Attribute-based Access Control Scheme Research Articles

Attribute-Based Access Control Scheme for Secure Identity Resolution in Prognostics and Health Management

Attribute-Based Access Control Scheme for Secure Identity Resolution in Prognostics and Health Management

Privacy-Preserving Attribute-Based Access Control Scheme With Intrusion Detection and Policy Hiding for Data Sharing in VANET

Privacy-Preserving Attribute-Based Access Control Scheme With Intrusion Detection and Policy Hiding for Data Sharing in VANET

A Revocable and Fair Outsourcing Attribute-Based Access Control Scheme in Metaverse

A Revocable and Fair Outsourcing Attribute-Based Access Control Scheme in Metaverse

Flexible and secure access control for EHR sharing based on blockchain

With the rapid development of the healthcare industry, many Electronic Health Records (EHRs) have emerged in different healthcare centers. However, lots of personal medical data are stored directly in plaintext at a single healthcare center, which makes it suffer from the single point of failure and brings many security and privacy issues such as privacy information leakage or tampering. The combination of blockchain and attributed-based cryptography can effectively solve the above problems. Therefore, in order to enable flexible fine-grained access control and efficient data retrieval while achieving privacy protection, we employ the ciphertext-policy attributed-based encryption (CP-ABE) and ciphertext-policy attribute-based searchable encryption (CP-ABSE) to propose a hidden policy attribute-based access control scheme. In addition, we combine consortium blockchain and smart contract to provide secure and reliable search and outsourcing decryption. Finally, through the security analysis and experimental results, we demonstrate that our scheme is secure and efficient.

Attribute-based access control scheme for secure storage and sharing of EHRs using blockchain and IPFS

Attribute-based access control scheme for secure storage and sharing of EHRs using blockchain and IPFS

A traceable and revocable multi-authority attribute-based access control scheme for mineral industry data secure storage in blockchain

With the rapid advancements of the mineral industry, the data generated by this industry chain have increased dramatically. To reduce the growing pressure of data storage and security risks, we design a credible on-chain and off-chain collaborative dual storage system that integrates blockchain technology and Interplanetary file system (IPFS), also construct a traceable and revocable multi-authority ciphertext-policy attributed-based encryption (CP-ABE) algorithm to meet the demand of privacy protection and dynamic fine-grained access control. Furthermore, the multi-authority layered authorization with a central authority model distributes system overhead while enabling the platform can be regulated. More importantly, our scheme achieves accurate trace of the malicious users by white-box traceability and capable of implementing indirect immediate user and attribute revocation without requiring key or ciphertext updates. Finally, the proposed scheme is indistinguishably secure under chosen-plaintext attack (IND-CPA) in the standard model. And the performance analysis demonstrates that our scheme is feature-rich, practical and efficient.

A blockchain based access control scheme with hidden policy and attribute

Attribute-based access control, which can provide fine-grained and flexible privacy protection, is widely used in practice. Traditional attribute-based access control schemes require the intervention of a trusted third party, which will cause single point of failure. Due to its decentralized nature, blockchain is now considered as a promising way to solve the above issue. The basic idea of existing blockchain-based access control schemes is to code the access policy into a smart contract. However, the transparency of the blockchain makes it easier for the adversary to explore the public information to launch a privacy attack. In this paper, we propose an attribute-based access control scheme which benefits from the smart contract technology while ensuring the privacy of attributes and policies. An additive homomorphic cryptosystem is utilized to encrypt attributes and access policies. The scheme uses multiple blockchain nodes to collectively decrypt the data, and uses zero-knowledge proof technology to ensure the correctness of the decryption result. Therefore, the smart contract is able to make the authorization decision without actually seeing attributes or policies. We have implemented the proposed access control scheme on Hyperledger Fabric. Simulation results show that the computation overhead introduced by encryption/decryption and zero-knowledge proof is reasonable.

Blockchain-Enabled decentralized Attribute-Based access control with policy hiding for smart healthcare

With the rapid development of edge computing technologies, smart healthcare significantly improves people’s lives by collecting and analyzing health data in real time. However, security and privacy issues impede the wide deployment of smart healthcare systems (SHS). Most of existing solutions still have drawbacks with respect to computation efficiency and users’ privacy. In this paper, a blockchain-enabled attribute-based access control scheme with hidden policies is proposed for SHS. The scheme introduces multiple authorities to avoid single point failure. Especially, the mode of online-offline encryption relieves users’ online computation burden by transferring computation tasks to the idle time of users, and policy hiding protects users’ sensitive information. Furthermore, fair payments are realized based on blockchain and smart contracts to support the outsourcing of decryption between users and mobile edge computing servers. Finally, the proposed scheme is proven secure in the random oracle model, and experimental results show that it is computationally efficient and hence can be used in the edge computing environment.

AAC-IoT: Attribute Access Control Scheme for IoT Using Lightweight Cryptography and Hyperledger Fabric Blockchain

The Internet of Things (IoT) is an integrated environment as it merges physical smart objects to the Internet via wireless technologies to share data. The global connectivity of IoT devices brings the needs to ensure security and privacy for data owners and data users. In this paper, an attribute-based access control scheme for IoT (AAC-IoT) using Hyperledger Fabric (HLF) blockchain is proposed to address the security challenges. In the AAC-IoT scheme, data owners are registered and authenticated using identities, certificates and signatures. Data users, however, are registered with identities, certificates, signatures and physical unclonable function (PUF); then a credence score is computed for users to predict the originality during authentication. For access control, attribute-based access control (ABAC) is used, and the number of attributes is selected based on the sensitivity of the data. In accordance with the attributes count, the access control policies are generated. The novel concept of attribute count is determined from a fuzzy logic method using data type and preference. Hyperledger Fabric (HLB) blockchain is presented to manage meta-data and security credentials from data owners and data users, respectively, using a lightweight hashing algorithm. The AAC-IoT model using HLF blockchain is developed with Java programming language and iFogSim simulator. The performance metrics are measured based on latency, throughput and storage overhead, and the results show better outcome than the previous research work.

Attribute-based access control scheme for data sharing on hyperledger fabric

With the popularization of the IoT and big data, the application value of data has become increasingly prominent. Therefore, it is particularly important to ensure the legitimate use of privacy data in the process of data sharing through access control. Traditional schemes usually use a trusted central organization to implement access control. However, a fully trusted central organization does not exist, and the access process of centralized access control is also opaque. In order to solve these problems, in this paper, we propose a decentralized attribute-based and fine-grained access control scheme for data sharing on Hyperledger Fabric. Firstly, the encrypted data is stored on the InterPlanetary File System (IPFS) and the returned hash is saved in the blockchain, by virtue of the immutability of blockchain. Secondly, a decentralized fine-grained attribute-based access control through smart contracts to prevent unauthorized users from accessing data resource. Thirdly, the linear integer secret sharing algorithm is used to achieve symmetric key sharing among multiple attributes to ensure the security of the key. Finally, the security analysis of the proposed scheme and the performance evaluation using the Hyperledger Caliper tool show the feasibility and effectiveness of the new scheme.

Multiauthority Attribute-Based Access Control for Supply Chain Information Sharing in Blockchain

Information sharing has become an important application in modern supply chain management systems with business technology development. Because traditional supply chain information systems have problems such as easy data tampering, low information transparency, and interaction delays, blockchain has been taken consideration into supply chain information sharing research. Furthermore, blockchain technology is expected to provide decentralized supply chain information sharing solutions to enhance security, availability, and transparency. However, with the in-depth study of the application of blockchain technology in supply chain information sharing, people have found that the data stored publicly in the blockchain are still threatened by privacy leakage. In addition, due to the openness and accessibility of the blockchain, the lack of fine-grained access control is also apparent. In order to improve the security of data, we propose a novel privacy-preserving multiauthority attribute-based access control scheme for secure blockchain-based information sharing in a supply chain. In this scheme, blockchain stores encrypted supply chain information on distributed nodes. Multiple attribute authorities manage different attributes of users to achieve fine-grained access control and flexible authorization. Even if some attribute authorities fail, the user’s private key will not be leaked. In user secret key generation, we adopt an anonymous key generation protocol to realize the secure distribution of user keys by the attribute authorities. Furthermore, in order to meet the protection of communication privacy between blockchain nodes, properties of policy hiding and identity hiding are considered. Finally, we design experiments to analyze the performance of our scheme, including secret key sizes and running time of encryption and decryption.

Fine-grained Access Control Method for Blockchain Data Sharing based on Cloud Platform Big Data

Blockchain technology has the advantages of decentralization, de-trust, and non-tampering, which breaks through the limitations of traditional centralized technology, so it has gradually become the key technology of power data security storage and privacy protection. In the existing smart grid framework, the grid operator is a centralized key distribution organization, which is responsible for sending all the secret credentials, so it is easy to have a single point of failure, resulting in a large number of personal information losses. To solve the problems of inflexible access control in smart grid data-sharing framework and considering the limitation of multi-party cooperation among grid operators and efficiency, an attribute-based access control scheme supporting privacy preservation in smart grid is constructed in this paper. A fine-grained access control scheme supporting privacy protection is designed and extended to the smart grid system, which enables the system to achieve fine-grained access control of power data. A decryption test algorithm is added before the decryption algorithm. Finally, through performance analysis and comparison with other schemes, it is verified that the performance of this system is 7% higher than the traditional method, and the storage cost is 9.5% lower, which reflects the superiority of the system. Full optimization of the access policy is achieved. It is proved that the scheme is more efficient to implement the coordination and cooperation of multiple authorized agencies in the system initialization.

A Non-Interactive Attribute-Based Access Control Scheme by Blockchain for IoT

As an important method of protecting data confidentiality in the Internet of Things (IoT), access control has been widely concerned. Because attribute-based access control mechanisms are dynamic, it is not only suitable to solve the dynamic access problem in IoT, but also to deal with the dynamic caused by node movement and access data change. The traditional centralized attribute-based access control mechanism has some problems: due to the large number of devices in IoT, the central trusted entity may become the bottleneck of the whole system. Moreover, when a central trusted entity is under distributed denial-of-service (DDoS) attack, the entire system may crash. Blockchain is a good way to solve the above problems. Therefore, we developed a non-interactive, attribute-based access control scheme that applies blockchain technology in IoT scenarios by using PSI technology. In addition, the attributes of data user and data holder are hidden, which protects the privacy of both parties’ attributes and access policy. Furthermore, the experimental results indicate that our scheme has high efficiency.

A Lightweight Attribute-Based Access Control Scheme for Intelligent Transportation System With Full Privacy Protection

The Intelligent Transportation System (ITS) provides more possibilities for the realization of smart cities by integrating the Internet of Things (IoT) and cloud computing. However, how to ensure security of IoT data stored in the cloud has become one of the biggest challenges at present. As a promising solution for realizing fine-grained access control, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can be used to ensure data security. However, the traditional CP-ABE schemes may leak privacy of ITS users. Moreover, due to their high computational overheads, the current privacy-preserving techniques are not suitable for IoT lightweight devices. To fill this gap, this article presents ABE-FPP, a lightweight attribute-based access control scheme with full privacy protection (FPP), which can achieve full privacy protection in the three key stages (i.e., key generation, access control, and partial decryption), while reducing consumption overhead on the user side. Specifically, to protect privacy during key generation, a lightweight two-party secure computing protocol between the user and the authority is designed to generate secret keys; to protect privacy during the access control policy setting, we present an efficient policy hidden strategy, which only reveals attribute names and efficiently hides attribute values; to protect privacy during partial decryption, we propose a hybrid authentication method that does not need to submit attribute values to the cloud. Moreover, to achieve lightweight computation for IoT devices, online/offline encryption and outsourced decryption are employed in ABE-FPP. Finally, formal security proofs show that our scheme is secure in the standard model. The asymptotic complexity analyses and experimental results demonstrate that the presented scheme achieves higher computation efficiency than the state-of-the-art ones.

An Access Control Scheme Supporting Privacy Protection Based on Blockchain and Attribute

With the large-scale application of cloud storage systems, lots of attribute-based access control (ABAC) schemes have been introduced to protect data and user security in this insecure environment. ABAC can make data owners control their own data and protect data security and privacy. However, there are two serious privacy leakage problems, namely user attribute privacy and policy privacy, should be solved in the process of constructing ABAC schemes. In this paper, an ABAC scheme supporting privacy protection is constructed, which can solve privacy leakage problems of user attribute privacy and policy privacy in large universe attribute system. Furthermore, a framework is proposed. The framework combines our ABAC scheme, the Ethereum blockchain and blockchain-based storage system. In this framework, the security characteristics of blockchain technology are used to realize decentralization, tamper-resistant and avoiding single point of failure. Besides, the problems of attribute revocation and policy updating are solved by smart contract on the Ethereum blockchain. Finally, we established an initial implementation on Linux and Rinkeby test network, and the experimental results show that our scheme is feasible.

An efficient attribute-based hierarchical data access control scheme in cloud computing

Security issues in cloud computing have become a hot topic in academia and industry, and CP-ABE is an effective solution for managing and protecting data. When data is shared in cloud computing, they usually have multiple access structures that have hierarchical relationships. However, existing CP-ABE algorithms do not consider such relationships and just require data owners to generate multiple ciphertexts to meet the hierarchical access requirement, which would incur substantial computation overheads. To achieve fine-grained access control of multiple hierarchical files effectively, first we propose an efficient hierarchical CP-ABE algorithm whose access structure is linear secret sharing scheme. Moreover, we construct an attribute-based hierarchical access control scheme, namely AHAC. In our scheme, when a data visitor’s attributes match a part of the access control structure, he can decrypt the data that associate with this part. The experiments show that AHAC has good security and high performance. Furthermore, when the quantity of encrypted data files increases, the superiority of AHAC will be more significant.

An efficient and outsourcing-supported attribute-based access control scheme for edge-enabled smart healthcare

In recent years, the continuous development of smart healthcare has brought substantial convenience to our lives, especially for emerging edge-enabled smart healthcare systems that transmit and store a large amount of medical data. However, if private health data of users are leaked or tampered with, it will cause enormous damage to users’ rights, even threatening the safety of their lives. Traditionally, attribute-based encryption (ABE) is used to encrypt data and implement fine-grained access control for such sensitive information. However, the computing overhead of traditional ABE is relatively large, and in an edge-enabled environment, the outsourcing part of encryption and decryption to the edge node can reduce the computing cost of resource-constrained devices for edge-enabled smart healthcare. However, current schemes are not efficient for resource-constrained devices and edge nodes. Therefore, an efficient ABE scheme is proposed that outsources part of the encryption and decryption to the edge nodes as well as supports attribute updates, enabling flexible right control. A formal security proof is provided, verifying that our scheme is secure under the Decisional Bilinear Diffie–Hellman assumption. The performance of our scheme is evaluated at different security levels, and the experimental results demonstrate that our scheme is more efficient for resource-constrained devices than the traditional ABE.

Efficient and Secure Attribute-Based Access Control With Identical Sub-Policies Frequently Used in Cloud Storage

Under the assumption of honest-but-curious cloud service provider, various cryptographic techniques have been used to address the issues of data access control and confidentiality in public cloud storage. Among which, attribute-based encryption (ABE) has been shown to be an attractive scheme. Although the technique of ABE brings in various benefits, its onerous overhead should not be ignored. In this article, based on an improved LSSS (linear secret sharing scheme) matrix expression integrated in CP-ABE (Ciphertext-Policy Attribute-Based Encryption) algorithm, we present an efficient and secure attribute-based access control scheme for the scenarios where multiple data are shared and encrypted with frequently used sub-policies. In the scheme, a user can store the parameters about a specific sub-policy in his/her first decryption, which can be reused in the subsequent data decryptions whose embedded access policies include the same sub-policy so as to significantly reduce the computation cost. Our proposed scheme is proved to be semantically secure under chosen plaintext attacks and can well preserve the confidentiality of the data sharing system. Our analysis and experimentation also show that our scheme does significantly reduce the decryption time and while trades in only very little storage overhead, and thus effectively promotes the efficiency.

An Attribute-Based Collaborative Access Control Scheme Using Blockchain for IoT Devices

The Internet of Things (IoT) benefits our lives by integrating physical devices to the real world and offers a crucial internet infrastructure for future civilization. Because IoT devices are widely distributed and restricted in resources, it is difficult for them to adopt traditional security methods to resist malicious attacks. Unauthorized access to IoT devices, which results in severe privacy and security problems, has become a major challenge that has impeded IoT technology from being widely adopted. Therefore, the access control for IoT devices urgently needs to be improved when dealing with authorization issues. In this paper, we propose an attribute-based access control scheme that provides decentralized, flexible, and fine-grained authorization for IoT devices. Blockchain is utilized to provide authentic and reliable credentials. More importantly, a verifiable collaboration mechanism is designed to meet the needs of controlled access authorization in emergencies. Authority nodes are constructed to execute major computation tasks and interact with the blockchain. The security analysis shows that our scheme can reliably guarantee the security of authorized access. More than security assurance, a proof-of-concept prototype has been implemented to prove that our scheme is scalable, efficient, and accommodates IoT devices well.

A Scalable Attribute-Based Access Control Scheme with Flexible Delegation cum Sharing of Access Privileges for Cloud Storage

Nowadays cloud servers have become the primary choice to store and share data with multiple users across the globe. The major challenge in sharing data using cloud servers is to protect data against untrusted cloud service provider and illegitimate users. Attribute-Based Encryption (ABE) has emerged as a useful cryptographic technique to securely share data with legitimate recipients in fine-grained manner. Several solutions employing ABE have been proposed to securely share data using cloud servers. However, most of the solutions are data owner-centric and focus on providing data owner complete control on his outsourced data. The existing solutions in cloud computing fail to provide shared access privileges among users and to enable cloud users to delegate their access privileges in a flexible manner. In order to simultaneously achieve the notion of fine-grained access control, scalability and to provide cloud users shared access privileges and flexibility on delegation of their access privileges, we propose a scalable attribute-based access control scheme for cloud storage. The scheme extends the ciphertext policy attribute-based encryption to achieve flexible delegation of access privileges and shared access privileges along with scalability and fine-grained access control. The scheme achieves scalability by employing hierarchical structure of users. Furthermore, we formally prove the security of our proposed scheme based on security of the ciphertext-policy attribute-based encryption. We also implement the algorithm to show its scalability and efficiency.