Research Of Access Control In Cloud Manufacturing Based On Attributed-based Encryption

The rapid development of advanced technologies,such as Internet of Things,cloud computing and Cyber-physical System,has spawned many advanced manufacturing models.Cloud manufacturing is one of them.By deeply integrating traditional industrial systems with emerging information technologies,cloud manufacturing can achieve resource integration,data sharing and business collaboration between multiple manufacturers,so as to reach the goals of increasing production capacity,improving innovation capacity,etc.Due to the application of emerging technologies such as cloud computing and Internet of Things,cloud manufacturing is characterized by flexibility,efficiency,openness,interconnection and so on.Meanwhile,these characteristics create conditions for the frequent occurrence of information security issues such as data theft and unauthorized access.Ciphertext policy attribute based encryption(CP-ABE)schemes can simultaneously implement data encryption and access control,and can cope with exceptional circumstances such as the dynamic change of users and the participation of formerly unknown users.Obviously,CP-ABE has good flexibility and scalability in ensuring information security.Therefore,this thesis applies CP-ABE to cloud manufacturing to realize access control in the process of collaborative sharing.And the following studies are conducted to verify and analyze the feasibility and effectiveness of this research approach.(1)A research model of access control for cloud manufacturing is proposed.In view of different manufacturing requirements,manufacturing services in cloud manufacturing are divided into two categories: active manufacturing services and passive manufacturing services.Based on CP-ABE,the framework and process of access control in above manufacturing services are separately described.In order to unify the research methods,by summarizing the features existing in different access control processes,a research model of access control for cloud manufacturing is proposed based on CP-ABE.(2)Access structures are designed based on ordered binary decision diagrams.In specific CP-ABE schemes,access structure is the basis for data encryption and access control.Aiming at the poor expression ability and low expression efficiency in the existing access structures,multiple access structures are proposed based on ordered binary decision diagrams(OBDD).The construction processes and principles of the OBDD-based access structures are described.Some formal definitions related to CP-ABE,e.g.,satisfiability of access structure and valid path,are presented.Compared with other access structures,the OBDD-based access structures have advantages both in functionality and efficiency.(3)Access control mechanism in single-authority manufacturing systems is researched.By setting up a single trusted authority,the modeling of single-authority manufacturing system is completed.Two CP-ABE schemes corresponding to system architecture are proposed based on OBDD and reduced OBDD respectively.The security,functionality and efficiency of the proposed schemes are compared and analyzed theoretically,and the results show that the new schemes perform better in in terms of key size,decryption efficiency,etc.(4)Access control mechanism in multi-authority manufacturing systems is researched.If the system contains one trusted authority,problems such as reliability and stability tend to occur.Therefore,by adding multiple attribute authorities,the modeling of the multi-authority manufacturing system is completed.By means of joint design,a CP-ABE-based access control mechanism is proposed for multi-authority manufacturing system.Based on OBDD access structure,a multi-authority CP-ABE scheme is proposed.The scheme can enhance the reliability and stability of the system,and has good scalability and performance.(5)Access control mechanism in decentralized manufacturing systems is researched.By setting up multiple trusted authorities and multiple attribute authorities,the modeling of decentralized manufacturing system is completed.By means of joint design,a CP-ABE-based access control mechanism is proposed for decentralized manufacturing system,and a decentralized CP-ABE scheme is proposed based on OBDD access structure.Theoretical comparison and analysis of the proposed scheme show that the new scheme performs well,and multiple algorithms contained in the scheme have lower time complexity and space complexity.(6)Policy updating mechanism for CP-ABE schemes is proposed.The users and manufacturing resources in cloud manufacturing are extremely dynamic,resulting in frequent changes in access policies and authorization status.Therefore,in order to enhance the flexibility and robustness of access control mechanism,this thesis proposed a policy updating mechanism for CP-ABE schemes.This policy updating mechanism not only supports the update of access policies in CP-ABE,but also balances the workloads of different entities in ciphertext updates and key generation by means of proxy ciphertext update and lazy key re-generation.In conclusion,by applying CP-ABE to cloud manufacturing,this thesis implements information encryption and secure access in the process of collaborative sharing.Especially,OBDD-based access structures have obvious advantages in terms of function and efficiency,multiple CP-ABE schemes proposed based on the new access structure can be applied to different cloud manufacturing systems,and the policy update mechanism is computationally efficient and highly practical.