Cross trust: A decentralized MA-ABE mechanism for cross-border identity authentication

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS International Journal of Critical Infrastructure Protection Pub Date : 2024-01-17 DOI:10.1016/j.ijcip.2024.100661

Jian Chen , Fei Lu , Yuanzhe Liu , Sheng Peng , Zhiming Cai , Fu Mo

{"title":"Cross trust: A decentralized MA-ABE mechanism for cross-border identity authentication","authors":"Jian Chen , Fei Lu , Yuanzhe Liu , Sheng Peng , Zhiming Cai , Fu Mo","doi":"10.1016/j.ijcip.2024.100661","DOIUrl":null,"url":null,"abstract":"<div><p>With an increasing demand for authenticated data exchange between jurisdictions, ensuring the privacy and security of data interactions is crucial for national security, public health, and economic vitality, becoming a fundamental national infrastructure. Current solutions can be categorized into two types: fully decentralized autonomous systems based on blockchains or centralized solutions that rely on authoritative centers such as certification authorities (CAs). In reality, a balance needs to be struck between guaranteed authority and privacy independence. A certain authority is needed as an authorization guarantee, and decentralization is required to ensure privacy and the independence of the authority. This paper proposes a novel scheme, CT-MA-ABE (Cross-Trust Multiple Authorization Attribute-Based Encryption), to address these issues by implementing MA-ABE for cross-border institutional authorization interactions, utilize blockchain certification authority (BCA) for credibility and encryption-based authorization to protect attribute data privacy. This solution integrates the role of 'notary' in cross-border interactions, addressing the supervision problem in fully decentralized approaches while also considering the trust issue in centralized systems. This paper also introduces the Universal Certificate Authority Pool (UCAP), an innovative hybrid federated authorization method, creatively utilizing the implied authorization conditions of attributes to create a flexible and transitive authorization mechanism based on attribute relationships and extensions, enhancing privacy protection and improving the speed of authorization matrix calculation. The successful deployment of the system between the legal jurisdictions in South China, Zhuhai and Macau as a critical infrastructure component for securing data interactions further demonstrates its effectiveness as a reliable and secure solution.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"44 ","pages":"Article 100661"},"PeriodicalIF":4.1000,"publicationDate":"2024-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructure Protection","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1874548224000027","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

With an increasing demand for authenticated data exchange between jurisdictions, ensuring the privacy and security of data interactions is crucial for national security, public health, and economic vitality, becoming a fundamental national infrastructure. Current solutions can be categorized into two types: fully decentralized autonomous systems based on blockchains or centralized solutions that rely on authoritative centers such as certification authorities (CAs). In reality, a balance needs to be struck between guaranteed authority and privacy independence. A certain authority is needed as an authorization guarantee, and decentralization is required to ensure privacy and the independence of the authority. This paper proposes a novel scheme, CT-MA-ABE (Cross-Trust Multiple Authorization Attribute-Based Encryption), to address these issues by implementing MA-ABE for cross-border institutional authorization interactions, utilize blockchain certification authority (BCA) for credibility and encryption-based authorization to protect attribute data privacy. This solution integrates the role of 'notary' in cross-border interactions, addressing the supervision problem in fully decentralized approaches while also considering the trust issue in centralized systems. This paper also introduces the Universal Certificate Authority Pool (UCAP), an innovative hybrid federated authorization method, creatively utilizing the implied authorization conditions of attributes to create a flexible and transitive authorization mechanism based on attribute relationships and extensions, enhancing privacy protection and improving the speed of authorization matrix calculation. The successful deployment of the system between the legal jurisdictions in South China, Zhuhai and Macau as a critical infrastructure component for securing data interactions further demonstrates its effectiveness as a reliable and secure solution.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

交叉信任：用于跨境身份验证的去中心化 MA-ABE 机制

随着各辖区之间认证数据交换的需求日益增长，确保数据交互的隐私和安全对国家安全、公共卫生和经济活力至关重要，已成为一项基本的国家基础设施。目前的解决方案可分为两类：基于区块链的完全去中心化自治系统或依赖于权威中心（如认证机构）的中心化解决方案。在现实中，需要在保证权威性和隐私独立性之间取得平衡。需要一定的权威作为授权保证，同时需要去中心化来确保隐私和权威的独立性。本文提出了一种新颖的方案 CT-MA-ABE（基于属性的交叉信任多重授权加密）来解决这些问题，该方案通过实现 MA-ABE 来进行跨境机构授权交互，利用区块链认证机构（BCA）来提高可信度，并通过基于加密的授权来保护属性数据隐私。该解决方案整合了跨境交互中的 "公证人 "角色，既解决了完全去中心化方法中的监督问题，又考虑了中心化系统中的信任问题。本文还介绍了通用证书授权池（UCAP）这一创新的混合联合授权方法，创造性地利用属性的隐含授权条件，创建了基于属性关系和扩展的灵活、跨界的授权机制，加强了隐私保护，提高了授权矩阵的计算速度。该系统在华南、珠海和澳门法律管辖区之间的成功部署，作为保障数据交互安全的关键基础设施组件，进一步证明了其作为可靠和安全解决方案的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

International Journal of Critical Infrastructure Protection COMPUTER SCIENCE, INFORMATION SYSTEMS-ENGINEERING, MULTIDISCIPLINARY

CiteScore

8.90

自引率

5.60%

发文量

审稿时长

>12 weeks

期刊介绍： The International Journal of Critical Infrastructure Protection (IJCIP) was launched in 2008, with the primary aim of publishing scholarly papers of the highest quality in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology, law and policy to craft sophisticated yet practical solutions for securing assets in the various critical infrastructure sectors. These critical infrastructure sectors include: information technology, telecommunications, energy, banking and finance, transportation systems, chemicals, critical manufacturing, agriculture and food, defense industrial base, public health and health care, national monuments and icons, drinking water and water treatment systems, commercial facilities, dams, emergency services, nuclear reactors, materials and waste, postal and shipping, and government facilities. Protecting and ensuring the continuity of operation of critical infrastructure assets are vital to national security, public health and safety, economic vitality, and societal wellbeing. The scope of the journal includes, but is not limited to: 1. Analysis of security challenges that are unique or common to the various infrastructure sectors. 2. Identification of core security principles and techniques that can be applied to critical infrastructure protection. 3. Elucidation of the dependencies and interdependencies existing between infrastructure sectors and techniques for mitigating the devastating effects of cascading failures. 4. Creation of sophisticated, yet practical, solutions, for critical infrastructure protection that involve mathematical, scientific and engineering techniques, economic and social science methods, and/or legal and public policy constructs.