Research On Data Sharing Mechanism Based On Attribute Based Encryption In Complex Scenes

In recent years,cloud computing,edge computing,Internet of things and other technologies have developed rapidly and are widely used in various fields.The resulting security of private data has attracted more and more attention.Compared with traditional encryption methods,attribute-based encryption can not only realize the one-to-many data encryption and decryption,but also allow data owners to selectively share sensitive data with fine-grained access control.However,there are still some key issues about attribute-based encryption,such as the hiding of access policy,key revocation,multiple authorities,identity authentication,anti-collusion and traceability to be studied.Studying and solving these issues is of great significance,not only for the theoretical research of attribute-based encryption,but also for the application of practical scenarios.Based on the provable security,this dissertation makes a deep study on the design and the key issues of attribute-based encryption schemes in different application scenarios.The main research contents are as follows:1)An attribute-based encryption technology scheme(PHAS-HEKR-CP-ABE)supporting both the hiding of access policy and key revocation is proposed.Aiming at the cloud sharing application scenario,it increases the ability to defend that the key information of attributes in the access structure is maliciously stolen and attacked,solves the problem of key abuse caused by that the illegal key or invalid key can not be revoked and updated.Firstly,the algorithm realizes the access control of attributes “and" gate and"or" gate based on LSSS strategy,which has a strong access expression ability.At the same time,each attribute is split and represented in the form of attribute directory and attribute value,and the attribute value is hidden.Since the sensitive part of an attribute is hidden,although the algorithm of the scheme is based on partially hidden of the access policy,it is enough to achieve the effect of hiding the whole access policy.Secondly,in order to realize the key revocation,the scheme adopts the ciphertext filtering algorithm,which only needs a small amount of information transmission between the attribute authority and the server to realize the key revocation at the user level and attribute level at the same time.In addition,the algorithm of the scheme adopts bilinear mapping of prime order and supports large universe,which guarantees the efficiency and scalability.Then,a security model is designed to prove the security of the scheme under the goal of selective IND-CPA,and the functions of resisting offline dictionary attack and collusion attack are described through rigorous logical analysis.Finally,through analysis and simulation with the current relevant research schemes,it is found that PHAS-HEKR-CP-ABE scheme realizes more on key technologies and functions around attribute-based encryption,and the algorithm has less time and space overhead.2)An attribute-based encryption technology scheme(MA-IA-KR-CP-ABE)based on multi-authority mode,supporting user authentication and dynamic key revocation is proposed.Aiming at the edge computing application scenario,it gets rid of the risk of system collapse caused by the concentration of power and load in a single attribute authority,solves the problem of unauthorized users' random access due to the lack of identity authentication,and solves the problem that the illegal keys or invalid keys cannot be revoked and updated in multi-authority mode.Firstly,the algorithm divides each key into different parts,and the corresponding key of each part is generated by several attribute authorities.Secondly,the global identities of users are introduced and a secure authentication algorithm is designed to verify users,so as to reduce the risk as much as possible.In addition,in order to solve the problem of key revocation under the multi-authority system,the scheme adopts the dynamic re-encryption algorithm,so that the attribute authorities can dynamically revoke the old attributes of users and assign new attributes to them,so as to realize the immediate revocation of keys at the user level and attribute level.On the other hand,during the execution of the revocation algorithm,the server knows nothing about the values in attributes of users',so as to protect the users' privacy to the greatest extent.In addition,the scheme supports the large universe and has strong scalability.Then,a security model is designed,the security of the scheme under the goal of selective IND-CPA is proved by using the complexity assumption,and the security of the identity authentication is described through rigorous logical analysis.Finally,through analysis and simulation with the current relevant research schemes,it is found that MA-IA-KR-CP-ABE scheme realizes more on key technologies and functions around attribute-based encryption,and the algorithm has less time and space overhead.3)An attribute-based encryption technology scheme(MA-TC-KP-ABE)based on multi-authority mode,supporting anti-collusion and traceability at the same time is proposed.Aiming at the log audit application scenario,it solves the problem of collusion to forge the key by combining private information between attribute authorities or users under the multi-authority system,solves the problem that the system cannot trace the identity of the user who leaked the secret key.MA-TC-KP-ABE scheme plays an important role in solving the problem of key abuse under the multi-authority mode.Firstly,since there are multiple attribute authorities in the encryption system and the users' keys need to be segmented among them,and there is no inevitable connection between the attribute authorities,this scheme realizes the anti-collusion under the multi-authority mode based on the reasonable secret decomposition and sharing algorithm by introducing the central authority and the users' global identities,which prevents users from illegally sharing information and forging keys.Secondly,this scheme introduces the accountability list and the reasonable key construction algorithm to track the identity of the owner with the illegal key that meets the integrity verification.Then,a security model is designed,the security of the scheme under the goal of selective IND-CPA is proved by using the complexity assumption,and how to resist collusion is described through rigorous logical analysis.Finally,through analysis and simulation with the current relevant research schemes,it is found that MA-TC-KP-ABE scheme realizes more on key technologies and functions around attribute-based encryption than most schemes,and the algorithm has less time and space overhead.In addition,compared with some individual scheme,this scheme has realized the same on key technologies and functions,but the technical ways are different,and the performance is obviously better than the compared scheme.