Skip to main content
SpringerLink
Log in

An innovative key agreement protocol with complex attribute authentication based on blockchain

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

In cloud environment, attribute-based key agreement (AB-KA) protocol can be applied in the practical scenario of achieving session key by mutual attribute authentication. The adopted attribute-based encryption (ABE) technology for attribute authentication in the traditional AB-KA protocols only depict the simple operation of attributes, such as AND, OR, Threshold, etc. The traditional ABE access structures, just like polynomial function, Linear Secret Sharing Scheme (LSSS), AND-gate etc., hardly depict the complex attribute relationships. Hence, the existing protocols based on such ABE schemes cannot depict the entities’ authentication of complex attribute relations, such as that the average value of 30 attributes is greater than or equal to 80. For solving the problem, we introduce the technology of attribute predicate (AP) for enhancing the entity authentication function. AP constructs the comprehensive attribute calculation with various operations, such as arithmetic operations, relational operations, string operations, etc. Besides, there is another problem, that is, the power of attribute authority (AA) in traditional AB-KA protocol is highly concentrated, which easily suffers from single point failure or privacy leakage. Blockchain has the advantages of decentralization, anti-tamper, traceability and distributed database. To effectively prevent the security problems in the single centralized authorization mode and avoid the corresponding performance bottleneck, we tried to apply consortium blockchain (CB) to construct AB-KA protocol. A two-party key agreement protocol with and-gate attribute-predicate encryption on blockchain (AG-APE-BC-KA) was proposed in the paper. Attribute-based access control processes can be traced by recording and viewing the access authorization and access processes via the CB technology. The proposed scheme adopted AP to depict more general and flexible attribute relationship for generating the session key of communication users. It also enhanced the tracking of AA’s authority and data security on cloud storage. Under the decision q-parallel bilinear Diffie-Hellman exponent (q-PBDHE) hypothesis, the protocol is securely proved to be true under the attribute-based BJM (Black-Johnson-Menezes) model. The protocol with CB has high efficiency and better security. In particular, it completely satisfies many scenarios needing the complex attribute authentication.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Data availability

Data available on request from the authors.

References

  1. Matsumoto T, Takashima Y, Imai H (1986) On seeking smart public-key-distribution systems. IEICE Trans 69:99–106

    Google Scholar 

  2. Law L, Menezes A, Qu M et al (2003) An efficient protocol for authenticated key agreement. Des Codes Cryptogr 28:119–134

  3. Krawczyk H (2005) HMQV: A High-Performance Secure Diffie-Hellman Protocol BT - Advances in Cryptology – CRYPTO 2005. In: Shoup V (ed). Springer Berlin Heidelberg, Berlin, Heidelberg, pp 546–566. https://doi.org/10.1007/11535218_33

  4. Smart NP (2002) Identity-based authenticated key agreement protocol based on Weil pairing. Electron Lett 38:630–632

    Article  MATH  Google Scholar 

  5. Boneh D, Franklin M (2001) Identity-based encryption from the Weil pairing. In: Annual international cryptology conference. Springer, pp 213–229

    Google Scholar 

  6. Boyd C, Cliff Y, Gonzalez Nieto J, Paterson KG (2008) Efficient one-round key exchange in the standard model. In: Australasian Conference on Information Security and Privacy. Springer, pp 69–83

  7. Blake-Wilson S, Johnson D, Menezes A (1997) Key agreement protocols and their security analysis. In: IMA international conference on cryptography and coding. Springer, pp 30–45

  8. Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Annual international conference on the theory and applications of cryptographic techniques. Springer, pp 457–473

  9. Eslami Z, Pakniat N, Noroozi M (2014) Cryptanalysis of an attribute-based key agreement protocol. Int J Comput Inf Technol 2:351–358

    Google Scholar 

  10. Wei J, Liu W, Hu X (2014) Provable secure attribute based authenticated key exchange protocols in the standard model. J Softw 25:2397–2408

    MathSciNet  Google Scholar 

  11. Bayat M, Aref M (2015) An attribute based key agreement protocol resilient to KCI attack. Int J Electron Inf Eng 2:10–20

    Google Scholar 

  12. Qikun Z, Yongjiao L, Yong G et al (2019) Group key agreement protocol based on privacy protection and attribute authentication. IEEE Access 7:87085–87096

    Article  Google Scholar 

  13. Verma R, Kumar A (2019) Design of Attribute Based Authenticated Group Key Agreement Protocol Without Pairing. In: International Conference on Internet of Things and Connected Technologies. Springer, pp 95–104

  14. Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on Computer and communications security. pp 89–98

  15. Yu G, Zha X, Wang X et al (2020) Enabling attribute revocation for fine-grained access control in blockchain-IoT systems. IEEE Trans Eng Manag 67:1213–1230

    Article  Google Scholar 

  16. Yang X, Li T, Pei X et al (2020) Medical data sharing scheme based on attribute cryptosystem and blockchain technology. IEEE Access 8:45468–45476

    Article  Google Scholar 

  17. Niu SF, Liu WK, Chen LX et al (2020) Electronic medical record data sharing scheme based on searchable encryption via consortium blockchain. J Commun 41:204–214

    Google Scholar 

  18. Zhang A, Lin X (2018) Towards secure and privacy-preserving data sharing in e-health systems via consortium blockchain. J Med Syst 42:1–18

    Article  Google Scholar 

  19. Zhang Y, He D, Choo K-KR (2018) BaDS: Blockchain-based architecture for data sharing with ABS and CP-ABE in IoT. Wirel Commun Mob Comput:2018. https://doi.org/10.1155/2018/2783658

  20. Wu A, Zhang Y, Zheng X et al (2019) Efficient and privacy-preserving traceable attribute-based encryption in blockchain. Ann Telecommun 74:401–411

    Article  Google Scholar 

  21. Odelu V, Das AK, Rao YS et al (2017) Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment. Comput Stand Interfaces 54:3–9. https://doi.org/10.1016/j.csi.2016.05.002

  22. Guo F, Mu Y, Susilo W et al (2014) CP-ABE with constant-size keys for lightweight devices. IEEE Trans Inf forensics Secur 9:763–771

    Article  Google Scholar 

  23. Feldman P (1987) A practical scheme for non-interactive verifiable secret sharing. In: 28th Annual Symposium on Foundations of Computer Science (sfcs 1987). IEEE, pp 427–438

  24. Xue K, Hong J, Xue Y et al (2017) CABE: A new comparable attribute-based encryption construction with 0-encoding and 1-encoding. IEEE Trans Comput 66:1491–1503

    Article  MathSciNet  MATH  Google Scholar 

  25. Khan F, Li H, Zhang Y et al (2021) Efficient attribute-based encryption with repeated attributes optimization. Int J Inf Secur 20:431–444

    Article  Google Scholar 

  26. Khan F, Khan S, Tahir S et al (2021) Granular data access control with a patient-centric policy update for healthcare. Sensors 21:3556

    Article  Google Scholar 

  27. Liu Z, Cao Z, Wong DS (2010) Efficient generation of linear secret sharing scheme matrices from threshold access trees. Cryptol ePrint Arch

  28. Guo L, Yang X, Yau W-C (2021) TABE-DAC: Efficient traceable attribute-based encryption scheme with dynamic access control based on blockchain. IEEE Access 9:8479–8490. https://doi.org/10.1109/ACCESS.2021.3049549

  29. Weber SG (2013) Designing a Hybrid Attribute-Based Encryption Scheme Supporting Dynamic Attributes. Cryptol ePrint Arch

  30. Hu S, Wang X, He H, Zhong T (2022) Complex and flexible data access policy in attribute-based encryption. J Supercomput 78:1010–1029. https://doi.org/10.1007/s11227-021-03867-5

  31. Ateniese G, Kirsch J, Blanton M (2007) Secret handshakes with dynamic and fuzzy matching. In: Arbaugh W, ed. Proc. of the NDSS 2007. 159–177

  32. Li J, Hu S, Zhang Y (2018) Two-party attribute-based key agreement protocol with constant-size ciphertext and key. Secur Commun Networks:2018

  33. Yoneyama K (2010) Strongly secure two-pass attribute-based authenticated key exchange. In: International Conference on Pairing-Based Cryptography. Springer, pp 147–166. ISBN:978-3-642-17454-4

  34. Chakraborty S, Rao SY, Pandu Rangan C (2021) Efficient single round attribute-based authenticated key exchange protocol. Int J Comput Math Comput Syst Theory 6:313–336

    Article  MathSciNet  Google Scholar 

  35. Verma R, Kumar A (2019) A Pairing Free Attribute-Based Authenticated Key Agreement Protocol Using ECC. In: International Conference on Internet of Things and Connected Technologies. Springer, pp 105–114

  36. Öztürk G (2020) Identity/attribute-based authentication protocols based on pairings

  37. Yang X, Li W, Fan K (2022) A revocable attribute-based encryption EHR sharing scheme with multiple authorities in blockchain. Peer-to-peer Netw Appl 1–19. https://doi.org/10.1007/s12083-022-01387-4

  38. Ding S, Cao J, Li C et al (2019) A novel attribute-based access control scheme using blockchain for IoT. IEEE Access 7:38431–38441. https://doi.org/10.1109/ACCESS.2019.2905846

  39. Zhang Y, Li B, Liu B et al (2020) An attribute-based collaborative access control scheme using blockchain for IoT devices. Electronics 9:285

    Article  Google Scholar 

  40. Ezhil Arasi V, Indra Gandhi K, Kulothungan K (2022) Auditable attribute-based data access control using blockchain in cloud storage. J Supercomput 78:10772–10798

    Article  Google Scholar 

  41. Qin X, Huang Y, Yang Z, Li X (2021) A Blockchain-based access control scheme with multiple attribute authorities for secure cloud data sharing. J Syst Archit 112:101854

    Article  Google Scholar 

  42. Liu C, Xiang F, Sun Z (2022) Multiauthority Attribute-Based Access Control for Supply Chain Information Sharing in Blockchain. Secur Commun Networks:2022

  43. Son S, Lee J, Kim M et al (2020) Design of secure authentication protocol for cloud-assisted telecare medical information system using blockchain. IEEE Access 8:192177–192191. https://doi.org/10.1109/ACCESS.2020.3032680

  44. Li G, Chen W, Zhang B, Lu S (2021) A fine-grained anonymous handover authentication protocol based on consortium blockchain for wireless networks. J Parallel Distrib Comput 157:157–167

    Article  Google Scholar 

  45. Sultana T, Almogren A, Akbar M et al (2020) Data sharing system integrating access control mechanism using blockchain-based smart contracts for IoT devices. Appl Sci 10:488

    Article  Google Scholar 

  46. Zhang Q, Gan Y, Liu L et al (2018) An authenticated asymmetric group key agreement based on attribute encryption. J Netw Comput Appl 123:1–10

    Article  Google Scholar 

  47. Gan Y, Wang B, Zhuang Y et al (2021) An asymmetric group key agreement protocol based on attribute threshold for Internet of Things. Trans Emerg Telecommun Technol 32:e4179

    Google Scholar 

  48. Beimel A (1996) Secure schemes for secret sharing and key distribution

  49. Castro M, Liskov B (1999) Practical byzantine fault tolerance. In: OsDI. pp 173–186. https://www.usenix.org/legacy/publications/library/proceedings/osdi99/full_papers/castro/castro.ps

  50. Ongaro D, Ousterhout J (2014) In search of an understandable consensus algorithm. In: 2014 USENIX Annual Technical Conference (Usenix ATC 14). pp 305–319

  51. Merkle RC (1980) Protocols for public key cryptosystems. In: 1980 IEEE symposium on security and privacy. IEEE, p 122. https://doi.org/10.1109/SP.1980.10006

  52. Lynn B (2013) PBC library: The Pairing-Based Cryptography Library:2013. https://crypto.stanford.edu/pbc/

Download references

Funding

The work of Shengzhou Hu was supported in the science and technology project of education department of Jiangxi Province in China (GJJ201402), the key research and development project of science Department in Jiangxi province in China under Grant 20171BBE50065, the project “Research on technology and application of attribute-based encryption based on attached attribute conditional access policy” of National Natural Science Foundation in China.

Author information

Authors and Affiliations

  1. Mathematics and Computer Science Department, Gannan Normal University, Ganzhou, 341000, Jiangxi, China

    Shengzhou Hu, Wenhao Li & Tingting Zhong

  2. Laboratory Department of The First Affiliated Hospital, Gannan Medical College, Ganzhou, 341000, Jiangxi, China

    Hua He

Authors
  1. Shengzhou Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenhao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tingting Zhong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hua He
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Shengzhou Hu: Conceptualization, Methodology, Investigation, Writing-Reviewing and Editing.

Wenhao Li: Writing-Original Draft

Tingting Zhong: Validation, Supervision.

Hua He: Resources.

Corresponding author

Correspondence to Shengzhou Hu.

Ethics declarations

Ethical approval

All applicable institutional and/or national guidelines or the care and use of animals were followed.

Consent to publish

This research manuscript is original and has not been published previously and is not under consideration for publication elsewhere, in whole or in part.

Conflict of interests

The authors declare that they have no conflict of interest.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hu, S., Li, W., Zhong, T. et al. An innovative key agreement protocol with complex attribute authentication based on blockchain. Peer-to-Peer Netw. Appl. 16, 1551–1569 (2023). https://doi.org/10.1007/s12083-023-01450-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-023-01450-8

Keywords

Search

Navigation