Accountable and Revocable Large Universe Decentralized Multi-Authority Attribute-Based Encryption for Cloud-Aided IoT

Abstract

The data collected, stored, shared, and accessed across different platforms in the dynamic IoT is mostly confidential and privacy-sensitive. Data security and access control issues urgently need to be addressed. Multi-authority attribute-based encryption (MA-ABE) is seen as a potential solution for addressing data access control security concerns in the dynamic IoT since it allows for dynamic access control over encrypted data. However, the existing key abuse problem is severely destroying the security access control of MA-ABE. The existing accountable attribute-based encryption schemes only support small attributes (users) universe and single authority. Moreover, they do not support revocation. Some schemes are inefficient since they are constructed in the composite order bilinear group. In this article, the author proposes the first accountable and revocable large universe decentralized multi-authority attribute-based encryption scheme with outsourcing decryption based on prime order bilinear groups. The proposed scheme allows for the dynamic capacity expansion of attributes, users, and authorities. An audit mechanism is given to judge if the suspicious key was leaked by a malicious user or by authorities and to determine the identity of the leaker. The malicious user who divulges key can be punished by user-attribute revocation. The revocation mechanism is resistant to collusion attacks undertaken by revoked users and non-revoked users. Meanwhile, it satisfies the requirements of forward and backward security. The proposed scheme is static security in the random oracle model under the q-DPBDHE2 assumption. To save resources, the outsourced decryption module is optional for users with restricted resources. According to the results of the performance analysis, it is suited for large-scale cross-domain cooperation in the dynamic cloud-aided IoT.