| Attribute-Based Encryption (ABE) is a new promising cryptographic technique, which shares the feature of the Identity-Based Encryption. It achieves one-to-many encryption through fuzzing up the identity of the user and combining the threshold value. Moreover, by introducing the access policy to either the ciphertext side or the private key side, ABE can also guarantee fine-grained access control of outsourced encrypted data in the cloud. With the help of ABE, the majority of security issues in accessing cloud data can be solved perfectly. However, there remains some open problems to be solved urgently, which encumber the use of ABE in the real scenario.Firstly, the straight-forward re-encryption method to deal with the policy updating issue will lead heavy computation and communication cost to the data owner. By using the updating of both the ciphertext and the private key, however, will result in a bottleneck for the whole system in large universe scenarios. Secondly, a large portion of the existing policy updating schemes introduce the idea of delegation, which have the limitation that new policies should be more restrict than the original ones. Thirdly, some policy updating schemes fail to construct adaptive secure policy updating scheme under standard model, even if they successfully achieve the goal of updating any types of the policy. Fourthly, the attribute changing issue has not been taken into account yet. Take the mobile officer as an example, how to access the data stored in the cloud in a safe way with the position changing becomes a major concern. Fifthly, access policies in the ciphertext are often been stored in a plaintext way in most of the ABE schemes, whereas in the semi-trusted cloud environment, this would lead to privacy leakage of the users.In order to solve the above mentioned security issues, some safety policy mechanisms of the ABE are proposed based on the study of the current research achievements. Meanwhile, an ABE with location verification and policy adjusting towards cloud mobile office is designed. The main contribution of this dissertation can be summarized in the following aspects.(1) There remains a key limitation in ABE, namely policy updating. Whenever there is an update over the access policy, a common approach is to let the data owner retrieve the data, and then re-encrypt it with new policy before sending the new ciphertext back to the cloud. Obviously, this straight-forward approach will lead to heavy computation and communication overhead. Although a group of other approaches have been proposed in this regard, they suffer from two limitations, namely limited types of policies that are supported for updating or weak security models. In order to address these limitations, we propose a novel solution to the attribute-based encryption access control system by introducing a dynamic policy updating technique which we call DPU-CP-ABE. The scheme is proved to be adaptively secure under standard model and can support any types of policy updating. Besides, our scheme can also significantly reduce the computation cost and update the ciphertext without transmitting it back and forth.(2) Aiming at tackling the users’ location privacy leakage and the policy adjusting issue in mobile officing environment with cloud, a Ciphertext-Policy Attribute-Based Encryption scheme with Location Verification and Policy Adjusting (LVPA-CP-ABE) was proposed, in which users have to verify their current locations to get the ciphertext and the relevant attribute key. When the data owner wants to adjust the policy of the ciphertext in the cloud, he only has to generate the updating key and upload it to the cloud server. We used BGV (Brakerski, Gentry, Vaikuntanathan) homomorphic encryption to protect the users’ location privacy, and the CP-ABE to the data confidentiality. In Consideration of the endurance of mobile devices, the idea of outsourcing the BGV computation and BGV decryption as well as ciphertext adjusting were also introduced. The simulation indicates that our scheme is highly efficient in terms of users’ computation cost.(3) Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is considered to be appropriate for cloud storage. However, under traditional CP-ABE scheme which is limited in terms of the scale of the data and the quantities of the attributes, computation and communication costs will be introduced correspondingly whenever the data owner wants to update the policy. Moreover, the policy which was stored in the form of plaintext will also result in privacy leakage. Aiming at tackling the above two problems, we propose a novel scheme called Partially Policy Hidden CP-ABE supporting Dynamic Policy Updating (DPUPH-CP-ABE). Through utilizing our proposed scheme, the computation cost will be reduced, especially on the user side, leaving the most computational work to the cloud server. Meanwhile, the value of the user’s attributes will never revealed to any third parties, and the users’privacy will be effectively preserved. Besides, the scheme is proved to be adaptively chosen plaintext attack (CPA) secure in the standard model.
|
PDF Full Text Request