IEEE Access (Jan 2021)
Revocable Large Universe Decentralized Multi-Authority Attribute-Based Encryption Without Key Abuse for Cloud-Aided IoT
Abstract
Data confidentiality and access control are the key technologies of secure Internet of things (IoT) since the circulated application data on multiple different domains in IoT are generally confidential and privacy-sensitive. Large universe multi-authority attribute-based encryption (MA-ABE) is considered a promising technique to protect data confidentiality and achieve fine-grained access control for large-scale cross-domain applications. However, MA-ABE is facing the severe key abuse problem. Much research is devoted to using audit technologies and trace technologies to determine who should be responsible for the misused key which has a certain deterrent effect and prevents the key abuse to a certain extent. But they can’t solve the key abuse problem, since users still can leak the key and the leaked keys can still decrypt the ciphertext correctly. Moreover, they also cannot solve the key escrow problem. In this article, the author proposes the first revocable large universe decentralized MA-ABE without key abuse based on prime order bilinear groups. The proposed scheme allows for the dynamic capacity expansion of attributes, users, and authorities. It is not only static security in the random oracle model under the q-DPBDHE2 assumption but also secure against key abuse attacks launched by any party. Only the secret key owner can successfully decrypt the ciphertext with the secret key. The data user is unable to generate the available key different from her/his legal key by using her/his legal key. Neither CSP nor authority can generate the available decryption key or decrypt the ciphertext (even if the access policy is satisfied by the attributes it controls) using the keys it controls. An efficient user-attribute revocation mechanism is given and only a few operations are needed when decryption in the proposed scheme. The performance analysis results indicate that the proposed scheme is more efficient and suitable for the IoT.
Keywords