ABSAC: Attribute-Based Access Control Model Supporting Anonymous Access for Smart Cities

Smart cities require new access control models for Internet of Things (IoT) devices that preserve user privacy while guaranteeing scalability and efficiency. Researchers believe that anonymous access can protect the private information even if the private information is not stored in authorization organization. Many attribute-based access control (ABAC) models that support anonymous access expose the attributes of the subject to the authorization organization during the authorization process, which allows the authorization organization to obtain the attributes of the subject and infer the identity of the subject. The ABAC with anonymous access proposed in this paper called ABSAC strengthens the identity-less of ABAC by combining homomorphic attribute-based signatures (HABSs) which does not send the subject attributes to the authorization organization, reducing the risk of subject identity re-identification. It is a secure anonymous access framework. Tests show that the performance of ABSAC implementation is similar to ABAC’s performance.

[1]  Zhang Lichen Research Progress on Attribute-Based Access Control , 2010 .

[2]  Ítalo S. Cunha,et al.  Attributed-based authentication and access control for IoT home devices: demo abstract , 2018, IPSN.

[3]  Zhiguang Qin,et al.  The Evaluation and Comparative Analysis of Role Based Access Control and Attribute Based Access Control Model , 2018, 2018 15th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP).

[4]  Sraban Kumar Mohanty,et al.  A Scalable Attribute-Based Access Control Scheme with Flexible Delegation cum Sharing of Access Privileges for Cloud Storage , 2020, IEEE Transactions on Cloud Computing.

[5]  Asma Ben Letaifa,et al.  Context-Aware Authorization and Anonymous Authentication in Wireless Body Area Networks , 2018, 2018 IEEE International Conference on Communications (ICC).

[6]  Vladimir A. Oleshchuk,et al.  A Patient-Centric Attribute Based Access Control Scheme for Secure Sharing of Personal Health Records Using Cloud Computing , 2016, 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC).

[7]  Manoj Prabhakaran,et al.  Attribute-Based Signatures , 2011, CT-RSA.

[8]  Khaled Shuaib,et al.  Secure charging and payment protocol (SCPP) for roaming plug-in electric vehicles , 2017, 2017 4th International Conference on Control, Decision and Information Technologies (CoDIT).

[9]  Tsz Hon Yuen,et al.  k-Times Attribute-Based Anonymous Access Control for Cloud Computing , 2015, IEEE Trans. Computers.

[10]  Juan Antonio Martínez,et al.  User-centric access control for efficient security in smart cities , 2017, 2017 Global Internet of Things Summit (GIoTS).

[11]  Jan Camenisch,et al.  Anonymous yet accountable access control , 2005, WPES '05.

[12]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[13]  Shancang Li,et al.  A3BAC: Attribute-Based Access Control Model with Anonymous Access , 2021 .

[14]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[15]  Geovane Fedrecheski,et al.  Attribute-Based Access Control for the Swarm With Distributed Policy Management , 2019, IEEE Transactions on Consumer Electronics.

[16]  Nesrine Kaaniche,et al.  Attribute-Based Signatures for Supporting Anonymous Certification , 2016, ESORICS.