Nothing Special   »   [go: up one dir, main page]
Skip to main content
SpringerLink
Log in

“Are You What You Claim to Be?” Attribute Validation with IOTA for Multi Authority CP-ABE

  • Conference paper
  • First Online:
Blockchain and Applications, 4th International Congress (BLOCKCHAIN 2022)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 595))

Included in the following conference series:

Abstract

Ciphertext-Policy Attribute-Based-Encryption (CP-ABE) is a one-to-many encryption scheme that generates secret keys according to attributes held by users. It is assumed that attribute authorities (AAs) know this matching between users’ identities and their attributes and always generate valid secret keys. However, this approach is not scalable in systems with numerous users or several AAs. This lack of scalability makes attribute management difficult, leading to attackers abusing this situation to escalate privileges by spoofing attributes. We consider attribute spoofing a security risk and propose an attribute spoofing prevention scheme using a DAG-type DLT. We analyze the proposal by studying its effectiveness against the identified attack vectors. We also apply the proposal to a value-chain use case and provide a qualitative evaluation of the system by analyzing its ability to prevent attribute spoofing and other attack vectors identified in the literature review.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Bader, L., Pennekamp, J., Matzutt, R., Hedderich, D., Kowalski, M., Lücken, V., Wehrle, K.: Blockchain-based privacy preservation for supply chains supporting lightweight multi-hop information accountability. Inf. Process. Manag. 58(3), 102529 (2021). https://doi.org/10.1016/j.ipm.2021.102529

    Article  Google Scholar 

  2. Cui, L., Yang, S., Chen, Z., Pan, Y., Xu, M., Xu, K.: An efficient and compacted dag-based blockchain protocol for industrial internet of things. IEEE Trans. Ind. Inf. 16(6), 4134–4145 (2020). https://doi.org/10.1109/TII.2019.2931157

    Article  Google Scholar 

  3. Di Francesco Maesa, D., Lunardelli, A., Mori, P., Ricci, L.: Exploiting blockchain technology for attribute management in access control systems. In: Djemame, K., Altmann, J., Bañares, J.Á., Agmon Ben-Yehuda, O., Naldi, M. (eds.) GECON 2019. LNCS, vol. 11819, pp. 3–14. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36027-6_1

  4. Di Francesco Maesa, D., Mori, P., Ricci, L.: A blockchain based approach for the definition of auditable access control systems. Comput. Secur. 84, 93–119 (2019). https://doi.org/10.1016/j.cose.2019.03.016

    Article  Google Scholar 

  5. Epiphaniou, G., Pillai, P., Bottarelli, M., Al-Khateeb, H., Hammoudesh, M., Maple, C.: Electronic regulation of data sharing and processing using smart ledger technologies for supply-chain security. IEEE Trans. Eng. Manage. 67(4), 1059–1073 (2020). https://doi.org/10.1109/TEM.2020.2965991

    Article  Google Scholar 

  6. Flynn, B.B., Huo, B., Zhao, X.: The impact of supply chain integration on performance: A contingency and configuration approach. J. Oper. Manage. 28(1), 58–71 (2010). https://doi.org/10.1016/j.jom.2009.06.001

    Article  Google Scholar 

  7. Hardt, D.: The OAuth 2.0 Authorization framework. RFC 6749 (Oct 2012). https://doi.org/10.17487/RFC6749

  8. Liu, R., Kumar, A.: Leveraging information sharing to configure supply chains. Inf. Syst. Front. 13(1), 139–151 (2011). https://doi.org/10.1007/s10796-009-9222-8

    Article  Google Scholar 

  9. Mosteiro-Sanchez, A., Barcelo, M., Astorga, J., Urbieta, A.: End to end secure data exchange in value chains with dynamic policy update. Preprint arXiv:2201.06335 (2022)

  10. Nakanishi, R., Zhang, Y., Sasabe, M., Kasahara, S.: Combining IOTA and attribute-based encryption for access control in the internet of things. Sensors 21(5053), 1–15 (2021). https://doi.org/10.3390/s21155053

    Article  Google Scholar 

  11. Pennekamp, J., Bader, L., Matzutt, R., Niemietz, P., Trauth, D., Henze, M., Bergs, T., Wehrle, K.: Private multi-hop accountability for supply chains. In: 2020 IEEE International Conference on Communications Workshops (ICC Workshops), pp. 1–7 (2020). https://doi.org/10.1109/ICCWorkshops49005.2020.9145100

  12. Preuveneers, D., Joosen, W., Bernal Bernabe, J., Skarmeta, A.F.: Distributed security framework for reliable threat intelligence sharing. Secur. Commun. Netw. 2020, 8833765 (2020). https://doi.org/10.1155/2020/8833765

    Article  Google Scholar 

  13. Qi, S., Zheng, Y., Li, M., Liu, Y., Qiu, J.: Scalable industry data access control in RFID-enabled supply chain. IEEE/ACM Trans. Netw. 24(6), 3551–3564 (2016). https://doi.org/10.1109/TNET.2016.2536626

    Article  Google Scholar 

  14. Rouselakis, Y., Waters, B.: Efficient statically-secure large-universe multi-authority attribute-based encryption. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 315–332. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_19

    Chapter  Google Scholar 

  15. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27

    Chapter  Google Scholar 

  16. Stefanescu, D., Galán-García, P., Montalvillo, L., Unzilla, J., Urbieta, A.: Towards a holistic DLT architecture for IIoT: improved DAG for production lines. In: Prieto, J., Partida, A., Leitão, P., Pinto, A. (eds.) BLOCKCHAIN 2021. LNNS, vol. 320, pp. 179–188. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-86162-9_18

Download references

Acknowledgment

The European Commission financially supported this work through the Horizon Europe program under the COMP4DRONES project (grant agreement \(\hbox {N}^{\circ }\) 826610). It was also partially supported by the Ayudas Cervera para Centros Tecnológicos grant of the Spanish Centre for the Development of Industrial Technology (CDTI) under the project EGIDA (CER-20191012) and by the Basque Country Government under the ELKARTEK program, project REMEDY - REal tiME control and embeddeD securitY (KK-2021/00091).

Author information

Authors and Affiliations

  1. Ikerlan Technology Research Centre, Arrasate/Mondragón, Spain

    Aintzane Mosteiro-Sanchez, Marc Barcelo & Aitor Urbieta

  2. University of the Basque Country (UPV/EHU), 48013, Bilbao, Spain

    Aintzane Mosteiro-Sanchez & Jasone Astorga

Authors
  1. Aintzane Mosteiro-Sanchez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marc Barcelo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jasone Astorga
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Aitor Urbieta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aintzane Mosteiro-Sanchez .

Editor information

Editors and Affiliations

  1. Departamento de Informática y Automática, University of Salamanca, Salamanca, Spain

    Javier Prieto

  2. Parque Tecnológico de la Salud (PTS), Granada, Spain

    Francisco Luis Benítez Martínez

  3. University of Urbino Carlo Bo, Urbino, Italy

    Stefano Ferretti

  4. Spanish National Research Council (CSIC), Madrid, Spain

    David Arroyo Guardeño

  5. Facultad de Derecho, University of Salamanca, Salamanca, Spain

    Pedro Tomás Nevado-Batalla

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mosteiro-Sanchez, A., Barcelo, M., Astorga, J., Urbieta, A. (2023). “Are You What You Claim to Be?” Attribute Validation with IOTA for Multi Authority CP-ABE. In: Prieto, J., Benítez Martínez, F.L., Ferretti, S., Arroyo Guardeño, D., Tomás Nevado-Batalla, P. (eds) Blockchain and Applications, 4th International Congress . BLOCKCHAIN 2022. Lecture Notes in Networks and Systems, vol 595. Springer, Cham. https://doi.org/10.1007/978-3-031-21229-1_26

Download citation

Publish with us

Policies and ethics

Search

Navigation