Group-Oriented Attribute-based Cryptographic Schemes And Their Applications

With the rapid development of information technology, the new-generation net-work puts forward new requirements for the design of access control mechanism. The emergence of large-scale open network environment brings a large number of security threats. There is an urgent need to build new types of access control mech-anism based on cryptographic schemes. In order to implement the fine-grained access control under the open network environment, attribute-based access control was introduced. Attribute-based access control mechanism can be realized through attribute-based signature schemes and attribute-based encryption schemes. Access control mechanisms designed under that framework have an essential security prop-erty called collusion resistance. This property makes users unable to collaborate to meet the access conditions in emergency situations. But in the real life, there are situations where users need to (conditionally) cooperate and merge their attributes to access data.In this paper, we divide users by groups. Only members from the same group can merge their attributes to meet the access policies. Based on this idea, we propose a group-oriented attribute-based signature scheme and two group-oriented attribute-based encryption schemes. The research work presents in this paper includes:1. We propose a Group-Oriented Attribute-Based signature scheme(GO-ABS for short). In GO-ABS, users are divided into different groups and are affiliated with different attributes. Only members from the same group can combine their signing keys to form the signing key of a larger union set of attributes, and generate a signature which can be used to grant access right to the data, but users from different groups cannot make it. We give an efficient design of GO-ABS, prove its security and implement the prototype of our scheme.2. We propose a threshold Group-Oriented Attribute-Based Encryption scheme(GO-ABE for short). In this scheme, users from the same group can pool their at-tributes and private keys to "match" the decryption policy. That is, if the union of their attributes matches the policy, they can cooperate together to decryp-t the ciphertext. But users from different groups cannot make it. We give a security model and an efficient construction of this new notion, with rigorous security and efficiency analysis.3. We extend the threshold GO-ABE scheme into a GO-ABE scheme with Monotonic Access Structure. Then we give en efficient construction and discuss the security of the scheme.