Cloud Ciphertext Access Control Research Supporting Attribute Revocation And Outsourcing

Cloud computing is a new computing paradigm, which is considered as the core of the development for the next generation Internet technology. And more and more data and applications are moved to the cloud to provide real-time, low-cost, extensible services for users. The ownership of users' data and its control are separated in the cloud computing. Under the premise of ensuring the confidentiality of data, how to guarantee the flexibility of the access control for data is the primary problem we must pay attention to.Attribute-based Encryption(ABE) is well suited to apply in the open cloud storage environment, which can achieve fine-grained access control, support one-to-many communication modes. However, there are still many problems to be addressed to directly apply ABE in the cloud storage environment, where the attribute revocation issue is the main one. When a user joins or leaves the system, and obtains or loses the attribute, the authority has to update the ciphertext and secret keys in time to guarantee the security of the data. Simultaneously, the computation of bilinear pairings contained in ABE is complex, which consumes significant computational time from the authority and users, thus it limits the user experience.This article deeply studies the issues of the attribute revocation and computation efficiency in the cloud-based access control scheme based on ABE. The major contributions of this article are summarized as follows:We introduce the concept of the attribute group, translate "user-attribute" into "attribute-user" and distribute a KEK binary tree to each user to realize the immediate revocation of the attribute. Meanwhile, under the premise of security, we introduce the outsourced technology which outsources complex operations to the proxy to eliminate the computation overhead from the authority and users, thus ABE can use in the resource-constrained mobile devices. Combining the attribute group with outsourced technology, we propose a fine-grained data access control scheme with attribute revocation and outsourcing in the context of ciphertext policy ABE(CP-ABE). The proposed scheme can protect the confidentiality and security of the data, and reduce the computation cost of the authority and users.Then, we use Java to realize the proposed scheme in the Windows platform. The theoretical analysis and simulation results show that the proposed scheme is efficient and flexible, and when the user's attribute set is changed, the authority can update the ciphertext and secret keys in time to protect the forward and backward security of the data.Finally, we summarize our work and present several key problems that still exist in ABE used in the cloud storage environment, and point out the directions of the future research.