Auditable and dynamic access control scheme with behavior and identity tracing

Abstract

Ciphertext policy attribute-based encryption (CP-ABE) is a potential solution to security sharing issues since it offers one-to-many encryption and fine-grained access control. To prevent users from disclosing their access permissions, traceable CP-ABE schemes are emerging. However, the current traceable CP-ABE schemes still have some security problems, such as impromptu attribute retracting, unreliable tracking, and easy disclosure of access policy privacy, making it essential to implement dynamic data security sharing and malicious user auditing. To address these issues, we propose an auditable and dynamic access control scheme with behavior and identity tracing. The scheme first uses an access tree with hidden leaf nodes to express the access policy, improving the flexibility and security of access control. Secondly, the Blockchain and InterPlanetary File System (IPFS) frameworks perform the audit authentication and store the ciphertext, policy, and public keys to avoid tampering with shared data. Furthermore, to prevent users from leaking their decryption keys, a tracing algorithm based on white-box traceability is developed. On this basis, an authority update algorithm is proposed to revoke the malicious user’s permission immediately and update the decrypted key for unrevoked users. An auditable smart contract based on blockchain is proposed to prevent user denial. Finally, theoretical analyses prove that the proposed scheme not only achieves traceability, revocation, authority updating, policy hiding, and audit, but also guarantees security under a chosen plaintext attack model. Experiments demonstrate that our proposal reduces the key generation time by 22.6%, the encryption and decryption time by 39.2% and 59.8%, and the storage costs of ciphertext and private key are reduced by 12.1% and 5.6% over existing schemes.