| The arrival of Big Data era makes more and more users and enterprises choose the cloud server to store data and they also share data with the specific user through the cloud server.Users are enjoying the convenience which is brought by cloud server while they also have to endure lots of problems such as the data leak or supplier safety evaluation difficulty etc.This is the result that users lose the direct control of data.Under the circumstance of cloud server,the distributed storage of data leads to that “physical security boundary” in the original information system is broken and even disappears itself.Therefore,an issue is urgently needed to be addressed——how to realize the access control to make sure the security of users' data as well as outsource data storage by the means of cloud environment at the same time.CP-ABE can effectively solve this kind of problem.It can organize different access rights by logical calculus according to the different attributes from different users with a harvest of access control to the fine-grained encrypted data,which is safe,flexible and effective.However,because of the property of CP-ABE,the decrypt authority is shared by more than one user who owns the same property with a group of users.Once the decrypt authority leaks,it is difficult to find out the original secret-key owner through the exposed secret key;on the other hand,abnormal changes of user authority often take place in the practical application.So it is necessary to conduct real-time management of users' authority.Besides,the size of attribute set is firstly fixed in the CP-ABE.When the attribute amount exceeds the fixed limit,the system is needed to be updated or even changed.How to conduct the dynamic attribute expansion is also one research hot spot.Based on the mentioned problems above,this essay will put forward a large attribute-set CP-ABE which owns SEM(Security Mediator,SEM)and support white box tracking.Regarding the problem that it's difficult to find out the original secret-key owner by the exposed secret key,this issue adds the tracking factor c in the secret-key generating algorithm of the CP-ABE.Every user owns one unique c.Once there is a user in the system reveals the secret key,we can analyze and find out its c according to the exposed secret key.At last,the original secret-key owner will be tracked.With regard to the dynamic change of the user authority in the practical application,this article will introduce the Security Mediator and separate the decipherment algorithm into two parts.Security Mediator will decrypt a part of cipher-text.The user itself will decrypt the left part.At the same time,security mediator will maintain a removal list.Only if the user who applies for part-decrypt is not in the removal list,the decryption can be conducted.Besides,original assumption of CP-ABE in this essay dose not fix the amount of attribute,but support the large attribute set and the dynamic attribute amount.The scheme in this essay will be realized at the last part to prove its effectiveness.Also,because of introducing the security mediator,most of the decrypt calculation will be finished by the mediator.Through exponent arithmetic once,the user can get the plaintext.This will improve the efficiency dramatically. |
PDF Full Text Request