Key Update as a Service (KAAS): An Agent-Based Modeling for Cloud-Based Access Control

Abstract

Changes (add, update or revoke) of attributes in the attribute-based access control (ABAC) require the users whose keys containing the changed attributes need to update their keys. In the ABAC setting, attribute authority or data owner has to re-generate the keys and re-distribute the keys to affected users. This imposes the computation and communication cost as well as the administrative cost to handle the attribute change. In this paper, we propose a key update scheme to support attribute changes in ciphertext policy - attribute based encryption (CP-ABE) based access control. We introduce key update algorithm as a part of access control service that is specifically aimed at optimizing user key update processing cost in multi-authority cloud. To this end, we employ a multi-agent system (MAS) to perform the access control functions including user authentication, key update handling, and authorization. To support key update process, the agents will execute key update algorithm by updating all user's keys containing changed attributes on behalf of the attribute authority (AA). In addition, we provide the security proof of our key updating scheme in the general security model. Finally, the performance evaluation is provided to substantiate the efficiency of our proposed scheme.