Abstract
Access control technology is one of the key technologies to ensure safe resource sharing. Identity authentication and authority distribution are two key technologies for access control technology to restrict unauthorized users from accessing resources, and only authorised legal users can access resources. However, user privacy protection and frequent permission changes are two thorny issues that need to be solved urgently by access control technology. In this paper, a dynamic access control model based on privacy protection is proposed to deal with these problems. Compared with existing access control technologies, the main advantages of this paper are as follows: (1) Encrypt and hide the attributes of entities, and use attribute-based identity authentication technology for identity authentication, which not only achieves the purpose of traditional identity authentication, but also ensures the attributes and privacy of entities are not leaked; (2) Binding resource access permissions with entity attributes, dynamically assigning and adjusting resource access control permissions through changes in entity attributes, making resource access control more fine-grained and more flexible. Security proof and performance analysis show that the proposed protocol is secure under the hardness assumption of the discrete logarithm problem and the decision bilinear Diffie–Hellman problem. Compared with the cited references, this model has the advantages of low computational complexity, short computational time, and low communication overhead.
Similar content being viewed by others
References
Ding, S., Cao, J., Li, C., Fan, K., & Li, H. (2019). A novel attribute-based access control scheme using blockchain for IoT. IEEE Access, 7, 38431–38441.
Zhang, Q., Zhu, L., Li, Y., Ma, Z., Yuan, J., Zheng, J., & Ai, S. (2021). A group key agreement protocol for intelligent internet of things system. International Journal of Intelligent Systems, 37, 1–24. https://doi.org/10.1002/int.22644.
Zhong, H., Zhu, W., Xu, Y., & Cui, J. (2018). Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage. Soft Computing, 22(1), 243–251.
Xu, Y., Zeng, Q., Wang, G., Zhang, C., Ren, J., & Zhang, Y. (2020). An efficient privacy-enhanced attribute-based access control mechanism. Concurrency and Computation: Practice and Experience, 32(5), e5556.
Ma, Y., Shen, M., Zhao, Y., Li, Z., Tong, X., Zhang, Q., & Wang, Z. (2021). Opponent portrait for multiagent reinforcement learning in competitive environment. International Journal of Intelligent Systems, 36, 1–14. https://doi.org/10.1002/int.22594.
Xu, Q., Tan, C., Fan, Z., Zhu, W., Xiao, Y., & Cheng, F. (2018). Secure multi-authority data access control scheme in cloud storage system based on attribute-based signcryption. IEEE Access, 6, 34051–34074.
Zhang, Q., Zhu, L., Wang, R., Li, J., Yuan, J., Liang, T., & Zheng, J. (2021). Group key agreement protocol among terminals of the intelligent information system for mobile edge computing. International Journal of Intelligent Systems, 2021, 1–20. https://doi.org/10.1002/int.22544.
Nasiraee, H., & Ashouri-Talouki, M. (2020). Anonymous decentralized attribute-based access control for cloud-assisted IoT. Future Generation Computer Systems, 110, 45–56.
Zhu, Y., Yu, R., Ma, D., & Chu, W. C. (2019). Cryptographic attribute-based access control (ABAC) for secure decision making of dynamic policy with multiauthority attribute tokens. IEEE Transactions on Reliability, 68(4), 1330–1346.
Sandor, V. K., Lin, Y., Li, X., Lin, F., & Zhang, S. (2019). Efficient decentralized multi-authority attribute based encryption for mobile cloud data storage. Journal of Network and Computer Applications, 129, 25–36.
Li, Y., Yao, S., Zhang, R., & Yang, C. (2021). Analyzing host security using D–S evidence theory and multisource information fusion. International Journal of Intelligent Systems, 36, 1053–1068. https://doi.org/10.1002/int.22330.
Li, H., Deng, L., Yang, C., & Liu, J. (2020). An enhanced media ciphertext-policy attribute-based encryption algorithm on media cloud. International Journal of Distributed Sensor Networks, 16(2), 1550147720908196.
Zhang, Q., Li, Y., Wang, R., Liu, L., Tan, Y.-a, & Hu, J. (2021). Data security sharing model based on privacy protection for blockchain-enabled industrial Internet of Things. International Journal of Intelligent Systems, 36, 94–111. https://doi.org/10.1002/int.22293.
Hao, J., Huang, C., Ni, J., Rong, H., Xian, M., & Shen, X. S. (2019). Fine-grained data access control with attribute-hiding policy for cloud-based IoT. Computer Networks, 153, 1–10.
Imine, Y., Lounis, A., & Bouabdallah, A. (2018). Revocable attribute-based access control in mutli-autority systems. Journal of Network and Computer Applications, 122, 61–76.
Zhang, N., Xue, J., Ma, Y., Zhang, R., Liang, T., & Tan, Y.-A. (2021). Hybrid sequence-based Android malware detection using natural language processing. International Journal of Intelligent Systems, 36, 5770–5784. https://doi.org/10.1002/int.22529.
Zhang, Y., Li, B., Liu, B., Wu, J., Wang, Y., & Yang, X. (2020). An attribute-based collaborative access control scheme using blockchain for IoT devices. Electronics, 9(2), 285.
Wang, S., Zhang, Y., & Zhang, Y. (2018). A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems. IEEE Access, 6, 38437–38450.
De, S. J., & Ruj, S. (2020). Efficient decentralized attribute based access control for mobile clouds. IEEE Transactions on Cloud Computing, 8(1), 124–137.
Rana, S., & Mishra, D. (2020). Efficient and secure attribute based access control architecture for smart healthcare. Journal of Medical Systems, 44(5), 1–11.
Li, Y., Wang, X., Shi, Z., Zhang, R., Xue, J., & Wang, Z. (2021). Boosting training for PDF malware classifier via active learning. International Journal of Intelligent Systems, 37, 1–19. https://doi.org/10.1002/int.22451.
Yan, H., Wang, Y., Jia, C., Li, J., Xiang, Y., & Pedrycz, W. (2019). IoT-FBAC: Function-based access control scheme using identity-based encryption in IoT. Future Generation Computer Systems, 95, 344–353.
Zhang, Y., Zheng, D., & Deng, R. H. (2018). Security and privacy in smart health: Efficient policy-hiding attribute-based access control. IEEE Internet of Things Journal, 5(3), 2130–2145.
Qin, X., Huang, Y., Yang, Z., & Li, X. (2021). A Blockchain-based access control scheme with multiple attribute authorities for secure cloud data sharing. Journal of Systems Architecture, 112, 101854.
Qiu, M., Gai, K., Thuraisingham, B., Tao, L., & Zhao, H. (2018). Proactive user-centric secure data scheme using attribute-based semantic access controls for mobile clouds in financial industry. Future Generation Computer Systems, 80, 421–429.
Sultana, T., Almogren, A., Akbar, M., Zuair, M., Ullah, I., & Javaid, N. (2020). Data sharing system integrating access control mechanism using blockchain-based smart contracts for IoT devices. Applied Sciences, 10(2), 488.
Wang, Q., Lv, G., & Sun, X. (2019). Distributed access control with outsourced computation in fog computing. In 2019 Chinese control and decision conference (CCDC) (pp. 2446–2450). IEEE.
Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., & Wan, J. (2018). Smart contract-based access control for the internet of things. IEEE Internet of Things Journal, 6(2), 1594–1605.
Xu, R., Chen, Y., Blasch, E., & Chen, G. (2018). Blendcac: A blockchain-enabled decentralized capability-based access control for iots. In 2018 IEEE international conference on internet of things (iThings) and IEEE green computing and communications (GreenCom) and IEEE cyber, physical and social computing (CPSCom) and IEEE smart data (SmartData) (pp. 1027–1034). IEEE.
Rajput, A. R., Li, Q., Ahvanooey, M. T., & Masood, I. (2019). EACMS: Emergency access control management system for personal health record based on blockchain. IEEE Access, 7, 84304–84317.
Guo, L., Yang, X., & Yau, W. C. (2021). TABE-DAC: Efficient traceable attribute-based encryption scheme with dynamic access control based on blockchain. IEEE Access, 9, 8479–8490.
Liu, Z., Xu, J., Liu, Y., & Wang, B. (2019). Updatable ciphertext-policy attribute-based encryption scheme with traceability and revocability. IEEE Access, 7, 66832–66844.
Gao, S., Piao, G., Zhu, J., Ma, X., & Ma, J. (2020). TrustAccess: A trustworthy secure ciphertext-policy and attribute hiding access control scheme based on blockchain. IEEE Transactions on Vehicular Technology, 69(6), 5784–5798.
Zhang, Y., He, D., & Choo, K. K. R. (2018). BaDS: Blockchain-based architecture for data sharing with ABS and CP-ABE in IoT. Wireless Communications and Mobile Computing. 2018, 2783658. https://doi.org/10.1155/2018/2783658.
Acknowledgements
This work is supported by National Natural Science Foundation of China under Grant (Nos. 61772477, 61971380, U1804263 and 62072037), and the key technologies R &D Program of Henan Province (Nos. 212102210089, 212102210171, 212102210075), and the Key scientific research project plans of higher education institutions in Henan Province (Grant No. 21zx014).
Funding
The authors have not disclosed any funding.
Author information
Authors and Affiliations
Corresponding authors
Ethics declarations
Conflict of interest
The authors have not disclosed any competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Zhang, Q., Zhu, L., Zhao, K. et al. Dynamic permission access control model based on privacy protection. Telecommun Syst 81, 191–205 (2022). https://doi.org/10.1007/s11235-022-00937-8
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11235-022-00937-8