| Cloud computing is a new application mode of network,which can provide users with various on-demand services.As one of the basic services,cloud storage service enables users to enjoy huge storage space,super computing capabilities and convenient data sharing.Consequently,an increasing number of users tend to store their data from the local to the cloud.Considering security and privacy,sensitive data should be encrypted before storing in the cloud.Although the traditional public key encryption can ensure the confidentiality of data,it can not achieve fine-grained access control and sharing for data.Fortunately,as a kind of “one-to-many” public key encryption,attribute-based encryption can solve this problem.Therefore,attribute-based encryption is regarded as one of the most suitable encryption techniques to achieve data security and fine-grained access control in cloud environment.In attribute-based encryption schemes,an identity is regarded as attributes.As long as attributes satisfy the access policy,the decryption can be done successfully.Thus,attribute-based encryption has rich expression and flexible access control.However,there are many challenges,such as trace and revocation for a malicious user,rapid ciphertext retrieval and privacy preserving,which are still hindering the development of attribute-based encryption.Based on a study of the existing attribute-based encryption schemes,the main results of this paper are as follows:1.Based on the linear secret sharing scheme and key encryption key tree,this paper proposed an attribute-based encryption scheme which supports the white-box trace and user revocation.In this scheme,the leaf nodes in the tree are used to trace the malicious users in the encryption system.Once a malicious user is caught,his/her identity is added in the revocation list.The user revocation can be achieved by updating the ciphertext components associated with the revocation list.Furthermore,the scheme is proved to be selectively secure under the decisional q-bilinear Diffie-Hellman exponent assumption in the standard model.Compared with the existing revocation schemes,the proposed scheme not only improves the efficiency of updating ciphertext,but also supports the white-box trace.2.Based on the access tree and anonymous key protocol,we proposed an attribute-based encryption scheme which supports the privacy preservation,keyword search and user revocation.And we apply the scheme to personal health records.In our scheme,we obfuscate the attributes exposed in the access policy.This method avoids the risk that an attacker may guess what kind of disease the patient gets according to the attributes.Instead of an exhaustive search with cryptographic calculations,a simple comparison algorithm is adopted to improve the searching efficiency.Compared with the existing searchable encryption schemes,the proposed scheme doesn't sacrifice the efficiency of encryption and decryption in the case of adding the revocation functionality. |
PDF Full Text Request