A Data Access Control Model Based On Attribute-Based Encryption

With the advent of the Internet age, users will produce a large number of data, these data are stored in the cloud server, and the information of people becomes more transparent and symmetric. However, there are also security risks when cloud server brings the convenience of service for users. Whether the data are leaked to any other person or institution without the allowance of users, which is an issue that needs to be confronted with. So, it is particularly important for the users to have fine-grained access control for their own data. As a research hot spot, attribute-based encryption is very important in fine-grained access control.Because of the low efficiency of attribute revocation in current attribute-based encryption system, we design an efficient revocable ciphertext policy attribute-based encryption system. After that, we design a chain store fine-grained access control model based on ciphertext policy attribute-based encryption and time stamp. Then we use the model to describe the process of register, access, as well as attribute revocation.The main contributions of this paper are:By improving existing ciphertext policy attribute-based encryption scheme, we encrypt the symmetric encryption key with attribute policy, and put attribute parameters into symmetric encrypted ciphertext. For the user who has been revoked attribute, he can not decrypt the ciphertext with ex-symmetric key in his hands. Data owner establishes an access policy which contains a certain number of attributes set, in this way, only will the users who are in line with the access policy decrypt the ciphertext correctly. When a user's attribute is revoked or when a new user brings new attribute, center of attribute only needs to update one user's private attribute keys, and cloud server updates a part of ciphertext, so we can achieve forward security and backward security.This paper proposes a new access control model with chain storage structure, which the memory content is divided into header file and body file. This model and attribute encryption scheme can be a good combination. The attribute set is placed in header file which stored in the center of attribute. The ciphertext is placed in the body file which stored in the cloud server. When users want to get the data, they do not need to communicate with the data owner everytime. When the user 's attributes are in line with the policy, they will get the information included in the head node, then decrypt the information included in the next head node, and so on. We utilize this chain storage structure because of its low space requirement. Although the logical address is continuous, the physical address does not need to be continuous, which reduces the burden of cloud server, thus this structure solves data storage problems. In addition, in social network, data owner can control user's access to the node when he uses time stamp. Through this scheme, data owner can control his data more fine-grained. This scheme can be used for protecting users' data privacy.