SACS-ABE&B: Supervised Access Control Scheme Based on Attribute-Based Encryption and Blockchain

Kaiyang, Guo; Yiliang, Han; Riming, Wu; Kai, Liu

doi:https://doi.org/10.1155/2022/7067812

Security and Communication Networks

On this page

Abstract Introduction Preliminaries Analysis Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

New Cryptographic Technologies and Artificial Intelligence in Outsourced Data Security

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 7067812 | https://doi.org/10.1155/2022/7067812

SACS-ABE&B: Supervised Access Control Scheme Based on Attribute-Based Encryption and Blockchain

Guo Kaiyang,^1,2Han Yiliang ,^1,2Wu Riming,^1,2and Liu Kai^1,2

Academic Editor: Zhili Zhou

Received29 Dec 2021

Revised17 Jun 2022

Accepted03 Aug 2022

Published23 Sept 2022

Abstract

Aiming at the problem of illegal data sharing of malicious users in the access control scheme based on attribute-based encryption, an access control scheme that can restrict the sending ability of data owners is proposed. By adding a sanitizer to sanitize the ciphertext, it can ensure that parties who do not adhere to the system control policy cannot share information effectively. The scheme is constructed based on blockchain, and the traceability of access process can be realized. Off-chain storage can also lower the blockchain storage load. The scheme meets the No-Read and No-Write rules, achieves chosen-plaintext attack security under the random oracle model, and can against quantum attacks. As a result of theoretical analysis and experimental simulation, the scheme has certain feasibility and practical significance.

1. Introduction

For the increasing needs of information security, cryptography and information security technology have attracted more and more attention. Access control can protect data resources from unauthorized access, which is an important component of information security technology [1]. The rapid growth of data in cyberspace poses a new challenge to the research of access control: how to develop the traditional access control technology to solve the new cloud data security problem. As a public key encryption technology, attribute-based encryption (ABE) can not only encrypt data, but also realize fine-grained access control of data, which provides a method to solve problems [2, 3]. As a powerful advanced cryptographic primitive, compared with traditional public key encryption, one of its biggest features is that ABE can realize “one to many” secure data sharing and can improve data sharing efficiency [4].

Although the ABE has certain advantages in access control, there are still some problems that cannot be ignored from the real practical application. These problems include the inherent problems of ABE, such as attribute revocation [5–7], preserve privacy [8–10] and traceable [11–13]. In addition, there are other potential security issues that need to be attended. For example, in ciphertext policy attribute-based encryption (CP-ABE), the data owner determines the access object of the data, and in this case once a malicious user carries out illegal data sharing in the public channel, the system will not be able to intervene effectively. In addition to security issues, efficiency issues also deserve attention. Most of the existing attribute encryption schemes are based on bilinear pairing, but bilinear pairing has been criticized for its high cost. With the increase of data volume and attributes, the performance of the scheme based on bilinear pairing will inevitably decline. In addition, with the development of quantum computing technology, the security of schemes based on traditional number theory will also be threatened.

At present, cryptography has been widely used in data access control, such as digital signature [14, 15], secret sharing [16, 17], ABE [18], access control encryption (ACE) [19] and so on. The following briefly introduces some schemes combining cryptography and access control. The first attribute-based encryption scheme was proposed by Sahai and Waters on the basis of identity-based encryption at the Eurocrypt in 2005 [20]. CP-ABE is the data access object determined by the data owner’s policy, and compared with Key-policy attribute-based encryption (KP-ABE), CP-ABE has a broader application prospect in data access control. In 2010, Yu et al. proposed a secure, scalable and fine-grained data access control scheme in cloud environment based on ABE and proxy re-encryption [21]. In 2015, Zhou et al. proposed a multi-agency attribute-based encryption scheme with white-box traceable and revocable properties [22], which realized multi-level privacy protection in the electronic medical cloud computing system. In 2017, Yang et al. embedded the hierarchical attribute hierarchy dominance relationship into the ABE [23], realizing the Hierarchical Authorization feature of access control and storage data isolation, but the system has high complexity. In 2019, Li and Sato proposed a blockchain access control scheme based on MACP-ABE [24], and data users can combine secret keys from different sources to match ciphertext policies. In 2019, Wu et al. proposed an efficient traceable key scheme in blockchain to solve the problem of key abuse [25], so that the blockchain has publicly verifiable traceability to the key. The signature attribute of the user and the master key of the authorization centre are embedded into the user’s key through CP-ABE. In 2021, Yu and Ma designed a model of Attribute and Trust-Based RBAC [26]. On the basis of RBAC, attribute/trust management module is added to grant users a set of attribute sets and embed access structure for roles. In 2021, Zhang and Yu proposed a blockchain data sharing model based on ABE [27], focusing on privacy protection and data security in the current blockchain data sharing mechanism.

In 2016, as a new cryptographic primitive, access control encryption was first proposed by Damgård et al. [19]. Different from other access control schemes, ACE focuses on the sending authority of the data owner, considers the security of the whole access process from another perspective, and expands the security research of access control schemes. In 2017, Kim and Yu proposed the first ACE scheme for arbitrary policies from standard assumptions [28], and they concluded by introducing several extensions to the ACE framework to support dynamic and more fine-grained access control policies. In 2020, Wang et al. constructed a basic ACE scheme based on DBDH assumption to achieve information flow control in Internet of Energy [29], and this scheme can control not only what users can read but also what they can write.

1.1. Security and Function Requirements

A complete access control system should provide corresponding functions and security services to ensure data sharing among entities. In some units and places with high security requirements, stricter measures should be taken to ensure the high security of information.

1.1.1. Fine-Grained Access Control

It should ensure fine-grained access control between user entities in the system. Users can freely decide who can access the data they own, and can also access the data shared by other users as needed.

1.1.2. Data Security and User Privacy Protection

The system should provide strong security protection for the data shared by users, and no one can get any valid information from the data except the users who can access the data specified by the data owner. Users’ privacy should be protected. Except for trusted entities, other entities cannot obtain users’ personal information during data sharing and access.

1.1.3. Supervision and Mandatory Control

When corrupt users are found in the system, the system should be able to deal with this situation in a timely manner. At the same time, for units with high security requirements, in order to ensure the security of information, the system should have a set of controls that override the user access policies to eliminate the harmful data sharing behaviour of the unit.

1.1.4. Tailored Forensics

The system shall provide certain evidence collection mechanism to ensure that the transaction has certain integrity and traceability. This is also to ensure that the data can be monitored during the sharing process, prevent controversial situations, and play a positive role in protecting specific units.

1.2. Contribution

Based on the idea of access control encryption, the security of sending authority of the data owner in attribute-based encryption is concerned, and an access control scheme based on blockchain is designed. The main contributions of this paper are listed as follows.(1)On the basis of the data owner’s free decision on the access object, the system supervision function is added. While controlling the user’s right to receive data, it can also provide restrictions on its sending permission, to prevent malicious users in the system from illegal data sharing through the public channel.(2)Based on blockchain, the traceability of the access process is realized, and the access records cannot be tampered with. At the same time, off-chain storage is adopted to reduce the storage burden on the chain and improve the efficiency of the system.(3)The scheme is constructed based on the learning with error over the ring (RLWE) on lattice and has the characteristics of anti-quantum attack. Compared with the scheme constructed by the learning with error (LWE), the ciphertext size and key size are shorter and the efficiency is higher.

1.3. Paper Structure

The remainder of this paper is organized as follows. In Section 2, we review some mathematical knowledge. In Section 3, we give the system model and security model, definition of scheme and construction. The scheme is analysed in Section 4, mainly including security analysis, performance analysis and experimental analysis. Finally, we conclude our paper in Section 5.

2. Preliminaries

2.1. Lattice

Definition 1 (Lattice). is called lattice if there are linearly independent n-dimensional vectors in , such that any vector in is an integer linear combination of , that is , n is the dimension of lattice , m is the rank of lattice , and is a set of bases of lattice .

Definition 2 (Ideal Lattice). There is a ring and an ideal , A lattice is an ideal lattice if is associated with .

Definition 3 (Decision Problem [30]). Given the security parameter , select the integer based on , let , where and . Given discrete distribution based on , there is an unspecified challenge model in the Decision Problem, that is to determine whether the challenge model is a noisy pseudo-random sampler or a real random sampler for random secret key, , which perform respectively as follows:
: outputs .The element is uniformly random from , where and the fixed for all samples. The element is a small error term that generated with a distribution .
: outputs truly random samples .

2.2. Access Control Structure

Definition 4 (Monotone Access Structure). Let be a set of attributes. A collection is monotone if . The sets in are called as authorized sets, and the sets not in are called as unauthorized sets.

Definition 5 (Linear Secret Sharing Scheme (LSSS) [31]). The is a secret sharing scheme over a set of attributes if the following properties are met:(1)All sharers have a secret sharing vector based on ;(2)There is a share-generating matrix for , with row labels . Given a column vector, , where is the secret to be shared and are randomly chosen. Let represent attribute , where is a function from to .Linear secret sharing scheme has linear reconstruction characteristics. Suppose that is an LSSS that represents the access structure . Let be an authorized set, and , . There exist constants then such that of are valid shares of a secret s according to . Furthermore, these constants can be calculated through the share-generating matrix in polynomial time. For unauthorized sets, it cannot be calculated, that is, any information of secret sharing value cannot be obtained.

3. Supervised Access Control Scheme Based on Attribute-Based Encryption and Blockchain

3.1. System Model

The proposed system includes six entities: Authority, Data Owner (DO), Inter-Planetary File System (IPFS), Sanitizer, Data User (DU) and Blockchain. The relationship among the entities is shown in Figure 1.(1)Authority. The authority generates the system’s public parameters and master private key , manages the users in the system, and constructs the secret key for each user according to the user’s identity and authority, then the authority generates a sanitizer key according to the system control policy when accessing data. We assume that authority is completely trusted, it always correctly implements the requirements put forward by all entities in the scheme, and will not disclose any information or attempt to obtain user information. Generally speaking, the authority of the system, as a separate trusted entity, can also be deployed separately in this scheme. However, in combination with the characteristics of the private chain, in order to facilitate data processing, it is expanded and deployed on the nodes of the blockchain.(2)Data Owner (DO). The data owner generates ciphertext tag based on data and encrypts data with a symmetric key , then uploads encrypted data into the Inter-Planetary File System (IPFS). After that, DO sets the access policy of the data, and encrypts the symmetric key and address, then DO uploads this ciphertext and tag to blockchain.(3)Inter-Planetary File System (IPFS). The IPFS is responsible for storing data and returning an address. IPFS is honest but curious, always correctly implement the requirements put forward by all entities in the scheme, but attempts to decrypt the ciphertext content.(4)Sanitizer. The sanitizer encrypts the ciphertext according to the sanitizer key . For sanitizer, it is equivalent to re encrypting the ciphertext. Its input and output are in the form of ciphertext without much effective information. Therefore, it is implemented in the form of smart contract. The sanitizer is honest but curious, always correctly implement the requirements put forward by all entities in the scheme, but attempts to decrypt the ciphertext content.(5)Data User (DU). The data user can access data according to their needs after registration. Generally, when the user’s identity is normal, his access right to certain data is determined by the data owner, but the system has the ability to change the user’s access right when the system suspects that the communication is abnormal.(6)Blockchain. The blockchain is used to store and tag . Records of key distribution and data access can be formed into transactions and recorded on the blockchain. Since this scheme provides a powerful system supervision for a small range of organizations and institutions, the private chain technology is mainly used here to strengthen the system supervision through certain control, and provide faster response and tamper proof recording services.

3.2. Overview of the SACS-ABE&B Scheme

The priority in the system is, user identity permissionsystem control policyuser access policy. The user identity permission is granted by the system according to user registration information. System control policies are generated by the system as needed and can be adjusted in time. User access policies are generated by the data owner.

When a user registers, the authority generates a unique ID for each user. In order to protect the privacy and security of users, only the user and the authority can obtain the ID. The identity permission of each user is , 0 means that the user is illegal and does not have any read and write permissions; 1 means that the user is normal, which means that data can be read or write. The default permission of the user is 1. System control policy refers to a representation of whether users can communicate with each other. An access control matrix can be set to determine whether users can communicate through the values in the matrix, where the value 1 indicates that communication is allowed and the value 0 indicates that communication is rejected. For example, in the example given in Table 1, we can know that the system prohibits communication between and through the matrix.

When the user needs to share data, the DO first generates a ciphertext tag. The ciphertext tag is the unique identification symbol generated by the timestamp and the user’s ID encrypted. The timestamp is to ensure that the identification generated after each encryption is different, to prevent the enemy from obtaining the user’s privacy information by analysing the identification. In the second step, the DO needs to encrypt the data with a symmetric key, send it to ITFS and return an address, then encrypt the symmetric key and address according to access policy, and send the ciphertext and tag to the blockchain.

DU first obtains the ciphertext tag of the data and sends an access request to the blockchain when accessing data. The access request includes the ciphertext tag and access tag. The access tag is also encrypted by the timestamp and the user’s ID. After receiving the request, the authority obtains the ID of both the DO and the DU through decryption tags, then judges whether they meet the system control policy, then generates sanitizer key and send it to sanitizer. Sanitizer uses the to encrypt the ciphertext, and then forwards the re-encrypted ciphertext to the DU. Finally, the DU decrypts the ciphertext according to his key. If both parties meet the requirements of identity permission, system control policy and user access policy, the DU can successfully obtain the data.

The process is shown in Figure 2.

The scheme consists of the following eight algorithms.

. The algorithm is executed by authority. Given the security parameter , and the collection of all attributes in the system, This algorithm outputs public parameters and master secret key .

. The algorithm is executed by authority. Input master secret key , user’s attribute set . This algorithm outputs the secret key for the user.

. The algorithm is executed by DO. The DO randomly generates a symmetric key and encrypts the data with this key to obtain the ciphertext , then upload the ciphertext to IPFS and return an address , let .

. The algorithm is executed by DO. Input public parameters , master key , user’s secret key , the message about , user’s access policy and timestamp . This algorithm outputs the ciphertext and tag .

. The algorithm is executed by DU. Input public parameters , user’s and timestamp . This algorithm outputs the access tag .

. The algorithm is executed by authority. Input ciphertext tag , access tag and system control policy . This algorithm outputs the sanitizer key .

. The algorithm is executed by sanitizer. Input ciphertext and sanitizer key . This algorithm outputs the ciphertext .

. The algorithm is executed by DU. Input public parameters , ciphertext , user’s secret key . This algorithm outputs , then the DU can download the data through the address and decrypt it with the key to obtain .

3.3. Security Model

We define three security models: No-Read Rule, No-Write Rule and Chosen-plaintext attack Security. No-Read Rule means that DU cannot obtain any valid data without the permission of system control policy. No-Write Rule means that the DO cannot send any valid data without the permission of the system control policy. indicates that communication between the data owner and the data user is allowed, and indicates that communication between the data owner and the data user is prohibited. Three models are defined as follows.

Definition 6. (Correctness [32]). Given attribute universe and all message , for all such that and satisfied with :where , , .
Correctness captures the feature that DO with can deliver a message to DU for which DU’s attribute set satisfied with DO′ policy and . In this case, the sanitizer should pass the message to DU smoothly, and DU should be able to decrypt by .

Definition 7. (No-Read Rule [32]). Consider the following game between a challenger and an adversary over the attribute universe , message space , and it is assumed that for a challenge access structure , the adversary cannot request the key that meets . The game is as shown in Table 2.
If wins the game, it must meet , , , and comply with Payload Privacy or Sender Anonymity.
Payload Privacy. For all queries to about , it holds that .
Sender Anonymity. For all queries to about , it holds that and .
The formal definition of No-Read Rule is .
That is the probability of winning the No-Read game is negligible, which ensures that when DO sends the message, the probability of successfully decrypting the message for all users with or is negligible. Only the intended recipients who meet the conditions can obtain valid information (Payload Privacy) and no one can learn about the identity of DO (Sender Anonymity).

Definition 8. (No-Write Rule [32]). Consider the following game between a challenger and an adversary over the attribute universe , message space , and it is assumed that for a challenge access structure , the adversary cannot request the key that meets . The game is as shown in Table 3.
Let be the set of identify about all queries for key. wins the game if and when .The formal definition of No-Write Rule is .
That is, the probability of the winning the No-Write game is negligible, which ensures that the probability of successfully information exchange with other users is negligible when or . There are two other explanations about No-Write Rule as follows.

Note 1. The target ciphertext in is obtained only in two cases, one is generated by legal encryption key queried, and the other is chosen uniformly from ciphertext space.

Note 2. The sanitizer should be honest, and it is required that the adversary does not corrupt the sanitizer as an unavoidable condition.

Definition 9. (Chosen-plaintext attack Security [33]). The definition is given by describing the game between adversary and simulator . The scheme satisfies the security of chosen-plaintext attack if all polynomial algorithm adversaries’ advantage is negligible in the game. The specific process of the game is as follows.
Initialization. The adversary selects an access structure and sends it to .
Setup. The simulator generates public parameters and master keys and sends them to .
Inquiry Phase 1. The adversary asks the simulator for the secret key, but ’s attribute set does not meet the access structure. The simulator runs the algorithm to generate the secret key and send it to .
Challenge. The adversary chooses two messages and send them to simulator , then randomly select to calculate the challenge ciphertext and send it to .
Inquiry Phase 2. asks for the key as in phase 1.
Guess. Adversary outputs his guess about . The advantage of in this game is defined as .

3.4. Construction of the SACS-ABE&B Scheme

. Given the security parameter , and the collection of all attributes in the system, randomly select a large prime number and a small positive integer , where and . Let , where is a power of 2. Let be the ring of integer polynomials modulo both and . Let be an error distribution over . Select a uniformly random and random element , then choose a small noise term . Compute . Next, select a pair of uniformly random for each attribute in , where is the inverse of in , and select a small noise term , then compute . Lastly, outputs the public parameters and the master secret key .

. Input master key , user’s attribute set , then choose a small noise term , select a pair of uniformly random and choose small noise term for each attribute in . Compute , , outputs the secret key . If the user’s identity permission is 0, , outputs the secret key .

. Input the DO’s data and symmetric key , output the ciphertext data , then upload the ciphertext to IPFS and return an address , let .

. Input public parameters , user’s , the secret key , the message about , user’s access policy and timestamp . Set access policy , with row labels , , . Generate a vector , where and is the secret to be shared. where is the vector corresponding to row of , then choose a uniformly random element , and noise terms , Compute , , , output and .

. Input user’s , the secret key and timestamp , then compute .

. Input ciphertext tag , access tag and system control policy , compute and , then judge whether and meet the communication requirements according to the system control policy . If the identities of both parties are legal and meet the requirements of access control policy, then let , otherwise select a uniformly random , output the sanitizer key .

. Input ciphertext and sanitizer key , compute , , output .

. Input public parameters , ciphertext , user’s secret key . If the DU meets the access control policy , the ciphertext is equivalent to the original ciphertext , as long as the DU’s attribute meets the access structure , , , compute a set of constants with a linear reconstruction algorithm of LSSS, then , compute , , the DU can download the data through the address and decrypt it with the key to obtain .

The correctness of the successful decryption of the scheme is explained as follows.

Then , and in order to ensure the correctness of the scheme, the noise term in the schememust meet be small enough compared to the ratio of to .

4. Analysis

4.1. Security Analysis

4.1.1. Security Assumptions

The underlying data of the blockchain and the data on the IPFS are secure, and there will be no leakage or physical attack. All underlying crypto primitives used are secure, including symmetric encryption, public key encryption and other encryption operations. All relevant keys that are externally managed have not been compromised. It should be noted that legitimate users, illegal users and external attackers are allowed to collude to attack, and it is assumed that all algorithms can calculate accurately and there are no attack and destruction of physical conditions. The adversary has polynomially bounded computer resources.

4.1.2. Security Proof

This section examines the security of the SACS-ABE&B scheme through three theorems. Before proving, it should be noted that these three theorems prove the different properties of the scheme through the indistinguishability of the ciphertext, and there is no strict progressive relationship between them. Theorems 1 and 2 mainly prove the no read and no write rules, and Theorem 3 mainly proves the part of attribute-based encryption in the scheme. Assuming that in all games, the answers to all legitimate queries are correct.

Theorem 1. If there is no a Probabilistic Polynomial Time (PPT) algorithm adversary can win the game in Definition 7, the SACS-ABE&B scheme satisfies the No-Read Rule.

Proof. According to the Definition 7, the Payload Privacy and Sender Anonymity of the scheme are proved as follows.
Payload Privacy. According to the definition, access control policy must be met for who query the decryption key to . According to the identity permission of the and the , three situations are discussed below.(a), that means and have no right to read and write, their secret key is randomly generated in , and is randomly generated and independent of , where or . So has no special advantage to distinguish , then , we can conclude .(b), that means and are legal and they can obtain valid secret key , the are indistinguishable because of the difficulty of the decision problem (Theorem 3), we attain .(c) or . When , can get valid secret key , and compute normal , and are uniformly distributed in the ciphertext space in the ; cannot get , his is randomly generated in the ciphertext space. It can be seen from case b) that the two are indistinguishable, then . When , the situation is consistent with .Sender Anonymity. According to the definition, access control policy and must be met for all users who query the decryption key to . According to the identity permission of the and the , three situations are discussed below.(a). This case is same as a) in Payload Privacy. So .(b). If and , can decrypt the challenge ciphertexts. However, the encryption key and the message in the challenge ciphertexts are completely identical. So for or are identical, obviously .(c) or . This case is same as c) in Payload Privacy. So .Now we complete the proof of Theorem 1.

Theorem 2. If there is no a PPT algorithm adversary can win the game in Definition 8, the SACS-ABE&B scheme satisfies the No-Write Rule.

Proof. According to the Definition 8, the identities of the sender are just 0 or 1, so or in the secret key query before giving the attack target. That is, the sender’s secret key is queried or the sender’s secret key is not queried, two situations are discussed below.(a). Because in definition, so and . Because , are randomly selected. When , and is the originally specified plaintext encrypted by the encryption algorithm ; When , and is a random plaintext. Obviously, both of are all uniform distribution in and all ciphertexts are indistinguishable. has no special advantage to distinguish which situation, so , then .(b). We can get , so the adversary can query the key before or after generating the attack target according . It is necessary to prove that even if the adversary has keys, it still cannot distinguish the challenge ciphertext. At this time, it is only necessary to prove that in this case, except for the negligible probability, the output and input of Sanitizer are independent. is uniform distribution in over algorithm and is uniform distribution in over algorithm, where . In this case, the and are independent. So, it still cannot distinguish the challenge ciphertext, then we can conclude that .Now we complete the proof of Theorem 2.

Theorem 3. If there exists a PPT algorithm adversary with the advantage to win the game in Definition 8, then there exists a PPT simulator can decide Decision Problem with advantage .

Proof. The Decision Problem is to determine whether the oracle is a noisy pseudo-random or a truly random , then the simulator differentiate by adversary . First, queries the oracle and receives (t + 1) samples , where , then proceed as follows.
Initialization Phase. Given a set of attributes . The adversary selects an access structure that wishes to be challenged and sends it to .
Setup. runs , let , select a pair of uniformly random for each attribute in .Let if ; otherwise, let . Then send to .
Inquiry Phase 1. sends secret key queries for , where does not meet the access policy . runs , computes , , and send to .
Challenge. chooses two messages and send them to simulator , then randomly select , if , randomly choose and let , ; if , let , for .
Inquiry Phase 2. asks for the key as in phase 1.
Guess. Adversary outputs his guess about to . If , output , otherwise, output . The advantage of in this game is defined as , so the oracle is:
A noisy pseudo-random : the advantage of is , then andA truly random: has no advantage and unable to get information about , then , .
Then the advantage of simulator is as follows.Now we complete the proof of Theorem 3.

4.1.3. Security and Privacy Evaluation

(1)Fine-grained access control. The system implements fine-grained access control by CP-ABE. Within the scope allowed by the system policy, legitimate users in the system can formulate their own access policies to determine the users who can access data.(2)Data security. All data are encrypted before uploading to the cyberspace. The data stored in IPFS is symmetrically encrypted. Even if it is stolen, it will not cause the leakage of effective information. The symmetric key is encrypted through CP-ABE. The security of the encryption scheme is also proved in the previous section.(3)Privacy protection. In addition to trusted entities, users will not expose personally identifiable information or get other users’ personally identifiable information during access.(4)Supervision and mandatory control. The system ensures that the data will strictly comply with the access policy formulated by the system through the sanitizer before sharing, and can effectively prevent the communication between corrupt users. Even after the data is uploaded, it can also play an immediate control. Such behaviour can strictly prevent any data sharing that violates the system control policy.(5)Tailored forensics. The system saves the user’s access process on the private chain in the form of transactions through the private chain, and uses the tamper proof nature of the blockchain to realize the traceability of the process, so as to facilitate the evidence collection in case of disputes in the future.

4.2. Performance Analysis

The core of this scheme is constructed based on the ciphertext policy attribute-based encryption, which will be analysed first. Some ciphertext policy attribute-based encryption schemes on lattice are selected and compared from the aspects of access structure, problem, user secret key size, ciphertext size and encryption byte. Let is the number of attributes in ciphertext, and is the number of user’s attribute. and are the parameters from lattice, means the columns of matrix in scheme. The comparison is listed in Table 4.

It adopts threshold access structure in scheme [34], which is not flexible enough, and the scheme does not support privacy protection and system control. The schemes of [35, 36] are similar to our scheme in the function and flexibility of the access structure, but they do not support system control, and scheme [35] does not support privacy protection. Scheme [34] is based on the LWE problem on the standard lattice, the encryption byte of the scheme is 1, and the other three schemes are based on the RLWE, and the encryption byte is n. We can know from scheme [34, 36], that and , the size of the user secret key and ciphertext in our scheme are smaller than scheme [34, 36], which are consistent with scheme [35].

It is an interesting research direction to use the combination of attribute-based encryption and blockchain to achieve better performance in data access control. In order to better explain the characteristics of this scheme, some schemes based on blockchain and attribute-based encryption are selected to analyse from the function and characteristics. The comparison of some functions is listed in Table 5.

It proposed a new trustworthy secure and attribute hiding access control scheme based on blockchain in [37], the scheme can reduce the trust cost, reduce the single point of failure, and realize distributed and trusted access control management. ElGamal homomorphic encryption was used to ensure the attribute privacy during authorization validation. The scheme takes advantage of the decentralization of blockchain and pays attention to the security risks caused by the transparency of blockchain.

It proposed a blockchain-based security sharing scheme for personal data named BSSPD in [38], and the feature of this scheme is user-centric. There is no other entity between the data owner and the data user. The data owner can fully control its shared data, ensuring privacy and security, and it can provide ciphertext keyword search. Although this improves the security of the data, the data owner needs to process the requests from the data users, which will sacrifice the time and energy of the data owner.

In order to solve the problems of access control in the medical industry, SHDPCPC-CP-ABE scheme was proposed in [39]. The scheme focuses on the data storage and policy optimization in medical treatment, and ensures the privacy of users in the claim process through homomorphic encryption. The scheme makes use of the immutability of blockchain to realize the user’s medical record.

In scheme [40], the medical data problem is also concerned, especially how to solve the data sharing problem caused by remote devices. This scheme combines blockchain and other technologies to propose an architecture, which realizes data exchange between different fields without strong trust assumption, and can also provide the inherent forensics mechanism tailored.

In order to solve the security and efficiency problems of cloud data, the scheme of user-centric block level attribute-based encryption is proposed based on the traditional blockchain in [41], and Data Level Access Trust is used to provide certain privacy services.

All of the above schemes are based on the decentralization of blockchain to reduce the trust cost. They focus more on avoiding single point of failure and implementing distributed management, which is a wide range of data sharing and access control between different fields. The difference is that the scheme proposed in this paper is aimed at those units and organizations with high security requirements, such as the military and government departments with high level of confidentiality. These units need to be under certain supervision and control, but also need data sharing and access control. At present, there are few papers focusing on this aspect, so we cannot make a similar comparison. To solve this problem, we give a specific scheme based on private chain and ABE, which can resist quantum attacks. Although fully trusted entities are required, which increases the trust cost, these sacrifices are necessary for scenarios with high security requirements.

4.3. Experimental Analysis

This section analyses the operation efficiency of this scheme in different stages, including six algorithms: system initialization, key generation, tag generation, sanitizer key generation, sanitize and decryption, and simulates the operation time of these algorithms when the number of attributes ranges from 5 to 100.

The experiment is performed on a 64 bit Windows 10 operating system with inter (R) core ™ i7-6700HQ CPU @ 2.60 GHz processor and 16 GB of memory. The parameters selected in this experiment are q = 67108289, p = 3. In order to better analyse the performance of the scheme, the degrees of polynomials are 16, 32, 64, 128, 256, 512 respectively.

As shown in Figure 3, the system initialization time of our scheme is linear with the number of attributes. As the degree increases, the running time increases with the number of attributes, and the change trend is more and more obvious. Like Figure 3, Figures 4 and 5 show a linear relationship between running time and the number of attributes. Because the key generation stage and encryption stage need multiple multiplication operations, it takes a long time. The specific number of multiplications is related to the number of attributes. However, in general, there are not so many attributes in the policy and in the attribute set of a single user. Figures 6 and 7 show that the running time of the algorithm has nothing to do with the number of attributes, and the algorithm takes a short time and does not bring too much burden to the system, which is also consistent with the theoretical analysis. Figure 8 shows a linear relationship between running time of the decryption and the number of attributes, and there is little difference in the performance of the algorithms below d = 128.

5. Conclusion

This paper focuses on how to carry out data sharing and access control in the case of high security requirements. Based on the combination of private chain and attribute-based encryption, a sanitizer is set up to supervise the shared data, avoiding data sharing that violates the system control policy. Although higher trust assumptions are required, higher security and reliability can be obtained, which is of certain significance in specific situations. Through analysis, the scheme meets the No-Read and No-Write rules and the security under chosen-plaintext attack. In terms of performance, the scheme is constructed based on RLWE problem, and its efficiency is better than the scheme based on LWE. In terms of function, it focuses on providing system control and resisting quantum attacks compared with other schemes. Of course, other schemes also have many features that this scheme does not have, such as the problem of updating attributes and policies, the problem of searching ciphertext and so on. In addition, the paper also carries out experimental simulation on the attribute-based encryption and decryption part of the scheme. Unfortunately, the paper does not simulate the whole access process in combination with the blockchain platform. These are the work we need to do in the next step.

Data Availability

All data used during the study are available from the corresponding author upon request.

Conflicts of Interest

The authors state that there is no conflicts of interest.

Acknowledgments

This work was supported by the National Natural Science Foundation of China (No. 61572521), Engineering University of the PAP Innovation Team Science Foundation (No. KYTD201805), Natural Science Basic Research Plan in Shaanxi Province of China (2021JM252).

References

J. Shen, T. Zhou, and Z. Cao, “Protection methods for cloud data security,” Journal of Computer Research and Development, vol. 58, no. 10, pp. 2079–2098, 2021.
View at: Google Scholar
B. Waters, “Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization,” Public Key Cryptography—Pkc2011, Springer, Cham, Switzerland, pp. 53–70, 2011.
View at: Google Scholar
S. Chawla, “A review on attribute based encryption techniques of access control in cloud computing,” International Journal of Distributed and Cloud Computing, vol. 6, no. 2, pp. 24–27, 2018.
View at: Google Scholar
V. Goyal, O. Pandey, and A. Sahai, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proceedings of the 13th ACM Conference on Computer and Communications Security—CCS, vol. 6, p. 89, Virginia USA, October 2006.
View at: Google Scholar
V. Umadevi and E. K. Girisan, “Integrity checking in cloud storage and policy based user revocation using attribute based encryption,” International Journal of Recent Technology and Engineering, vol. 8, pp. 6905–6911, 2019.
View at: Google Scholar
X. Zhang, F. Wu, W. Yao, Z. Wang, and W. Wang, “Multi-authority attribute-based encryption scheme with constant-size ciphertexts and user revocation,” Concurrency and Computation: Practice and Experience, vol. 31, no. 21, Article ID e4678, 2019.
View at: Publisher Site | Google Scholar
S. Senthilkumar and V. M. Viswanatham, “ERAC-MAC efficient revocable access control for multi-authority cloud storage system,” International Journal of Internet Technology and Secured Transactions, vol. 9, no. 3, pp. 221–241, 2019.
View at: Publisher Site | Google Scholar
L. Zhang, L. Li, E. Medwedeff, H. Huang, X. Fu, and R. Wang, “Privacy protection of social Networks based on classified attribute encryption,” Security and Communication Networks, vol. 2019, Article ID 9108759, pp. 1–14, 2019.
View at: Publisher Site | Google Scholar
X. Li, Y. Chen, and H. Zhu, “An access control scheme supporting privacy protection based on blockchain and attribute,” Journal of Physics: Conference Series, vol. 1966, no. 1, Article ID 012048, 2021.
View at: Publisher Site | Google Scholar
M. Wang, Z. Zhang, and C. Chen, “Security analysis of a privacy-preserving decentralized ciphertext-policy attribute-based encryption scheme,” Concurrency and Computation: Practice and Experience, vol. 28, no. 4, pp. 1237–1245, 2016.
View at: Publisher Site | Google Scholar
Z. Liu, Z. Cao, and D. S. Wong, “White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures,” IEEE Transactions on Information Forensics and Security, vol. 8, no. 1, pp. 76–88, 2013.
View at: Publisher Site | Google Scholar
J. Ning, X. Dong, Z. Cao, Lifei Wei, and Xiaodong Lin, “White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 6, pp. 1274–1288, 2015.
View at: Publisher Site | Google Scholar
Z. Liu, Q. Huang, and D. S. Wong, “On enabling attribute-based encryption to Be traceable against traitors,” The Computer Journal, vol. 64, no. 4, pp. 575–598, 2020.
View at: Publisher Site | Google Scholar
L. Qiu, F. Cai, and G. Xu, “Quantum digital signature for the access control of sensitive data in the big data era,” Future Generation Computer Systems, vol. 86, pp. 372–379, 2018.
View at: Publisher Site | Google Scholar
A. Rahmani, A. Amine, and M. Reda, “A mathematical model of access control in big data using confidence interval and digital signature,” Computer Science & Information Technology (CS & IT), vol. 5, no. 15, pp. 183–198, 2015.
View at: Google Scholar
M. Naor and A. Wool, “Access control and signatures via quorum secret sharing,” IEEE Transactions on Parallel and Distributed Systems, vol. 9, no. 9, pp. 909–922, 1998.
View at: Publisher Site | Google Scholar
S. Chhabra and A. Kumar Singh, “Security enhancement in cloud environment using secure secret key sharing,” Journal of Communications Software and Systems, vol. 16, no. 4, pp. 296–307, 2020.
View at: Publisher Site | Google Scholar
X. Liu, J. Ma, and J. Xiong, “Ciphertext-policy hierarchical attribute-based encryption for fine-grained access control of encryption data,” International Journal on Network Security, vol. 16, no. 6, pp. 437–443, 2014.
View at: Google Scholar
I. Damgård, H. Haagh, and C. Orlandi, “Access control EncryptionEnforcing information flow with cryptography,” Cryptology and Information Security Series, vol. 106, 2016.
View at: Google Scholar
A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 457–473, Aarhus, Denmark, June 2005.
View at: Google Scholar
S. Yu, W. Cong, and K. Ren, “Achieving secure, scalable, and fine-grained data access control in cloud computing,” in Proceedings of the 2010 Proceedings IEEE INFOCOM, pp. 1–9, St. Petersburg Russia, May 2010.
View at: Google Scholar
J. Zhou, Z. Cao, and X. Dong, “TR-MABE: white-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems,” in Proceedings of the 2015 IEEE Conference on Computer Communications (INFOCOM), pp. 2398–2406, Hong Kong, China, April 2015.
View at: Google Scholar
T. Yang, P. Shen, and X. Tian, “Access control mechanism for classified and graded object storage in cloud computing,” Jouranl of Software, vol. 28, no. 9, pp. 2334–2353, 2017.
View at: Google Scholar
G. Li and H. Sato, “A privacy-preserving and fully decentralized storage and sharing system on blockchain,” in Proceedings of the 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), pp. 694–699, WI, USA, July 2019.
View at: Google Scholar
A. Wu, Y. Zhang, X. Zheng, R. Guo, Q. Zhao, and D. Zheng, “Efficient and privacy-preserving traceable attribute-based encryption in blockchain,” Annals of Telecommunications, vol. 74, no. 7-8, pp. 401–411, 2019.
View at: Publisher Site | Google Scholar
B. Yu and Z. Ma, “The study on attribute and trust-based RBAC model in cloud computing,” Computer Engineering and Applications, vol. 9, pp. 84–92, 2020.
View at: Google Scholar
X. Zhang and Y. Yu, “Blockchain data sharing model based on attribute-based encryption,” Application Research of Computers, vol. 38, no. 8, pp. 2278–2283, Apr, 2021.
View at: Google Scholar
S. Kim and D. Wu, “Access control encryption for general policies from standard assumptions,” International Conference on the Theory and Application of Cryptology and Information Security, vol. 10624, pp. 471–501, 2017.
View at: Google Scholar
P. Wang, T. Xiang, X. Li, and H. Xiang, “Access control encryption without sanitizers for Internet of Energy,” Information Sciences, vol. 546, pp. 924–942, 2021.
View at: Publisher Site | Google Scholar
V. Lyubashevsky, C. Peikert, and O. Regev, “A toolkit for ring-LWE cryptography,” EUROCRYPT, vol. 7881, pp. 35–54, 2013.
View at: Google Scholar
S. Tan and S. Azman, “Lattice ciphertext-policy attribute-based encryption from ring-LWE,” in Proceedings of the 2015 International Symposium on Technology Management and Emerging Technologies (ISTMET), pp. 258–262, Langkawi, Malaysia, August 2015.
View at: Google Scholar
G. Tan, R. Zhang, and H. Ma, “Access control encryption based on LWE,” in Proceedings of the 4th ACM International Workshop on ASIA Public-Key Cryptography, pp. 43–50, UAE, April 2017.
View at: Google Scholar
K. Guo, Y. Han, and L. Kai, “Traceable attribute-based encryption on OBDD access structure from lattice,” in Proceedings of the 2022 11th International Conference on Communications, Circuits and Systems (ICCCAS), pp. 210–215, Singapore, May 2022.
View at: Google Scholar
Y. Wang, “Lattice ciphertext policy attribute-based encryption in the standard model,” International Journal on Network Security, vol. 16, no. 6, pp. 444–451, 2014.
View at: Google Scholar
X. Yan, Y. Liu, and Z. Li, “Privacy-preserving attribute-based encryption scheme on ideal lattices,” Journal on Communications, vol. 39, no. 03, pp. 128–135, 2018.
View at: Google Scholar
S. Zhao, R. Jiang, and B. Bhargava, “RL-ABE: a revocable lattice attribute based encryption scheme based on R-LWE problem in cloud storage,” IEEE Transactions on Services Computing, vol. 15, no. 2, pp. 1026–1035, 2022.
View at: Publisher Site | Google Scholar
S. Gao, G. Piao, J. Zhu, X. Ma, and J. Ma, “TrustAccess: a trustworthy secure ciphertext-policy and attribute hiding access control scheme based on blockchain,” IEEE Transactions on Vehicular Technology, vol. 69, no. 6, pp. 5784–5798, 2020.
View at: Publisher Site | Google Scholar
H. Gao, Z. Ma, S. Luo, Y. Xu, and Z. Wu, “BSSPD: a blockchain-based security sharing scheme for personal data with fine-grained access control,” Wireless Communications and Mobile Computing, vol. 2021, Article ID 6658920, 20 pages, 2021.
View at: Publisher Site | Google Scholar
F. Li, K. Liu, L. Zhang, S. Huang, and Q. Wu, “EHRChain: a blockchain-based ehr system using attribute-based and homomorphic cryptosystem,” IEEE Transactions on Services Computing, vol. 38, p. 1, 2021.
View at: Publisher Site | Google Scholar
V. Malamas, P. Kotzanikolaou, T. K. Dasaklis, and M. Burmester, “A hierarchical multi blockchain for fine grained access to medical data,” IEEE Access, vol. 8, pp. 134393–134412, 2020.
View at: Publisher Site | Google Scholar
S. Godfrey Winster, A. Siva Kumar, and R. Ramesh, “User centric block-level attribute based encryption in cloud using blockchains,” Computer Systems Science and Engineering, vol. 42, no. 2, pp. 605–618, 2022.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Guo Kaiyang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

358

Downloads

324

Citations