Abstract
Ciphertext-Policy Attribute-Based-Encryption (CP-ABE) is a one-to-many encryption scheme that generates secret keys according to attributes held by users. It is assumed that attribute authorities (AAs) know this matching between users’ identities and their attributes and always generate valid secret keys. However, this approach is not scalable in systems with numerous users or several AAs. This lack of scalability makes attribute management difficult, leading to attackers abusing this situation to escalate privileges by spoofing attributes. We consider attribute spoofing a security risk and propose an attribute spoofing prevention scheme using a DAG-type DLT. We analyze the proposal by studying its effectiveness against the identified attack vectors. We also apply the proposal to a value-chain use case and provide a qualitative evaluation of the system by analyzing its ability to prevent attribute spoofing and other attack vectors identified in the literature review.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Bader, L., Pennekamp, J., Matzutt, R., Hedderich, D., Kowalski, M., Lücken, V., Wehrle, K.: Blockchain-based privacy preservation for supply chains supporting lightweight multi-hop information accountability. Inf. Process. Manag. 58(3), 102529 (2021). https://doi.org/10.1016/j.ipm.2021.102529
Cui, L., Yang, S., Chen, Z., Pan, Y., Xu, M., Xu, K.: An efficient and compacted dag-based blockchain protocol for industrial internet of things. IEEE Trans. Ind. Inf. 16(6), 4134–4145 (2020). https://doi.org/10.1109/TII.2019.2931157
Di Francesco Maesa, D., Lunardelli, A., Mori, P., Ricci, L.: Exploiting blockchain technology for attribute management in access control systems. In: Djemame, K., Altmann, J., Bañares, J.Á., Agmon Ben-Yehuda, O., Naldi, M. (eds.) GECON 2019. LNCS, vol. 11819, pp. 3–14. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36027-6_1
Di Francesco Maesa, D., Mori, P., Ricci, L.: A blockchain based approach for the definition of auditable access control systems. Comput. Secur. 84, 93–119 (2019). https://doi.org/10.1016/j.cose.2019.03.016
Epiphaniou, G., Pillai, P., Bottarelli, M., Al-Khateeb, H., Hammoudesh, M., Maple, C.: Electronic regulation of data sharing and processing using smart ledger technologies for supply-chain security. IEEE Trans. Eng. Manage. 67(4), 1059–1073 (2020). https://doi.org/10.1109/TEM.2020.2965991
Flynn, B.B., Huo, B., Zhao, X.: The impact of supply chain integration on performance: A contingency and configuration approach. J. Oper. Manage. 28(1), 58–71 (2010). https://doi.org/10.1016/j.jom.2009.06.001
Hardt, D.: The OAuth 2.0 Authorization framework. RFC 6749 (Oct 2012). https://doi.org/10.17487/RFC6749
Liu, R., Kumar, A.: Leveraging information sharing to configure supply chains. Inf. Syst. Front. 13(1), 139–151 (2011). https://doi.org/10.1007/s10796-009-9222-8
Mosteiro-Sanchez, A., Barcelo, M., Astorga, J., Urbieta, A.: End to end secure data exchange in value chains with dynamic policy update. Preprint arXiv:2201.06335 (2022)
Nakanishi, R., Zhang, Y., Sasabe, M., Kasahara, S.: Combining IOTA and attribute-based encryption for access control in the internet of things. Sensors 21(5053), 1–15 (2021). https://doi.org/10.3390/s21155053
Pennekamp, J., Bader, L., Matzutt, R., Niemietz, P., Trauth, D., Henze, M., Bergs, T., Wehrle, K.: Private multi-hop accountability for supply chains. In: 2020 IEEE International Conference on Communications Workshops (ICC Workshops), pp. 1–7 (2020). https://doi.org/10.1109/ICCWorkshops49005.2020.9145100
Preuveneers, D., Joosen, W., Bernal Bernabe, J., Skarmeta, A.F.: Distributed security framework for reliable threat intelligence sharing. Secur. Commun. Netw. 2020, 8833765 (2020). https://doi.org/10.1155/2020/8833765
Qi, S., Zheng, Y., Li, M., Liu, Y., Qiu, J.: Scalable industry data access control in RFID-enabled supply chain. IEEE/ACM Trans. Netw. 24(6), 3551–3564 (2016). https://doi.org/10.1109/TNET.2016.2536626
Rouselakis, Y., Waters, B.: Efficient statically-secure large-universe multi-authority attribute-based encryption. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 315–332. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_19
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27
Stefanescu, D., Galán-García, P., Montalvillo, L., Unzilla, J., Urbieta, A.: Towards a holistic DLT architecture for IIoT: improved DAG for production lines. In: Prieto, J., Partida, A., Leitão, P., Pinto, A. (eds.) BLOCKCHAIN 2021. LNNS, vol. 320, pp. 179–188. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-86162-9_18
Acknowledgment
The European Commission financially supported this work through the Horizon Europe program under the COMP4DRONES project (grant agreement \(\hbox {N}^{\circ }\) 826610). It was also partially supported by the Ayudas Cervera para Centros Tecnológicos grant of the Spanish Centre for the Development of Industrial Technology (CDTI) under the project EGIDA (CER-20191012) and by the Basque Country Government under the ELKARTEK program, project REMEDY - REal tiME control and embeddeD securitY (KK-2021/00091).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Mosteiro-Sanchez, A., Barcelo, M., Astorga, J., Urbieta, A. (2023). “Are You What You Claim to Be?” Attribute Validation with IOTA for Multi Authority CP-ABE. In: Prieto, J., Benítez Martínez, F.L., Ferretti, S., Arroyo Guardeño, D., Tomás Nevado-Batalla, P. (eds) Blockchain and Applications, 4th International Congress . BLOCKCHAIN 2022. Lecture Notes in Networks and Systems, vol 595. Springer, Cham. https://doi.org/10.1007/978-3-031-21229-1_26
Download citation
DOI: https://doi.org/10.1007/978-3-031-21229-1_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21228-4
Online ISBN: 978-3-031-21229-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)