Research On Trust-based Access Control And Differentiated Identity Authentication

With the development of cloud computing, large scale distributed applications increase rapidly. Collaboration among multiple parties is more and more popular and it leads more and more important data to be shared and accessed among many related parties. Moreover, with the diversification of service type, the security requirements are different. How to meet the demand of the service security at the same time guarantee the convenience of the service is a problem needed to be resolved.Attribute based Encryption(ABE) is a type of public key encryption, and provides an efficient fine-grained access control management. However, there is still some important inefficiency for ABE, including attribute revocation, flexibility of access policy, key management of multiple authorities and security demonstration under many different security models. To improve the flexibility of key structure in traditional ABE, this paper proposes a modified solution of ABE. Firstly, we have studied the basic principle of ABE systematically, especially the attribute set based encryption(ASBE) technology. Then we put forward an improved ASBE with recursive attribute sets of depth 3(3-ASBE) by extending basic ASBE, and redesign the four main algorithms, including system initialization, key generation, encryption and decryption. In order to meet requirements of large distributed services and resolve the potential security problems of single authority 3-ASBE, the paper implements a multiple authorities 3-ASBE mechanism, and then compares the performance with other ABE mechanisms. Moreover, traditional ABE only guarantees security of data storage and sharing access, except the security of data source. So this paper combines trust management and ABE to solve the reliability of data source. The modified 3-ASBE can easily support combined attributes which are made up of an attribute value and a trust level. Multiple authorities’ 3-ASBE allows different authorities to manage same attributes, which is good for market competition. Thus it can provide better services in practice.In addition, to solve the security problems introduced by diversity of service, we propose and design a differentiated identity authentication protocol. When an authentication method is selected, the protocol takes into account the security requirement of service, network environment of user, and history records of being attacked. So the protocol can provide user a customized authentication service according to the specific security situation at the same time to guarantee the security and convenience of application services.