Revocable attribute-based access control in mutli-autority systems
Introduction
With the huge technological evolution that the world is witnessing in several fields, the need to share data has phenomenally grown up. Many innovative applications such as Internet of Things, autonomous cars, etc., require data storage and sharing through service platforms, such as Cloud, fog-computing or any external server, and even in a fully distributed manner. Thus, securing the exchange of information becomes an important challenge, particularly in data sensitive applications, where the data-sharing process is exposed to several threats (Singh and Chatterjee, 2017), (Alaba et al., 2017). Indeed, besides data leakage threats due to eavesdropping, hacking and even components compromisation, data owners cannot totally trust the Cloud and fog service providers. So, they should apply efficient counter measurement to ensure data confidentiality in these trustless environments.
Access control is one of the principal counter measurement which could be implemented to secure data-sharing process. Generally, it consists of mechanisms which ensure that only legitimate users get access to the shared data. Access control is not just limited to the attribution of access rights and the supervision of the access, but it also ensures the management of revocation situations, where the users lose some of their access credentials. The revocation can be an easy task when all users have access to a single data-sharing scope. However, it becomes more complicated as soon as they need to access to multiple domain with different access rights, or when the frequency of leaving the system or acquiring new access rights raises.
Several traditional access control solutions in data-sharing applications have been proposed in the literature. The most known techniques consist of relying on the service providers (Cloud providers (ama, 2018; Services et plateforme; dro) for example) to manage users' identities, attribute access rights and then supervise the access to the data (Singh and Chatterjee, 2017), or using authentication servers such as Kerberos (Neuman and Ts'o, 1994), Radius (Rigney et al., 2000), etc. However, traditional access control techniques require to trust those servers since the data owner does not have effective control of its data, while the providers have full access. Hence, new flexible access control solutions are required not just to protect the data from service providers' misbehaviour, but also to give the data owner some control power on his data.
Ciphertext-policy Attribute-based encryption (CP-ABE) (Bethencourt et al., 2007) is a promising cryptographic method which provides flexible and fine-grained access control. CP-ABE ensures a high confidentiality level and allows to define access policies based on users’ roles. Indeed, in this method, the data owner defines which set of attributes a user must have in order to successfully decrypt the ciphertext. Therefore, it gives him some control on his own data and avoids him to rely on any service provider in the access control process.
In the first proposals of ABE scheme, it is assumed that all the users and attributes are managed by a single authority. So, the users need to be within the same organization. In order to provide more flexibility and support attributes from different environment (several organizations), Chase (2007) proposed a multi-authority attribute based encryption scheme. However, this proposal relies on a central entity which ensures the coordination between several authorities. After that, several research work have been proposed for multi-authority architecture (Muller et al., 2009), (Lewko and Waters, 2011) to achieve full distribution of authorities, while ensuring collusion resistance and the expressiveness of the access policies.
The adoption of CP-ABE either in centralized or decentralized models introduces several challenges. One of the major challenges of this method is users and attributes revocation. Indeed, since users in attribute-based systems possess attributes in common, the revocation of an attribute from a user's key affects all the users who possess keys with the same revoked attribute. So, the challenging problem can be stated as follows: given an environment where each entity is characterized by a set of attributes issued by different authorities and uses ABE as an access control model, how can the authorities banish some attributes from an entity's key while ensuring a minimum computational cost?
Several solutions have been proposed to address the revocation problem in the decentralized approach. In (Yang et al., 2012), the authors suggest to divide the time-space into slots and to generate keys for each time slot. The revocation is performed by updating only non-revoked users' keys at each time slot. We can notice that this solution can cause a security degradation if the time slots are long since a revoked user can continue to acces the data until the expiration of the time slot, or a lack of efficiency if the time slots are short. In (Yang and Jia, 2014), Yang et al. proposed to add versions in the attributes' keys: when the revocation occurs, the proposed algorithm generates and sends new keys which contain the new version of the revoked attribute to each non-revoked user. These keys are used to update users' decryption keys. The problem of this solution is the high computational cost of the keys' update process on both users' and attributes’ authority sides.
Proxy based solution (De and Ruj, 2017) has been proposed to ensure the revocation by relying on a third party called the proxy, which should be online all the time. In this solution, the users possess only a part of the decryption key instead of its totality, while the proxy maintains the other part of the key and a revocation list which is updated when revocation occurs by adding revoked user. The decryption is performed in two steps: First, the proxy realizes a partial decryption using its key and then the user continues the decryption using its part of the key. If the user is in the revocation list, the proxy refuses to perform the partial decryption. Hence, the user fails in the decryption process. Although this solution realizes immediate revocation, it does not achieve the fine-grained access control since users cannot access to the data by relying solely on their set of attributes. The remaining solutions as (Huang et al., 2015), [?] suffer from efficiency issues. Indeed, the authors in (Huang et al., 2015) proposed to delete the revoked attribute from the access policy which causes the revocation of all the users who possess that attribute. On the other hand, Ruj et al. (2011) suggest to give some parts of the ciphertext to non revoked users, and thus this implies extra storage overhead on users’ devices.
As far as we know, all existing solutions consider a single data-sharing domain (public) where all the users mutually share their data. However, in some situations, a user may want to share its data only with a specific group of users. This introduces a new data-sharing domain called the personal domain. The revocation in the public domain is managed by the authority and once a user is revoked, he will lose its access right in all data-sharing domains. But, the revocation in the personal domain should not affect the access right of the revoked user in the public domain. Thus, a new challenge in terms of revocation introduces it self as: how can we develop a new revocation level in which the data owner revokes the access of other users only in its personal domain, while these revoked users can continue to access the shared data in other domains?
In this paper, we propose a fine-grained access control scheme with efficient attributes and users revocation. Based on the strength of secret sharing method (Shamir, 1979) on group management and Multi-authority CP-ABE (Lewko and Waters, 2011), our solution can be adapted to both centralized and fully distributed data-sharing architectures and provides the possibility to share data in both public and personal domain. Beside the theoretical part of this work, we provide through experimentation an advanced performance evaluation of our solution in terms of encryption/decryption and revocation computational cost. Our experimental results show that our solution does not affect the performance of the native decentralized attribute-based encryption and provides better results compared to existing solutions.
Our solution is secure, scalable and offers the following advantages:
- 1)
No re-keying process is needed due to the allocation of the revocation to the secret sharing method. Thus, when a revocation occurs, our scheme ensures that the revoked user cannot get the original ciphertext and fails in the decryption process.
- 2)
Immediate revocation of the users by changing the secret of the attributes' groups in such a way that only the authorized users could discover the new secret.
- 3)
Low computation cost in the reconstruction of the attributes' secrets.
- 4)
Flexible in case of users' joining and leaving the attribute groups.
- 5)
The possibility to share data in a personal domain. Therefore, the data owner shares its data on an external server and controls the revocation as well.
- 6)
The possibility to share data and manage the revocation in a fully distributed data exchange architecture, without introducing any new components in the architecture.
The remaining of the paper is organized as follows. In Section 2, we discuss the related works on multi-authority architecture. Then, we justify our choice by comparing the existing multi-authority schemes. In Section 3, we give backgrounds on bilinear maps, Multi-authority CP-ABE and Shamir's secret sharing scheme. After that, we present our solution in Section 4. Its security analysis is presented in Section 5. We provide an application of our solution to evaluate its performance in Section 6. Finally, we conclude in Section 7.
Section snippets
Related work
Attribute-based encryption (Sahai and Waters, 2005) is a reliable public-key encryption method in which the secret key of a user and the ciphertext are defined according to a set of attributes. This encryption scheme is suitable for group sharing applications and has been widely used in the literature (Ibrahim et al., 2017), (Odelu and Das, 2016), (Odelu et al., 2017). Indeed, the data owner defines an access policy which indicates the attributes that the users should possess in order to
Background
In this section, we give some basic concepts and we describe some existing cryptographic models and methods which we use in the development of our solution.
Our solution
In this section, we present our solution which allows to perform immediate and efficient revocation in both attributes and users' levels. Using the secret sharing method, we propose a new revocation solution in Multi-authority CP-ABE access control model. Our solution does not require any key redistribution (when some changes occur in the users’ attributes) to perform a revocation.
We first present the considered architecture and its security requirements. Then, we introduce our secret sharing
Security analysis
In this section, we verify the security of the proposed secret sharing process. Definition 1 the discrete logarithm problem is defined as: Given g, h ∈ G, find an x such that gx = h. The difficulty of this problem depends on the group G: Very easy: polynomial time algorithm, e.g. (ZN, +) Hard: sub-exponential time algorithm, e.g. (Zp, × ). Very hard: exponential time algorithm, e.g. elliptic curve groups.
Application and performance evaluation
In this section, we apply our secure data-sharing scheme on connected vehicle applications. Then, we evaluate its performance on a real connected vehicles use case (La police, La première,).
Nowadays, connected vehicles have taken more intention in both academia and industry due to its wide application spectrum, such as data-sharing, cooperative collision warning, improved rescue, road obstacle detection, etc. It is predicted that around 200 million connected vehicles will be on the road in 2020
Conclusion
In this paper, we have proposed a new attribute-based access control framework with an efficient revocation method for multi-authority architectures. Our solution ensures security requirements such as confidentiality, forward and backward secrecy and collusion resistance. In addition, we applied our solution on a real connected vehicle use case and proved its performance in term of encryption, decryption and revocation through experimentation. Our framework provides a secure, flexible and
Youcef Imine is a PhD. student at the University of Technology of Compiègne (France) under the supervision of Pr. Abdelmadjid Bouabdallah, where he works on “Cloud Computing security”. In june 2016, he received his master degree in Networking and distributed systems from Abou Bekr Belkaid University (Algeria). His main works concern data security in emerging technologies such as Cloud and Fog computing, which include several security challenges such as data confidentiality, authentication, and
References (48)
- et al.
Internet of things security: a survey
J. Netw. Comput. Appl.
(2017) - et al.
Akser: attribute-based keyword search with efficient revocation in cloud computing
Inf. Sci.
(2018) - et al.
Multi-authority attribute based encryption scheme with revocation
- et al.
Pairing-based cp-abe with constant-size ciphertexts and secret keys for cloud environment
Comput. Stand. Interfac.
(2017) - et al.
Cloud security issues and challenges: a survey
J. Netw. Comput. Appl.
(2017) - et al.
A survey on vehicular cloud computing
J. Netw. Comput. Appl.
(2014) - et al.
Cloudfile: a cloud data access control system based on mobile social trust
J. Netw. Comput. Appl.
(2017) Amazon Web Services (Aws) - Cloud Computing Services
(2018)- et al.
Conjunctive broadcast and attribute-based encryption
- et al.
Ciphertext-policy attribute-based encryption
Identity-based encryption from the weil pairing
Employing attribute-based encryption in systems with resource constrained devices in an information-centric networking context
Multi-authority attribute based encryption
Improving privacy and security in multi-authority attribute-based encryption
Opportunities, Risk, and Turmoil on the Road to Autonomous
Efficient decentralized attribute based access control for mobile clouds
IEEE Trans. Cloud Comput.
Attribute-based encryption for fine-grained access control of encrypted data
Attribute-based access control with efficient revocation in data outsourcing systems
IEEE Trans. Parallel Distr. Syst.
Attribute-based authentication on the cloud for thin clients
J. Supercomput.
Mediated ciphertext-policy attribute-based encryption and its application
An efficient public-key attribute-based broadcast encryption scheme allowing arbitrary access policies
Cited by (19)
An efficient identity authentication protocol with revocation, tracking and fine-grained access control for electronic medical system
2024, Computer Standards and InterfacesBlockchain-enabled multi-authorization and multi-cloud attribute-based keyword search over encrypted data in the cloud
2022, Journal of Systems ArchitectureCitation Excerpt :If the authority is single, once a failure occurs, the network sharing will be directly paralyzed, resulting in inestimable losses. At present, ABE research focuses on the following aspects: fine-grained [17], traceable, revocable [18], hierarchical structure [19], proxy re-encryption [20], and multi-authority [21]. In multi-authority ABE, each authority generates part of an encrypted private key to prevent its theft by a single center.
Partial encryption of feature-based product models for collaborative development
2020, Robotics and Computer-Integrated ManufacturingCitation Excerpt :With appropriate access authentication mechanisms, co-developers can be authorized to access design data stored in servers or cloud. The concept was further enhanced as the discretionary access control theory [15–17]. Some access control approaches were specially designed for CAD model based collaboration [18–20].
Dual Hybrid CP-ABE: How to Provide Forward Security Without a Trusted Authority in Vehicular Opportunistic Computing
2024, IEEE Internet of Things JournalERSChain: Towards secure and flexible educational resource sharing using consortium blockchain and revocable ciphertext-policy attribute-based encryption
2024, Concurrency and Computation: Practice and Experience
Youcef Imine is a PhD. student at the University of Technology of Compiègne (France) under the supervision of Pr. Abdelmadjid Bouabdallah, where he works on “Cloud Computing security”. In june 2016, he received his master degree in Networking and distributed systems from Abou Bekr Belkaid University (Algeria). His main works concern data security in emerging technologies such as Cloud and Fog computing, which include several security challenges such as data confidentiality, authentication, and cryptographic access control.
Ahmed Lounis is teaching and research assistant at Compiègne University of Technology (France). In July 2014, he received the Ph.D. degree from UTC where he worked on “Security in Cloud Computing” under the supervision of Pr. Abdelmadjid Bouabdallah and Dr. Yacine Challal. He received the M.Sc. degree in Software Engineering and the bachelor degrees in Computer Science, respectively in 2010 and 2008 from the University of Sciences and Technology Houari Boumediene Algeria. His main works are on data security in the Cloud, Cryptography access control, integrating of Wireless Sensor Networks with Cloud for patient supervision, emergency management in E-health, Cloud storage.
Abdelmadjid Bouabdallah received the Master (DEA) degree and Ph.D. from university of Paris-sud Orsay (France) respectively in 1988 and 1991. From 1992 to 1996, he was Assistant Professor at university of EvryVal-d’Essonne (France) and since 1996 he is Professor at University of Technology of Compiègne (UTC), where he is leading the Networking & Security research group and the Interaction & Cooperation research of the Excellence Research Center LABEX MS2T. His research Interest includes Internet QoS, security, unicast/multicast communication, Wireless Sensor Networks, and fault tolerance in wired/wireless networks. He conducted several large scale research projects funded by Motorola Labs., Orange Labs., ANRRNRT, CNRS, and ANR-Carnot.