Self-sovereign identity management in ciphertext policy attribute based encryption for IoT protocols

IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Weichu Deng , Jin Li , Hongyang Yan , Arthur Sandor Voundi Koe , Teng huang , Jianfeng Wang , Cong Peng
{"title":"Self-sovereign identity management in ciphertext policy attribute based encryption for IoT protocols","authors":"Weichu Deng ,&nbsp;Jin Li ,&nbsp;Hongyang Yan ,&nbsp;Arthur Sandor Voundi Koe ,&nbsp;Teng huang ,&nbsp;Jianfeng Wang ,&nbsp;Cong Peng","doi":"10.1016/j.jisa.2024.103885","DOIUrl":null,"url":null,"abstract":"<div><p>In the Internet of Things, access control and identity management rely on centralized platforms. However, centralized platforms will compromise user privacy with identity leakage. Self-sovereign identity (SSI) is a novel model for identity management that does not require third-party centralized authority. Thus, SSI is a potential solution to the identity management problem in IoT access control. This paper’s motivation is to address the problems of lack of identity sovereignty, centralized authorization, and high computational overhead for IoT access control. We propose a novel access control scheme for IoT that decentralizes identity management and tackles single-point-of-failure issues. This scheme leverages ciphertext policy attribute-based encryption (CP-ABE) and SSI to achieve the overall goal. Specifically, Our scheme eliminates the central authority and empowers users to manage their identity, allowing users to decide what attributes they disclose. Regarding the distribution of roles in the architecture, this paper follows the generic SSI model (ISSUER–HOLDER—VERIFIER) that allows a user to access a service from a service provider. To enable real-world deployment of our scheme, we establish an attribute authorization authority(such as the government) as a trusted identity point of entry. Users generate decentralized identifiers to enjoy services of interest in a privacy-preserving manner. The analysis demonstrates the practicality and superiority of our scheme. Our scheme requires less computation and is suitable for resource-constrained IoT scenarios.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"86 ","pages":"Article 103885"},"PeriodicalIF":3.8000,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S221421262400187X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

In the Internet of Things, access control and identity management rely on centralized platforms. However, centralized platforms will compromise user privacy with identity leakage. Self-sovereign identity (SSI) is a novel model for identity management that does not require third-party centralized authority. Thus, SSI is a potential solution to the identity management problem in IoT access control. This paper’s motivation is to address the problems of lack of identity sovereignty, centralized authorization, and high computational overhead for IoT access control. We propose a novel access control scheme for IoT that decentralizes identity management and tackles single-point-of-failure issues. This scheme leverages ciphertext policy attribute-based encryption (CP-ABE) and SSI to achieve the overall goal. Specifically, Our scheme eliminates the central authority and empowers users to manage their identity, allowing users to decide what attributes they disclose. Regarding the distribution of roles in the architecture, this paper follows the generic SSI model (ISSUER–HOLDER—VERIFIER) that allows a user to access a service from a service provider. To enable real-world deployment of our scheme, we establish an attribute authorization authority(such as the government) as a trusted identity point of entry. Users generate decentralized identifiers to enjoy services of interest in a privacy-preserving manner. The analysis demonstrates the practicality and superiority of our scheme. Our scheme requires less computation and is suitable for resource-constrained IoT scenarios.

物联网协议基于密码策略属性加密的自主权身份管理
在物联网中,访问控制和身份管理依赖于集中式平台。然而,集中式平台会因身份泄露而损害用户隐私。自我主权身份(SSI)是一种无需第三方集中授权的新型身份管理模式。因此,SSI 是解决物联网访问控制中身份管理问题的潜在方案。本文旨在解决物联网访问控制中身份主权缺失、集中授权和高计算开销等问题。我们提出了一种新颖的物联网访问控制方案,它能分散身份管理并解决单点故障问题。该方案利用基于密文策略属性的加密(CP-ABE)和 SSI 来实现总体目标。具体来说,我们的方案消除了中央机构,并授权用户管理自己的身份,允许用户决定披露哪些属性。关于架构中的角色分配,本文遵循通用 SSI 模型(ISSUER-HOLDER-VERIFIER),允许用户访问服务提供商提供的服务。为了在现实世界中部署我们的方案,我们建立了一个属性授权机构(如政府)作为可信身份的入口点。用户生成分散的标识符,以保护隐私的方式享受感兴趣的服务。分析表明了我们方案的实用性和优越性。我们的方案所需的计算量较少,适用于资源有限的物联网场景。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of Information Security and Applications
Journal of Information Security and Applications Computer Science-Computer Networks and Communications
CiteScore
10.90
自引率
5.40%
发文量
206
审稿时长
56 days
期刊介绍: Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信