A secure and scalable IoT access control framework with dynamic attribute updates and policy hiding
Abstract With the rapid rise of Internet of Things (IoT) technology, cloud computing and attribute-based encryption (ABE) are often employed to safeguard the privacy and security of IoT data. However, most blockchain based access control methods are one-way, and user access policies are public, whic...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Nature Portfolio
2025-04-01
|
| Series: | Scientific Reports |
| Subjects: | |
| Online Access: | https://doi.org/10.1038/s41598-024-80307-3 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849726584124080128 |
|---|---|
| author | Zhigang Xu Wan Zhou Hongmu Han Xinhua Dong Shiguang Zhang Ziping Hu |
| author_facet | Zhigang Xu Wan Zhou Hongmu Han Xinhua Dong Shiguang Zhang Ziping Hu |
| author_sort | Zhigang Xu |
| collection | DOAJ |
| description | Abstract With the rapid rise of Internet of Things (IoT) technology, cloud computing and attribute-based encryption (ABE) are often employed to safeguard the privacy and security of IoT data. However, most blockchain based access control methods are one-way, and user access policies are public, which cannot simultaneously meet the needs of dynamic attribute updates, two-way verification of users and data, and secure data transmission. To handle such challenges, we propose an attribute-based encryption scheme that satisfies real-time and secure sharing requirements through attribute updates and policy hiding. First, we designed a new dynamic update and policy hiding bidirectional attribute access control (DUPH-BAAC) scheme. In addition, a strategy hiding technique was adopted. The data owner sends encrypted addresses with hidden access policies to the blockchain network for verification through transactions. Then, the user locally matches attributes, the smart contract verifies user permissions, and generates access transactions for users who meet access policies. Moreover, the cloud server receives user identity keys and matches the user attribute set with the ciphertext attribute set. Besides, blockchain networks replace traditional IoT centralized servers for identity authentication, authorization, key management, and attribute updates, reducing information leakage risk. Finally, we demonstrate that the DUPH-BAAC scheme can resist indistinguishable choice access structures and selective plaintext attacks, achieving IND-sAS-CPA security. |
| format | Article |
| id | doaj-art-46dd77cff2534834a3d9a1d227d53ec6 |
| institution | DOAJ |
| issn | 2045-2322 |
| language | English |
| publishDate | 2025-04-01 |
| publisher | Nature Portfolio |
| record_format | Article |
| series | Scientific Reports |
| spelling | doaj-art-46dd77cff2534834a3d9a1d227d53ec62025-08-20T03:10:07ZengNature PortfolioScientific Reports2045-23222025-04-0115111810.1038/s41598-024-80307-3A secure and scalable IoT access control framework with dynamic attribute updates and policy hidingZhigang Xu0Wan Zhou1Hongmu Han2Xinhua Dong3Shiguang Zhang4Ziping Hu5School of Computer Science, Hubei University of TechnologySchool of Computer Science, Hubei University of TechnologySchool of Computer Science, Hubei University of TechnologySchool of Computer Science, Hubei University of TechnologySchool of Computer Science, Hubei University of TechnologyJiangmen Industrial Technology Research Institute of Guangdong Academy of Sciences LtdAbstract With the rapid rise of Internet of Things (IoT) technology, cloud computing and attribute-based encryption (ABE) are often employed to safeguard the privacy and security of IoT data. However, most blockchain based access control methods are one-way, and user access policies are public, which cannot simultaneously meet the needs of dynamic attribute updates, two-way verification of users and data, and secure data transmission. To handle such challenges, we propose an attribute-based encryption scheme that satisfies real-time and secure sharing requirements through attribute updates and policy hiding. First, we designed a new dynamic update and policy hiding bidirectional attribute access control (DUPH-BAAC) scheme. In addition, a strategy hiding technique was adopted. The data owner sends encrypted addresses with hidden access policies to the blockchain network for verification through transactions. Then, the user locally matches attributes, the smart contract verifies user permissions, and generates access transactions for users who meet access policies. Moreover, the cloud server receives user identity keys and matches the user attribute set with the ciphertext attribute set. Besides, blockchain networks replace traditional IoT centralized servers for identity authentication, authorization, key management, and attribute updates, reducing information leakage risk. Finally, we demonstrate that the DUPH-BAAC scheme can resist indistinguishable choice access structures and selective plaintext attacks, achieving IND-sAS-CPA security.https://doi.org/10.1038/s41598-024-80307-3Attribute-based encryption (ABE)Internet of Things (IoT)Bidirectional attribute access controlDynamic updatePolicy hiding |
| spellingShingle | Zhigang Xu Wan Zhou Hongmu Han Xinhua Dong Shiguang Zhang Ziping Hu A secure and scalable IoT access control framework with dynamic attribute updates and policy hiding Scientific Reports Attribute-based encryption (ABE) Internet of Things (IoT) Bidirectional attribute access control Dynamic update Policy hiding |
| title | A secure and scalable IoT access control framework with dynamic attribute updates and policy hiding |
| title_full | A secure and scalable IoT access control framework with dynamic attribute updates and policy hiding |
| title_fullStr | A secure and scalable IoT access control framework with dynamic attribute updates and policy hiding |
| title_full_unstemmed | A secure and scalable IoT access control framework with dynamic attribute updates and policy hiding |
| title_short | A secure and scalable IoT access control framework with dynamic attribute updates and policy hiding |
| title_sort | secure and scalable iot access control framework with dynamic attribute updates and policy hiding |
| topic | Attribute-based encryption (ABE) Internet of Things (IoT) Bidirectional attribute access control Dynamic update Policy hiding |
| url | https://doi.org/10.1038/s41598-024-80307-3 |
| work_keys_str_mv | AT zhigangxu asecureandscalableiotaccesscontrolframeworkwithdynamicattributeupdatesandpolicyhiding AT wanzhou asecureandscalableiotaccesscontrolframeworkwithdynamicattributeupdatesandpolicyhiding AT hongmuhan asecureandscalableiotaccesscontrolframeworkwithdynamicattributeupdatesandpolicyhiding AT xinhuadong asecureandscalableiotaccesscontrolframeworkwithdynamicattributeupdatesandpolicyhiding AT shiguangzhang asecureandscalableiotaccesscontrolframeworkwithdynamicattributeupdatesandpolicyhiding AT zipinghu asecureandscalableiotaccesscontrolframeworkwithdynamicattributeupdatesandpolicyhiding AT zhigangxu secureandscalableiotaccesscontrolframeworkwithdynamicattributeupdatesandpolicyhiding AT wanzhou secureandscalableiotaccesscontrolframeworkwithdynamicattributeupdatesandpolicyhiding AT hongmuhan secureandscalableiotaccesscontrolframeworkwithdynamicattributeupdatesandpolicyhiding AT xinhuadong secureandscalableiotaccesscontrolframeworkwithdynamicattributeupdatesandpolicyhiding AT shiguangzhang secureandscalableiotaccesscontrolframeworkwithdynamicattributeupdatesandpolicyhiding AT zipinghu secureandscalableiotaccesscontrolframeworkwithdynamicattributeupdatesandpolicyhiding |