Research On Authorization And Authentication Mechanism In Ciphertext Sharing

Information technologies such as Cloud Computing,Internet of Things,and mobile computing have provided strong support for data storage,acquisition,and processing,which make it possible to build ciphertext sharing systems based on the third-party data platforms.However,due to the openness of the third-party data platform,while providing users with convenient data sharing services,it also brings a series of security risks and challenges,for example,in the complex user organization structure,how to provide secure and reliable key-delegation for a large number of users;with the increasing number of shared users,how to authorize multiple users in a reasonable,efficient and flexible manner;and how to achieve efficient cross-domain authentication in the multi-domain data accessing environment.These problems are urgent to be solved in the implementation of ciphertext secure sharing.The adoption of authorization and authentication mechanism can verify the legitimacy of user identity,which is the important foundation of secure ciphertext sharing.This dissertation focuses on some critical issues of secure sharing and authentication of ciphertext data based on third-party platforms,in order to solve the problems,such as the key-delegation abuse and key leakage in the hierarchical attribute-based encryption,how to flexibly authorize access to multiple users in a multi-agent scenario,and the authentication problem of external domain users in cloud computing cross-domain scenario.The main contributions of this dissertation can be summarized as follows:1.In the hierarchical attribute-based encryption,the problem of key-delegation abuse is raised,and one hierarchical attribute-based encryption solution with secure key-delegation is presented.Based on analyzing the causes of key-delegation abuse,a hierarchical attribute-based encryption scheme against key-delegation abuse is constructed by introducing the directed graph and associating the two requirements of key generation.Through the reduction and proof,the scheme is proved to be secure against chosen-plaintext attack and resistant to key abuse attack under the selective access strategy and generic group model.To solve the problem that the identity of the leaker cannot be confirmed after the key is leaked,a hierarchical attribute-based encryption scheme with white box traceability.The proposed scheme not only can resist key-delegation abuse,but also has the white box traceability,which realizes the identity tracking and identification of the key leaker.Further security analysis shows that under the l-strong Diffie-Hellman assumption,the scheme satisfies the white box traceability.The efficiency analysis shows that when the attribute universe is fixed,the constructed schemes are efficient.2.Aiming at the problem of how to support multi-conditional fine-grained authorization and resists the collusion attack simultaneously,an attribute-based conditional threshold proxy re-encryption scheme is proposed.The main idea of the scheme is: based on threshold secret sharing,the single proxy is extended to multiple proxies,which avoids the collusion attack between the single proxy and users,and improves the robustness of the system.Further,by introducing the multi-keyword setting,an effective structure of the scheme is presented,with the combination between the conditional proxy re-encryption scheme proposed by Lan et al.and the classic ciphertext-policy attribute-based encryption.This solution achieves fine-grained access to ciphertext data under multiple keyword authorization conditions,supports flexible user revocation,prevents unauthorized ciphertext from being collusive transformed,and protects sensitive information of data owners.The provable security analysis shows that the scheme is proved to be secure against chosen-plaintext attack under the generic group model.Compared with other conditional proxy re-encryption schemes,the proposed scheme supports more diverse functions.3.A threshold proxy re-signature algorithm with secure authorization is proposed,which is independent of bilinear pairings,and its implementation scheme for bi-directional cross-domain authentication protocol is given.By introducing El Gamal signature and threshold secret sharing,the unidirectional and bidirectional threshold proxy re-signature algorithms are proposed respectively based on Harn's group-oriented threshold signature schemes.It is proved that the proposed algorithms are secure against chosen-plaintext attack with collusion based on discrete logarithm assumption under random orac le model.A multi-proxy cross-domain authentication protocol based on bidirectional threshold proxy re-signature algorithm and PKI is presented under the cross-domain scene of hybrid cloud.The results show that the threshold conversion mechanism of multi-proxy re-signature can improve the cross domain authentication efficiency of digital certificate.