Enabling privacy and leakage resistance for dynamic blockchain-based access control systems

Abstract

With rise of 5G/6G network, low-storage devices usually outsource data for higher rate and less latency. Non-controlled outsourcing and complex communications incur security issues for IoT applications. Specially, user privacy and access reliability pose technical challenges for sensitive data outsourcing and sharing. In this paper, we harmonize functional encryption and blockchain to propose a reliable and privacy-aware access control system named R-PAC. It allows a result-form access without learning raw information and fair interaction against malicious users. With a combination of all-or-nothing encapsulation technology, R-PAC supports users’ dynamic joining and key leakage resistance. We design R-PAC from Boneh–Franklin identity-based encryption, with forward-coverable encryption and reverse-discoverable decryption, and formally prove its indistinguishability security. We implement a R-PAC prototype and deploy it to a simulated Ethereum network to evaluate its performance. Experiments from both data access and transaction overhead show that R-PAC is with reasonable cost and has a trade-off between efficiency and strong security/functionality.