A Key Escrow-Free KP-ABE Scheme and Its Application in Stand-Alone Authentication in IoT

When users access the Internet of Things (IoT) devices, authenticating their identities and permissions is an important measure to ensure system security and achieve access control. Stand-alone authentication (SAA) is an efficient authentication method because it allows IoT devices to independently finish user authentication, avoiding the reliance on a single authentication center in traditional authentication methods. Attribute-based encryption (ABE) supports fine-grained access control and can be used to realize SAA. In certain SAA scenarios, the underlying ABE scheme should also meet some special requirements of security and function. For example, when a central authority seeks help from multiple proxy authorities to share the burden of managing users’ access rights, dishonest proxy authorities may grant access rights to illegal users to gain benefits. This situation where the authority abuses its capability of access rights management is referred to as the key escrow problem in ABE (because for ABE, users’ decryption keys represent their access rights). Therefore, we propose a key-policy ABE (KP-ABE) scheme without key escrow to prevent dishonest authorities from abusing their power. Compared with related schemes, the new scheme can relatively fully solve the key escrow problem, has high access policy expressiveness, and is efficient. These advantages ensure that the proposed scheme can be used to achieve secure and efficient SAA in IoT.