A revocable attribute-based access control with non-monotonic access structure

Abstract

Internet of Things (IoT) has revolutionized data manipulation across various applications, particularly in online healthcare paradigm, where medical data are collected and processed for remote monitoring and analysis. To improve the privacy and security of such sensitive healthcare data, the attribute-based encryption (ABE) with non-monotonic access policies has recently provided a fine-grained access control within cloud and IoT-based healthcare ecosystems. Specifically, the adoption of multi-authority ABE with untrusted authorities has eliminated the need for a trusted authority. However, ensuring the privacy of user’s identity and attribute sets from these untrusted authorities remains a significant challenge in this context. To address this challenge, this paper introduces an enhanced multi-authority ABE approach, incorporating a robust attribute revocation mechanism. This enhancement safeguards user’s identity and attribute-set privacy while remaining resilient against collusion attacks and ensuring backward secrecy. Moreover, the proposed approach provides non-monotonic access policies, which supports positive and negative constraints using NOT operation as well as AND and OR operations. © Institut Mines-Télécom and Springer Nature Switzerland AG 2024.