A secure and scalable IoT access control framework with dynamic attribute updates and policy hiding.

With the rapid rise of Internet of Things (IoT) technology, cloud computing and attribute-based encryption (ABE) are often employed to safeguard the privacy and security of IoT data. However, most blockchain based access control methods are one-way, and user access policies are public, which cannot simultaneously meet the needs of dynamic attribute updates, two-way verification of users and data, and secure data transmission. To handle such challenges, we propose an attribute-based encryption scheme that satisfies real-time and secure sharing requirements through attribute updates and policy hiding. First, we designed a new dynamic update and policy hiding bidirectional attribute access control (DUPH-BAAC) scheme. In addition, a strategy hiding technique was adopted. The data owner sends encrypted addresses with hidden access policies to the blockchain network for verification through transactions. Then, the user locally matches attributes, the smart contract verifies user permissions, and generates access transactions for users who meet access policies. Moreover, the cloud server receives user identity keys and matches the user attribute set with the ciphertext attribute set. Besides, blockchain networks replace traditional IoT centralized servers for identity authentication, authorization, key management, and attribute updates, reducing information leakage risk. Finally, we demonstrate that the DUPH-BAAC scheme can resist indistinguishable choice access structures and selective plaintext attacks, achieving IND-sAS-CPA security.