Research And Implementation Of Hierarchical And Multi-authority Attribute-based Encryption In Cloud Computing Environment

Information security in cloud computing environment has attracted more and more attention inboth academic and industrial fields. Users in the cloud may lose most of the control of their datawhile the cloud service provider gets more power. So data security has been one of the mostimportant issues and access control scheme is one of the most effective methods to solve the aboveproblems.In this paper, we proposed a novel framework of hierarchical and multi-authorityattribute-based encryption (HM-ABE) solution to solve the access control and privacy problems byusing multiple authorities and hierarchical attribute structure, which reduces the workload ofcentral authority and enhances the security of the system. This solution is implemented in personalhealth record (PHR) sharing system which supports fine-grained access control, effective attributerevocation and temporary authorization in emergency situation. Achieve the following results:(1) A hierarchical and multi-authority attribute-based encryption (HM-ABE) solution in thecloud is proposed for the first time. Each authority is with different privilege and in charge ofdifferent attribute sets and user private key distribution, which largely reduces the workload ofsingle authority and supports flexible access control.(2) HM-ABE scheme is implemented in PHR sharing system in cloud environment. Integratedsystem architecture and detailed implementation process are described in this paper. Two domainswith different access control schemes are built considering different user requirements.(3) On-demand user revocation scheme with high efficiency is established in PHR sharingsystem, which also enforces write access control and provides break-glass access to PHRs inemergency situation.(4) Security analysis shows that our HM-ABE scheme is secure against CPA in the securitymodel. In addition, a thorough analysis of complexity and comparison with other systems andexperimental results are provided to show the security, efficiency and scalability of our scheme.