Leveraging Attribute-Based Signcryption for Designing Selectively Disclosed SSI Verifiable Presentations

by University of Surrey,  

In REWIRE, attribute-based signcryption facilitates device enrolment into an external domain during the zero-touch onboarding (ZTO) process (https://www.rewire-he.eu/zero-touch-onboarding-of-iot-devices-to-support-trustworthy-computing/). We follow up to our previous blog on ZTO to complete out story line and describe how attribute-based signcryption, ZTO and SSI-based Verifiable Presentations combined form an innovative offering in REWIRE!

To facilitate understanding, let us deem attributes as representatives of device identity, or representatives of characteristics like device integrity, secure boot, secure state integrity in runtime, etc. Consider attributes from an attribute-based encryption scheme to generate secret keys and form an access structure tree. In essence, this tree can be seen as a logical representation of a policy, which can be mathematically transformed, and used for access control purposes.

Furthermore, think of attribute-based signatures as signatures that attest to the fact that a user, whose attributes satisfy the given policy, endorses a message. Crucially in REWIRE, attribute-based signatures are required for the secure enrolment of a device into a specific domain during zero-touch onboarding. However, if a device is attempting to communicate with an external device, it must be securely enrolled and authenticated into that device’s domain. Consequently, preserving the privacy of attributes related to the device becomes important to meet the strong security requirements of REWIRE.

Thus, to satisfy both security notions of privacy and integrity, an attribute-based signcryption scheme will be used as a more efficient way of encrypting and signing a message simultaneously, whilst maintaining the functionalities of the aforementioned schemes. We highlight that signcryption is a more elegant solution than trivially combining an attribute-based signature and attribute-based encryption scheme, not just in terms of efficiency but by design.

An attribute-based signcryption scheme also relies on an access structure tree that specifies the attribute-based access control to support policies. The goal of using this access tree is to enforce the user’s access policy in a different operation such as encryption, or decryption. For example, consider that the access conditions for a company are: (Both attributes: Doctor AND Hospital X) OR (2 of the following three attributes: Patient, Age over 35, Country Y). Provided proof of ownership of both attributes in the first bracket, or, two-out-three in the second bracket, the policy is proven to be satisfied and access is granted.

Technically speaking, the attribute-based signcryption scheme in REWIRE will consist of standardised (W3C) verifiable credentials, issued using a self-sovereign identity (SSI) domain and enabling the selective disclosure of device attributes. In doing so, REWIRE presents a novel protocol utilising attribute-based signatures wrapped in verifiable credentials and combined to produce zero-knowledge proofs that a pre-determined policy has been satisfied. Therefore, we can mitigate vulnerabilities like disclosure attacks of device characteristics (e.g. the software running on the device).

At present, we are finalising the design of the signcryption scheme and moving forward with demonstrating provable security, as well as implementation of the scheme.

Leave a Reply