Research On Ciphertext-Policy Attribute-Based Encryption Under Cloud Storage Environment

With the rapid development and popularization of cloud storage technology,more and more users choose to store their data on the cloud server for saving their cost.However,the users' data are broken away from their actual control,so their security cannot be guaranteed effectively.In order to solve this problem,the users often choose to encrypt their data and store the generated ciphertext on the cloud server,which ensures that the security of user's data can be maintained even if they are leaked.Cryptography,as the basic and core technology of information security,can achieve the data confidentiality,integrity and non-repudiation.Therefore,it is the key technology to solve the security problems in the cloud storage.Attribute-based encryption(ABE),as a research hotspot in the field of cryptography,can not only realize one-to-many encryption mode,but also achieve the fine-grained access control.In particular,the ciphertext-policy ABE(CP-ABE)can implement the encryption with access policy choosed by the user himself,which achieves the user centric access control.Therefore,the CP-ABE scheme is more and more extensively applied in the cloud storage environment.This paper mainly focuses on the traceable and revocable CP-ABE scheme and achieves the following results.1.A traceable CP-ABE scheme,which not only achieves the hidden of access policy but also solves the key escrow problem,is proposed.This scheme blinds the ciphertext attributes to achive the privacy of access policy with the data security guaranteed at the same time.In addition,a two-party computing protocol,in which the decryption key is generated by the attribute authority and the user together,is designed in the key generation algorithm to solve the key escrow problem.Finally,the adaptive security of proposed scheme is proved in the standard model,and the detailed performance analysis and experiment validation are carried out,which shows that,compared with the existing relative schemes,although some additional computation overhead is added for achieving the hidden of access policy and solving the key escrow problem,the user in our scheme has the smallest computation overhead because most of the decryption computations are delegated to the storage center to implement.2.A traceable CP-ABE scheme which achieves the constant decryption cost is proposed.In all the existing traceable CP-ABE schemes,the monotone access structure is represented by the linear secret sharing scheme(LSSS).As a result,the encryption cost grows linearly with the size of the LSSS matrix and the decryption cost grows linearly with the number of attributes that match the LSSS matrix.However,in our proposed traceable CP-ABE scheme,the monotone access structure is represented by the minimal authorized subsets.As a result,the encryption cost grows linearly with the size of minimal authorized subsets.The most important thing is that our scheme has constant decryption cost,which achieves the faster and and more efficient decryption.Finally,the full security proof of our scheme is given based on three static assumptions in the composite order bilinear groups,and the performance analysis and experimental verification are also carried out.3.The revocable-storage CP-ABE(RS-CP-ABE)scheme can achieve the user revocation and ciphertext updating based on the self-updating encryption(SUE)mechanism.However,the existing SUE scheme is constructed based on the strong assumption under the prime order bilinear group,which leads to the weak security of RS-CP-ABE scheme.In order to solve this problem,a new SUE scheme proved secure based on the weak assumption is proposed,then a RS-CP-ABE scheme which achieves stronger security,is proposed based on the constructed SUE scheme.In addition,the existing SUE scheme has complex ciphertext structure and large encryption overhead.In order to solve this problem,two SUE schemes that achieve offline/online encryption under different application scenarios are proposed.In these two schemes,the encryption algorithm is divided into two phases: offline phase and online phase,where the offline phase is responsible for the encryption preparation,and the online phased can complete the final encryption by using the output of the offline phase,which improves the encryption efficiency.Finally,the security proof,performance analysis and experimental verification are given for the proposed schemes above.4.It is an important challenge to solve the dynamic user revocation problem in the the application of CP-ABE scheme.In order to solve this problem,two CP-ABE schemes that can achieve the attribute level user attribution,are proposed separately aimed at small attributes set and large attributes set.In the CP-ABE scheme that supports small attributes set,if an attribute is revoked,then the ciphertext corresponding to this attribute should be updated by using the broadcast attribute encryption scheme so that only the persons whose attributes meet the access strategy and have not been revoked will be able to carry out the key updating successfully.However,in the CP-ABE scheme that supports large attributes set,the attribute authority needs to generate an authorized key for the cloud storage center,and if an attribute is revoked,then the ciphertext corresponding to this attribute should be updated by the cloud storage center based on the authorized key and broadcast encryption scheme so that only the persons who have not been revoked will be able to carry out the key updating successfully.Finally,the security proof,performance analysis and experimental verification are given for the proposed schemes above.