DID中基于CP-ABE的双VC安全认证数据访问控制

IF 1 4区工程技术 Q4 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Circuits Systems and Computers Pub Date : 2023-10-31 DOI:10.1142/s0218126624500944

Taehoon Kim, Yong-Woon Hwang, Daehee Seo, Im-Yeong Lee

{"title":"DID中基于CP-ABE的双VC安全认证数据访问控制","authors":"Taehoon Kim, Yong-Woon Hwang, Daehee Seo, Im-Yeong Lee","doi":"10.1142/s0218126624500944","DOIUrl":null,"url":null,"abstract":"In a Decentralized Identifier (DID), the Holder does not depend on a third party but controls self-identity information and is authenticated by the Verifier. Therefore, the Verifier can request verification data for access control from the Verifiable Data Registry (VDR) and credentials to authenticate the Holder. Data access control should be used when requesting data access such that only authorized Verifiers can access it. Consequently, studies on secure and efficient data access control have been conducted, and among them a scheme using Ciphertext Policy Attribute-based Encryption (CP-ABE) is underway. However, when the CP-ABE scheme is applied to the DID, the Holder’s extended Self-Sovereign Identity (SSI), which proves that the Holder has approved access to the Holder’s data stored in the VDR, is not ensured. Furthermore, the VDR does not verify the Verifier’s data access rights, resulting in unauthorized verification and illegal access to data by the user. And issue infringement of the Holder’s privacy, where Verifiers can infer the Holder by sharing and connecting the same DID-based Verifiable Presentations (VPs) of the Holder. Also, it leads to overheads in the amount of computation and search time for encryption/decryption. Therefore, in this paper, we propose a data access control for secure authentication by solving the security vulnerabilities of CP-ABE and using a CP-ABE-based dual Verifiable Credential (VC) scheme in DID.","PeriodicalId":54866,"journal":{"name":"Journal of Circuits Systems and Computers","volume":"34 32","pages":"0"},"PeriodicalIF":1.0000,"publicationDate":"2023-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Data Access Control for Secure Authentication using Dual VC Scheme based on CP-ABE in DID\",\"authors\":\"Taehoon Kim, Yong-Woon Hwang, Daehee Seo, Im-Yeong Lee\",\"doi\":\"10.1142/s0218126624500944\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In a Decentralized Identifier (DID), the Holder does not depend on a third party but controls self-identity information and is authenticated by the Verifier. Therefore, the Verifier can request verification data for access control from the Verifiable Data Registry (VDR) and credentials to authenticate the Holder. Data access control should be used when requesting data access such that only authorized Verifiers can access it. Consequently, studies on secure and efficient data access control have been conducted, and among them a scheme using Ciphertext Policy Attribute-based Encryption (CP-ABE) is underway. However, when the CP-ABE scheme is applied to the DID, the Holder’s extended Self-Sovereign Identity (SSI), which proves that the Holder has approved access to the Holder’s data stored in the VDR, is not ensured. Furthermore, the VDR does not verify the Verifier’s data access rights, resulting in unauthorized verification and illegal access to data by the user. And issue infringement of the Holder’s privacy, where Verifiers can infer the Holder by sharing and connecting the same DID-based Verifiable Presentations (VPs) of the Holder. Also, it leads to overheads in the amount of computation and search time for encryption/decryption. Therefore, in this paper, we propose a data access control for secure authentication by solving the security vulnerabilities of CP-ABE and using a CP-ABE-based dual Verifiable Credential (VC) scheme in DID.\",\"PeriodicalId\":54866,\"journal\":{\"name\":\"Journal of Circuits Systems and Computers\",\"volume\":\"34 32\",\"pages\":\"0\"},\"PeriodicalIF\":1.0000,\"publicationDate\":\"2023-10-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Circuits Systems and Computers\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1142/s0218126624500944\",\"RegionNum\":4,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Circuits Systems and Computers","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1142/s0218126624500944","RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

在去中心化标识符(DID)中，持有者不依赖于第三方，而是控制自我身份信息，并由验证者进行身份验证。因此，验证方可以从可验证数据注册中心(VDR)请求访问控制的验证数据和凭据来验证持有者。在请求数据访问时，应使用数据访问控制，以便只有授权的验证者才能访问数据。因此，人们对安全高效的数据访问控制进行了研究，其中使用密文策略属性加密(cipher Policy Attribute-based Encryption, CP-ABE)的方案正在进行中。但是，当将CP-ABE方案应用于DID时，不能保证持有人的扩展的自我主权身份(Self-Sovereign Identity, SSI)，该身份证明持有人已经批准了对存储在VDR中的持有人数据的访问。另外，VDR不对验证方的数据访问权限进行验证，导致验证方未授权验证，用户非法访问数据。并侵犯持有人的隐私，其中验证者可以通过共享和连接持有人的相同基于id的可验证演示文稿(VPs)来推断持有人。此外，它还会导致加密/解密的计算量和搜索时间的开销。因此，在本文中，我们通过解决CP-ABE的安全漏洞，并在DID中使用基于CP-ABE的双重可验证凭证(VC)方案，提出了一种用于安全认证的数据访问控制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Data Access Control for Secure Authentication using Dual VC Scheme based on CP-ABE in DID

In a Decentralized Identifier (DID), the Holder does not depend on a third party but controls self-identity information and is authenticated by the Verifier. Therefore, the Verifier can request verification data for access control from the Verifiable Data Registry (VDR) and credentials to authenticate the Holder. Data access control should be used when requesting data access such that only authorized Verifiers can access it. Consequently, studies on secure and efficient data access control have been conducted, and among them a scheme using Ciphertext Policy Attribute-based Encryption (CP-ABE) is underway. However, when the CP-ABE scheme is applied to the DID, the Holder’s extended Self-Sovereign Identity (SSI), which proves that the Holder has approved access to the Holder’s data stored in the VDR, is not ensured. Furthermore, the VDR does not verify the Verifier’s data access rights, resulting in unauthorized verification and illegal access to data by the user. And issue infringement of the Holder’s privacy, where Verifiers can infer the Holder by sharing and connecting the same DID-based Verifiable Presentations (VPs) of the Holder. Also, it leads to overheads in the amount of computation and search time for encryption/decryption. Therefore, in this paper, we propose a data access control for secure authentication by solving the security vulnerabilities of CP-ABE and using a CP-ABE-based dual Verifiable Credential (VC) scheme in DID.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Circuits Systems and Computers 工程技术-工程：电子与电气

CiteScore

2.80

自引率

26.70%

发文量

350

审稿时长

5.4 months

期刊介绍： Journal of Circuits, Systems, and Computers covers a wide scope, ranging from mathematical foundations to practical engineering design in the general areas of circuits, systems, and computers with focus on their circuit aspects. Although primary emphasis will be on research papers, survey, expository and tutorial papers are also welcome. The journal consists of two sections: Papers - Contributions in this section may be of a research or tutorial nature. Research papers must be original and must not duplicate descriptions or derivations available elsewhere. The author should limit paper length whenever this can be done without impairing quality. Letters - This section provides a vehicle for speedy publication of new results and information of current interest in circuits, systems, and computers. Focus will be directed to practical design- and applications-oriented contributions, but publication in this section will not be restricted to this material. These letters are to concentrate on reporting the results obtained, their significance and the conclusions, while including only the minimum of supporting details required to understand the contribution. Publication of a manuscript in this manner does not preclude a later publication with a fully developed version.