HUAP: Practical Attribute-based Access Control Supporting Hidden Updatable Access Policies for Resource-Constrained Devices

TL;DR

This paper introduces a practical attribute-based access control scheme for resource-constrained devices that supports hidden, updatable policies with efficient online/offline encryption and fast decryption, enhancing privacy and flexibility.

Contribution

It presents the first scheme combining online/offline encryption, hidden access policies, and policy updates for resource-limited devices, with cloud-assisted policy management.

Findings

Supports online/offline encryption reducing overhead

Ensures access policy privacy through hidden attributes

Enables efficient policy updates via cloud without re-encryption

Abstract

Attribute-based encryption (ABE) is a promising cryptographic mechanism for providing confidentiality and fine-grained access control in the cloud-based area. However, due to high computational overhead, common ABE schemes are not suitable for resource-constrained devices. Moreover, data owners should be able to update their defined access policies efficiently, and in some cases, applying hidden access policies is required to preserve the privacy of clients and data. In this paper, we propose a ciphertext-policy attribute-based access control scheme which for the first time provides online/offline encryption, hidden access policy, and access policy update simultaneously. In our scheme, resource-constrained devices are equipped with online/offline encryption reducing the encryption overhead significantly. Furthermore, attributes of access policies are hidden such that the attribute sets satisfying an access policy cannot be guessed by other parties. Moreover, data owners can update their defined access policies while outsourcing a major part of the updating process to the cloud service provider. In particular, we introduce blind access policies that enable the cloud service provider to update the data owners' access policies without receiving a new re-encryption key. Besides, our scheme supports fast decryption such that the decryption algorithm consists of a constant number of bilinear pairing operations. The proposed scheme is proven to be secure in the random oracle model and under the hardness of Decisional Bilinear Diffie-Hellman (DBDH) and Decision Linear (D-Linear) assumptions. Also, performance analysis results demonstrate that the proposed scheme is efficient and practical.