Research On Key Techniques Of Attribute-based Cryptography For Secure Cloud Data Sharing

Nowadays,with rapid development of information technology,all kinds of professions are putting more emphasis on its applications.Accordingly,a variety of requirements of applications are made in order to facilitate their working better.As a new kind of computation mode,cloud computing enables ubiquitous,convenient,on-demand access to a shared pool of configurable computing resources.By depolying cloud computing,people can easily custom diversified services without building and maintaining huge amounts of infrastructure.As a result,cloud computing is getting a lot of attention from researchers owing to its great potential for future applications.Data sharing is one of the most important services provided by cloud computing,which enables data owner delegate the third party cloud platform to store their data and then enable data user access these data anywhen and anywhere just by an online devices.Since cloud data sharing sevices relies on off-premise infrastructure,the third party cloud plaform is the only one that can be expected to provide data protection in terms of confidentiality,integrity and availability.However,with the huge value of massive data,frequent illegal access could be from those who are driven by interests,including hackers,malicious users and even service providers themselves.As a result,how to guarantee confidentiality,integrity and availability of data when providing flexible cloud data sharing has become one of the most urgent problem to be solved in the field of cloud data sharing.Attribute-based cryptography is a promising public key cryptography in which the identity is fuzzily descibed as a set of attributes,so that it can provide both data protection and flexible access control.Thus,attribute-based cryptography is very suitable for building secure cloud data sharing.Attribte-based cryptography mainly consists of two primitives,namely attribute-based encryption and attribute-based signature.In attribute-based encryption,there is an access policy associated with attribute sets.The data user can decrypt ciphertext if and only if the attribute set satisfies the access policy.In attribute-based signature,there is a predicate associated with attribute sets.The signer can sign a message if and only if the attribute set satisfies the predicate.Note that both access poloicy and predicate are structured statement,namely they both claim that which kind of attribute sets are legal.This dissertation analyzes the development and security of cloud computing and research on attribute-based cryptography.Then in terms of enhancement of security and efficiency,it carries out a systematic research on serval improved schemes of attribute-based cryptography for secure cloud data sharing in various application senarios.The main achievements are as follows:(1)In order to improve key management in single attribute authority achitecture,a collaborative key management protocol is built and then a ciphertext policy attribute-basd encryption supporting collaborative key management protocol(CP-ABE-CKM)is proposed.By interaction among attribute authority,cloud storage center and data user,a distributed generation,issuance and storage of private key in single attribute authority achitecture is realized so that some key management threats including key escrow and key exposure are overcome.Since re-encryption based on attribute group is introduced,CP-ABE-CKM supports fine-grained immediate revocation.In decryption,only 4 bilinear pairing operations are needed.This constant pairing operations make CP-ABE-CKM comare favorably with similar schemes in terms of efficiency.In addition,collaborative key management is naturally compatible with outsourcing computation.By outsourcing some decryption tasks to the decryption server,user-side decryption overhead is further mitigated.Finally,the collaborative key mangement is proven to guarantee private key indistinguishability in conditon of either attribute authority or cloud storage center gets corrupted.(2)In order to solve key abuse problem,a blind accountability mechanism is built based on collaborative key management.Then a collaborative ciphertext policy attribute-based encryption supporting blind accountability(CCP-ABE-BA)is porposed.CCP-ABE-BA is of most of advantages of collaborative key management protocol,such as high decryption efficiency and free from key escrow and key exposure.Blind accountability mechanism does not need store any information about the data user's identity,thus it does not disclose identities of other data users except for malicious user.As a result,data user privacy is guaranteed.Meanwhile,only small amounts of operations are needed to detect whether key abuse happens and fast match the identity of malicious user.Finally,CCP-ABE-BA is proven to guarantee ciphertext indistinguishability against chosen plaintext attack under random oracle model.(3)In a way of optimization by removing bilieanr pairing,an accountable,revocable and pairing-free ciphertext policy attribute-based encryption(ARP-CP-ABE)is proposed.It does not rely on any bilinear pairing operations,thus the decryption ovehead is drmatically reduced.A fine-grained immediate revocation mechanism based on attribute group is introduced,in which the exponentiation operations involved in re-encryption is reduced from linear level to constant level so that the revocation efficiency is optimized.In addition,the identity of data user is embedded into the private key.Matching with the accountable table helps to fast detect whether key abuse happens and finds the malicious user.In addition,ARP-CP-ABE provides ciphertext non-malleability against chosen ciphertext attack under random oracle model,which make it has a reasonable security.(4)Considering some application senarios of cloud data sharing requiring anonymous authentication such as secret vote or anti-malicious anonymous comments,an escrow-free and pairing-free attribute-based signature supporting perfect signer privacy(F2P-ABS)is proposed.In a way of optimization by removing bilieanr pairing as mentioned before,it does not rely on any bilinear pairing operations.Meanwhile,both security and storage overhead of the private key are optimized.Not only is the key escrow problem overcome,but also the size of private key is reduced nearly 50% versus other similar schemes.In terms of signer privacy,the perfect signer privacy is guarantee when providing expressive predicate based access tree.That is to say,the verifier can only know whether the signer's attribute set satisfies the predicate but has no idea about any other information of signer's attribute set.In order to prove its security,a novel attack mode called selective corruptness chosen message attack is presented.Since this attack mode allows adversary to access part of master secret key,it is more powerful than existing attack mode.Finally,F2P-ABS is proven to guarantee existential unforgeability against selective corruptness chosen message attack under random oracle model.(5)Considering some cloud data sharing services for subscription of videos,news and articles,in order to build expressive access policy with limited computation overhead,a weighted threshold gate is first built and then a pairing-free key policy weighted attribute-based encryption(PKP-WABE)is proposed.The threshold gate is demonstrated as expressive as access tree but its flat structure contributes to succinct computation.Being free from bilinear pairing operations so that its efficiency it much better than current similar schemes.Finally,PKP-WABE is proven to guarantee ciphertext indistinguishability against chosen plaintext attack under random oracle model.