Blockchain-Based Decentralization Approach for Ciphertext-Policy Attribute-Based Encryption Systems

Melissa Brigitthe Hinojosa-Cabello^1,2Rocio Aldeco-Perez^2*Miguel Morales-Sandoval³Jose Juan Garcia-Hernandez¹

• ¹Center for Research and Advanced Studies, National Polytechnic Institute of Mexico (CINVESTAV), México City, Mexico
• ²School of Engineering, National Autonomous University of Mexico, Mexico City, Mexico
• ³National Institute of Astrophysics, Optics and Electronics, Tonantzintla, Mexico

Since the rise of the Internet, several IT services and applications have become widely accessible, making cloud computing a vital solution for its deployment for corporate and personal use. Additionally, the Internet of Things (IoT) has accelerated large-scale data generation, e.g., for monitoring applications in medical and industrial environments. Cloud computing and IoT are seamlessly integrated: IoT devices generate data later stored and accessed in the cloud, enabling efficient data use across multiple applications and processing models. Consequently, cloud services are increasingly being used for outsourcing the high processing and storage requirements demanded by IoT applications. While this integration offers significant advantages, it also presents major data security challenges, particularly concerning the confidentiality and access control of outsourced sensitive data. It is especially relevant because cloud service providers are typically assumed to be honest but curious and, hence, untrustworthy. In this context, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can successfully enforce complex access control over outsourced data. It is achieved by encrypting it using fine-grained access policies and delegating access control to decryption keys dependent on end-user attributes. Although CP-ABE offers several advantages, its wide adoption and efficient deployment in practical applications is still hindered by some issues. One of the major concerns involves the strong dependency on a centralized trusted authority setting and managing CP-ABE's access control policies and attribute sets. This dependency represents a single point of failure that threatens the system's continuous operation. In this paper, we eliminate CP-ABE's dependency on a single trusted authority by adopting a decentralization strategy relying on blockchain's main features. Therefore, we propose a blockchain-based approach to distribute among multiple peers the users' secret keys generation and management tasks performed by the trusted authority, solving CP-ABE's centralization problem. By combining blockchain, CP-ABE, and Elliptic Curve Integrated Encryption 1 Hinojosa-Cabello et al.Scheme (ECIES), we ensure the privacy of CP-ABE critical components regardless of their heterogeneous privacy requirements. We evaluated our proposal considering a case study in the eHealth domain, whose results confirm its deployment feasibility in practical applications, where confidentiality and access control hold while resiliency and the system's continuous operation are achieved.