Research And Implementation On Attribute Based Encryption

With the rapid development and steady popularization of the Internet, more and more sensitive data is stored and shared on the third websites, such as the cloud storage and cloud sharing. The sensitive data is usually not encrypted and stored in the server while the access control is done by the server. If the server is untrusted or the server is attacked by a hacker, then the sensitive data is at the risk of compromising. So it’s quite necessary store the encrypted data before sharing it in consideration of security.The Attribute-Based Encryption (ABE) is presented to solve this issue. ABE enables an access control mechanism over encrypted data using access structures and ascribed attributes among private keys and ciphertexts. ABE comes in two flavors called Key-Policy ABE (KP-ABE) and Ciphertext-Policy ABE (CP-ABE). In KP-ABE, ciphertexts are associated with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. In CP-ABE, the roles of sets of attributes and access structures are swapped from KP-ABE.This paper carries out deep research in the construction and implementation of ABE. Taking two classic ABE schemes as examples, we compare KP-ABE with CP-ABE, analyze access tree and LSSS access structure, and discuss the space and time cost of ABE schemes. A simpler and more effective CP-ABE scheme by modifying an existing scheme is presented. Our new sche me costs less space and time than the original scheme, and can be proved secure in the standard model. We discuss how to convert between KP-ABE and CP-ABE, and construct a specific example scheme respectively. An algorithm is designed to implement the integer comparison of numerical attribute for access tree, and an existing LSSS access structure algorithm is expanded to support numerical attributes and integer comparisons. The performance evaluation of our CP-ABE scheme is done by Pairing-Based Cryptography Library and also the comparison with other CP-ABE schemes is made. In addition, we make an extensible ABE toolkit with graphical user interface.