{"title":"基于属性的可撤销访问控制与非单调访问结构","authors":"Maede Ashouri-Talouki, Nafiseh Kahani, Masoud Barati, Zomorod Abedini","doi":"10.1007/s12243-024-01052-2","DOIUrl":null,"url":null,"abstract":"<p>Internet of Things (IoT) has revolutionized data manipulation across various applications, particularly in online healthcare paradigm, where medical data are collected and processed for remote monitoring and analysis. To improve the privacy and security of such sensitive healthcare data, the attribute-based encryption (ABE) with non-monotonic access policies has recently provided a fine-grained access control within cloud and IoT-based healthcare ecosystems. Specifically, the adoption of multi-authority ABE with untrusted authorities has eliminated the need for a trusted authority. However, ensuring the privacy of user’s identity and attribute sets from these untrusted authorities remains a significant challenge in this context. To address this challenge, this paper introduces an enhanced multi-authority ABE approach, incorporating a robust attribute revocation mechanism. This enhancement safeguards user’s identity and attribute-set privacy while remaining resilient against collusion attacks and ensuring backward secrecy. Moreover, the proposed approach provides non-monotonic access policies, which supports positive and negative constraints using NOT operation as well as AND and OR operations.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"17 1","pages":""},"PeriodicalIF":1.8000,"publicationDate":"2024-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A revocable attribute-based access control with non-monotonic access structure\",\"authors\":\"Maede Ashouri-Talouki, Nafiseh Kahani, Masoud Barati, Zomorod Abedini\",\"doi\":\"10.1007/s12243-024-01052-2\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Internet of Things (IoT) has revolutionized data manipulation across various applications, particularly in online healthcare paradigm, where medical data are collected and processed for remote monitoring and analysis. To improve the privacy and security of such sensitive healthcare data, the attribute-based encryption (ABE) with non-monotonic access policies has recently provided a fine-grained access control within cloud and IoT-based healthcare ecosystems. Specifically, the adoption of multi-authority ABE with untrusted authorities has eliminated the need for a trusted authority. However, ensuring the privacy of user’s identity and attribute sets from these untrusted authorities remains a significant challenge in this context. To address this challenge, this paper introduces an enhanced multi-authority ABE approach, incorporating a robust attribute revocation mechanism. This enhancement safeguards user’s identity and attribute-set privacy while remaining resilient against collusion attacks and ensuring backward secrecy. Moreover, the proposed approach provides non-monotonic access policies, which supports positive and negative constraints using NOT operation as well as AND and OR operations.</p>\",\"PeriodicalId\":50761,\"journal\":{\"name\":\"Annals of Telecommunications\",\"volume\":\"17 1\",\"pages\":\"\"},\"PeriodicalIF\":1.8000,\"publicationDate\":\"2024-07-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Annals of Telecommunications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s12243-024-01052-2\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"TELECOMMUNICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Annals of Telecommunications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s12243-024-01052-2","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
引用次数: 0
摘要
物联网(IoT)彻底改变了各种应用中的数据操作,特别是在在线医疗保健模式中,医疗数据被收集和处理,用于远程监控和分析。为了提高此类敏感医疗数据的隐私性和安全性,具有非单调访问策略的基于属性的加密(ABE)最近在基于云和物联网的医疗生态系统中提供了一种细粒度访问控制。具体来说,采用具有不可信授权的多授权 ABE 不再需要可信授权。然而,在这种情况下,如何从这些不可信机构确保用户身份和属性集的隐私仍然是一个重大挑战。为应对这一挑战,本文引入了一种增强型多授权 ABE 方法,其中包含一种稳健的属性撤销机制。这种增强方法既能保护用户身份和属性集隐私,又能抵御串通攻击并确保向后保密。此外,所提出的方法还提供了非单调访问策略,使用 NOT 运算以及 AND 和 OR 运算支持正负约束。
A revocable attribute-based access control with non-monotonic access structure
Internet of Things (IoT) has revolutionized data manipulation across various applications, particularly in online healthcare paradigm, where medical data are collected and processed for remote monitoring and analysis. To improve the privacy and security of such sensitive healthcare data, the attribute-based encryption (ABE) with non-monotonic access policies has recently provided a fine-grained access control within cloud and IoT-based healthcare ecosystems. Specifically, the adoption of multi-authority ABE with untrusted authorities has eliminated the need for a trusted authority. However, ensuring the privacy of user’s identity and attribute sets from these untrusted authorities remains a significant challenge in this context. To address this challenge, this paper introduces an enhanced multi-authority ABE approach, incorporating a robust attribute revocation mechanism. This enhancement safeguards user’s identity and attribute-set privacy while remaining resilient against collusion attacks and ensuring backward secrecy. Moreover, the proposed approach provides non-monotonic access policies, which supports positive and negative constraints using NOT operation as well as AND and OR operations.
期刊介绍:
Annals of Telecommunications is an international journal publishing original peer-reviewed papers in the field of telecommunications. It covers all the essential branches of modern telecommunications, ranging from digital communications to communication networks and the internet, to software, protocols and services, uses and economics. This large spectrum of topics accounts for the rapid convergence through telecommunications of the underlying technologies in computers, communications, content management towards the emergence of the information and knowledge society. As a consequence, the Journal provides a medium for exchanging research results and technological achievements accomplished by the European and international scientific community from academia and industry.