Research On Ciphertext-Policy Attribute-Based Encryption Schemes For Cloud Storage

With the rapid development of technologies such as cloud computing,big data,and Internet of Things,it is an inevitable trend to store the data in the cloud.However,the separation of ownership and management rights of cloud data can easily lead to the leakage of private data.And if the confidentiality is guaranteed based on the traditional cryptography,it will be difficult to implement the flexible access control of ciphertext data.Ciphertext-policy attribute-based encryption(CP-ABE)can realize one-to-many encryption mode based on the attributes and can implement the flexible data access control by the data owner as the policy maker,which effectively solves the conflict between the data confidentiality and the flexible data access control.Therefore,CP-ABE is widely used in the cloud storage environment.The existing CP-ABE schemes still have the following problems: the inefficiency of strong expressive schemes,the conflict between the attribute management pattern of a single attribute authority and the distributed application pattern,the computational bottleneck and distrust of distributing private keys by the single attribute authority,and the fine-grained revocation of attributes shared by multiple users.This dissertation studies the above problems and provides the necessary theoretical and technical support for the promotion and application of CP-ABE in the cloud storage environment.The main contributions and innovations of this dissertation can be summarized as follows:(1)Research on CP-ABE scheme based on the outsourced computation.The computational costs of most strong expressive CP-ABE schemes are considerably high in the key generation,encryption and decryption phases and depend on the number of attributes.Aiming at tackling the above challenge,a verifiable outsourced encryption and decryption CPABE scheme based on the access tree is proposed.This scheme can outsource most computational tasks in the encryption and decryption phases to the corresponding agents without revealing the data privacy.In addition,the scheme can also verify the correctness of outsourced decryption result.To further realize the fully outsourced function,a verifiable fully outsourced CP-ABE scheme based on the linear secret sharing scheme(LSSS)is proposed.The scheme can realize the outsourced computation in all phases and verify the correctness of outsourced decryption result.Finally,the experimental results show that the proposed scheme can effectively reduce the computational burden of users and attribute authority.It is suitable for the mobile cloud storage environment,where the computational resources of users are finite.(2)Research on CP-ABE scheme with decentralization and constant-size ciphertext.The CP-ABE schemes with a single attribute authority have the conflict between the attribute management pattern and the distributed application pattern.And the single attribute authority can lead to the trust issue and computational bottleneck of distributing private keys.Aiming at tackling the above challenge,the CP-ABE scheme with a single central authority and multiple attribute authorities is proposed.And the scheme is based on the AND-gate access structure with multiple values and wildcards.In this scheme,the single central authority distributes the identity private key for the user,and the multiple attribute authorities jointly distribute the attribute private key for the user.Any authority cannot decrypt the ciphertext independently,which achieves the decentralization.The proposed scheme has the constant-size ciphertext and only needs two bilinear pairing computations in the decryption phase.To further realize the decentralization,the above scheme is extended to that with multiple central authorities.In the proposed scheme,the user only needs to select a central authority to register during the private key request process,which reduces the computational burden of central authority.At the same time,the scheme inherits the advantages of original scheme.Finally,the experimental results show that the proposed scheme achieves decentralization and has higher decryption efficiency and constant-size ciphertext.It is suitable for the distributed application environment with multiple management organizations.(3)Research on revocable CP-ABE scheme based on key encryption key tree.It is difficult to achieve the fine-grained revocation for shared attributes in the CP-ABE schemes.Aiming at tackling the above challenge,the reason that the relevant revocable CP-ABE schemes cannot resist the users' collusion attack is analyzed.Then,a revocable CP-ABE scheme with the constant-size ciphertext is proposed.And the scheme is based on the AND-gate access structure with multiple values and wildcards.In this scheme,the cloud service provider undertakes the computational task in the process of attribute-level user revocation,which effectively reduces the computational costs of data owner and attribute authority.It can effectively resist the collusion attacks of the revoked users and the existing users.To further improve the expressiveness and security of above scheme,a strong expressive and revocable CP-ABE scheme based on the LSSS is proposed.The new scheme can achieve the same revocation ability of above scheme and support arbitrary form of monotonic access structure.The scheme is proved secure based on the simple assumption in the standard model.Finally,the experimental results show that the proposed scheme has the strong expressiveness and the high security,and the cloud service provider undertakes the computational task in the process of attribute revocation.It is suitable for the revocable application environment,where the access structure is complex and the security is high.(4)Research on multi-authority CP-ABE scheme with attribute revocation.Aiming at solving the problem of complicated situation and functional requirements faced in the practical application of CP-ABE schemes,a revocable CP-ABE scheme without the key escrow is proposed based on the LSSS,which solves the key escrow problem through the secure two-party computing technology between a single central authority and a single attribute authority.Attribute-level user revocation can be achieved by updating the attribute version key,and systemlevel user revocation can be achieved by controlling decryption through the central authority.This scheme has the advantage of multiple attribute revocation methods.To further realize the multiauthority characteristic,a multi-authority CP-ABE scheme with the attribute revocation is proposed based on the key encryption key tree.The scheme solves the problem of a single attribute authority via distributing private keys by multiple authorities.Attribute-level user revocation can be realized by the cloud service provider.The scheme is constructed based on the LSSS and has the strong expressiveness.The scheme is proved secure in the standard model.Subsequently,the decryption efficiency of above scheme is improved upon the technology of outsourced decryption.Finally,the experimental results show that the proposed scheme supports the multi-authority and revocable functions simultaneously.It has stronger expressiveness and security.The improved scheme has higher decryption efficiency.The above research has the important theoretical significance and application value for the popularization and application of CP-ABE schemes in the cloud storage.