In an attribute-based system (ABS), users are identified by various attributes, instead of their identities. Since its seminal introduction, the attribute-based mechanism has attracted a lot of attention. However, current ABS schemes have a number of drawbacks: (i) the communication cost is linear in the number of the required attributes; (ii) the computation cost is linear in the number of the required attributes and (iii) there are no efficient verification algorithms for the secret keys. These drawbacks limit the use of ABS in practice. In this paper, we propose an attribute-based oblivious access control (ABOAC) scheme to address these problems, where only the receiver whose attributes satisfy the access policies can obtain services obliviously. As a result, the receiver does not release anything about the contents of the selected services and his attributes to the sender, and even the number and supersets of his attributes are protected. The sender only knows the number of the services selected by the authorized receiver. Notably, the costs of computation and communication are constant and independent of the number of required attributes. While, in the prior comparable schemes, both the costs of computation and communication are linear in the required attributes. Therefore, our ABOAC scheme provides a novel and elegant solution to protect user's privacy in the systems where both the bandwidth and the computing capability are limited, such as wireless sensor and actor networks, mobile ad hoc networks, etc.
Funding
Secure and Practical Anonymous Electronic Payment and Applications