Research On Data Sharing Mechanism In Cloud Based On Attribute-based Encryption

As the cloud computing technology is developing and popular, its convenient, efficient, and the feature charging by amount make individual and enterprise store the large amount of data in the cloud, so they can share these data. Users store their data in the cloud, they must consider the security about the data, one of the way to keep security is encryption. Attribute-based encryption(ABE) embed the authorized users’attributes and decrypting condition into the private key and ciphertext. Users can decrypt the ciphertext iff(if and only if) the attributes satisfy the decrypting condition. Currently, the ways to access ciphertext mainly "AND","OR","NON"gate and tree structure. From the concept of attribute-based encryption, it can realize 3 encryption and decryption mode:"one to many", "many to one" and "many to many". This flexible mode can realize data sharing mechanism efficiently, so we research the application of attribute-based encryption in the cloud data sharing in our paper.In this paper, we regard all the providers are untrusted, including cloud service providers and resource suppliers, even the staffs in the enterprise may leak their private keys. In this assumption, we research the application of attribute-based encryption in the cloud data sharing in our paper, the main work are:(1) Focusing on the background that users share all data, we propose a data sharing mechanism based on ciphertext policy attribute-based encryption(CP-ABE) and data partition. Although attribute-based encryption can realize data sharing mechanism well, using ABE technology to encrypt large amounts of data directly will reduce the effectiveness. We partition data according to certain rules and encrypt these data block by symmetric encryption, then we store these encrypted data block in the cloud. For these symmetric keys, we used attribute-based encryption. Users share the data by sharing these keys. It improve the effectiveness and the security. In this scheme, we can revoke a traitor user(revoke whole privileges).(2) Focusing on the issue that users share part of data, we design a attribute-based encryption(CP-ABE) scheme with tracing and attribute revocation. In some practical application, attribute-based encryption can not guarantee the data are fully security, there are many threats. For example, users leak their keys intentionally for their own benefit, so we must design a traceable and revocable mechanism to reduce or revoke traitor users’privileges. In key generation algorithm(KeyGen), we embed user’s identity information(id)into its private key, we design a tracing algorithm by Shamir threshold sharing scheme. When a user’s behavior is abnormal, the system trace the user’s by its private key, then the system put its id into a corresponding attribute revocation list. When a user run the encryption algorithm, it input the attribute revocation list, so we can trace traitor user and fine-grained revoke attributes directly. We prove the security based on the dual system encryption technology at last.