover, in some applications, access structures (encryption/decryption policy) include sensitive information and should be obfuscated from everyone minus the users whose secret key attributes meet the access structures. To ensure the hidden policy, we propose an efficient and decentralized policy obfuscation technique to preserve the privacy of the policy against the Public Cloud Server (PCS). It is exciting for a decentralized environment where the authorities are untrusted and may collude with the PCS. To be applicable for IoT resource-constrained devices, we outsource the expensive decryption computation over powerful Cloud servers. Then, we formally analyze the security properties of the proposed scheme and conduct experimental results to show its efficiency. Finally, we briefly explain how the features of the proposal meet the requirements of some real-world applications. •We propose a decentralized anonymous ABE access control for data sharing applications.•We present a new light-weight approach to guarantee the user’s anonymity.•We present a new decentralized and pairing-free approach to ensure the privacy of access policy.•The proposed scheme efficiently offloads the expensive computation over Clouds.•We present some interesting nowadays applications for the proposed scheme.
ISSN:0167-739X
1872-7115
DOI:10.1016/j.future.2020.04.011