Dynamic permission access control model based on privacy protection

Access control technology is one of the key technologies to ensure safe resource sharing. Identity authentication and authority distribution are two key technologies for access control technology to restrict unauthorized users from accessing resources, and only authorised legal users can access resources. However, user privacy protection and frequent permission changes are two thorny issues that need to be solved urgently by access control technology. In this paper, a dynamic access control model based on privacy protection is proposed to deal with these problems. Compared with existing access control technologies, the main advantages of this paper are as follows: (1) Encrypt and hide the attributes of entities, and use attribute-based identity authentication technology for identity authentication, which not only achieves the purpose of traditional identity authentication, but also ensures the attributes and privacy of entities are not leaked; (2) Binding resource access permissions with entity attributes, dynamically assigning and adjusting resource access control permissions through changes in entity attributes, making resource access control more fine-grained and more flexible. Security proof and performance analysis show that the proposed protocol is secure under the hardness assumption of the discrete logarithm problem and the decision bilinear Diffie–Hellman problem. Compared with the cited references, this model has the advantages of low computational complexity, short computational time, and low communication overhead.


Introduction
The innovation and development of artificial intelligence, big data and 5G technology have promoted the birth of new applications such as smart community, smart transportation and smart city. One of its core technologies is secure resource sharing, information exchange and transmission among multiple entities. Access control is a core technology that guarantees secure resource sharing and information exchange among entities. Under the access con- trol technology, only the legitimate terminal that meets the access policy can access the resources of the network platform. The security of system resources is improved, but the flexibility of access to system resources is enhanced. In recent years, there has been more and more research on access control technology. These studies are applied to medical, industrial, corporate and personal fields. On this basis, many access control schemes have been proposed, such as early autonomous access control and mandatory access control, later identity-based access control and recent research hotspot attribute-based access control, etc. Many practical problems have been solved by them.
However, with the progress of network technology, access control technology is also facing new challenges. The vast and complex data exchange increases the threat to data security and increases the risk of terminal privacy leakage. It is difficult to realize the hierarchical division and classified storage of resources. In the process of resource sharing, the terminal needs to undertake huge computing and communication tasks. In addition, it is still difficult to solve the problem of terminal member revocation or terminal attribute weight revocation, etc. In order to solve these problems, a dynamic permission access control model based on privacy protection (PP-DPAC) is proposed in this paper. In the model, the data is encrypted first. Then the ciphertext data is uploaded to the resource storage service platform. If the terminal member wants to obtain resources, its identity information is verified first, then its attribute weight information is verified. Only when the identity and attribute weights are satisfied, the terminal can obtain resources. Under the dual authentication mechanism, the security of resources is improved. Terminal members can only access resources with corresponding confidentiality level or resources with lower confidentiality level. Fine-grained access control is implemented. Massive computing tasks are transferred to the server, so that the terminal can efficiently complete data sharing and truly realize light load. In addition, terminal members can obtain confidentiality resources of higher level by upgrading their permissions. If they are punished, their access permissions will be reduced. This greatly increases the security of privacy and the dynamic flexibility of access.

Contributions
In this paper, a PP-DPAC model is proposed. The advantages and main contributions of the paper are as follows: (1) Hidden attribute authentication. Terminal members need to be authenticated before participating in resource sharing. By improving the traditional attribute-based authentication scheme, a terminal identity authentication scheme with hidden attributes is proposed in this paper. In the scheme, not only the identity information of the terminal is hidden, but also the attribute information of the terminal is hidden by algorithm. In this way, the leakage of personal privacy can be avoided. (2) Dynamic and fine-grained access control. Each terminal member has a different number of attributes. Different attribute number combinations correspond to different access permissions. Terminal members access resources at the corresponding level or lower level according to their attribute permissions. When terminal members have lower permissions, they can access higher-level resources by upgrading their permissions. In other words, authenticated terminal members can upgrade or downgrade their permissions to access multiple levels of resources. (3) High security. Shared resources need to be encrypted before being stored. Then it is uploaded to the resource sharing storage platform. When terminal members obtain resources, they not only need to verify identity, but also need to have enough attribute weights to calculate the decryption key and decrypt the ciphertext. This double guarantee mechanism can resist collusion attacks and has high security.

Related work
With the development and application of various new technologies, the application scenario of access control is also expanding. However, the existing access control technology is difficult to meet the requirements of complex application scenarios, such as cloud computing, edge computing and industrial Internet of things (IoT). In recent years, many scholars have carried out in-depth research on access control technology in combination with specific application scenarios. An access control protocol combined with blockchain is proposed in [1,2]. Blockchain has the characteristics of decentralization, which can better solve the third-party trust problem. At the same time, blockchain technology is used to record the attribute information of the terminal members, which not only facilitates the management of the terminal, but also enhances the security of the system. The algorithm part of the scheme adopts a modular design. This method not only facilitates the later management and maintenance, but also improves the flexibility of the scheme. In [3], an access control scheme supporting data privacy protection and policy hiding is proposed. A flexible access structure is designed in the scheme. LSSS matrix combined with policy hiding can better ensure the security of data access. At the same time, not only user revocation is supported in this scheme, but also it is efficient and lightweight. The computing and communication load of the terminal is reduced. Finally, the security and performance of the scheme are analyzed, and the feasibility of the scheme is analyzed through simulation experiments. In [4,5], an efficient access control scheme based on privacy protection is proposed. The characteristics of hash function and the structure of binary tree are used to limit the decisionmaking process of the model. A binary search tree based on hash function is used to protect the attributes of terminal members, so the risk of user privacy leakage is reduced. At the same time, this method is also applied to the server to effectively process requests from various terminals. In [6,7], a secure access control scheme based on attribute signcryption is proposed. Under the assumption of discrete logarithm theory, the attribute hiding and zero knowledge proof technology are used in this scheme, which can not only protect the privacy of terminal members, but also reduce the leakage of attributes in the process of data sharing. In addition, the server is used to partially decrypt the ciphertext resources. The computing tasks of the terminal members are effectively reduced. An anonymous cloud assisted Internet of things access control scheme is proposed in [8]. In the scheme, the finegrained access control combined with attribute encryption technology is realized. At the same time, a confusion strategy is proposed to fuzzy the user's privacy information. The correctness of the scheme is verified by formal verification. In [9], a new cryptographic access control framework is proposed. The programme supports the establishment of multiple authority centres. A new security encryption strategy is adopted, which is bound with ciphertext to resist known attacks. Users no longer use private key signature verification, but adopt a more convenient attribute token. Although this method is convenient and lightweight, there is still a risk of token leakage. In [10,11], a flexible multi authority data storage scheme is proposed. This scheme does not need an authority center to distribute the key. At the same time, a series of attributes are used to realize flexible data storage, which completely eliminates the security risks caused by key distribution. In addition, the computing task of the terminal is transfered to the assistant node, which reduces the load of the terminal node. A ciphertext strategy for media cloud is proposed in [12,13]. Compared with other attribute based encryption schemes, this scheme has better performance. Legitimate users only need two hash operations when switching access to resources, which greatly reduces the calculation time. At the same time, the scheme also supports user revocation, which is easy to expand and maintain in later work. In [14], an access control scheme supporting attribute hiding is proposed. By hiding the attributes, the scheme can better protect the privacy information of terminal members. In addition, an attribute location mechanism is also proposed, which can help authorized terminals locate attribute information and decrypt resources. The final simulation comparison shows that the efficiency of this scheme is better.
In [15,16], a user and attribute revocable access control scheme is proposed. In the scheme, the revocation of the user or the user's attributes is supported, and the terminal members cannot access the original resources after revocation. At the same time, in the scheme, users can add or reduce attributes according to their own needs, and the amount of calculation is small in this process. Through the security analysis of the scheme, the scheme can effectively resist known attacks. In [17], a fine-grained access control scheme based on attribute and blockchain is proposed. In this scheme, a cooperation mechanism is applied, which can authorize users in emergency, and this mechanism can be verified. The outsourcing method is adopted to build a trusted node to perform the main computing and communication tasks, and writes the information into the blockchain through transaction. A resource sharing scheme combining blockchain and ABE is proposed in [18]. In this scheme, data providers can set access policies for shared data ciphertext to achieve fine-grained access control. At the same time, the data demander communicates directly with the data provider, and the data provider can provide the key for the legitimate data demander. In addition, the keyword search function is also supported. The server locates resources and returns information according to the keywords provided by the data demander. In [19], a secure and efficient access control scheme is proposed. The encryption process of this scheme is fast and lightweight computing is realized by outsourcing the decryption process. The scheme has better performance.
In [20,21], an access control scheme for smart medicine is proposed.The scheme combines CP-ABE technology to realize the security protection of data and privacy. Improving the low efficiency and low security scheme makes it more suitable for the security protection of medical data. An access control scheme for Internet of things is proposed in [22]. In the scheme, the terminal device encrypts its own data and then uploads it to the server, which solves the problem of over authorization by the third party or the entrusted node. At the same time, the unauthorized operation of the application can be limited, so the privacy information of the terminal device can protected. Finally, it is proved that the scheme is secure. An access control model in smart health application scenario is proposed in [23]. In this system, when the smart health record is encrypted, the attribute value of the access policy is hidden and only the attribute name is displayed, which well protects personal privacy. It uses a small number of bilinear pairs to complete the decryption of smart health records, which greatly improves the efficiency of decryption. In [24], a cross domain access control scheme for cloud sharing is proposed. Combined with blockchain technology, the scheme not only solves the problem of single point of failure, but also can trace the access records of the terminal. At the same time, by extending the traditional scheme, a cross domain cooperation mechanism is designed through smart contract, which can realize the cooperative operation of multiple trust institutions and generate decryption keys for users. The analysis shows that the scheme has good performance. In [25], a proactive dynamic secure data scheme is proposed. It uses attribute-based access control to protect the private information of financial users. In order to protect the integrity and security of data, the client is used as the core method to effectively avoid the impact of unexpected operation on the server. In addition, due to data access restrictions based on configuring user attributes, this model can continue to provide a high level of security.
An access control scheme based on blockchain smart contract is proposed in [26]. In this scheme, multiple smart contracts are designed, such as the master contract, to manage the access control of data among users. The authentication management contract is used to authenticate the identity of terminal members and store registration records. Intelligent detection contract is used to detect illegal behaviors in the system and punish users. In addition, the consumption of computing and communication energy can be reduced to a certain extent. In [27], an access control scheme for fog computing scenario is proposed. It aims to reduce the cost of calculation and ensure the confidentiality of data. In this scheme, the fog device bears the main computational cost of the encryption and decryption stages. Therefore, the calculation cost of the sender and the receiver will be reduced, which greatly improves the efficiency of data exchange. At the same time, the user's private key is generated through multiauthority, which enhances data security. In [28], a secure and efficient access control scheme using smart contract is proposed. Different from the previous attribute-based access control, this scheme carries out safe and efficient data sharing by setting up multiple smart contracts. The most important is the smart contract for access control, which completes the established security policy by setting the access rights of resources and verifying the identity information of terminal members. In addition, there is a judgment contract and a registration contract. Judgment contract is mainly to punish the violations in the process of system operation. The registration contract is used to manage the information of the terminal. In [29], a fine-grained access control scheme with decentralized capability is proposed. In this scheme, resources are stored on their own devices instead of other third-party large storage devices. At the same time, the access control of resources is based on the user's identity. The management of user rights is realized through smart contract. Finally, the feasibility of the scheme is proved. In [30], a traceable access control protocol supporting emergency authorization is proposed. In the scheme, smart contracts are used to define some rules to deal with emergencies, and the duration of emergency visits is also regulated. In addition, patients can also restrict the distribution of permissions for personal health records.
By reading the above references, researchers have made a lot of contributions to data sharing and access control. At the same time, there are some shortcomings, such as the privacy leakage of terminal members, the lack of clear classification of shared resources, and the problem of user authority revoking. To solve these problems, we proposed a dynamic permission access control model based on privacy protection (PP-DPAC), and optimized it in terms of personal privacy information protection, lightweight and security. Through comparative analysis, the effect of this scheme is better.

Basic theory
For ease of understanding, the symbols and related descriptions used in this paper are shown in Table 1.

Bilinear mapping
In this section, we will introduce the basic knowledge of bilinear mapping used in this paper.
Let G 1 and G 2 be two groups on elliptic curve, where G 1 is an additive group and G 2 is a multiplicative group. They all have large prime order q(q ≥ 2 + 1) satisfying Public key and private key of CA

P K RSS P , SK RSS P
Public key and private key of RSSP pk u i , sk u i Public key and private key of The r -th attribute of the terminal member u i the safety parameter . Let g 1 is the generator of G 1 , that means G 1 = g 1 . It is difficult to solve the discrete logarithm problem of G 1 and G 2 . e is called admissible pairing, if e : G 1 × G 1 → G 2 satisfies the follow properties: (1) bilinearty: For any element μ, ν ∈ G 1 and element a, b ∈ Z * q , e(aμ, bν) = e(μ, ν) ab can always be calculated; (2) Non-degeneracy: For any element μ, ν ∈ G 1 , there is always e(μ, ν) = 1; (3) Computability: For any two elements μ, ν ∈ G 1 , e(μ, ν) can always be calculated in polynomial time.
construct a polynomial y = P n (x) with the highest degree of n. The polynomial passes through these n + 1 points. Therefore, it satisfies formula P n (x k ) = y k , k = 0, 1, . . . , n. So we can calculate the value P n (ξ ) at any point ξ , where ξ = x i , i = 0, 1, 2, . . . , n. P n (ξ ) can be used as an approximation of the exact value f (ξ ). We call this method the interpolation method, where P n ( Application form Suppose there are n points (x 0 , y 0 ) , (x 1 , y 1 ) , . . . , (x n−1 , y n−1 ) in plane space. We can construct function f (x) through these n points. The implementation is shown below.
Let set D n be a set of subscripts with respect to the point (x, y), where D n = {0, 1, . . . , n − 1} and construct n polynomials p j (x), j ∈ D n . For any k ∈ D n , there are p k (x) and The interpolation polynomial L n (x) of the above form is called Lagrange interpolation polynomial.

Access control system model
The main idea of the model are as follows: The resources stored in the shared database have different security levels. Terminal members have different levels of access rights. Only the terminal members meeting the access rights can decrypt the corresponding resources. In the model, terminal members are divided into two categories, one is data sharers, and the other is data acquirers. A terminal member can be either a data sharer or a data acquirer. Data sharers first set access rights according to the confidentiality level of resources. Then it calculates the encryption key according to the access rights and encrypts the resources to obtain the ciphertext. Finally, the ciphertext resources and the corresponding description information are uploaded to the resource sharing platform. The data requester first checks whether its attribute weight meets the access rights. Then it requests access and downloads ciphertext resources. Finally, it calculates the decryption key according to its attribute weight and decrypts the downloaded ciphertext resources. Data requesters can upgrade or revoke their attributes according to the access rights of the target resources. This method can not only flexibly and dynamically restrict resource access, but also make the resource access control between entities more secure and efficient.
The dynamic permission access control model based on privacy protection is shown in Fig. 1.
Certificate authority (CA) Generate public/private key pairs for the resource storage service platform and terminal devices. At the same time, it authenticates the identity and attributes of terminal members, and distributes the corresponding attribute weights for each terminal.
Resource storage service platform (RSSP) Publish each terminal's attribute sequence, identity and its public key, and provide a public display platform for terminals to publish information such as plaintext keywords for shared ciphertext resources, ciphertext information description, and ciphertext encryption attribute weights.
Ciphertext database (CD) Store ciphertext resource information shared by each terminal.

Initialization
In this work, assuming that the information sharing network contains a certification authority CA and n terminal members. CA is mainly used to verify terminal identity and generate system parameters and system master keys. The set of n terminal members is denoted as U = {u 1 , u 2 , . . . , u n }, and the corresponding identity set is I D = {id u 1 , id u 2 , . . . , id u n }. The sequence of constraint attributes for all access to network resources is . The corresponding constraint attribute set is Attr set = {A 1 , A 2 , . . . , A R }. And the attribute sequence of the terminal member u i is attr seq i = a u i,1 | a u i,2 | . . . | a u i,r (1 ≤ i ≤ n), and the corresponding ordered attribute set is attr set i = {a u i,1 , a u i,2 , . . . , a u i, j , . . . , a u i,r }, where a u i, j < a u j, j+1 , attr set i ⊆ Attr set . r denotes the number of attributes of terminal member u i .
Assuming G 1 and G 2 are an additive group and a multiplicative group on the elliptic curve of prime order q, respectively. The discrete logarithm over G 1 and G 2 are difficult, g 1 ∈ G 1 is a generator of G 1 . Parameter e : The CA can run K eyGen(1 λ ) to generate public/private key pairs (SK E , P K E ) for the entity, where SK E ∈ Z * q and P K E = SK E g 1 . The CA runs the K eyGen(1 λ ) to obtain a public/private key pair (SK C A , P K C A ), where SK C A ∈ Z * q and P K C A = SK C A g 1 . At the same time, CA runs K eyGen(1 λ ) to generate public key and private key for RSSP and each terminal member in the system respectively. Then CA distributes them through secure channel. Suppose the public/private key pair q , pk u i = g 1 sk u i . The system parameters are params = (P K C A , P K RSS P , q, G 1 , G 2 , g 1 , e, H 1 , H 2 ).

Hidden attribute authentication
(1) CA broadcasts the attribute sequence set for accessing network resources and corresponding sequence numbers represents attribute, S i represents the serial number corresponding to the attribute A i . 1 , S 1 ), (ϑ i,2 , S 2 ), . . . , (ϑ i,r , S r )} to CA.
(3) After receiving the messages {id u i , pk u i , o i , ϑ i,0 , (ϑ i,1 , 1, 2, . . . , r ). Then, CA verifies the identity of u i by the equation 1 ϑ i,2 . . . ϑ i,r ). If it holds, CA selects a random numbers ι C A,k ∈ Z * q (1 ≤ k ≤ r ) for each attribute a u i,k , CA computers χ i,k = ι C A,k ϑ i,k and its signature δ i = SK C A (ι C A,1 a u i ,1 + ι C A,2 a u i ,2 + · · · + ι C A,r a u i ,r )g 1 . (Note that for any attributes a u i , j and a u l ,k of different terminals u i and u l (i = l) , if j = k , then ι C A, j = ι C A,k ). Then, CA sends messages . . , T i,r = s u i −1 χ i,r = ι C A,r a u i ,r g 1 and μ i = (T i,1 + T i,2 + · · · + T i,r ). Then, u i verifies the identity of CA and attribute weight T i,k of a u i,k (1 ≤ k ≤ r ) by equation e(δ i , g 1 ) = e(μ i , P K C A ). If it holds, u i obtains the attribute weight T i,k corresponding to each of its attribute a u i ,k (1 ≤ k ≤ r ). Each terminal member has successfully registered.

Calculation of access permissions for shared resources
Data sharer u i (1 ≤ i ≤ n) sets corresponding access permissions according to the security level of shared resources. Only terminal members with the attribute set attr set i,m = {a u i,1 , a u i,2 , . . . , a u i, j , . . . , a u i,t }( j, t ∈ N * , t ≤ r ) can access the resource m u i ,i ∈ M * ( M * is the plaintext space). The calculation of resource access permissions is as follows: (1) u i randomly selects the encryption parameter β u i ,m ∈ Z * q and uses the encryption parameter to calculate the encryption key k u i ,m = H 2 β u i ,m g 1 . Then u i encrypts resource m u i ,i to obtain ciphertext c i,m = k u i ,m ⊕ m u i ,i . and sets the attribute weight according to the confidentiality of resource m u i ,i . Only the terminal meeting the attribute weight can access and decrypt resource m u i ,i . Assume that access to resource m u i ,i requires t different attribute weights. The attribute serial number corresponding to the t attribute weights is of the attribute weight corresponding to the attribute serial number to , keywor d i,m } on the public information sharing platform, and the ciphertext c i,m is stored in the ciphertext database CD. (1) The data acquirer u j (1 ≤ j ≤ n) searches the ciphertext resource c i,m and the attribute serial number (S j,1 , S j,2 , . . . , S j,t ) corresponding to the ciphertext resource c i,m on the public information sharing platform according to the keyword keywor d i,m . If the data acquirer u j has the attribute (a u i ,1 , a u i ,2 , . . . , a u i ,t ) corresponding to the attributes serial number(S j,1 , S j,2 , . . . , S j,t ), u j has the access right to access the resource. u j calculates σ j,m = sk −1 u j H 1 ( S j,1 S j,2 . . . S j,t keywor d i,m )g 1 and sends the message {id u j , pk u j , (S j,1 , S j,2 , . . . , S j,t ), σ j,m , keywor d i,m } to RSSP to apply for access to the resource.

Decryption and acquisition of resources
(2) After RSSP receives the message {id u j , pk u j , (S j,1 , S j,

Permission upgrade
If u j upgrade membership attributes, it can obtain the corresponding level of resource access permissions. Suppose the previous attribute set of u j is attr set j = {a u j ,1 , a u j ,2 , . . . , a u j ,r }( j, r ∈ N * , r < R) , it can only reproduce the polynomial constructed by the corresponding attribute weight set T j,i | i = 1, 2, . . . , r and its subset to calculate the decryption key of the corresponding ciphertext and decrypt the ciphertext resource. If u j obtains a new member attribute a u j ,r +1 , it can apply to CA to obtain the attribute weight T j,r +1 corresponding to a u j ,r +1 . Then u j can upgrade the polynomial constructed from the corresponding attribute weight set T j,i | i = 1, 2, . . . , r + 1 and its subset to calculate the decryption key of the corresponding ciphertext, and decrypt the ciphertext resource. The permission application process is as follows: 1, 2, . . . , r +1) and verifies the identity of u j by calculating whether the equation 1 ϑ i,2 . . . ϑ i,r +1 ) holds. If the verification is successful, CA randomly selects a positive integer ι C A,r +1 ∈ Z * q for attribute a j,r +1 , and calculates χ j,r +1 = ι C A,r +1 ϑ j,r +1 and δ j = SK C A ι C A,r +1 a u j ,r +1 g 1 . Then CA sends the information {P K C A , δ j , χ j,r +1 } to the terminal member u j .
(3) After u j receives the message {P K C A , δ j , χ j,r +1 }, u j calculates T j,r +1 = s u j −1 χ j,r +1 = ι C A,r +1 a u j ,r +1 g 1 and verifies whether the identity of CA and the attribute a u j ,r +1 corresponding to the attribute weight T j,r +1 by calculating whether the equation e(δ j , g 1 ) = e(T j,r +1 , P K C A ) holds. If the verification is successful, u j obtains the attribute weight T j,r +1 corresponding to attribute a u j ,r +1 .
At this time, The set of attribute weights of u j is T j,i | i = 1, 2, . . . , r + 1 (r < R). u j can not only construct the polynomial by the set {T j,1 , T j,2 , . . . , T j,r } , but also reproduce the polynomial constructed by the set  {T j,1 , T j,2 , . . . , T j,r , T j,r +1 }, then calculate the decryption key of the corresponding ciphertext, and upgrade the access authority of the resource.

Permission revocation
When terminal members are punished, such as reduced trust or illegal operations, certain specific resource access rights may be cancelled. Suppose the current attribute set of terminal member u j is attr set j = {a u j ,1 , a u j ,2 , . . . , a u j ,r }( j, r ∈ N * , r < R). u j is punished and an attribute a u j ,r is cancelled, then the attribute set of u j becomes attr set j = {a u j ,1 , a u j ,2 , . . . , a u j ,r −1 } . u j can only use the corresponding attribute weights T j,i | i = 1, 2, . . . , r − 1 to access lower-level shared resources. The process of revoking attribute a u j,r of u j is as follows: (1) CA broadcasts a notice. The notice is the attribute a u j ,r of the terminal member u j is revoked. (2) After receiving the notification, RSSP updates the information of u j in the information sharing platform, that is, cancels the S j,r item in the u j column. (3) CA selects a random numbers ι C A,r ∈ Z * q ( ι C A,r = ι C A,r ) for the attribute a u i ,r of each u i (1 ≤ i ≤ n, i = j) , CA computers χ i,r = ι i,r ϑ i,r (1 ≤ i ≤ n, i = j) and its signature δ C A = SK C A ι C A,r a u i ,r g 1 . Then, CA broadcasts messages {P K C A , δ C A , ( χ 1,r , χ 2,r , . . . , χ j−1,r , χ j+1,r , . . . , χ n,r )} to all the register terminal u i . (4) After receiving the messages {P K C A , δ C A , ( χ 1,r , χ 2,r , . . . , χ j−1,r , χ j+1,r , . . . , χ n,r )} from CA, Then, u i verifies the identity of CA and attribute weight T i,r of a u i , r (1 ≤ i ≤ n) by equation e(δ C A , g 1 ) = e( T i,r , P K C A ). If it holds, u i obtains the attribute weight T i,r corresponding to its attribute a u i , k (1 ≤ k ≤ r ) . u i updates the previous attribute weight T i,r with T i,r . At this time, u j cannot calculate the new attribute weight T j,r , and u j can only access low-level shared resources.
Through the above authority update process, the access authority of terminal members to access certain shared resources can be dynamically upgraded or downgraded.

Correctness and security analysis
In this section, we discussed the PP-DPAC protocol. The first is the proof of the correctness of the PP-DPAC protocol, then the security of the PP-DPAC protocol is analyzed.

Correctness
The following theorem proves the correctness of PP-DPAC protocol. (1 ≤ i ≤ n) has a legal attribute sequence set attr set i = {a u i,1 , a u i,2 , . . . , a u i,r } , it can satisfy the correctness of the equation

Theorem 1 If any terminal member u i
. . ϑ i,r ) pk u i and e(δ i , g 1 ) = e(μ i , P K C A ), then complete the registration.
pairings, it is proved as follows: = e(SK C A (ι C A,1 a i,1 + ι C A,2 a i,2 + · · · +ι C A,r a i,r )g 1 , g 1 )e((ι C A,1 a i,1 +ι C A,2 a i,2 + · · · + ι C A,r a i,r )g 1 , g 1 ) SK C A e((ι C A,1 a i,1 + ι C A,2 a i,2 + · · · +ι C A,r a i,r )g 1 , According to the above two equations, if terminal members have a legal set of attributes, they can verify successfully and complete registration. j,1 , T j,2 , . . . , T j,r }, it can satisfy the correctness of the equation e(σ j,m , pk u j ) = e(φ j,m , g 1 ) and the key k u i ,m . It can obtain the plaintext resource.

Theorem 2 If any terminal member u j has a legal attribute weight set {T
Proof Since σ j,m = sk −1 u j H 1 ( S j,1 S j,2 . . . S j,t keywor d i,m )g 1 , φ j,m = H 1 ( S j,1 S j,2 . . . S j,t keywor d i,m )g 1 and according to the properties of the bilinear pairings, it is proved as follows: After the above equation is verified, the terminal member obtains (y u i, k , T j,k )(k = 1, 2, . . . , r ) from the RSSP, and u j calculates the decryption key. Then u j restore the and y u i, k is the same, u j can get g(0)=k u i ,m . So Theorem 2 is proved.

Security analysis
Theorem 3 For any terminal member u i (1 ≤ i ≤ n), if it has attribute a u i ,r , it can obtain the attribute weight T i,r corresponding to the attribute a u i ,r .
Proof For terminal member u i with attribute a u i ,r , it can calculate ϑ i,0 = s u i P K C A ϑ i,1 = s u i a u i ,1 g 1 , ϑ i,2 =s u i a u i ,2 g 1 , . . . , ϑ i,r =s u i a u i ,r g 1 , . . , r ) and verifies the identity of u i by the equation 1 ϑ i,2 . . . ϑ i,r ). Then CA selects a random numbers ι C A,k ∈ Z * q (1 ≤ k ≤ r ) for each attribute a u i ,k and calculates χ i,k = ι C A,k ϑ i,k . After receiving the messages {P K C A , δ i , (χ i,1 , χ i,2 , . . . χ i,r )} from CA, u i can obtain attribute weight T i,r corresponding to the attribute a u i ,r by calculating T i,r = s u i −1 χ i,r = ι C A,r a u i ,r g 1 .

Theorem 4
If the terminal member u j (1 ≤ j ≤ n, i = j) does not have attribute a u j ,r , it cannot obtain the attribute weight T j,r corresponding to the attribute a u j ,r .
Proof if the terminal member u j wants to obtain the attribute weight T j,r , it needs to calculate the attribute weight T i,r (Due to T j,r = T i,r ). It can intercept the dialogue between CA and u i in network communication to obtain information such as χ i,r , ϑ i,r . Then u j tries to calculate T i,r . But because s u i is a private parameter of u i , u j cannot calculate T i,r . Assume that u j can calculate T i,r from χ i,r and ϑ i,r .
Here is χ i,k = ι C A,k ϑ i,k , T i,r = s u i −1 χ i,r = ι C A,r a u i ,r g 1 , ϑ i,r =s u i a u i ,r g 1 . Let ag 1 = ϑ i,k , abg 1 = χ i,k , b = ι C A,r , the terminal member u j constructs algorithm A to calculate ι C A,k and T i,r = ι C A,r a u i ,r g 1 = a u i ,r bg 1 . Solving A is equivalent to solving the ICDH problem. The ICDH problem is a difficult assumption, so u j cannot calculate attribute weight T i,r through χ i,r and ϑ i,r . The above proof shows that only legal terminals have legal attributes to obtain corresponding attribute weights, and illegal terminals or illegal attributes cannot obtain correct attribute weights.
Theorem 5 Any terminal member u j (1 ≤ j ≤ n, i = j) with an attribute set attr set j = {a u j,1 , a u j,2 , . . . , a u j,r }( j, r ∈ N * , r < R) can decrypt the resources of higher confidentiality level by upgrading to obtain attributes a u j,r +1 .
Proof According to Theorem 3, if terminal member u j (1 ≤ j ≤ n, i = j) has an attribute set attr set j = {a u j,1 , a u j,2 , . . . , a u j,r }( j, r ∈ N * , r < R), it can obtain an attribute weight set {T j,1 , T j,2 , . . . , T j,r } . Then combined with the attribute sequence set obtained from the information sharing platform, r points (y u j,i , T j,i )(i = 1, 2, . . . , r ) can be formed.
H 2 (T j,i )−H 2 (T j, ) (t = r ) according to the Lagrange theorem. That is, g(x) = f (x), u j calculates the decryption key g(0) = k u i ,m . In the same way, terminal members with attributes can restore r degree polynomial f (x) = b i,t x r +b i,t−1 x r −1 +b i,t−2 x r −2 +· · ·+ b i,1 x + k u i ,m after upgrading. Then u j calculates the decryption key g(0) = k u i ,m to decrypt higher-level resources

Theorem 6 Any terminal member, if it is downgraded, u j cannot decrypt the resources of the corresponding sensitivity level before the downgrade.
Proof if terminal member u j (1 ≤ j ≤ n, i = j) has an attribute set attr set j = {a u j,1 , a u j,2 , . . . , a u j,r }( j, r ∈ N * , r < R) , it can obtain an attribute weight set {T j,1 , T j,2 , . . . , T j,r }. Then combined with the attribute sequence set obtained from the information sharing platform, r points (y u j,i , T j,i )(i = 1, 2, . . . , r ) can be formed. Then according to the Lagrange interpolation theorem g(x) =

Performance analysis
Performance analysis is an important aspect of evaluating the efficiency of the model. In this section, we comprehensively evaluate our model in terms of security features, time complexity and computational consumption. In addition, according to the information provided in literature [31], we compare the models of literature [31][32][33][34] with our model, and the results show that our model is more efficient. In terms of security features, we compare this model with the other four models as shown in Table 2. Hidden attribute authentication is a unique security feature of this model. The identity and attribute privacy of terminal members are protected, and the security of the system is improved. In addition, this model also has great advantages in the other three security features.
In terms of time costs, we use the Java programming language and the Java-based encryption library JPBC library (the library version is JPBC -2.0.0). The configuration of the computer is that the processor is Intel(R) Core(TM) 2 i5-7500 3.4Ghz, running Windows 10 operating system. On this basis, through a large number of tests, we obtained the time data of various operations, as shown in Table 3. In terms of operation, compared with bilinear operation and exponentiation operation, addition operation and multiplication operation consume very short time, which is negligible in performance analysis. Suppose r represents the size of the terminal attribute set. n represents the number of access tree nodes. | l | represents the number of rows of the matrix. | c | represents the number of columns of the matrix. t represents the size of the attribute set required by the access policy. | k | represents the number of revoked users. Based on this, we establish a calculation complexity analysis table, as shown in Table 4.
In order to facilitate quantitative analysis of the computational time consumption of the five models, suppose the number of access tree nodes is n = 10. The number of rows and columns of the matrix is | l |=| c |= 5. The number of revoked users is | k |= 0. Based on this, we compare and analyze the three different stages of the five models, as shown in Figs. 2, 3, and 4.
It can be seen from Fig. 2 that in the keyGen stage, our model consumes the least computational time. Followed by the model of Gao et al. [33], the model of Zhang et al. [34], and the model of Guo et al. [31]. The scheme of Liu et al. [32] consumes the most computational time. Among the five models, the model of Liu et al. [32], the model of Guo et al. [31], and the model of Zhang et al. [34] have a faster increase in computing time consumption as the attributes of terminal members increase, and they are not suitable for large-scale attribute application scenarios. Zhang et al. [34] (2 + r )T exp + T mul (2 + 3 | l |)T exp + (1 + 2 | l |)T mul t T exp + t T mul + (1 + 2t)T bp Liu et al. [32] (7 + r )T exp + 2T mul (3 + 3 | l | +4 | k |)T exp + (1 + 2 | l | + | k |)T mul Gao et al. [33] (1+ | l |)T exp (2+ | l × c |)T exp + (2+ | l × c |)T mul r T mul + (1 + r )T bp Guo et al. [31] (5 + r )T exp + 2T mul (4+ | l × c | + | l |)T exp + (1+ | l × c |)T mul (1 + 2t)T exp + 2t T mul + 3T bp Ours 2(r + 1)T pa−ecc + r T inv + 2T bp + (r + 1)T mul + T h 2T pa−ecc + T inv +T mul + 3T h (t + 1)T mul + T inv +T pa−ecc + 4T h Fig. 3 The computation time cost in the encryption phase As can be seen from Fig. 3, in the encryption phase, the calculation time consumption of the five schemes is independent of the number of attributes of terminal members. The model of Guo et al. [31] consumes the most computational time. Followed by the model of Gao et al. [33], the model of Liu et al. [32], and the model of Zhang et al. [34]. Among them, Liu et al. [32]'s model and Zhang et al. [34]'s model consume almost the same calculation time. Our model consumes the least computational time.
It can be seen from Fig. 4 that in the decryption stage, the model of Liu et al. [32] consumes the most computational time. Followed by the model of Zhang et al. [34], the model of Guo et al. [31], and the model of Gao et al. [33]. Our model consumes the least computational time.

Conclusion
In order to solve the problem of privacy leakage in access control, improve the security of the data-sharing system. Based on the analysis of current research results and existing problems of access control, a dynamic permission access control model based on privacy protection is proposed in this paper. Firstly, a hidden attribute authentication method is proposed. The identity information of terminal members can be hidden, and the attribute information can also be hidden. The personal privacy of users is greatly protected. Meanwhile, a dynamic, flexible and fine-grained access policy is proposed, which allows users to access resources with different sensitivity levels through upgrading or downgrading. In addition, a dual authentication mechanism is proposed. Terminal members need to be authenticated first, then calculate the correct key with their own attributes, finally decrypt the resource with the key. Under this mechanism, collusion attacks can be resisted. Finally, the correctness and security of the model are proved, and the performance of the model is analyzed. The results show that this model has higher security and better performance.