Research On Applying Attribute-Based Encryption To Big Data Security

With the rapid development of information and internet technology, data digitization becomes a trend, and big data is the inevitable product in the contemporary era. By means of the storage and computing capability of cloud computing platform, inestimable social value can be obtained from big data. But when mass data are outsourced to semi-trusted cloud servers, data security and privacy protection will be an enormous challenge. As a promising paradigm for modern public-key cryptography, attribute-based encryption(ABE) can enforce cryptographically access control of data. Therefore, ABE enables data to be securely stored and shared on semi-trusted cloud servers without relying on a fully trusted server to manage access control lists. However, high computational overhead and inefficiency of attribute revocation limit ABE to be applied into practice. Based on the requirements of big data security in clouds, the thesis focuses on constructing ABE schemes to achieve secure big data storage and sharing in an efficient and distributed way.Firstly, in order to meet the demands of efficient and scalable distributed access control for big data, the thesis proposes a multi-authority ABE scheme without central authority. The scheme has the following advantages:(1) Each attribute authority(AA) is autonomous, and can join and leave the system dynamically.(2) It supports decryption outsourcing which can delegate most work of decryption to cloud servers, and satisfy the access requirements of lightweight end-users.(3) It utilizes key separation technology to make no entity in the system can decrypt ciphertexts individually, thereby achieving an efficient attribute revocation method with forward security and backward security. The thesis also provides an implementation of the proposed scheme in Charm. Compared with existing schemes, experimental results demonstrate that the proposed scheme is more efficient.Secondly, the thesis extends the above proposed scheme to support hierarchical attribute. In the scheme, the attributes managed by AAs are organized into different attribute trees, and user privileges are divided into tree-like hierarchical structure. In contrast with the flat structure in traditional ABE schemes, hierarchical structure can effectively alleviate key management and reduce storage overhead on ciphertexts, thus the scheme can improve the system efficiency. The performance analysis and comparison shows that the scheme is more suitable for large organizations.Finally, the thesis proves the adaptive security of the above two proposed schemes in the generic group model.