Abstract
Attribute spoofing is a major security threat in information exchange solutions based on Ciphertext-Policy Attribute-Based-Encryption (CP-ABE) and distributed CP-ABE (dCP-ABE), which can compromise privacy and security. This threat occurs when an attacker forces the Attribute Authorities to generate keys for attributes they do not possess. This paper analyzes the threat of attribute spoofing and identifies the primary attack vectors, including direct interference with the Attribute Authority and compromise of the shared attribute storage database. The authors propose a solution based on IOTA, a DAG-type DLT, and Interplanetary File System (IPFS) to prevent attribute spoofing. The solution requires distributed attribute storage, validation, and user authentication to counteract the two attack vectors effectively. The proposed solution mitigates the consequences of attribute spoofing, including privilege escalation and reduction, acquisition of private keys, and cutoff of data access. The authors also evaluate their proposal through a value-chain use case and conclude that it effectively mitigates the consequences of attribute spoofing.