Accountable privacy-enhanced multi-authority attribute-based authentication scheme for cloud services

IF 4.3 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computer Communications Pub Date : 2025-05-05 DOI:10.1016/j.comcom.2025.108205

Xin Liu , Hao Wang , Bo Zhang , Bin Zhang

{"title":"Accountable privacy-enhanced multi-authority attribute-based authentication scheme for cloud services","authors":"Xin Liu , Hao Wang , Bo Zhang , Bin Zhang","doi":"10.1016/j.comcom.2025.108205","DOIUrl":null,"url":null,"abstract":"<div><div>Current attribute-based authentication (ABA) schemes have three major drawbacks: first, the single attribute authority (AA) becomes the system bottleneck, i.e., if the AA is corrupted, the entire system will stop working; second, user privacy is not completely secured; and third, malicious users may exploit their anonymity. To overcome these defects, we improved a previously established privacy-preserving decentralized ciphertext policy attribute-based encryption (PPD-CP-ABE) scheme, obtaining a PPD-CP-ABE with verifiable outsourced decryption (PPD-CP-ABE-VOD). This improved scheme uses outsourced decryption, secure two-party computation protocol, and zero-knowledge proofs. We transformed the PPD-CP-ABE-VOD scheme into a new privacy-enhanced multi-authority ABA scheme using an identity tracing mechanism based on linear encryption. This new scheme has the following advantages over similar schemes. First, it introduces multiple AAs and does not require users to trust AA fully. Second, it protects users’ attributes, global identifiers, and access behavior, thus strengthening user privacy protection. Finally, it balances user privacy protection and user accountability. Theoretical and experimental analyses have shown that the new scheme is comparable to recently proposed ABA systems in terms of performance in the key generation and authentication phases, despite appending multiple security properties.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"242 ","pages":"Article 108205"},"PeriodicalIF":4.3000,"publicationDate":"2025-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0140366425001628","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Current attribute-based authentication (ABA) schemes have three major drawbacks: first, the single attribute authority (AA) becomes the system bottleneck, i.e., if the AA is corrupted, the entire system will stop working; second, user privacy is not completely secured; and third, malicious users may exploit their anonymity. To overcome these defects, we improved a previously established privacy-preserving decentralized ciphertext policy attribute-based encryption (PPD-CP-ABE) scheme, obtaining a PPD-CP-ABE with verifiable outsourced decryption (PPD-CP-ABE-VOD). This improved scheme uses outsourced decryption, secure two-party computation protocol, and zero-knowledge proofs. We transformed the PPD-CP-ABE-VOD scheme into a new privacy-enhanced multi-authority ABA scheme using an identity tracing mechanism based on linear encryption. This new scheme has the following advantages over similar schemes. First, it introduces multiple AAs and does not require users to trust AA fully. Second, it protects users’ attributes, global identifiers, and access behavior, thus strengthening user privacy protection. Finally, it balances user privacy protection and user accountability. Theoretical and experimental analyses have shown that the new scheme is comparable to recently proposed ABA systems in terms of performance in the key generation and authentication phases, despite appending multiple security properties.

查看原文本刊更多论文

用于云服务的可问责隐私增强的基于多权威属性的身份验证方案

当前基于属性的认证（ABA）方案存在三个主要缺陷：第一，单属性权威（AA）成为系统瓶颈，即如果AA被破坏，整个系统将停止工作；第二，用户隐私没有得到完全的保护；第三，恶意用户可能会利用他们的匿名性。为了克服这些缺陷，我们改进了先前建立的保护隐私的分散密文策略基于属性的加密（PPD-CP-ABE）方案，获得了具有可验证外包解密（PPD-CP-ABE- vod）的PPD-CP-ABE。该改进方案采用外包解密、安全的两方计算协议和零知识证明。我们使用基于线性加密的身份跟踪机制将PPD-CP-ABE-VOD方案转化为一种新的隐私增强的多权威ABA方案。与同类方案相比，这个新方案具有以下优点。首先，它引入了多个AA，并且不要求用户完全信任AA。其次，保护用户属性、全局标识符和访问行为，加强用户隐私保护。最后，它平衡了用户隐私保护和用户责任。理论和实验分析表明，尽管附加了多个安全属性，但新方案在密钥生成和认证阶段的性能与最近提出的ABA系统相当。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Communications 工程技术-电信学

CiteScore

14.10

自引率

5.00%

发文量

397

审稿时长

66 days

期刊介绍： Computer and Communications networks are key infrastructures of the information society with high socio-economic value as they contribute to the correct operations of many critical services (from healthcare to finance and transportation). Internet is the core of today''s computer-communication infrastructures. This has transformed the Internet, from a robust network for data transfer between computers, to a global, content-rich, communication and information system where contents are increasingly generated by the users, and distributed according to human social relations. Next-generation network technologies, architectures and protocols are therefore required to overcome the limitations of the legacy Internet and add new capabilities and services. The future Internet should be ubiquitous, secure, resilient, and closer to human communication paradigms. Computer Communications is a peer-reviewed international journal that publishes high-quality scientific articles (both theory and practice) and survey papers covering all aspects of future computer communication networks (on all layers, except the physical layer), with a special attention to the evolution of the Internet architecture, protocols, services, and applications.