Research On Efficient And Provable Secure Attribute-Based Encryption Schemes And Its Applications

With the rapid development of the techniques on the Internet,cloud computation and distributed computation,an increasing number of requirements over applications and data sharing are needed in the environment of distributed,cloud computation and information center network(ICN).While lots of useful data which can be easily obtained by these technologies bring huge social benefits and economic value,many potential data security risks have arisen,such as the frequent occurrence of various data leakage accidents in recent years.As a new type of cryptography primitive based on the extension of identity cryptography,attribute-base cryptography,is proposed to realize secure and flexible data sharing and fine-grained data access control in various application scenarios,and relevant application research is at a hot spot stage at home and abroad.This dissertation explores and analyzes the key problems of the practical application of attribute-base cryptography in cloud computation,information center and other network environments,and takes them as the breakthrough point to explore and design the secure and efficient attribute-based encryption construction scheme.Ciphertext-Policy Attribute-base encryption(CP-ABE)is a promising primitive to achieve versatile and secure data sharing in the cloud computing by flexible one-to-many encryption.In addition to solving the problem of the construction of attribute-base schemes,this dissertation also provides basic research for constructing multifunctional attribute-base schemes in the future.The main research contents and contributions include:1.A ciphertext-policy attribute-based encryption scheme with delegated equality test in cloud computing is proposedThe public key encryption supporting equality test(referred to as PKE-ET)provides the capability of testing the equivalence between two messages encrypted under different public keys.Firstly,the notions of PKE-ET and CP-ABE are combined to construct the concept of CP-ABE with an equality test(CP-ABE-ET).Using ABE-ET primitive,the receiver can delegate a cloud server to perform an equivalence test between two messages,which are encrypted under different access policies.During the delegated equivalence test,the cloud server is unable to obtain any knowledge of the message encrypted under either access policy.A concrete CP-ABE-ET scheme using bilinear pairing and Viète's formulas is designed,which gives the security proof of the proposed scheme formally in the standard model.The scheme is effective and practical.2.An application of proxy re-encryption in the access control framework of information-centric networks is designedIn the application of ICN,some of the current solutions are based on the traditional encryption technology,but these solutions introduce significant overhead in the client side and have a high requirement to the memory and computing power of end user.In this dissertation,an efficient proxy re-encryption(PRE)scheme is used in ICN framework to help reduce the overhead on the user-side while guaranteeing flexible data sharing between subscribers and even their cooperator.The scheme has the additional benefits of a non-interactivity and collusion resistance.The experiments verify that the scheme is secure against adaptive replayable adaptive chosen ciphertext attack(RCCA)in re-encryption and chosen ciphertext attack(CCA)secure in complete ICN encryption.The extensive analysis also shows that the scheme has a relatively good performance in computation cost and communication complexity aspects.3.A scalable e-voting protocol with receipt-freeness and coercion-resistance is proposedIn the remote election,Vote-buying and voter-coercion are the impending threats in large scale remote voting.With the powers of carrots and sticks,voters are encouraged to deviate from honest voting strategy and spoil election fairness and democracy.To address this security issues in remote election,the dissertation proposes the notion of receipt-freeness.The proposed technique is based on key-private proxy re-encryption,and is more lightweight,flexible,and practical when comparing to existing works.Benefited from the new technique,an e-voting protocol is constructed that preserves most of the features provided by the state-of-the-art e-voting protocols at the same time.4.Optimization of secure anti-collusion data sharing scheme for dynamic groups in the cloudZhu-Jiang proposed a secure anti-collusion data sharing scheme for dynamic groups in the cloud.It is found that Zhu-Jiang's scheme is insecure against forgery attack in registration phase for existing users.The proposed attack demonstrates that any outside adversary can masquerade as the group manager to issue invalid or expired secret keys to the existing group users.This dissertation proposes an improved scheme without sacrificing high efficiency and group-dynamicity characteristics of the original scheme.5.Optimization of ciphertext-policy attribute-based hybrid encryption scheme with verifiable delegationXu proposed a hybrid ciphertext-policy ABE with verifiable outsourced decryption in which the authors claimed that the correctness of the outsourced decryption can be verified by the user.After carefully researching the scheme,it is found that Xu's scheme is not secure against forgery attack.The proposed attack demonstrates that anyone can forge or tamper a valid ciphertext with a different message to replace the original ciphertext the user intends to decrypt.This dissertation proposes an improved scheme making up for the weakness of VD-CPABE.