More edge users opt to use Internet of Things (IoT) devices to collect their data (e.g., health data, social data, e-governance data, etc.), which are stored in central cloud service providers (CSPs). However, this compromises data privacy and creates issues with collusion attacks. Current ciphertext-policy attribute-based encryption (CP-ABE) schemes with and without blockchain have only partially addressed these issues. Ongoing challenges remain to be resolved, including large-universe attribute management, secret key verification, and malicious attribute authorities (AAs) tracking. Therefore, we propose a decentralized access control scheme (namely BLUMA-CPABE) integrating blockchain with multi-authority ciphertext-policy attribute-based encryption (MA-CP-ABE). The scheme not only supports large-universe, policy hiding, and AAs tracking, but it also utilizes on- and off-chain mechanisms to alleviate the computation burden of the blockchain. In addition, we develop a verifiable key distribution approach in which AAs are configured as blockchain consensus nodes capable of issuing, signing, validating, and disseminating secret keys as transactions on-chain. It guarantees the keys’ security and reliability. To incentivize authorities to control newly added attributes proactively for large-universe, we enhance the Proof-of-Authority (called PoA+) consensus mechanism in multi-authority scenarios. It allows authorities to take turns proposing and confirming new blocks based on three contribution indicators: attribute management contribution, data decryption contribution, and block validation gain. The proposed scheme is proven statically secure while resisting collusion attacks. The experimental results demonstrate the feasibility and efficiency of our scheme.
Read full abstract