Research On Attribute-based Encryption Schemes With Revocation And Outsourcing

As a kind of computing method based on Internet, cloud computing can provide convenient and flexible storage and computing services for resource-constrained users. However, in practical applications, cloud computing still faces many security issues, such as access control of confidential data ital. Attribute-based encryption is a type of public key cryptography primitive supporting one-to-many secure communications. Such a system can not only ensure the data confidentiality, but also support fine-grained access control. Therefore, attribute-based encryption is considered as one of the most suitable encryption technologies for cloud environment.With these advantages, attribute-based encryption has been widely studied. However, there still exist several technical problems when single attribute-based encryption schemes are directly applied in practice. Firstly, in an attribute-based encryption system, user or system attributes could be often revoked or users' keys could be leaked. Consequently, such a system has to support the functionality of attribute revocation and user revocation. Secondly, the decryption algorithm usually involves a lot of bilinear pairing and exponent operations, which are a very huge computing cost for resource-constrained users. If most of decryption calculations can be outsourced to the powerful cloud server, then the computing cost can be reduced greatly on the clients or users. As a result, it is very interesting to construct such an encryption scheme with the functionality of decryption outsourcing.In view of the above problems, the main works of this thesis are given as follows:1) An attribute-based encryption scheme is proposed with attribute revocation and decryption outsourcing. The splitting and reconstruction of secret are realized by linear secret sharing technique, and key update is based on the Key Encrypting Key(KEK) tree. In the process of decryption, our scheme outsources most of decryption computation tasks to a decryption service provider, which can reduce the computation cost on the users. The proposed scheme can resist collusion attack; ensure data confidentiality and forward/backward secrecy. Moreover, our scheme is also proved secure under the Decisional q-Bilinear Diffie-Hellman Exponent assumption in the standard model.Performance analysis and experimental results show that the efficiency of key generation, ciphertext update and decryption is much higher than that in the available.2) A ciphertext-policy ABE scheme with direct user revocation(DUR-CP-ABE) is proposed. In DUR-CP-ABE, both the private key and the ciphertext consist of two parts. The private key is related to attribute set and user identity, and the ciphertext is associated with access policy and a revocation list. A user can decrypt a ciphertext if and only if he is not in the revocation list and his attribute set satisfies the access policy, simultaneously. Whenever revocation events occur, only ciphertext components associated with the revocation list need to be updated, and non-revoked users do nothing. Finally, we point out that the new scheme can be applied to malicious data service manager. The new scheme can resist collusion attack, ensure data confidentiality and forward/backward secrecy. Furthermore, the proposed scheme is proved selectively secure under the Decisional q-Bilinear Diffie-Hellman Exponent assumption in the standard model. Compared with existing revocation-related schemes, the new scheme can achieve high efficiency and insure the expression ability of access structure.