TY - JOUR
T1 - Privacy-Preserving, Verifiable, and Transformable Access Control for Cloud-Assisted IoV
AU - Zhu, Liang
AU - Zhang, Xuetao
AU - Li, Xiangxue
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2026
Y1 - 2026
N2 - The Internet of Vehicles (IoV) cloud platform enables multi-dimensional sharing of vehicle data, enhancing both its value and the quality of vehicle services. To ensure dynamic authorized access control and safeguard user privacy in the IoV cloud platform, an attribute-based encryption (ABE) scheme is employed. However, existing state-of-the-art schemes still struggle to simultaneously address the following challenges: 1) the limitation of single-application scenarios due to the difficulty of achieving cross-primitive ciphertext transformation; 2) the risk of user privacy leakage caused by the inability to fully hide access policies; 3) the potential for malicious accusations against the delegator due to a lack of verifiability. To tackle these issues, we propose PPVTAC, a Privacy-Preserving, Verifiable, and Transformable Access Control scheme for cloud-assisted IoV. Specifically, we leverage a hybrid proxy re-encryption technique to transform ABE ciphertext into identity-based encryption (IBE) ciphertext, making it more suitable for collaborative scenarios. A cuckoo filter is introduced to achieve fully hidden policies, thereby protecting user privacy. Additionally, we incorporate non-interactive zero-knowledge proofs (NIZKPs) to ensure verifiability, guaranteeing the correctness of transformed ciphertexts while preventing malicious accusations against the delegator. A further advantage of our scheme is its support for unbounded attribute spaces, eliminating the need for system reboot when adding new attributes. In addition, our scheme requires only a constant number of pairing operations during the decryption and re-encryption phases, regardless of the number of attributes. We formalize a security model and rigorously prove that our scheme achieves adaptive security. Our scheme achieves simultaneously for the first time cross-primitive ciphertext transformation, fully hidden policy, and verifiability while ensuring adaptive security. We implement our scheme in real-world environments and compare it with existing state-of-the-art schemes. Our approach offers a more comprehensive feature set without significant performance trade-offs, making it highly suitable for cloud-assisted IoV scenarios.
AB - The Internet of Vehicles (IoV) cloud platform enables multi-dimensional sharing of vehicle data, enhancing both its value and the quality of vehicle services. To ensure dynamic authorized access control and safeguard user privacy in the IoV cloud platform, an attribute-based encryption (ABE) scheme is employed. However, existing state-of-the-art schemes still struggle to simultaneously address the following challenges: 1) the limitation of single-application scenarios due to the difficulty of achieving cross-primitive ciphertext transformation; 2) the risk of user privacy leakage caused by the inability to fully hide access policies; 3) the potential for malicious accusations against the delegator due to a lack of verifiability. To tackle these issues, we propose PPVTAC, a Privacy-Preserving, Verifiable, and Transformable Access Control scheme for cloud-assisted IoV. Specifically, we leverage a hybrid proxy re-encryption technique to transform ABE ciphertext into identity-based encryption (IBE) ciphertext, making it more suitable for collaborative scenarios. A cuckoo filter is introduced to achieve fully hidden policies, thereby protecting user privacy. Additionally, we incorporate non-interactive zero-knowledge proofs (NIZKPs) to ensure verifiability, guaranteeing the correctness of transformed ciphertexts while preventing malicious accusations against the delegator. A further advantage of our scheme is its support for unbounded attribute spaces, eliminating the need for system reboot when adding new attributes. In addition, our scheme requires only a constant number of pairing operations during the decryption and re-encryption phases, regardless of the number of attributes. We formalize a security model and rigorously prove that our scheme achieves adaptive security. Our scheme achieves simultaneously for the first time cross-primitive ciphertext transformation, fully hidden policy, and verifiability while ensuring adaptive security. We implement our scheme in real-world environments and compare it with existing state-of-the-art schemes. Our approach offers a more comprehensive feature set without significant performance trade-offs, making it highly suitable for cloud-assisted IoV scenarios.
KW - access control
KW - Attribute-based encryption
KW - fully hidden policy
KW - Internet of Vehicles
KW - verifiability
UR - https://www.scopus.com/pages/publications/105026495290
U2 - 10.1109/JIOT.2025.3650174
DO - 10.1109/JIOT.2025.3650174
M3 - 文章
AN - SCOPUS:105026495290
SN - 2327-4662
JO - IEEE Internet of Things Journal
JF - IEEE Internet of Things Journal
ER -