Research On Multi-Authority Attribute-Based Encryption Technology

Attribute-based Encryption has become a popular research direction of fine-grained access control for encrypting out-sourced data in distributed environments such as cloud computing.The development of distributed applications outside the enterprise enables the enterprise and other organizations to work together to complete a task.With the emergence of sharing confidential corporate data on cloud servers,the access policy of shared data requires that the attributes of users belong to many different organizations,and the access policy is constantly changing,so multi-authority Attribute-Based Encryption must meet the new demands of decentralized distribution.This paper analyzes the existing schemes and puts forward the corresponding schemes from several aspects,such as distributed,hierarchical and mixed architecture,aims to solve the security requirements of encrypted data under the distributed environment.1?For decentralizing multi-authority Attribute-Based Encryption systems that do not rely on a central authority,identity needs to be managed globally,which results in crucial problems of privacy and security,and trust relationship building among Attribute Authority is complex,an improving privacy and security decentralizing multi-authority Attribute-Based Encryption scheme is developed.The scheme is developed that does not use a central authority to manage user and key,each attribute authority manages its own keys and users.Once a key request needs to be made to an authority outside the domain,the request needs to be performed by the authority in the current domain rather than by the users,so,user identities remain private to the authority outside the domain,thus avoiding privacy disclosure.In addition,a large number of requests for outside the domain have been reduced,and the possibility of cheating suffered by users is also decreased,which will enhance security.In addition,the key issuing protocol between authorities is simple as result of the trust relationship of authorities.Moreover,extensibility for authorities is also supported by the scheme presented.The global identifier of the user consists of the authority identity and user identity inside the domain,user identity management does not require support from a new management organization.The scheme is also support flexible and complex access strategy.2?For hierarchical multi-authority Attribute-Based Encryption systems,the key issuing of users is usually closely associated with the upper layers Attribute Authority,which caused some security problems,and the size of ciphertexts and keys,also costs of encryption and decryption will increase with the depth of the hierarchy,an efficient and security hierarchical multi-authority Attribute-Based Encryption scheme is developed.The key of each domain authority is related only to the upper layer authority,the key of user and attribute is also generated independently by the direct domain authority,so,the encryption and decryption only related to the directly affiliated authority,which enhanced security.The size of ciphertexts and keys,or costs of encryption and decryption have nothing to do with the depth of the hierarchy,and the scheme is more simple and efficient.The global identifier of the user tends to be unique globally to achieve collusion resistant in hierarchical scheme.The authorities and levels therefore can be flexibly expanded,flexible and complex access policies are also allowed.3?For the requirements of the key management of hierarchical architecture inside domain and decentralizing architecture outside domain,to achieve collusion resistant in distributed multi-domain environment,a mixed multi-authority Attribute-Based Encryption scheme with hierarchical inside domain and decentralizing outside domain is developed.The scheme adopts hierarchical key management architecture inside domain,the key of user and attribute is generated independently by the direct domain authority,the encryption and decryption only related to the directly affiliated authority,which have nothing to do with the depth of the hierarchy,so,the scheme is more simple and efficient.The identities of users and authorities remain private when the key request to an authority outside domain,the key issuing protocol between authorities is simple as result of the trust relationship of authorities.The scheme supports flexible extensions of authorities and levels inside domain,and extensibility for authorities is also supported outside domain.Moreover,flexible and complex access policies are also supported by the scheme presented.