Research On Data Access Control Based On Attributes-Sets

Ciphertext-Policy Attribute-Sets Based Encryption (CP-ASBE) enables users who have specific attributes to get corresponding access rights, which can avoid the influence of physical environment factors and be able to achieve the muiti-values distribution of a property, and is a more practical public-key encryption method for fine-grained access control of shared data in the cloud virtualization environment.This paper put forward an improved CP-ASBE scheme by introducing proxy re-encryption technology based on the existing schemes to solve the partial access right of the user because of the revocation of user’s attributes. when the attributes, especially some attribute of users, is failed, first, the scheme make the trusted authorized center generate the corresponding attribute re-encryption key by running the re-encryption key generation algorithm, and then re-encrypt the original ciphertext to the proxy server by re-encryption algorithm, finally, update private keys of other users who have access rights by secret updating algorithm. In the whole process of re-encryption operation, proxy re-encryption technology keeps the untrusted third party from peeping the stored data information and the users’private key and compute the corresponding component of the revoked attributes in real time, thus can complete the computation of re-encryption of ciphertext and the updating of users’key after the revocation of users’access rights or some access rights. At the same time, it is the proxy server that complete the heavy computational cost of re-encryption without users’participation, thus reducing computational cost of user and effectively solving the problem of users’higher computational cost to complete the computation of re-encryption in the existing schemes.By comparative analysis of the computational complexity of the algorithms in our scheme, the scheme is the better choice in considering the practicality and computational efficiency. As for the security of our scheme, it is proven to be against chosen plaintext attack (CPA) provable security in the standard model. In order to show the efficiency of our scheme, this paper build a simulation experimental environment required for the scheme through building the experimental platform on a virtual machine and configuring the required toolkit. The simulation results show that our scheme has higher operating efficiency in completing the revocation operation of access right, especially the partial access right, comparing to the existing access control scheme, and enables users to have the lower computational cost in the whole process.