Design And Analysis Of Access Control Scheme Based On Attribute-Based Encryption

The secure storage and access control of data is an important research area in traditional. As the presentation of cloud computing, especially in recent years, this field becomes one of the focuses of research. The vast majority of users do not want their data is acquired or used by others who are not authorized by themselves. Using cryptography is one of main solution to solve this problem. But traditional symmetric cryptography which only satisfies the one to one communication does not meet the multi-user model in data sharing. In terms of traditional asymmetric cryptography which satisfies the communication model of multi-parties to one, for instance RSA, El Gamal, cannot meet the model that multiple users share the data which is encrypted by one user. Otherwise, the traditional technical to encrypt the data cannot realize access control. In other words, encryption and access control are independent of each other in traditional. Ciphertext-Policy Attribute-Based Encryption(CP-ABE), which is a combination of cryptography and access control, becomes an important way to solve the problem mentioned above.The main contributions of this thesis are:First, we construct a CP-ABE plan which possesses the function of time access control by using bloom filter. This method avoids the case that the number of attributes or attribute values is too many.Second, for network archive which is a particular type of network file data, we describe its characteristics and the security requirements it should meet in detail. We also propose a system based on CP-ABE, which contains system model, storage form of the network archive and five protocols to manage the network archive. These protocols are data access protocol, data upload protocol, data revise protocol, logout agency properties protocol and add data type protocol. This scheme can realize the security sharing of network archive. In addition, we analyze the characteristics, functions and security of this mechanism.Third, for the feature of medical information, we propose the medical treatment process and the access control system of medical information based on CP-ABE, which contains system model and treatment process. And we also proposed the treatment mechanism and process in the emergency. This system not only protects the identity information and medical records of patient but also realizes the patients' anonymous registration and outpatient treatment.