Privacy Protection of Task in Crowdsourcing: Policy-Hiding and Attribute Updating Attribute-Based Access Control Based on Blockchain

Yang, Kunwei; Yang, Bo; Zhou, Yanwei; Wang, Tao; Gong, Linming

doi:https://doi.org/10.1155/2022/7787866

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Related Work Preliminaries Conclusion Data Availability Conflicts of Interest Authors’ Contributions Acknowledgments References Copyright Related Articles

Special Issue

Blockchain and Edge Intelligence in the Internet of Things

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 7787866 | https://doi.org/10.1155/2022/7787866

Privacy Protection of Task in Crowdsourcing: Policy-Hiding and Attribute Updating Attribute-Based Access Control Based on Blockchain

Kunwei Yang,¹Bo Yang,¹Yanwei Zhou,¹Tao Wang,¹and Linming Gong²

Academic Editor: Qingqi Pei

Received14 Dec 2021

Accepted23 Feb 2022

Published24 Mar 2022

Abstract

Crowdsourcing is a new way to solve complex problems by using human intelligence. However, the tasks and user information privacy concerned in crowdsourcing have not been adequately addressed. It is necessary to design a privacy protection mechanism for tasks that need to be restricted to specific user groups. Ciphertext-policy attribute-based encryption (CP-ABE) is an efficient and feasible cryptographic tool, particularly for crowdsourcing systems. The encryptor can choose the access policy independently, which limits the scope of decryption users. At present, most CP-ABE schemes adopt a centralized management platform, which poses problems such as high trust-building costs, DDoS attacks, and single point of failure. In this paper, we propose a new access control scheme based on CP-ABE and blockchain, which has the properties of policy hiding and attribute updating. To protect the privacy of worker’s attributes, we adopt a test algorithm based on a fully homomorphic cryptosystem to confidentially judge whether the worker’s attribute lists match the hidden attributes policy in ciphertext or not before the decryption. Experiment results and comprehensive comparisons show that our mechanism is more flexible, private, and scalable than existing schemes.

1. Introduction

With the rapid development of science and technology, a new generation of information technology represented by 5G, Internet of Things, edge intelligence, and blockchain has emerged, which has realized a comprehensive link between people, machines, and things, and built new infrastructure, application mode, industrial ecology, and service system [1–7]. In the application of new technologies, people are most concerned about information security and privacy protection. Researchers have conducted extensive and in-depth research in many fields to promote the healthy development of related application technologies [8–13].

In recent years, crowdsourcing as a distributed problem-solving model has been widely concerned by researchers. As in Figure 1, the model consists of three parties: requesters, workers, and a crowdsourcing platform. Requester submits tasks through the crowdsourcing platform. Workers get tasks from the platform and get corresponding rewards after completing tasks. At present, many crowdsourcing applications are widely used, such as UBER and Waze [14]. These applications have been integrated into many aspects of daily life.

Due to the diversity of perceptual tasks, it is necessary to select appropriate policies for the privacy protection of specific perceptual tasks. However, the traditional crowdsourcing systems based on a centralized management platform have the following weaknesses. First, it is vulnerable to DDoS attacks, remote hijackings, and so on. Second, there is a potential danger of a single point of failure. Third, users’ sensitive information and task solutions are exposed to the risks of leakage. Fourth, from the perspective of privacy protection, it is impossible to implement the task hiding publishing mechanism within a limited receiver scope. The above problems seriously restrict the development of crowdsourcing system applications.

To solve these problems, we use blockchain [15] and CP-ABE [16] technologies to construct a credible task hiding access control mechanism in crowdsourcing. By using cryptography, timestamps, consensus mechanism, and incentives mechanism, blockchain enables point-to-point transaction and collaboration. Applying blockchain technology to a crowdsourcing system solves problems such as trust, incentive, and decentralization. CP-ABE is a branch of ABE mechanism [17], in which the access control policy is determined by an encryptor. The user’s decryption key is associated with its own attribute set, which can be decrypted correctly only when the user attributes meet the policy requirements. Due to this special property, CP-ABE has been widely used in various scenarios.

In this paper, we integrate blockchain with CP-ABE cryptosystems to implement an access control mechanism for task privacy publishing. The main innovations of this paper are summarized as follows. (i)We propose a new access control mechanism based on blockchain under the crowdsensing system, which has decentralized, fine-grained, flexible, and security features. It can be applied in the task distribution phase that ensuring crowdsourcing tasks can only be accessed by users who meet the requirements of the access policy. The system establishes a secure way to exercise access control between requesters and workers, which is more suitable for complex crowdsensing systems than other schemes(ii)We propose a new CP-ABE scheme with policy hiding property. In the encryption phase, the access policy is not displayed in the ciphertext tuple, which ensures the privacy of the access policy. Different from the present CP-ABE schemes, in which decryptors need to do excessive calculations to determine whether their attributes meet the access policy in the decryption phase, the new scheme adds a test phase before the decryption. With much less computation than decryption itself, the test uses a fully homomorphic cryptosystem to ensure the privacy of policy and attributes(iii)Our CP-ABE scheme features attribute updating. It is very flexible to add new attributes in the access policy because we can only generate the public key parameters for the new attributes and the existing public key can remain unchanged. To decrypt the ciphertext with newly added attributes in the access policy, the decryptors must obtain a new secret key including the newly added attributes again. The feature of attribute updating can greatly improve the flexibility and scalability of our scheme

The remainder of the paper is organized as follows. In Section 2, we present the related work. The preliminaries are given in Section 3, an overview of the new access control system in Section 4. Section 5 describes the proposed system, including an access control mechanism and a CP-ABE scheme. We analyze the security of our access control system in Section 6 and make comparisons and performance evaluation of our scheme in Section 7. The last section is the conclusion.

In a heterogeneous and complex network environment, research on access control technology is heading towards the direction of fine granularity, which takes into consideration users, resources, operation, environment, and other factors. In this section, we would introduce some related work in the field of blockchain-based access control and CP-ABE schemes.

2.1. Blockchain-Based Access Control

Because of the low management efficiency, lack of flexibility, poor scalability, and other problems existing in the current centralized access control mechanism, researchers began to pay attention to the blockchain-based access control mechanism. [18] proposed a privacy-preserving authorization management framework for IoT by using blockchain that enables users to own and control their data. The data access control is implemented through a series of transactions that are used to grant, get, delegate, and revoke access. [19] realized the transfer of user rights through blockchain transactions and stores the transaction results on the blockchain to ensure that the executed access authorization operation cannot be denied. In view of the data privacy problem of cloud, [20] proposed a fine-grained access control scheme based on the blockchain model and attribute-based cryptosystem, which has the nature of privacy-preserving and user-controlled. In the scheme, a smart contract is used to ensure the scalability of the access control. [21] proposed an access management system for cloud federations. It allows federated organizations to enforce attribute-based access control policies on their data in a privacy-preserving fashion. By using blockchain and Intel SGX trusted hardware, the integrity of the policy evaluation process in the scheme is ensured. To address the problem that roles are used across organizations in the network, [22] used smart contract as the trusted basis in access control and employed the challenge-response mechanism to realize the verification of user roles. [23] proposed a blockchain-based big data access control mechanism based on the attribute-based access control (ABAC) model. To ensure the tamper-resistant, auditability, and verifiability of access control information, the scheme described a transaction-based access control policy and entity attribute information management method. [24] proposed an access control model called timely CP-ABE, where the user legitimacy is verified by blockchain nodes and file sharing is based on a CP-ABE scheme that adds temporal dimension. [25] proposed an access control mechanism in a smart grid scenario based on an identity-based combined encryption, signature, and signcryption scheme. A new consensus algorithm in the power system is designed to solve the key escrow problem. [26] proposed to define an access control system that guarantee the auditability of access control policy evaluation. The core idea of the scheme is to codify access control policies as smart contracts and deploy them on a blockchain. In this way, the decision process of the policy can be executed automatically. By using CP-ABE, [27] proposed a ciphertext policy and attribute hiding access control scheme based on blockchain. To ensure the attribute privacy during authorization validation, they use the ElGamal cryptosystem [28] to secretly match user attributes and access policies. However, we point out that the ElGamal cryptosystem does not have additive homomorphism; so, there are loopholes in the access policy match phase. In addition, the scheme adopts a secure channel to transmit secret key, which increases the communication cost.

2.2. CP-ABE Schemes

The notion of ABE was first introduced by Sahai and Waters in [17], where both ciphertexts and secret keys are associated with sets of attributes. There are two variants of ABE: key-policy ABE (KP-ABE) [29] and ciphertext policy ABE (CP-ABE) [16]. In a KP-ABE scheme, the decryption key is associated with an access policy, and the ciphertext is associated with a set of attributes. In the decryption phase, the ciphertext can be decrypted if and only if the attribute set of the ciphertext satisfies the access policy of the decryption key. On the contrary, in a CP-ABE scheme, the ciphertext is associated with an access policy, and the decryption key is generated over a set of attributes. CP-ABE is perfectly suitable for fine-grained access control environments because it enables data owners to formulate and enforce access policies themselves.

Since [17] proposed the first CP-ABE scheme, researchers have proposed many specific CP-ABE schemes. In the CP-ABE mechanism, the more complex the policy, the more complicated the system is designed, and the more difficult to obtain the security proof of the mechanism. Researches on CP-ABE focus mainly on the design of access policy, which is generally classified into AND gates, access tree, and LSSS matrix. Cheung and Newport [30] presented a CP-ABE-based AND gates that is proven to be secure under the standard model. Subsequently, Nishide et al. [31] and Emura et al. [32] realized policy hiding and efficiency improvement, respectively, on the basis of the scheme [30]. Lai et al. [33] proposed a ciphertext policy hiding CP-ABE scheme, which can be expressed as AND gates on multivalued attributes with wildcards, and proved that it is fully secure. Different from the above types, there are many CP-ABE schemes [16, 34–36] with tree, linear secret sharing scheme (LSSS), and 0-1 coding as access structures, which have strong policy expression ability. For application scenarios that access policies need to be hidden and updated, many anonymous ABE schemes [27, 37–39] have been proposed. In an anonymous ABE, the access policy is hidden so that the user has no idea about the attribute content in the policy. However, most previous schemes cannot securely add new attributes in the access policy because these schemes have a common flaw that a decryptor can combine all old secret key components to reconstruct the exponent for decryption.

3. Preliminaries

In this section, we showcase the associated basic knowledge. See Table 1 for the notations used herein.

3.1. Blockchain

Blockchain was originally known as the underlying technology of Bitcoin. It was not until 2015 that blockchain became a prominent concept by researchers. Consisting of peer-to-peer (P2P) network, consensus protocol, transaction, smart contract, and a series of other technologies, blockchain can provide a trusted and distributed network environment. This new technology has solved the security risks brought by the centralization model. Applications based on blockchain technology can provide a new direction to reduce the middleman role.

3.1.1. P2P Network

Unlike the traditional client/server mode, the P2P network is a net system in which information is exchanged entirely by nodes without a central server. In a P2P network, blockchain nodes can join and exit freely, and the network system can expand and shrink freely.

3.1.2. Consensus Protocol

The consensus mechanism is the cornerstone of blockchain and an important guarantee for the security of the blockchain system. It can be used to solve the consistency problem caused by block distributed storage. The consensus mechanism is the foundation for building trust in the blockchain and contains an incentive mechanism for the effective operation of the blockchain system. The common consensus protocol includes POW [15], POS [40], BFT [41], and mixture of various mechanisms.

3.1.3. Transaction

Blockchain adopts a transaction data model composed of input, output, and digital signature to ensure that every transaction can be tracked. Merkel hash tree is used to package and aggregate all transaction information in a period of time to ensure that the transaction data will not be tampered.

3.1.4. Smart Contract

The concept of smart contract was put forward by Nick Szabo [42] in 1994. It is a computer program that executes and verifies the contract in an information way. The birth of blockchain provides a credible execution environment for smart contracts and accelerates the development of smart contracts. At the same time, the application of smart contracts expands blockchain technology from the earliest monetary system to a wider range of practical application scenarios.

3.2. Attribute and Access Structure

We define the attribute and access structure as provided in [43]. Let represent the attribute universe and represent the user’s attribute set, where . In this paper, we use -bit string to represent the user’s attribute information.

For instance, let . means that the attribute set consists of the attributes .

We also represent the access policy with an -bit string defined as follows.

For instance, let . The means the access policy requires attributes.

In the attribute universe, each of can be represented in terms of a group element , where is a cyclic group of order . There is a that satisfies . Let us assume that the has elements equal to . We compute . This implies that if an attribute set fulfills the access policy , then must be . On the contrary, if does not fulfills , the result of must be less than .

3.3. Fully Homomorphic Cryptosystem

The concept of fully homomorphic encryption [44] was proposed by Rivest et al. in 1970s, and it has become an important technology to solve the security problem arising in cloud service. The way to construct such schemes has been a hard problem for cryptographers. The first fully homomorphic cryptosystem based on ideal lattice was proposed by [45]. This scheme can perform any computation on the encrypted data without decrypting and does not affect the confidentiality of the data. The fully homomorphic cryptosystem means that it satisfies the properties of both additive and multiplicative homomorphisms simultaneously. It can be expressed by the following formula.

If is an arbitrary function, it is called fully homomorphic encryption.

3.4. Composite Order Bilinear Groups

The concept of composite order bilinear groups was proposed in [46]. In this paper, we select two prime numbers of equal length as the order of two subgroups of group .

Let be a group generation algorithm and denote a security parameter. The algorithm outputs public parameters , such that (1) is a generator of , (2) and are two multiplicative cyclic groups of prime order , and (3) denotes a computable bilinear map that satisfies the following properties: (i)Bilinearity: , for all and (ii)Nondegeneracy: , where is the generator of (iii)Computability: given the elements , can be computed efficiently

Furthermore, let denote two subgroups of with order , , and , . Then, we have .

3.5. Complexity Assumptions

Let the definition of be the same as above, and be an adversary whose purpose is to solve DBDH problem.

Definition 1. (DBDH problem). For the exponents randomly selected from , two tuples and are computationally indistinguishable. The advantage of adversary in solving DBDH problem is defined as We say that the DBDH assumption holds if for all adversaries , we have

3.6. Definition of CP-ABE Scheme

A CP-ABE scheme consists of Setup, Encrypt, KeyGen, and Decrypt algorithms. The specific process is as follows. : the setup algorithm takes the security parameter as input and outputs a public key and a master secret key : given the master secret key and an attribute list , the keyGen algorithm returns a secret key .: given , a message , and an access policy , the encrypt algorithm returns a ciphertext : given a ciphertext and a secret key , the decrypt algorithm returns the message if . Otherwise, it returns with overwhelming probability: the setup algorithm takes the security parameter as input and outputs a public key and a master secret key

3.7. Security Model for CP-ABE

In this paper, we use the security model proposed by [30]. A CP-ABE scheme is secure against chosen plaintext attacks (CPA) if no probabilistic polynomial time adversary has a nonnegligible advantage in the following game. (i)Init: the adversary defines the target access policy and sends it to the challenger(ii)Setup: the challenger executes the setup algorithm and sends to the adversary(iii)Phase 1: the adversary makes key generation queries by submitting an attribute list . The challenger answers with a secret key if . The process can be repeated adaptively(iv)Challenge: the adversary selects two equal-length messages and and sends them to the challenger. After selecting a random bit , the challenger generates a ciphertext by encrypting with . Then, it sends to the adversary(v)Phase 2: the adversary makes key generation queries, and the challenger answers as Phase 1(vi)Guess: finally, the adversary outputs a guess . If , the challenger outputs 0; otherwise, it outputs 1

4. The Specific Process of Access Control System

4.1. System Architecture

Our system architecture is shown in Figure 2, which involves four entities, namely, requesters, workers, cloud, and blockchain.

Requesters need to set an access policy first and then encrypt the task information using our CP-ABE scheme. Finally, they post the ciphertext of the task to the cloud and send the ciphertext address of the task to the blockchain via a storage transaction. When the task is completed, the requester will reward workers accordingly.

Workers are a group of users with different attributes who compete for the task to get rewards. The attributes of the workers determine whether the workers can get the plaintext of the task.

Cloud has an extremely large storage capacity to offer data storage services. In our system, the cloud is a data storage platform for storing encrypted task information.

Blockchain is a distributed platform to record relevant transaction information, which is open and transparent to requesters and workers.

4.2. Specific Process

Next, we describe the specific process of the system in detail.

Step 1. In the first step, the requester performs the setup algorithm of CP-ABE as follows. : our construction takes a security parameter as input and runs the group generator to get , where . It picks the generators of . Let the attribute universe be the set of attributes. For each attribute where , choose random values from , set . Algorithm selects random elements . Let and . The public key is . And the master secret key is .

Step 2. The requester sets an access policy and encrypts the task by using Encryption algorithm. : the requester picks up random values for , set . Then, the requester computes , and as follows:where . The ciphertext is .

Step 3. The requester uploads the ciphertext of the task to the cloud server.

Step 4. In the storage phase, the requester only needs to publish the ciphertext address of the task to the blockchain through a storage transaction, to reduce the storage cost of the blockchain. The specific process is as follows.
The requester takes (, ) as input, where is the identifier of the current storage transaction, is the cloud storage address of the ciphertext , and is the number of attributes in the access policy. Then, the requester makes the following calculation. (1)Calculate the hash value of the :(2)Calculate the ciphertext of access policy vector encrypted by the fully homomorphic cryptosystem(3)Calculate the hash value of the storage transaction:(4)Use the private key to sign the hash value of the storage transaction. It generates a Finally, the requester generates a transaction: and publishes it on the blockchain.

Step 5. Workers submit an attribute authentication transaction and get attribute certification by calling smart contract SC. AA that is used to provide attribute management services for workers. Then, workers’ attributes are authenticated and endorsed by SC. AA. Meanwhile, the attributes of workers recorded on the blockchain will not change anymore.

Step 6. After getting the authentication of attributes, a worker sends the ciphertext of attributes to the blockchain via an attribute test transaction. It takes as input and makes the following calculation. (1)Calculate the ciphertext of the worker’s attribute vector encrypted by a fully homomorphic cryptosystem(2)Calculate the hash value of the test transaction(3)Use the private key to sign the hash value of the test transaction. It generates Finally, the worker generates a transaction: and publishes it on the blockchain.

Step 7. It can get , through the identifier and . The smart contract SC.PD calculates by using the above fully homomorphic cryptosystem. Finally, the smart contract SC. PD returns the value.

Step 8. The requester decrypts to get . If , it can determine that the worker’s attributes satisfy the CP-ABE policy. Then, the requester will run the KeyGen algorithm to generate the CP-ABE secret key . Afterwards, the requester encrypts with and sends the ciphertext of to the blockchain. . Firstly, the requester selects a random from and let . Then, for every , the requester picks up random values and computesThe secret key .

Step 9. The worker downloads the ciphertext of the task from the cloud via address of . At the same time, the worker can decrypt and obtain by using .

Step 10. By using the private key , the worker runs the decryption algorithm Decrypt to obtain the task data. : the worker tries to decrypt the without knowing by using his associated with the attribute list . The decryption process is as follows:

4.3. Main Idea

Through such a CP-ABE scheme, we can achieve a policy hiding, updatable, and fine-grained access control scheme in crowdsourcing. For requesters, they only want workers who meet the policy requirements to get the task. For workers, they need to do a policy test confidentially to prove whether their attributes meet the policy requirements. The implementation of policy hiding and attribute updating is as follows.

To achieve the goal of policy hiding, it means that the ciphertext does not contain policy , and the workers can decrypt without knowing the access policy . As mentioned above, we use bit string and to represent the user’s attribute set and access policy , respectively. We chose a composite order group with order . In the encrypt phase, if , let be well-formed parameters chosen from . If , we set as two random elements of . If an attribute is required in a policy, then the worker’s attribute set must also have that attribute to be validated by SC.PD. Each worker that satisfies the attribute can obtain the decryption key. Thus, if the set of attributes for the workers meet the policy requirements, it does not need to know the access policy to complete the decryption.

The attribute update feature requires that it is easy to update the attribute information in the access policy, even after the setup phase is executed. The reason the previous scheme does not have this feature is that the decryptors can use their old secret key that does not contain new attributes to decrypt the new ciphertext. These schemes have a common flaw that the decryptors may combine all old secret key components to reconstruct the exponent of the secret key for decryption. In our scheme, we embed the composition factor of the random number in the ciphertext tuple instead of the private key, which forces workers to obtain the private key components corresponding to all attributes specified in the new access policy. If any new attributes were added into the access policy after the workers got their private keys, they cannot decrypt correctly until getting the new secret key components.

5. Security Analysis

Our scheme satisfies several security properties, and the specific analysis is as follows. (1)Collusion resistance: for an attribute-based encryption scheme, it is very important to prevent collusion attacks between adversaries. In our CP-ABE scheme, to decrypt the ciphertext, adversaries have to get . When an adversary does not possess an attribute, he needs to conspire with a coconspirator who possesses the attribute. However, in the process of secret key generation, the private key of different adversaries uses different random numbers. By means of collusion, the adversary must get in the decryption phase. However, is the random number in the adversary’s secret key, and is the random number in the coconspirator’s secret key; so, they cannot calculate together. That is why this scheme has the character of resisting collusion attacks(2)Task confidentiality: this is the most basic security feature to ensure the security of the task. In our system, the task is encrypted and uploaded to the cloud server platform, which is considered to be curious. In the worst case, the cloud server platform may attempt to restore the task information; however, it either does not have a secret key or the attribute does not satisfy the access policy. Therefore, the scheme can ensure the privacy of the task(3)Decentration: by using blockchain, we can realize an end-to-end crowdsourcing task management. In this process, requesters and workers can interact directly. It avoids DDoS attacks, single point of failure, and leakage of important data that may be encountered on a centralized management platform(4)Policy privacy protection: in our scheme, the policy is treated as private data that need to be protected. We propose the CP-ABE with policy-hiding property. In the encryption phase, the generated ciphertext does not contain access policy information, which can protect the privacy of the policy. To authenticate the worker’s attributes, a policy test algorithm that uses a fully homomorphic cryptosystem is adopted to estimate whether the attribute lists match the hidden attributes policy in ciphertext or not before the decryption. Such an approach ensures the privacy of the policy(5)Integrity and traceability: our scheme can ensure the integrity of task data and the traceability of access control information through blockchain. Workers can compare the hash value of the task ciphertext in the cloud server platform with the information stored in the blockchain to determine whether the task has been modified. Meanwhile, all authorization records are stored as immutable access transactions in the blockchain; therefore, no one can deny their behavior(6)Security analysis of CP-ABE: we now prove that the above CP-ABE scheme is selectively secure under the DBDH assumption

Theorem 1. Assume that there is a probabilistic polynomial-time adversary which can break out our CP-ABE scheme in a chosen plaintext attacks model with nonnegligible advantage , then a simulator can be constructed to distinguish the DBDH tuple from the random tuple with nonnegligible advantage .

Proof. We first let the Sim set the security parameter and run the group generator to get the public parameters , where . The DBDH challenger gives a DBDH tuple to Sim, where is either or with equal probability. The Sim proceeds as follows: (i)Init: during this phase, Sim receives the challenge access policy from (ii)Setup: to provide a public key to , Sim sets to be . This implies . Let the attribute universe be , Sim chooses random , sets and . Then, Sim publishes PK as in the real scheme(iii)Phase 1: submits a set , provided, and it means that there is at least one that satisfies , but . Sim answers with a secret key for as follows:Sim picks up random values . For every , Sim chooses random . It sets , and the component of the secret key can be computed as . Sim computes the components . When , the components are as follows: The secret key . (iv)Challenge. submits two challenge messages and of equal length. Sim chooses at random and encrypts based on . Then, sets . For the policy , Sim continues chooses random values for , set . Obviously, Sim can compute the ciphertext components easily(v)Phase 2: same as Phase 1(vi)Guess: produces a guess of . If , Sim outputs 1 and otherwise outputs 0. If , then is a valid ciphertext, in which case the advantage of is . Hence,If , then is completely random from the view of . Therefore, where is negligible. Hence, From the above analysis, we can see that the Sim’s advantage in the DBDH game is .

6. Comparisons and Efficiency Evaluation

In this section, we first make comprehensive comparisons of our scheme with related work in terms of security, efficiency, and performance features. Then, we implement our CP-ABE scheme to analyze the efficiency of the algorithm.

6.1. Comparisons

We make a horizontal comparison with the relevant blockchain-based access control schemes in terms of important features, including policy privacy, fine granularity, attribute update, policy test, decentration, and framework. As seen in Table 2, these schemes do not consider the privacy of the policy except [27]. There is a potential problem that the attacker may infer the scope of the user group through the policy information. Centralized entities are introduced in schemes [22, 25], which results in some privacy and security concerns. Meanwhile, these three schemes can only achieve coarse-grained access control. [19, 23] support dynamic updating of policy attributes, which makes the schemes extensible. Only the scheme [27] is capable of supporting the policy test to judge whether the attribute lists match the hidden attributes policy in ciphertext or not before the decryption. However, there is an obvious mistake in the paper that the ElGamal cryptosystem does not have additive homomorphism; so, there are loopholes in the access policy match phase. Therefore, none of these blockchain-based access control schemes can support policy hiding and testing. Our scheme adopts a policy-hiding CP-ABE scheme and a fully homomorphic cryptosystem to realize policy hiding and testing. At the same time, our scheme supports attribute updating. Furthermore, a secure communication channel is not necessary anymore in our system.

Aiming at the efficiency problem, we compare our CP-ABE scheme with some related CP-ABE schemes. In Table 3, the symbols , , , and represent the public key, the master secret key, the secret key, and the task ciphertext, respectively. We use , , and to denote the number of groups , the target group , and prime group , respectively. Let , , , denote the number of attributes, the number of elements in an attribute category, the number of elements in the user A’s attribute set, and the number of attributes in the policy set. Through the horizontal comparison, we can see that under the premise of obtaining the relevant security features, our scheme does not reduce the efficiency and even outperforms the relevant schemes in terms of ciphertext size. It is better for saving storage space on the cloud.

6.2. Efficiency Evaluation

We implement our CP-ABE scheme based on pairing-based cryptography (PBC) library on a laptop with Windows 10, Intel Core i5-8250U CPU, 2.90 GHz, and 16 GB RAM. The size of public parameters and message size is important indicators to evaluate the calculated performance of a CP-ABE scheme. In this experiment, we use type A1 pairing and let the composite be the universe size. The composite in our experiments consists of two prime numbers of 517 bits, which means that bits.

Our main concern is how the efficiency of the scheme changes with the increase of the number of attributes. The execution result of the algorithm is shown in Figure 3. For each phase, we run the algorithm 10 times and then adopt the average value. As is illustrated, the two phase algorithm time increases as the number of attributes grows. This is due to the calculation of variables in each algorithm depending on the number of attributes. Compared with other algorithms, the advantage of our algorithm is that it can support attribute update, policy hide, policy test, and other properties at the same time, while the efficiency of the algorithm does not decrease too much. Therefore, our scheme is more suitable for the crowdsourcing system with higher requirements for privacy protection.

7. Conclusion and Future Work

In this paper, we present a privacy protection mechanism for tasks in crowdsourcing, which realizes autonomous access control by adding blockchain to avoid a series of problems faced by central institutions. To solve the privacy of crowdsourcing tasks and access policies, we propose a new CP-ABE scheme with an expressive AND gate access structure that supports policy hiding and attribute updating. At the same time, we adopt a test algorithm based on a fully homomorphic cryptosystem to confidentially judge whether the worker’s attribute lists match the hidden attributes policy in ciphertext or not before the decryption. Compared with previous schemes, our scheme has more advantages in flexibility, scalability, and privacy. In the future, we will consider an expressive and constant-size attribute-based access control based on blockchain.

Data Availability

No data were used to support this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Authors’ Contributions

Bo Yang, Yanwei Zhou, Tao Wang, and Linming Gong contributed equally to this work.

Acknowledgments

This work is supported by the National Natural Science Foundation of China (Grant nos. U2001205, 61772326, 61802241, and 61802242) and the Fundamental Research Funds for the Central Universities (Grant nos. GK202003079, GK202007033, and 2020TS087).

References

L. Liu, J. Feng, Q. Pei et al., “Blockchain-enabled secure data sharing scheme in mobile-edge computing: an asynchronous advantage actor-critic learning approach,” IEEE Internet of Things Journal, vol. 8, no. 4, pp. 2342–2353, 2021.
View at: Publisher Site | Google Scholar
K. Yu, L. Tan, S. Mumtaz et al., “Securing critical infrastructures: deep-learning-based threat detection in iiot,” IEEE Communications Magazine, vol. 59, no. 10, pp. 76–82, 2021.
View at: Publisher Site | Google Scholar
K. Yu, Z. Guo, Y. Shen, W. Wang, J. C.-W. Lin, and T. Sato, “Secure artificial intelligence of things for implicit group recommendations,” IEEE Internet of Things Journal, vol. 9, no. 4, pp. 2698–2707, 2022.
View at: Publisher Site | Google Scholar
F. Ding, G. Zhu, M. Alazab, X. Li, and K. Yu, “Deep-learning-empowered digital forensics for edge consumer electronics in 5g hetnets,” IEEE Consumer Electronics Magazine, vol. 11, no. 2, pp. 42–50, 2022.
View at: Publisher Site | Google Scholar
L. Liu, C. Chen, Q. Pei, S. Maharjan, and Y. Zhang, “Vehicular edge computing and networking: a survey,” Mobile Networks and Applications, vol. 26, no. 3, pp. 1145–1168, 2021.
View at: Publisher Site | Google Scholar
L. Zhao, J. Li, A. Y. Al-Dubai, A. Y. Zomaya, G. Min, and A. Hawbani, “Routing schemes in software-defined vehicular networks: design, open issues and challenges,” IEEE Intelligent Transportation Systems Magazine, vol. 13, no. 4, pp. 217–226, 2021.
View at: Publisher Site | Google Scholar
L. Liu, M. Zhao, M. Yu, M. A. Jan, D. Lan, and A. Taherkordi, “Mobility-aware multi-hop task offloading for autonomous driving in vehicular edge computing and networks,” IEEE Transactions on Intelligent Transportation Systems, vol. 1–14, pp. 1–14, 2022.
View at: Publisher Site | Google Scholar
L. Tan, K. Yu, F. Ming, X. Chen, and G. Srivastava, “Secure and resilient Artificial intelligence of things: a honeynet approach for threat detection and situational awareness,” IEEE Consumer Electronics Magazine, p. 1, 2021.
View at: Publisher Site | Google Scholar
L. Tan, K. Yu, N. Shi, C. Yang, W. Wei, and H. Lu, “Towards secure and privacy-preserving data sharing for covid-19 medical records: a blockchain-empowered approach,” IEEE Transactions on Network Science and Engineering, vol. 9, no. 1, pp. 271–281, 2022.
View at: Publisher Site | Google Scholar
K. Yu, M. Arifuzzaman, Z. Wen, D. Zhang, and T. Sato, “A key management scheme for secure communications of information centric advanced metering infrastructure in smart grid,” IEEE Transactions on Instrumentation and Measurement, vol. 64, no. 8, pp. 2072–2085, 2015.
View at: Publisher Site | Google Scholar
Q. Feng, D. He, S. Zeadally, M. K. Khan, and N. Kumar, “A survey on privacy protection in blockchain system,” Journal of Network and Computer Applications, vol. 126, pp. 45–58, 2019.
View at: Publisher Site | Google Scholar
J. Feng, L. Liu, Q. Pei, and K. Li, “Min-max cost optimization for Efficient hierarchical federated learning in wireless edge networks,” IEEE Transactions on Parallel and Distributed Systems, p. 1, 2022.
View at: Publisher Site | Google Scholar
L. Zhao, H. Li, N. Lin, M. Lin, C. Fan, and J. Shi, “Intelligent content caching strategy in autonomous driving toward 6g,” IEEE Transactions on Intelligent Transportation Systems, pp. 1–11, 2021.
View at: Publisher Site | Google Scholar
G. Wang, B. Wang, T. Wang, A. Nika, H. Zheng, and B. Y. Zhao, “Defending against sybil devices in crowdsourced mapping services,” in Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys 2016, pp. 179–191, Singapore, 2016.
View at: Publisher Site | Google Scholar
S. Nakamoto, Bitcoin: A peer-to-peer electronic cash system, Technical Report, 2008, https://bitcoin.org/bitcoin.pdf.
J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryption,” in 2007 IEEE Symposium on Security and Privacy (S&P 2007), pp. 321–334, Oakland, California, USA, 2007.
View at: Google Scholar
A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Advances in Cryptology - EUROCRYPT 2005, 24th annual international conference on the theory and applications of cryptographic techniques, vol. 3494, pp. 457–473, Aarhus, Denmark, 2005.
View at: Google Scholar
A. Ouaddah, A. A. E. Kalam, and A. A. Ouahman, “Fairaccess: a new blockchain-based access control framework for the internet of things,” Security and communication networks, vol. 9, no. 18, 5964 pages, 2016.
View at: Publisher Site | Google Scholar
D. D. F. Maesa, P. Mori, and L. Ricci, “Blockchain based access control,” in Distributed applications and interoperable systems -17th IFIP WG 6.1 international conference, DAIS 2017, held as part of the 12th international federated conference on distributed computing techniques, DisCoTec 2017, vol. 10320, pp. 206–220, Neuchatel, Switzerland, 2017.
View at: Google Scholar
Y. Zhang, D. He, and K. R. Choo, “Bads: Blockchain-based architecture for data sharing with ABS and CP-ABE in iot,” Wireless Communications and Mobile Computing, vol. 2018, 127836589 pages, 2018.
View at: Publisher Site | Google Scholar
S. Alansari, F. Paci, and V. Sassone, “A distributed access control system for cloud federations,” in 37th IEEE International Conference on Distributed Computing Systems, ICDCS 2017, pp. 2131–2136, Atlanta, GA, USA, 2017.
View at: Publisher Site | Google Scholar
J. P. Cruz, Y. Kaji, and N. Yanai, “RBAC-SC: role-based access control using smart contract,” IEEE Access, vol. 6, pp. 12240–12251, 2018.
View at: Publisher Site | Google Scholar
A. D. Liu, X. H. Du, N. Wang, and S. Z. Li, “Blockchain-based access control mechanism for big data,” Journal of Software, vol. 9, pp. 2636–2654, 2019.
View at: Google Scholar
M. Jemel and A. Serhrouchni, “Decentralized access control mechanism with temporal dimension based on blockchain,” in 14th IEEE International Conference on e-Business Engineering, ICEBE 2017, vol. 4-6, pp. 177–182, Shanghai, China, 2017.
View at: Publisher Site | Google Scholar
Y. Zhou, Y. Guan, Z. Zhang, and F. Li, “A blockchain-based access control scheme for smart grids,” in 2019 International Conference on Networking and Network Applications, NaNA 2019, pp. 368–373, Daegu, Korea (South), 2019.
View at: Publisher Site | Google Scholar
D. D. F. Maesa, P. Mori, and L. Ricci, “A blockchain based approach for the definition of auditable access control systems,” Computers & Security, vol. 84, pp. 93–119, 2019.
View at: Publisher Site | Google Scholar
S. Gao, G. Piao, J. Zhu, X. Ma, and J. Ma, “Trustaccess: a trustworthy secure ciphertext-policy and attribute hiding access control scheme based on blockchain,” IEEE Transactions on Vehicular Technology, vol. 69, no. 6, pp. 5784–5798, 2020.
View at: Publisher Site | Google Scholar
T. E. Gamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Transactions on Information Theory, vol. 31, no. 4, pp. 469–472, 1985.
View at: Publisher Site | Google Scholar
V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine- grained access control of encrypted data,” in Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 89–98, Alexandria, VA, USA, 2006.
View at: Publisher Site | Google Scholar
L. Cheung and C. C. Newport, “Provably secure ciphertext policy ABE,” in Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, pp. 456–465, Alexandria, Virginia, USA, 2007.
View at: Publisher Site | Google Scholar
T. Nishide, K. Yoneyama, and K. Ohta, “Attribute-based encryption with partially hidden encryptor-specified access structures,” in Applied cryptography and network security, 6th international conference, ACNS 2008, vol. 5037, pp. 111–129, New York, NY, USA, 2008.
View at: Google Scholar
K. Emura, A. Miyaji, A. Nomura, K. Omote, and M. Soshi, “A ciphertext policy attribute-based encryption scheme with constant ciphertext length,” in Information security practice and experience, 5th international conference, ISPEC 2009, vol. 5451, pp. 13–23, Xi'an, China, 2009.
View at: Google Scholar
J. Lai, R. H. Deng, and Y. Li, “Fully secure cipertext-policy hiding CP-ABE,” in Information security practice and experience -7th international conference, ISPEC 2011, vol. 6672, pp. 24–39, Guangzhou, China, 2011.
View at: Google Scholar
V. Goyal, A. Jain, O. Pandey, and A. Sahai, “Bounded ciphertext policy attribute based encryption,” in Automata, Languages and Programming, 35th International Colloquium, ICALP 2008, vol. 5126, pp. 579–591, Reykjavik, Iceland, 2008.
View at: Google Scholar
A. B. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B. Waters, “Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption,” in Advances in cryptology - EUROCRYPT 2010, 29th annual international conference on the theory and applications of cryptographic techniques, vol. 6110, pp. 62–91, Monaco / French Riviera, 2010.
View at: Google Scholar
B. Waters, “Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization,” in Public Key Cryptography - PKC 2011 - 14th International Conference on Practice and Theory in Public Key Cryptography, vol. 6571, pp. 53–70, Taormina, Italy, 2011.
View at: Google Scholar
Y. Zhang, D. Zheng, and R. H. Deng, “Security and privacy in smart health: Efficient policy-hiding attribute-based access control,” IEEE Internet of Things Journal, vol. 5, no. 3, pp. 2130–2145, 2018.
View at: Publisher Site | Google Scholar
J. Hao, C. Huang, J. Ni, H. Rong, M. Xian, and X. S. Shen, “Fine-grained data access control with attribute-hiding policy for cloud-based IoT,” Computer Networks, vol. 153, pp. 1–10, 2019.
View at: Publisher Site | Google Scholar
J. Li, H. Wang, Y. Zhang, and J. Sheng, “Ciphertext-policy attribute-based encryption with hidden access policy and testing,” KSII Transactions on Internet and Information Systems, vol. 10, no. 7, pp. 3339–3352, 2016.
View at: Google Scholar
J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten, “Sok: Research perspectives and challenges for bitcoin and cryptocurrencies,” in 2015 IEEE Symposium on Security and Privacy, SP 2015, pp. 104–121, San Jose, CA, USA, 2015.
View at: Publisher Site | Google Scholar
L. Lamport, R. E. Shostak, and M. C. Pease, “The byzantine generals problem,” ACM Transactions on Programming Languages and Systems, vol. 4, no. 3, pp. 382–401, 1982.
View at: Publisher Site | Google Scholar
N. Szabo, “Formalizing and securing relationships on public networks,” First Monday, vol. 2, no. 9, 1997.
View at: Publisher Site | Google Scholar
F. Guo, Y. Mu, W. Susilo, D. S. Wong, and V. Varadharajan, “CP-ABE with constant-size keys for lightweight devices,” IEEE Transactions on Information Forensics and Security, vol. 9, no. 5, pp. 763–771, 2014.
View at: Publisher Site | Google Scholar
R. L. Rivest, L. Adleman, and M. L. Dertouzos, “On data banks and privacy homomorphisms,” Foundations of secure computation, vol. 4, no. 11, pp. 169–180, 1978.
View at: Google Scholar
C. Gentry, “Fully homomorphic encryption using ideal lattices,” in Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 169–178, Bethesda, MD, USA, 2009.
View at: Publisher Site | Google Scholar
D. Boneh, E. Goh, and K. Nissim, “Evaluating 2-dnf formulas on ciphertexts,” in Theory of cryptography, second theory of cryptography conference, TCC 2005, vol. 3378, pp. 325–341, Cambridge, MA, USA, 2005.
View at: Google Scholar
L. Ibraimi, Q. Tang, P. H. Hartel, and W. Jonker, “Efficient and provable secure ciphertext-policy attribute-based encryption schemes,” in Information security practice and experience, 5th international conference, ISPEC 2009, vol. 5451, pp. 1–12, Xi'an, China, 2009.
View at: Google Scholar

Copyright

Copyright © 2022 Kunwei Yang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

570

Downloads

437

Citations

Wireless Communications and Mobile Computing

Blockchain and Edge Intelligence in the Internet of Things

Privacy Protection of Task in Crowdsourcing: Policy-Hiding and Attribute Updating Attribute-Based Access Control Based on Blockchain

Abstract

1. Introduction

2. Related Work

2.1. Blockchain-Based Access Control

2.2. CP-ABE Schemes

3. Preliminaries

3.1. Blockchain

3.1.1. P2P Network

3.1.2. Consensus Protocol

3.1.3. Transaction

3.1.4. Smart Contract

3.2. Attribute and Access Structure

3.3. Fully Homomorphic Cryptosystem

3.4. Composite Order Bilinear Groups

3.5. Complexity Assumptions

3.6. Definition of CP-ABE Scheme

3.7. Security Model for CP-ABE

4. The Specific Process of Access Control System

4.1. System Architecture

4.2. Specific Process

4.3. Main Idea

5. Security Analysis

6. Comparisons and Efficiency Evaluation

6.1. Comparisons

6.2. Efficiency Evaluation

7. Conclusion and Future Work

Data Availability

Conflicts of Interest

Authors’ Contributions

Acknowledgments

References

Copyright