Outsourced Decentralized Multi-authority Attribute Based Signature

Abstract

IoT (Internet of things) devices often collect data and store the data in the cloud for sharing and further processing; this collection, sharing, and processing will inevitably encounter secure access and authentication issues. Attribute based signature (ABS), which utilizes the signer’s attributes to generate private keys, plays a competent role in data authentication and identity privacy preservation. In ABS, there are multiple authorities that issue different private keys for signers based on their various attributes, and a central authority is usually established to manage all these attribute authorities. However, one security concern is that if the central authority is compromised, the whole system will be broken. In this paper, we present an outsourced decentralized multi-authority attribute based signature (ODMAABS) scheme. The proposed ODMA-ABS achieves attribute privacy and stronger authority-corruption resistance than existing multi-authority attribute based signature schemes can achieve. In addition, the overhead to generate a signature is further reduced by outsourcing expensive computation to a signing cloud server. We present extensive security analysis and experimental simulation of the proposed scheme. We also propose an access control scheme that is based on ODMA-ABS.

Existing System

ABS enables a signer to endorse a piece of message using a set of attributes instead of his/her unique identity, promoting the harmony between message endorsement and identity privacy preservation. In an ABS, the user uses his attribute set to query the attribute authority for private keys corresponding to certain attributes. Since an individual may have various kinds of attributes, e.g. gender, profession, address, etc., there are usually multiple attribute authorities that handle requests of different kinds of attributes. This multi-authority setting helps amortize the computational overhead in a single authority case and more importantly, enhances the security since one or some of the authorities’ compromising or corruption may not affect the others. However, a multi-authority setting leads to difficulty regarding how to generate a common secret for signature’s generation given that authorities may not trust or communicate with each other. A feasible means is to establish a central authority that holds the common secret and allocates different parts of this secret to each attribute authority to help with private keys’ generation. However this means returns us to the disadvantages in a single authority scenario because once the central authority is compromised, the whole system will no longer be secure. Therefore, a key point in a multi-authority attribute based signature is decentralization. The core idea is to simulate the functionality of a central authority through interactions among different attribute authorities.

Proposed System

A novel model called outsourced decentralized multi-authority attribute based signature (ODMA-ABS) was proposed. This model captures both the security requirements of an ABS protocol and the efficiency requirement of an outsourcing computation protocol. We present the specific construction of an ODMA-ABS protocol and provide the corresponding analysis of each property, such as correctness, un-forge ability, attribute privacy, efficiency, outsourcing security and privacy. We also conduct an experimental simulation to show the performance of ODMA-ABS. In addition, we propose an attribute based access control scheme, ABAC, as a specific application of ODMA-ABS and discuss the key update of ABAC. In the proposed system, the adversarial model of ODMA-ABS is enhanced from semi-honest to malicious. We propose a novel ODMA-ABS that is secure under this new model, analyze the outsourcing security and privacy, and conduct an experimental simulation to show practical performance. The proposed novel ABAC achieves non-transferability and is efficient for the user by introducing an aiding server. In addition, some of the content is extended. For example, we specifically explain the ideas behind our construction and the un-forge ability proof. We formalize the definition of attribute privacy and provide rigorous proof instead of simply intuition, and more figures and tables are added for better understanding.

Architecture

Architecture Diagram