Traceable and revocable large universe multi-authority attribute-based access control with resisting key abuse

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-09-10 DOI:10.1016/j.comnet.2025.111694

Kaiqing Huang

{"title":"Traceable and revocable large universe multi-authority attribute-based access control with resisting key abuse","authors":"Kaiqing Huang","doi":"10.1016/j.comnet.2025.111694","DOIUrl":null,"url":null,"abstract":"<div><div>Attribute-based encryption (ABE) is a novel cryptographic technology that enables fine-grained access control over encrypted data. However, there are some problems in the existing attribute-based access control schemes such as key abuse and the requirements of large-scale cross-domain dynamic cooperation. To solve these problems, the author proposes a traceable and revocable large-universe multi-authority attribute-based access control scheme with resisting key abuse (TRKA-D-ABE) with static security under the q-DPBDHE2 assumption. TRKA-D-ABE realizes the dynamic change of attributes, users, and authorities to suit large-scale cross-domain dynamic collaboration by supporting user-attribute revocation, large universes of attributes, users, and authorities. The revocation mechanism resists collusion attacks from both revoked and unrevoked users. It also fulfills the criteria for both forward and backward security. TRKA-D-ABE also implements robust security measures to prevent key abuse attacks from the CSP, authorities, and users. Neither the CSP nor the authority can create a complete decryption key. They are also unable to access any encrypted data, even if their controlled attributes meet the access structure. Users who expose the key will be identified through traceability and punished by revocation. Additionally, users can outsource decryption without key transfer to conserve resources. Based on performance analysis results, TRKA-D-ABE is highly efficient.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111694"},"PeriodicalIF":4.6000,"publicationDate":"2025-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625006607","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Attribute-based encryption (ABE) is a novel cryptographic technology that enables fine-grained access control over encrypted data. However, there are some problems in the existing attribute-based access control schemes such as key abuse and the requirements of large-scale cross-domain dynamic cooperation. To solve these problems, the author proposes a traceable and revocable large-universe multi-authority attribute-based access control scheme with resisting key abuse (TRKA-D-ABE) with static security under the q-DPBDHE2 assumption. TRKA-D-ABE realizes the dynamic change of attributes, users, and authorities to suit large-scale cross-domain dynamic collaboration by supporting user-attribute revocation, large universes of attributes, users, and authorities. The revocation mechanism resists collusion attacks from both revoked and unrevoked users. It also fulfills the criteria for both forward and backward security. TRKA-D-ABE also implements robust security measures to prevent key abuse attacks from the CSP, authorities, and users. Neither the CSP nor the authority can create a complete decryption key. They are also unable to access any encrypted data, even if their controlled attributes meet the access structure. Users who expose the key will be identified through traceability and punished by revocation. Additionally, users can outsource decryption without key transfer to conserve resources. Based on performance analysis results, TRKA-D-ABE is highly efficient.

查看原文本刊更多论文

可追溯可撤销的大范围多权威属性访问控制与抗密钥滥用

基于属性的加密（ABE）是一种新颖的加密技术，它支持对加密数据进行细粒度访问控制。然而，现有的基于属性的访问控制方案存在密钥滥用、大规模跨域动态协作等问题。为了解决这些问题，在q-DPBDHE2假设下，提出了一种具有静态安全性的可追溯、可撤销的大宇宙多权威属性抗密钥滥用访问控制方案（TRKA-D-ABE）。TRKA-D-ABE通过支持用户属性撤销、大范围的属性、用户和权限，实现属性、用户和权限的动态变化，以适应大规模的跨域动态协作。撤销机制可以抵抗来自被撤销用户和未被撤销用户的共谋攻击。它还满足向前和向后安全性的标准。TRKA-D-ABE还实现了强大的安全措施，以防止来自CSP、权威机构和用户的密钥滥用攻击。CSP和授权机构都不能创建完整的解密密钥。它们也不能访问任何加密的数据，即使它们的受控属性满足访问结构。暴露密钥的用户将通过可追溯性被识别，并受到撤销的惩罚。此外，用户可以将解密外包，而不需要传输密钥，以节省资源。从性能分析结果来看，TRKA-D-ABE是非常高效的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.