网络与信息安全学报 (Apr 2024)
Reusable attribute-based signature with attribute revocation and authenticated key agreement
Abstract
In the pursuit of establishing a unified model for fine-grained access control and secure data communication within a distributed microservices architecture, a verifier-policy attributed-based signature (VP-ABS) scheme, augmented with attribute revocation and an authenticated key agreement protocol, was proposed. This scheme was underpinned by Type-3 pairing. In this scheme, signatures generated by signers were linked solely to a subset of the signer's attributes and were disassociated from the access policy. This decoupling allowed for the reusability of the signer's signature across multiple access policies. Additionally, an attribute-Hash filter algorithm was introduced to facilitate a direct attribute revocation mechanism within the proposed VP-ABS scheme. This mechanism was designed to prevent users from authenticating with expired attributes. To further secure data communication, a mutually authenticated key agreement protocol was also proposed. This protocol was secure within the framework of the extended Canetti-Krawczyk (eCK) model and was built upon the foundation of the VP-ABS scheme. A rigorous unforgeability proof for the VP-ABS scheme was provided. Ultimately, theoretical comparisons and simulation experiments conducted at a 128-bit advanced encryption standard (AES) security level demonstrated that the proposed attribute-based authentication and secure communication scheme outperforms other contemporary schemes in terms of efficiency.