Expressive Access Control Encryption With Bilateral Policy Privacy for Consumer Electronics in the Metaverse

Abstract

The metaverse offers an unprecedented immersive experience and a fresh connection paradigm for consumers, which brings security threats related to unauthorized data access, potential misuse, and increasing attacks in the bilateral information flow. Therefore, it is necessary to provide an efficient and secure access control scheme. However, current efforts struggle to address these more complicated security issues. To do this, in this paper, we present an expressive access control encryption (EACE) scheme for bilateral control of information flow in metaverse-enabled consumer electronics. Our EACE supports fine-grained and bilateral control of senders and receivers by carefully taking advantage of access control encryption, dual-policy attribute-based encryption, and matchmaking encryption. Furthermore, we propose a novel sanitization algorithm with sender anonymity and bilateral policy privacy against the malicious sanitizer. We formalize the corresponding security definitions and give rigorous proofs. Performance analysis demonstrates that our EACE can simultaneously achieve bilateral control with policy privacy, sender anonymity against sanitizer, and lightweight decryption. The experimental results show that our proposal costs less computational and storage overhead in the symmetric bilinear group. The impressive performance indicates that our EACE is an excellent choice to balance security and efficiency when consumer electronics meet the metaverse.