| As an extension of identity-based encryption, attribute-based encryption (ABE) scheme uses a set of attributes to describe the users' identity. The characteristic of ABE is that it introduces the access structure to the ciphertext and the secret key. On the one hand, this access structure can limit the ability of users in decryption; on the other hand, it also can protect the ciphertext. Thus, ABE scheme is very suitable for uncertain recipient situation under distributed environment. Because of its flexibility, efficiency and collusion-resistance, the ABE scheme is widely used in the fields like network security, fine-grained access control, etc. Since the concept of ABE has been proposed as a new public-key encryption mechanism, it has aroused more and more attention of scholars at home and abroad. At present, the researches of ABE mechanism are mainly in the areas such as efficient ABE algorithm, attribute revocation, access policy hidden, multi-authorized agencies etc. According to the current achievements of attributes revocation and multi-authorized agencies based on ABE, the main work of this paper is as follows:1. This paper introduces the basic mechanism of ABE and its two extensions:key policy attribute-based encryption (KP-ABE) and ciphertext policy attribute-based encryption (CP-ABE). Meanwhile, it gives the formal definition, security model and detailed scheme structure of the basic ABE mechanism. To the KP-ABE and CP-ABE, it firstly introduces their algorithms respectively. Then it analyzes and summarizes the two expansions above in terms of computational overhead and the length of the ciphertext and the secret key, which lays the foundation on the following research.2. The attribute revocation mechanism in ABE scheme is also studied in this paper. In the ABE scheme, the upgrade of system may lead to the change of attribute; on the other hand, the alteration of users'attribute may lead to the modification of users'permissions. According to the reality above, an effective ABE scheme with attribute revocation is proposed. This scheme distributes the secret key to users with secret segmentation technology during the key generation phase. Then during the encryption phase, it adopts the LSSS access structure to encrypt ciphertext. As a result, the scheme can control the attribute revocation flexibly and decrease the computational overhead greatly through integrating the fast decryption method.3. The multi-authority ABE mechanism is also studied in this paper. In a single authority system of ABE, all of the attributes in the system are managed by the individual authority. It brings a heavy burden to the authority. In this paper we propose a more efficient multi-authority ciphertext policy ABE scheme. Thanks to adopting the tree access structure and secret sharing mechanism, it can support any monotone access structure operation and make the expressions of authority flexibly.Finally, it is proved that this scheme can achieve a high security under the assumption of Decisional Bilinear Diffie-Hellman (DBDH). |
PDF Full Text Request