Data Access Control for Secure Authentication Using Dual VC Scheme Based on CP-ABE in DID

Abstract

In a Decentralized Identifier (DID), the Holder does not depend on a third party but controls self-identity information and is authenticated by the Verifier. Therefore, the Verifier can request verification data for access control from the Verifiable Data Registry (VDR) and credentials to authenticate the Holder. Data access control should be used when requesting data access such that only authorized Verifiers can access it. Consequently, studies on secure and efficient data access control have been conducted, and among them a scheme using Ciphertext Policy Attribute-based Encryption (CP-ABE) is underway. However, when the CP-ABE scheme is applied to the DID, the Holder's extended Self-Sovereign Identity (SSI), which proves that the Holder has approved access to the Holder's data stored in the VDR, is not ensured. Furthermore, the VDR does not verify the Verifier's data access rights, resulting in unauthorized verification and illegal access to data by the user. And issue infringement of the Holder's privacy, where Verifiers can infer the Holder by sharing and connecting the same DID-based Verifiable Presentations (VPs) of the Holder. Also, it leads to overheads in the amount of computation and search time for encryption/decryption. Therefore, in this paper, we propose a data access control for secure authentication by solving the security vulnerabilities of CP-ABE and using a CP-ABE-based dual Verifiable Credential (VC) scheme in DID.