Anonymous decentralized attribute-based access control for cloud-assisted IoT

Abstract Attribute-Based Encryption (ABE) has emerged as powerful cryptographic tools to bring fine-grained access control with widespread applications such as Cloud-assisted IoT data sharing. Subsequently, decentralized ABE with untrusted attribute authorities is proposed to remove the online Trusted Authority (TA). In the decentralized architecture, a user as a data customer (e.g., IoT-device) submits his attributes to the untrusted authorities to get the private keys. In the architecture, user’s privacy, against the untrusted authorities, is a significant challenge that must be ensured (e.g., E-health Cloud application). In this paper, we address the privacy issue in the decentralized ABE and propose a novel anonymous and decentralized attribute-based encryption in the standard model. It preserves the user’s anonymity against the authorities in an efficient manner. In our solution, we use cryptographic accumulators to verify the user’s attributes anonymously. Then, we include the accumulator in the ciphertext to ensure the ABE access control against unauthorized users. Moreover, in some applications, access structures (encryption/decryption policy) include sensitive information and should be obfuscated from everyone minus the users whose secret key attributes meet the access structures. To ensure the hidden policy, we propose an efficient and decentralized policy obfuscation technique to preserve the privacy of the policy against the Public Cloud Server (PCS). It is exciting for a decentralized environment where the authorities are untrusted and may collude with the PCS. To be applicable for IoT resource-constrained devices, we outsource the expensive decryption computation over powerful Cloud servers. Then, we formally analyze the security properties of the proposed scheme and conduct experimental results to show its efficiency. Finally, we briefly explain how the features of the proposal meet the requirements of some real-world applications.