AADEC: Anonymous and Auditable Distributed Access Control for Edge Computing Services

Abstract

Edge computing is an emerging distributed computing concept that allows edge servers to provide authorized consumers with various on-demand services. Due to highly dynamic and untrustworthy network environments, various potential security concerns (e.g., unauthorized access, data manipulation, and privacy leakage) have been the critical factors restricting the development of edge computing. A recent heterogeneous framework proposed by Dougherty et al. (CCS’21), named APECS, deploys token-based authorization and multiple attribute-based encryption (MABE) to guarantee access control and data confidentiality. While APECS achieves a secure asynchronous access control without the “always-on” cloud, it suffers from privacy leakage (caused by the public identity information) and fake data spreading issues (due to the data confidentiality). In this paper, we propose an Anonymous and Auditable Distributed Access Control Framework for Edge Computing (AADEC) to relieve these issues. AADEC is based on two building blocks that we designed, namely a conditional anonymous authentication and an auditable MABE with optimized performance. We also define the formal security models and present security proofs for our proposal. The final qualitative comparison and performance benchmark demonstrate that AADEC can achieve a trade-off among anonymity, confidentiality, auditability and efficiency.