Abstract
Ciphertext-Policy Attribute-based Encryption (CP-ABE) can realize fine-grain access control by data encryption in an untrusted environment and thus has become the promising data security protection mechanism for outsourced cloud storage. Although CP-ABE scheme with single attribute authority (AA) has been extended to multi-AA and threshold multi-AA schemes to deal with single-point bottleneck on both security and performance in large-scale cloud storage, management of identity attributes still depends on a trusted center, which leaves the scalability of user attribute revocation unresolved in large-scale cloud or cross-cloud access. To solve the above problem, the proposed scheme combines blockchain based self-sovereign identity management (BbSSIM) technology and threshold CP-ABE to achieve access control based on the self-sovereign identity, which removes the trusted intermediaries in a decentralized and trustless environment. Besides good scalability, the attribute revocation, key generation and data access process all keep the user anonymous and thus the user’s privacy is well protected.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Uport: Open Identity System for The Decentralized Web, https://www.uport.me, last accessed 2020/5/12.
- 2.
Shocard: Secure Enterprise Identity Authentication, https://shocard.com, last accessed 2020/5/12.
- 3.
Sovrin-Identity for All, https://sovrin.org, last accessed 2020/5/12.
References
Sohr, K., Drouineaud, M., Ahn, G.-J.: Analyzing and managing role-based access control policies. IEEE Trans. Knowl. Data Eng. 20(7), 924–939 (2008)
Cameron, K.: The Laws of Identity, vol. 12, pp. 8–11. Microsoft Corp (2005)
Mustafa, A.-B.: SCPKI: a smart contract-based PKI and identity system. In: Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts, pp. 35–40. ACM, Abu Dhabi (2017)
Fromknecht, C., Velicanu, D., Yakoubov, S.: A decentralized public key infrastructure with identity retention. IACR Cryptology ePrint Archive 2014, 803 (2014)
Axon, L.: Privacy-awareness in Blockchain-based PKI. CDT Technical Paper Series 21, 15 (2015)
Augot, D., Chabanne, H., Chenevier, T., George, W., Lambert, L.: A user-centric system for verified identities on the bitcoin blockchain. In: Garcia-Alfaro, J., Navarro-Arribas, G., Hartenstein, H., Herrera-Joancomartí, J. (eds.) ESORICS/DPM/CBT -2017. LNCS, vol. 10436, pp. 390–407. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67816-0_22
Al-Dahhan, R.R., Shi, Q., Lee, G.M., Kifayat, K.: Survey on revocation in ciphertext-policy attribute-based encryption. Sensors 19(7), 1695 (2019)
Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient revocation. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 417–426. ACM, Alexandria (2008)
Ibraimi, L., Petkovic, M., Nikova, S., Hartel, P., Jonker, W.: Mediated ciphertext-policy attribute-based encryption and its application. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 309–323. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10838-9_23
Gai, F., Wang, B., Deng, W., Peng, W.: Proof of reputation: a reputation-based consensus protocol for peer-to-peer network. In: Pei, J., Manolopoulos, Y., Sadiq, S., Li, J. (eds.) DASFAA 2018. LNCS, vol. 10828, pp. 666–681. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91458-9_41
Li, W., Xue, K., Xue, Y., Hong, J.: TMACS: a robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE Trans. Parallel Distrib. Syst. 27(5), 1484–1496 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Xiao, M., Ma, Z., Li, T. (2021). Privacy-Preserving and Scalable Data Access Control Based on Self-sovereign Identity Management in Large-Scale Cloud Storage. In: Wang, G., Chen, B., Li, W., Di Pietro, R., Yan, X., Han, H. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2020. Lecture Notes in Computer Science(), vol 12382. Springer, Cham. https://doi.org/10.1007/978-3-030-68851-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-68851-6_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-68850-9
Online ISBN: 978-3-030-68851-6
eBook Packages: Computer ScienceComputer Science (R0)