Abstract
In cloud environment, attribute-based key agreement (AB-KA) protocol can be applied in the practical scenario of achieving session key by mutual attribute authentication. The adopted attribute-based encryption (ABE) technology for attribute authentication in the traditional AB-KA protocols only depict the simple operation of attributes, such as AND, OR, Threshold, etc. The traditional ABE access structures, just like polynomial function, Linear Secret Sharing Scheme (LSSS), AND-gate etc., hardly depict the complex attribute relationships. Hence, the existing protocols based on such ABE schemes cannot depict the entities’ authentication of complex attribute relations, such as that the average value of 30 attributes is greater than or equal to 80. For solving the problem, we introduce the technology of attribute predicate (AP) for enhancing the entity authentication function. AP constructs the comprehensive attribute calculation with various operations, such as arithmetic operations, relational operations, string operations, etc. Besides, there is another problem, that is, the power of attribute authority (AA) in traditional AB-KA protocol is highly concentrated, which easily suffers from single point failure or privacy leakage. Blockchain has the advantages of decentralization, anti-tamper, traceability and distributed database. To effectively prevent the security problems in the single centralized authorization mode and avoid the corresponding performance bottleneck, we tried to apply consortium blockchain (CB) to construct AB-KA protocol. A two-party key agreement protocol with and-gate attribute-predicate encryption on blockchain (AG-APE-BC-KA) was proposed in the paper. Attribute-based access control processes can be traced by recording and viewing the access authorization and access processes via the CB technology. The proposed scheme adopted AP to depict more general and flexible attribute relationship for generating the session key of communication users. It also enhanced the tracking of AA’s authority and data security on cloud storage. Under the decision q-parallel bilinear Diffie-Hellman exponent (q-PBDHE) hypothesis, the protocol is securely proved to be true under the attribute-based BJM (Black-Johnson-Menezes) model. The protocol with CB has high efficiency and better security. In particular, it completely satisfies many scenarios needing the complex attribute authentication.
Similar content being viewed by others
Data availability
Data available on request from the authors.
References
Matsumoto T, Takashima Y, Imai H (1986) On seeking smart public-key-distribution systems. IEICE Trans 69:99–106
Law L, Menezes A, Qu M et al (2003) An efficient protocol for authenticated key agreement. Des Codes Cryptogr 28:119–134
Krawczyk H (2005) HMQV: A High-Performance Secure Diffie-Hellman Protocol BT - Advances in Cryptology – CRYPTO 2005. In: Shoup V (ed). Springer Berlin Heidelberg, Berlin, Heidelberg, pp 546–566. https://doi.org/10.1007/11535218_33
Smart NP (2002) Identity-based authenticated key agreement protocol based on Weil pairing. Electron Lett 38:630–632
Boneh D, Franklin M (2001) Identity-based encryption from the Weil pairing. In: Annual international cryptology conference. Springer, pp 213–229
Boyd C, Cliff Y, Gonzalez Nieto J, Paterson KG (2008) Efficient one-round key exchange in the standard model. In: Australasian Conference on Information Security and Privacy. Springer, pp 69–83
Blake-Wilson S, Johnson D, Menezes A (1997) Key agreement protocols and their security analysis. In: IMA international conference on cryptography and coding. Springer, pp 30–45
Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Annual international conference on the theory and applications of cryptographic techniques. Springer, pp 457–473
Eslami Z, Pakniat N, Noroozi M (2014) Cryptanalysis of an attribute-based key agreement protocol. Int J Comput Inf Technol 2:351–358
Wei J, Liu W, Hu X (2014) Provable secure attribute based authenticated key exchange protocols in the standard model. J Softw 25:2397–2408
Bayat M, Aref M (2015) An attribute based key agreement protocol resilient to KCI attack. Int J Electron Inf Eng 2:10–20
Qikun Z, Yongjiao L, Yong G et al (2019) Group key agreement protocol based on privacy protection and attribute authentication. IEEE Access 7:87085–87096
Verma R, Kumar A (2019) Design of Attribute Based Authenticated Group Key Agreement Protocol Without Pairing. In: International Conference on Internet of Things and Connected Technologies. Springer, pp 95–104
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on Computer and communications security. pp 89–98
Yu G, Zha X, Wang X et al (2020) Enabling attribute revocation for fine-grained access control in blockchain-IoT systems. IEEE Trans Eng Manag 67:1213–1230
Yang X, Li T, Pei X et al (2020) Medical data sharing scheme based on attribute cryptosystem and blockchain technology. IEEE Access 8:45468–45476
Niu SF, Liu WK, Chen LX et al (2020) Electronic medical record data sharing scheme based on searchable encryption via consortium blockchain. J Commun 41:204–214
Zhang A, Lin X (2018) Towards secure and privacy-preserving data sharing in e-health systems via consortium blockchain. J Med Syst 42:1–18
Zhang Y, He D, Choo K-KR (2018) BaDS: Blockchain-based architecture for data sharing with ABS and CP-ABE in IoT. Wirel Commun Mob Comput:2018. https://doi.org/10.1155/2018/2783658
Wu A, Zhang Y, Zheng X et al (2019) Efficient and privacy-preserving traceable attribute-based encryption in blockchain. Ann Telecommun 74:401–411
Odelu V, Das AK, Rao YS et al (2017) Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment. Comput Stand Interfaces 54:3–9. https://doi.org/10.1016/j.csi.2016.05.002
Guo F, Mu Y, Susilo W et al (2014) CP-ABE with constant-size keys for lightweight devices. IEEE Trans Inf forensics Secur 9:763–771
Feldman P (1987) A practical scheme for non-interactive verifiable secret sharing. In: 28th Annual Symposium on Foundations of Computer Science (sfcs 1987). IEEE, pp 427–438
Xue K, Hong J, Xue Y et al (2017) CABE: A new comparable attribute-based encryption construction with 0-encoding and 1-encoding. IEEE Trans Comput 66:1491–1503
Khan F, Li H, Zhang Y et al (2021) Efficient attribute-based encryption with repeated attributes optimization. Int J Inf Secur 20:431–444
Khan F, Khan S, Tahir S et al (2021) Granular data access control with a patient-centric policy update for healthcare. Sensors 21:3556
Liu Z, Cao Z, Wong DS (2010) Efficient generation of linear secret sharing scheme matrices from threshold access trees. Cryptol ePrint Arch
Guo L, Yang X, Yau W-C (2021) TABE-DAC: Efficient traceable attribute-based encryption scheme with dynamic access control based on blockchain. IEEE Access 9:8479–8490. https://doi.org/10.1109/ACCESS.2021.3049549
Weber SG (2013) Designing a Hybrid Attribute-Based Encryption Scheme Supporting Dynamic Attributes. Cryptol ePrint Arch
Hu S, Wang X, He H, Zhong T (2022) Complex and flexible data access policy in attribute-based encryption. J Supercomput 78:1010–1029. https://doi.org/10.1007/s11227-021-03867-5
Ateniese G, Kirsch J, Blanton M (2007) Secret handshakes with dynamic and fuzzy matching. In: Arbaugh W, ed. Proc. of the NDSS 2007. 159–177
Li J, Hu S, Zhang Y (2018) Two-party attribute-based key agreement protocol with constant-size ciphertext and key. Secur Commun Networks:2018
Yoneyama K (2010) Strongly secure two-pass attribute-based authenticated key exchange. In: International Conference on Pairing-Based Cryptography. Springer, pp 147–166. ISBN:978-3-642-17454-4
Chakraborty S, Rao SY, Pandu Rangan C (2021) Efficient single round attribute-based authenticated key exchange protocol. Int J Comput Math Comput Syst Theory 6:313–336
Verma R, Kumar A (2019) A Pairing Free Attribute-Based Authenticated Key Agreement Protocol Using ECC. In: International Conference on Internet of Things and Connected Technologies. Springer, pp 105–114
Öztürk G (2020) Identity/attribute-based authentication protocols based on pairings
Yang X, Li W, Fan K (2022) A revocable attribute-based encryption EHR sharing scheme with multiple authorities in blockchain. Peer-to-peer Netw Appl 1–19. https://doi.org/10.1007/s12083-022-01387-4
Ding S, Cao J, Li C et al (2019) A novel attribute-based access control scheme using blockchain for IoT. IEEE Access 7:38431–38441. https://doi.org/10.1109/ACCESS.2019.2905846
Zhang Y, Li B, Liu B et al (2020) An attribute-based collaborative access control scheme using blockchain for IoT devices. Electronics 9:285
Ezhil Arasi V, Indra Gandhi K, Kulothungan K (2022) Auditable attribute-based data access control using blockchain in cloud storage. J Supercomput 78:10772–10798
Qin X, Huang Y, Yang Z, Li X (2021) A Blockchain-based access control scheme with multiple attribute authorities for secure cloud data sharing. J Syst Archit 112:101854
Liu C, Xiang F, Sun Z (2022) Multiauthority Attribute-Based Access Control for Supply Chain Information Sharing in Blockchain. Secur Commun Networks:2022
Son S, Lee J, Kim M et al (2020) Design of secure authentication protocol for cloud-assisted telecare medical information system using blockchain. IEEE Access 8:192177–192191. https://doi.org/10.1109/ACCESS.2020.3032680
Li G, Chen W, Zhang B, Lu S (2021) A fine-grained anonymous handover authentication protocol based on consortium blockchain for wireless networks. J Parallel Distrib Comput 157:157–167
Sultana T, Almogren A, Akbar M et al (2020) Data sharing system integrating access control mechanism using blockchain-based smart contracts for IoT devices. Appl Sci 10:488
Zhang Q, Gan Y, Liu L et al (2018) An authenticated asymmetric group key agreement based on attribute encryption. J Netw Comput Appl 123:1–10
Gan Y, Wang B, Zhuang Y et al (2021) An asymmetric group key agreement protocol based on attribute threshold for Internet of Things. Trans Emerg Telecommun Technol 32:e4179
Beimel A (1996) Secure schemes for secret sharing and key distribution
Castro M, Liskov B (1999) Practical byzantine fault tolerance. In: OsDI. pp 173–186. https://www.usenix.org/legacy/publications/library/proceedings/osdi99/full_papers/castro/castro.ps
Ongaro D, Ousterhout J (2014) In search of an understandable consensus algorithm. In: 2014 USENIX Annual Technical Conference (Usenix ATC 14). pp 305–319
Merkle RC (1980) Protocols for public key cryptosystems. In: 1980 IEEE symposium on security and privacy. IEEE, p 122. https://doi.org/10.1109/SP.1980.10006
Lynn B (2013) PBC library: The Pairing-Based Cryptography Library:2013. https://crypto.stanford.edu/pbc/
Funding
The work of Shengzhou Hu was supported in the science and technology project of education department of Jiangxi Province in China (GJJ201402), the key research and development project of science Department in Jiangxi province in China under Grant 20171BBE50065, the project “Research on technology and application of attribute-based encryption based on attached attribute conditional access policy” of National Natural Science Foundation in China.
Author information
Authors and Affiliations
Contributions
Shengzhou Hu: Conceptualization, Methodology, Investigation, Writing-Reviewing and Editing.
Wenhao Li: Writing-Original Draft
Tingting Zhong: Validation, Supervision.
Hua He: Resources.
Corresponding author
Ethics declarations
Ethical approval
All applicable institutional and/or national guidelines or the care and use of animals were followed.
Consent to publish
This research manuscript is original and has not been published previously and is not under consideration for publication elsewhere, in whole or in part.
Conflict of interests
The authors declare that they have no conflict of interest.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Hu, S., Li, W., Zhong, T. et al. An innovative key agreement protocol with complex attribute authentication based on blockchain. Peer-to-Peer Netw. Appl. 16, 1551–1569 (2023). https://doi.org/10.1007/s12083-023-01450-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-023-01450-8