Research On Access Control Mechanisms With Attribute Based Encryption

Due to Cloud Service Provider is not credible in cloud computing, traditional access control is not suitable for cloud computing environment. Ciphertext-Policy Attribute-Based Encryption is mainly used in cryptographic access control mechinisms in cloud environment now. But data owner need to produce re-encryption information for ciphertext and re-encrypt it when attribute revocation happen; legal users can’t decrypt ciphertext because ciphertext has been re-encrypted, so data owner need to produce update keys and send them to legal users; all of these will increase data owner’s computation overhead. Meanwhile, users will be influenced by other users’ attribute revocation, this will increase user’s computation overhead. It is possible that DO doesn’t or seldom update the data when attribute authority revokes attribute many times. It will increase CSP and attribute authority’s computation overhead in the assumption that there is no need to re-encrypt if there is no files updating.In order to reduce the computation overhead for data owners and users, we propose a new method that the decryption key is divided into two parts. One part is in users’ side, the other part stores in CSP side. Only the key stored in CSP need to be updated, users don’t need to update their key, all users will not be influenced by attribute revocation, this can reduce users’ computation overhead; and the decryption computation overhead of users has nothing to do with attribute amount because CSP undertakes part of decryption operations; the re-encryption of ciphertext is executed by CSP, this can reduce DO’s computation overhead.In order to solve the problem that unnecessary ciphertext updating or key updating exist in the system, we propose a protocol, that can judge if there is attribute revocation before data owner send new data to CSP by communication between attribute authority(AA). If attribute revocation happens, DO encrypts the data by new key and produce ciphertext re-encryption information and key updating information and send them to CSP. CSP uses these information to update these ciphertexts and keys stored on cloud. If no attribute revocation happens, DO encrypts the data by previous key, others has nothing to do. The protocol can reduce the time that AA produce the updating information of ciphertext and key, and the times of CSP update the ciphertext and key stored on it by communication between DO and AA. Therefore, the computation and communication overhead of AA and CSP can be reduced. Our analysis shows that the scheme and protocol can reduce the computation and communication overhead for users, data owners, CSP and attribute authority, and it is secure against chosen plaintext attacks (CPA).