Research Of Key Update Mechanism Based On Multi-authority

Due to distributed property and security,attribute-based encryption(ABE)is ideally suitable for applying to the complex network environment.However,it is necessary to solve the following problems when ABE applied to real life at the present stage: multi-authority,revocation,constant size ciphertexts(including collusion resistance,data confidentiality,forward and backward security).To solve the above problems,this dissertation proposes the key update mechanism based on multi-authority.The mechanism realizes the hierarchical multi-authority structure.The first layer is the central authority(CA),which is responsible for the system initialization and generates the public key and the master private key.There are two authorities on second layer,CA_A and CA_U.CA_A is responsible for the management of attribute authorities(AA),while CA_U is responsible for the management of users and encrypted documents.At the third layer,attribute authorities is responsible for generating public key and master key for the the attributes which are managed,and generating the private key for users.The proposed mechanism provides a fine-grained revocation scheme.When a user is revoked,CA_U updates user list,and then CA_U informs other parts of the system.When an attribute of system is revoked,the relevant AA generates the corresponding updating parameter of secret key ciphertext,and then it sends updating parameter of secret key to users and sends updating parameters of ciphertext to relevant cloud server.CA_A updates the relevant list.At the same time,CA_U is responsible for revoking the attribute that the user holds and updating the user list and the file list.When an attribute of user is revoked,CA_U directly revokes the attribute held by users and updates user list.At the same time,AA firstly sends updated parameter to the user whose attribute is revoked,and secondly generates new updating parameter and sends them to other users for updating secret key who have the corresponding attribute.Finally,AA generates the corresponding ciphertext updating parameters to cloud sever.When a document is revoked,CA_U deletes the file in the file list.The user can't access the relevant encrypted file.The proposed mechanism achieves a constant size ciphertexts,reduces the computation overhead effectively and improves the efficiency of the system.What's more,compared with other mechanisms about the security proof and performance in this dissertation,we proved that our mechanism ensures the confidentiality of outsourcing data and collusion resistance with achieving forward and backward security during the revocation events.At the end of this dissertation,the main function modules are realized in the mobile document security management prototype system based on attribute encryption.And the dissertation proves that the improved mechanism is practical.