Research On Attribute-Based Encryption Scheme And Its Applications

Attribute-based cryptosystem generalizes the user’s unique identity as public key in IBE to an attribute set, namely the user’s identity can be expressed through the attribute set which with one or more attributes. In addition, the decryption and signature of users are controlled by the access structure. To be specific, they can be resolved correctly only when the attribute set satisfies the access structure. As expansion version of identity-based cryptosystem, attribute-based cryptosystem is currently a hot research topic in the field of public-key cryptography. Especially attribute-based encryption draws more and more attention with its wide application. ABE is applicable to many network applications, such as fine-grained access control, targeted broadcast, key management and privacy preservation.This dissertation is focus on the research problems relating to attribute-based encryption, including access structure, efficiency, security and function expansion with an extensive comparison of their functionality and performance. Moreover many network applications of attribute-based encryption are introduced. The dissertation mainly focuses on application of attribute-based encryption in wireless sensor networks and cloud environment security. The main achievements are as follows:(1) Aiming at sensor nodes joining or leaving wireless sensor networks frequently, an efficient and secure group key management scheme is proposed. Private-key cryptosystems are used to encrypt multicast messages and rekey the group when new nodes join the group, while the technology of identity based broadcast encryption is used to distribute the group key and rekey the group when nodes leave the group. The proposed scheme satisfies the desired security properties, such as forward secrecy, backward secrecy and collusion resistant. The security proof of our construction depends on the v-mBDH assumption in the random oracle model. Compared with existing group key management schemes in wireless sensor networks,the scheme can efficiently reduce key storage and communication overhead of rekeying messages. As key storage and rekeying cost of nodes are independent on the scale of networks, the proposed scheme is applicable to wireless sensor networks. In addition, a novel EBS-based collusion resistant group management scheme utilizing the construction of ciphertext-policy attribute-based encryption(CP-ABE) is proposed. The new one satisfies the desired security properties, such as forward secrecy, backward secrecy and collusion secrecy. Compared with existing EBS-based key management scheme, the new scheme can resolve EBS collusion problem completely. The analysis and simulation show that the proposed solution is e?cient and practical.(2)Against untrusted cloud service provider(CSP), a secure, efficient and fine-grained access control scheme employing attribute-based encryption is proposed. In contrast with existing schemes, revoked users in the new scheme could not update their secret keys any more, even under collusion attacks between CSP and revoked users, so it proves the confidentiality of ciphertexts. CSP will do most of the computation tasks involved in re-encryption and secret key updating when the permission is revoked, which greatly reduces the computational cost of data owner(DO). The analysis and simulation demonstrate that the proposed solution is e?cient and practical.(3)An efficient and secure multi-authority distributed access control scheme for cloud storage is proposed. The universe of attributes can be partitioned into several disjoint sets. Each will be monitored by a different authority. Attributes of users are monitored by different authorities and a certificate authority(CA) is introduced to prevent the collusion attack. The scheme supports any LSSS access structure and efficient attribute revocation. CSP will do most of the computation tasks involved in re-encryption and secret key updating when the permission is revoked, which greatly reduces the computational cost of DO. Then, we prove its security in the standard model under q-parallel BDHE assumption. The analysis and simulation show that the proposed solution is e?cient and practical.(4)An efficient and secure multi-authority distributed Proxy Re-Encryption scheme with chosen-plaintext security and chosen-ciphertext security for cloud storage is proposed. It allows asemi-trusted CSP to transform a ciphertext intended for parties satisfying one access structure into another ciphertext of the same plaintext intended for parties satisfying another access structure. CSP, however, learns neither the decryption keys nor the underlying plaintext. Attributes of users are monitored by different authorities and a certificate authority(CA) is introduced to prevent the collusion attack. The scheme supports any LSSS access structure and efficient attribute revocation. Then, we prove its security in the standard model under q-parallel BDHE assumption. The analysis and simulation show that the proposed solution is e?cient and practical.