TrustAccess: A Trustworthy Secure Ciphertext-Policy and Attribute Hiding Access Control Scheme Based on Blockchain

Ciphertext-policy attribute-based encryption (CP-ABE) is widely used in fine-grained access control to achieve the secure data sharing. However, most of the existing CP-ABE access control schemes involve intermediary entities, which might suffer from a high trust-building cost, single point of failure and so on. Due to the decentralization and transparency of blockchain, some blockchain-based access control schemes are proposed to address these problems, but bring new challenges, such as the privacy leakage of access policy or attribute. In this paper, we propose a new trustworthy secure ciphertext-policy and attribute hiding access control scheme based on blockchain, named TrustAccess, to achieve trustworthy access while guaranteeing the privacy of policy and attribute. For one thing, to make the existing hidden policy CP-ABE more efficient and scalable for blockchain, we propose an optimized hidden policy CP-ABE, named OHP-CP-ABE, to ensure policy privacy while satisfying the large universe access requirement. For another thing, we use the multiplicative homomorphic ElGamal cryptosystem to ensure the attribute privacy during authorization validation. Finally, we theoretically prove the security of our TrustAccess from the aspects of blockchain operations and OHP-CP-ABE. Comprehensive comparisons and extensive experiments are conducted to demonstrate the advantages of our TrustAccess.

[1]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[2]  Marc Joye,et al.  Decentralized Policy-Hiding ABE with Receiver Privacy , 2018, ESORICS.

[3]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[4]  Praveen Gauravaram,et al.  Blockchain for IoT security and privacy: The case study of a smart home , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[5]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[6]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[7]  Yaling Zhang,et al.  A Blockchain-Based Framework for Data Sharing With Fine-Grained Access Control in Decentralized Storage Systems , 2018, IEEE Access.

[8]  Ning Zhang,et al.  A Survey of Distributed Consensus Protocols for Blockchain Networks , 2019, IEEE Communications Surveys & Tutorials.

[9]  Robert H. Deng,et al.  Security and Privacy in Smart Health: Efficient Policy-Hiding Attribute-Based Access Control , 2018, IEEE Internet of Things Journal.

[10]  Jing Li,et al.  Cryptographic primitives in blockchains , 2019, J. Netw. Comput. Appl..

[11]  Robert H. Deng,et al.  Expressive CP-ABE with partially hidden access structures , 2012, ASIACCS '12.

[12]  Robert H. Deng,et al.  Lightweight and Expressive Fine-Grained Access Control for Healthcare Internet-of-Things , 2022, IEEE Transactions on Cloud Computing.

[13]  Genshe Chen,et al.  BlendCAC: A BLockchain-Enabled Decentralized Capability-Based Access Control for IoTs , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[14]  Yuan-Shun Dai,et al.  Personalized Search Over Encrypted Data With Efficient and Secure Updates in Mobile Clouds , 2018, IEEE Transactions on Emerging Topics in Computing.

[15]  Xiaodong Lin,et al.  Querying in Internet of Things with Privacy Preserving: Challenges, Solutions and Opportunities , 2018, IEEE Network.

[16]  Ning Zhang,et al.  Enforcing Private Data Usage Control with Blockchain and Attested Off-chain Contract Execution , 2019, ArXiv.

[17]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[18]  Thomas Heinz Meitinger,et al.  Smart Contracts , 2017, Informatik-Spektrum.

[19]  Anas Abou El Kalam,et al.  FairAccess: a new Blockchain-based access control framework for the Internet of Things , 2016, Secur. Commun. Networks.

[20]  Oscar Novo,et al.  Scalable Access Management in IoT Using Blockchain: A Performance Evaluation , 2019, IEEE Internet of Things Journal.

[21]  Laura Ricci,et al.  A blockchain based approach for the definition of auditable Access Control systems , 2019, Comput. Secur..

[22]  Luca Veltri,et al.  IoTChain: A blockchain security architecture for the Internet of Things , 2018, 2018 IEEE Wireless Communications and Networking Conference (WCNC).

[23]  Andrew Lippman,et al.  MedRec: Using Blockchain for Medical Data Access and Permission Management , 2016, 2016 2nd International Conference on Open and Big Data (OBD).

[24]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[25]  Robert H. Deng,et al.  Fully Secure Cipertext-Policy Hiding CP-ABE , 2011, ISPEC.

[26]  Rui Guo,et al.  Efficient and privacy-preserving traceable attribute-based encryption in blockchain , 2019, Annals of Telecommunications.

[27]  Xiaodong Lin,et al.  Enabling Efficient and Geometric Range Query With Access Control Over Encrypted Spatial Data , 2019, IEEE Transactions on Information Forensics and Security.

[28]  Jianfeng Ma,et al.  Lightweight Fine-Grained Search Over Encrypted Data in Fog Computing , 2019, IEEE Transactions on Services Computing.

[29]  Xiaohong Jiang,et al.  Smart Contract-Based Access Control for the Internet of Things , 2018, IEEE Internet of Things Journal.

[30]  Haomiao Yang,et al.  Efficient and Privacy-Enhanced Federated Learning for Industrial Artificial Intelligence , 2020, IEEE Transactions on Industrial Informatics.

[31]  Marko Vukolic,et al.  The Quest for Scalable Blockchain Fabric: Proof-of-Work vs. BFT Replication , 2015, iNetSeC.

[32]  Gang Chen,et al.  Untangling Blockchain: A Data Processing View of Blockchain Systems , 2017, IEEE Transactions on Knowledge and Data Engineering.

[33]  Mi Wen,et al.  Efficient and Privacy-Preserving Truth Discovery in Mobile Crowd Sensing Systems , 2019, IEEE Transactions on Vehicular Technology.

[34]  Fei-Yue Wang,et al.  Blockchain and Cryptocurrencies: Model, Techniques, and Applications , 2018, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[35]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[36]  Xiaodong Lin,et al.  PTAS: Privacy-preserving Thin-client Authentication Scheme in blockchain-based PKI , 2019, Future Gener. Comput. Syst..

[37]  Robert H. Deng,et al.  An Efficient and Expressive Ciphertext-Policy Attribute-Based Encryption Scheme with Partially Hidden Access Structures , 2016, ProvSec.

[38]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[39]  Kan Yang,et al.  VerifyNet: Secure and Verifiable Federated Learning , 2020, IEEE Transactions on Information Forensics and Security.

[40]  Chen Li,et al.  A Novel Attribute-Based Access Control Scheme Using Blockchain for IoT , 2019, IEEE Access.

[41]  Robert H. Deng,et al.  Data Security Issues in Deep Learning: Attacks, Countermeasures, and Opportunities , 2019, IEEE Communications Magazine.

[42]  Yong Xiang,et al.  Achieving Secure and Efficient Dynamic Searchable Symmetric Encryption over Medical Cloud Data , 2020, IEEE Transactions on Cloud Computing.

[43]  Praneeth Babu Marella,et al.  Ancile: Privacy-Preserving Framework for Access Control and Interoperability of Electronic Health Records Using Blockchain Technology , 2018 .

[44]  Zhou Su,et al.  An Efficient and Fine-Grained Big Data Access Control Scheme With Privacy-Preserving Policy , 2017, IEEE Internet of Things Journal.

[45]  Guomin Yang,et al.  Hidden Ciphertext Policy Attribute-Based Encryption Under Standard Assumptions , 2016, IEEE Transactions on Information Forensics and Security.

[46]  Hong Li,et al.  Blockchain for Large-Scale Internet of Things Data Storage and Protection , 2019, IEEE Transactions on Services Computing.

[47]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[48]  Vincent Gramoli,et al.  From blockchain consensus back to Byzantine consensus , 2017, Future Gener. Comput. Syst..

[49]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[50]  Angelo De Caro,et al.  Fully Secure Anonymous HIBE and Secret-Key Anonymous IBE with Short Ciphertexts , 2010, Pairing.

[51]  Laura Ricci,et al.  Blockchain Based Access Control , 2017, DAIS.

[52]  Hajar Mousannif,et al.  Access control in the Internet of Things: Big challenges and new opportunities , 2017, Comput. Networks.

[53]  Jianming Zhu,et al.  T-PBFT: An EigenTrust-based practical Byzantine fault tolerance consensus algorithm , 2019, China Communications.

[54]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[55]  Ximeng Liu,et al.  Secure Fine-Grained Encrypted Keyword Search for E-Healthcare Cloud , 2021, IEEE Transactions on Dependable and Secure Computing.

[56]  Oscar Novo,et al.  Blockchain Meets IoT: An Architecture for Scalable Access Management in IoT , 2018, IEEE Internet of Things Journal.

[57]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[58]  Elaine Shi,et al.  Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab , 2016, Financial Cryptography Workshops.

[59]  Angelo De Caro,et al.  jPBC: Java pairing based cryptography , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[60]  Athanasios V. Vasilakos,et al.  BSeIn: A blockchain-based secure mutual authentication with fine-grained access control system for industry 4.0 , 2018, J. Netw. Comput. Appl..