Trusted access control mechanism for data with blockchain-assisted attribute encryption

Chang Liu; Dong Wang; Da Li; Shaoyong Guo; Wenjing Li; Xuesong Qiu

doi:10.1016/j.hcc.2024.100265

High-Confidence Computing ›› 2025, Vol. 5 ›› Issue (2) : 100265 DOI: 10.1016/j.hcc.2024.100265

Research article

Trusted access control mechanism for data with blockchain-assisted attribute encryption

Author information +

History +

PDF (786KB)

Abstract

In the growing demand for data sharing, how to realize fine-grained trusted access control of shared data and protect data security has become a difficult problem. Ciphertext policy attribute-based encryption (CP-ABE) model is widely used in cloud data sharing scenarios, but there are problems such as privacy leakage of access policy, irrevocability of user or attribute, key escrow, and trust bottleneck. Therefore, we propose a blockchain-assisted CP-ABE (B-CP-ABE) mechanism for trusted data access control. Firstly, we construct a data trusted access control architecture based on the B-CP-ABE, which realizes the automated execution of access policies through smart contracts and guarantees the trusted access process through blockchain. Then, we define the B-CP-ABE scheme, which has the functions of policy partial hidden, attribute revocation, and anti-key escrow. The B-CP-ABE scheme utilizes Bloom filter to hide the mapping relationship of sensitive attributes in the access structure, realizes flexible revocation and recovery of users and attributes by re-encryption algorithm, and solves the key escrow problem by joint authorization of data owners and attribute authority. Finally, we demonstrate the usability of the B-CP-ABE scheme by performing security analysis and performance analysis.

Keywords

Access control / Blockchain / CP-ABE / Policy hidden / Attribute revocation / Key escrow

Cite this article

Download citation ▾

Chang Liu, Dong Wang, Da Li, Shaoyong Guo, Wenjing Li, Xuesong Qiu. Trusted access control mechanism for data with blockchain-assisted attribute encryption. High-Confidence Computing, 2025, 5(2): 100265 DOI:10.1016/j.hcc.2024.100265

登录浏览全文

4963

注册一个新账户忘记密码

CRediT authorship contribution statement

Chang Liu: Writing - original draft. Dong Wang: Methodology. Da Li: Software. Shaoyong Guo: Formal analysis. Wenjing Li: Funding acquisition. Xuesong Qiu: Formal analysis.

Declaration of competing interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgments

This work was supported by the National Key R&D Program of China (2022YFB2703400) and the BUPT Excellent Ph.D. Students Foundation (CX2022218).

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	Global Digital Economy Conference 2023, Global Digital Economy White Paper (2023), Tech. Rep., China Academy of Information and Communications Technology, Beijing, China, 2023.

[2]	C. Liu, S. Guo, S. Guo, Y. Yan, X. Qiu, S. Zhang, LTSM: Lightweight and trusted sharing mechanism of IoT data in smart city, IEEE Internet Things 9 (7) (2022) 5080-5093, http://dx.doi.org/10.1109/JIOT.2021.3110097.

[3]	Y. Zhang, M. Yutaka, M. Sasabe, S. Kasahara, Attribute-based access control for smart cities: A smart-contract-driven framework, IEEE Internet Things J. 8 (8) (2021) 6372-6384, http://dx.doi.org/10.1109/JIOT.2020.3033434.

[4]	Z.-H. Yang, X.-B. Chen, Y.-F. He, L.-X. Liu, Y.-M. Che, X. Wang, K. Xiao, G. Xu, An attribute-based access control scheme using blockchain technology for IoT data protection, High-Confid. Comput. (2024) 100199, http://dx.doi. org/10.1016/j.hcc.2024.100199.

[5]	X. Deng, C. Peng, H. Yang, Z. Peng, C. Zhong, A dynamic data access control scheme for hierarchical structures in big data, Comput. Commun. 220 (2024) 128-137, http://dx.doi.org/10.1016/j.comcom.2024.04.006.

[6]

V. Goyal, O. Pandey, A. Sahai, B. Waters, Attribute-based encryption for fine-grained access control of encrypted data, in: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS ’06, Association for Computing Machinery, New York, NY, USA, 2006, pp. 89-98, http://dx.doi.org/10.1145/1180405.1180418.

[7]	X. Wei, Y. Yan, S. Guo, X. Qiu, F. Qi, Secure data sharing: Blockchain-enabled data access control framework for IoT, IEEE Internet Things J. 9 (11) (2022) 8143-8153, http://dx.doi.org/10.1109/JIOT.2021.3111012.

[8]	J. Bethencourt, A. Sahai, B. Waters, Ciphertext-policy attribute-based en-cryption, in: 2007 IEEE Symposium on Security and Privacy, SP’07, 2007, pp. 321-334, http://dx.doi.org/10.1109/SP.2007.11.

[9]	R. Xu, Y. Wang, B. Lang, A tree-based CP-ABE scheme with hidden policy supporting secure data sharing in cloud computing, in: 2013 International Conference on Advanced Cloud and Big Data, 2013, pp. 51-57, http://dx.doi.org/10.1109/CBD.2013.9.

[10]	Y. Zhang, J. Li, X. Chen, H. Li, Anonymous attribute-based proxy re-encryption for access control in cloud computing, Secur. Commun. Netw. 9 (14) (2016) 2397-2411, http://dx.doi.org/10.1002/sec.1509.

[11]	K. Yang, Q. Han, H. Li, K. Zheng, Z. Su, X. Shen, An efficient and fine-grained big data access control scheme with privacy-preserving policy, IEEE Internet Things J. 4 (2) (2017) 563-571, http://dx.doi.org/10.1109/JIOT.2016.2571718.

[12]	Z. Zhang, J. Zhang, Y. Yuan, Z. Li, An expressive fully policy-hidden cipher-text policy attribute-based encryption scheme with credible verification based on blockchain, IEEE Internet Things J. 9 (11) (2022) 8681-8692, http://dx.doi.org/10.1109/JIOT.2021.3117378.

[13]	Y. Zhang, D. Zheng, R.H. Deng, Security and privacy in smart health: Efficient policy-hiding attribute-based access control, IEEE Internet Things J. 5 (3) (2018) 2130-2145, http://dx.doi.org/10.1109/JIOT.2018.2825289.

[14]	D. Han, N. Pan, K.-C. Li, A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection, IEEE Trans. Dependable Secure Comput. 19 (1) (2022) 316-327, http://dx.doi.org/10.1109/TDSC.2020.2977646.

[15]	S. Xu, G. Yang, Y. Mu, X. Liu, A secure IoT cloud storage system with fine-grained access control and decryption key exposure resistance, Future Gener. Comput. Syst. 97 (2019) 284-294, http://dx.doi.org/10.1016/j.future.2019.02.051.

[16]	E.S. Noran AboDoma, A. Mostafa, Adaptive time-bound access control for internet of things in fog computing architecture, Int. J. Comput. Appl. 44 (8) (2022) 779-790, http://dx.doi.org/10.1080/1206212X.2021.1935653.

[17]	C. Ge, W. Susilo, Z. Liu, J. Baek, X. Luo, L. Fang, Attribute-based proxy re-encryption with direct revocation mechanism for data sharing in clouds, IEEE Trans. Dependable Secure Comput. 21 (2) (2024) 949-960, http://dx.doi.org/10.1109/TDSC.2023.3265979.

[18]	D. Li, J. Liu, Q. Wu, Z. Guan, Efficient CCA2 secure flexible and publicly-verifiable fine-grained access control in fog computing, IEEE Access 7 ( 2019) 11688-11697, http://dx.doi.org/10.1109/ACCESS.2019.2890976.

[19]	Z. Zhang, W. Zhang, Z. Qin, Multi-authority CP-ABE with dynamical revocation in space-air-ground integrated network, in: 2020 International Conference on Space-Air-Ground Computing, SAGC, 2020, pp. 76-81, http://dx.doi.org/10.1109/SAGC50777.2020.00026.

[20]	R. Guo, G. Yang, H. Shi, Y. Zhang, D. Zheng, O3-R-CP-ABE: An efficient and revocable attribute-based encryption scheme in the cloud-assisted IoMT system, IEEE Internet Things J. 8 (11) (2021) 8949-8963, http://dx.doi.org/10.1109/JIOT.2021.3055541.

[21]	M. Chase, Multi-authority attribute based encryption, in: S.P. Vadhan (Ed.), Theory of Cryptography, Springer Berlin Heidelberg, Berlin, Heidelberg, 2007, pp. 515-534, http://dx.doi.org/10.1007/978-3-540-70936-7_28.

[22]	T. Jung, X.-Y. Li, Z. Wan, M. Wan, Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption, IEEE Trans. Inf. Forensics Secur. 10 (1) (2015) 190-199, http://dx.doi.org/10.1109/TIFS.2014.2368352.

[23]	Y. Chen, Q. Wen, W. Li, H. Zhang, Z. Jin, Generic construction of outsourced attribute-based encryption without key escrow, IEEE Access 6 (2018) 58955-58966, http://dx.doi.org/10.1109/ACCESS.2018.2875070.

[24]	K. Sowjanya, M. Dasgupta, S. Ray, A lightweight key management scheme for key-escrow-free ECC-based CP-ABE for IoT healthcare systems, J. Syst. Archit. 117 (2021) 102108, http://dx.doi.org/10.1016/j.sysarc.2021.102108.

[25]	X. Hou, L. Zhang, Q. Wu, F. Rezaeibagha,Collusion-resistant dynamic privacy-preserving attribute-access control scheme based on blockchain, J. King Saud Univ. - Comput. Inf. Sci. 35 (8) (2023) 101658, http://dx.doi. org/10.1016/j.jksuci.2023.101658.

[26]	A. Xiang, H. Gao, Y. Tian, L. Wang, J. Xiong, Attribute-based key man-agement for patient-centric and trusted data access in blockchain-enabled IoMT, Comput. Netw. 246 (2024) 110425, http://dx.doi.org/10.1016/j.comnet.2024.110425.

[27]	H. Cheng, S.-L. Lo, J. Lu, A blockchain-enabled decentralized access control scheme using multi-authority attribute-based encryption for edge-assisted internet of things, Internet Things 26 (2024) 101220, http://dx.doi.org/10.1016/j.iot.2024.101220.

[28]	Y. Dai, J. Wu, S. Mao, X. Rao, B. Gu, Y. Qu, Y. Lu, Blockchain empowered access control for digital twin system with attribute-based encryption, Future Gener. Comput. Syst. 160 (2024) 564-576, http://dx.doi.org/10.1016/j.future.2024.06.037.

[29]	H. Si, W. Li, N. Su, T. Li, Y. Li, C. Zhang, B. Fernando, C. Sun, A cross-chain access control mechanism based on blockchain and the threshold paillier cryptosystem, Comput. Commun. 223 (2024) 68-80, http://dx.doi.org/10.1016/j.comcom.2024.05.012.

[30]	X. Deng, B. Li, S. Zhang, L. Deng,Blockchain-based dynamic trust access control game mechanism, J. King Saud Univ. - Comput. Inf. Sci. 35 (2)(2023) 702-725, http://dx.doi.org/10.1016/j.jksuci.2023.01.010.