| In recent years,the mobile Internet has reached a new peak.Along with this comes the dramatic increase in data volume,which brings new challenges to data calculation and storage..In the cloud storage environment,efficient and reliable cryptosystem is the cornerstone of data security.Attribute-Based Encryption has gradually become an essential technique for data security in cloud storage environment regarding its flexible access control features.Nonetheless,the attribute encryption schemes in cloud storage still face the following unavoidable problems and challenges:In the multi-authority attribute based encryption mechanism,the increase of the number of attributes brings a lot of computing overhead to the user side,and is not suitable for the limited resource terminal equipment.The amount of data stored in the cloud is huge,and the user has a large number of users,and the same attribute will be shared by different users.This requires that the access control scheme of the attribute based encryption mechanism under the cloud storage can protect the user's privacy and support multiple users to share the access.In the traditional attribute revocation scheme,the attribute authority,the sender and the non revocation user all have to participate in the work of the attribute revocation.Each organization should generate the update key,update the attribute key,the sender should encrypt the cipher,and the whole revocation process needs a large amount of storage and communication overhead.In order to address the above problems efficiently,this paper processed the following work based on the existing attribute encryption schemes and attribute encryption technology:Firstly,introducing the concept of “attribute group” and Key Encryption Key tree,this paper constructs a multi-authority ABE cloud storage scheme that supports attribute revocation.In this scheme,the trusted authority is in charge of the distribution of the attribute group key and the generating work of the Key Encryption Key tree.The attribute group parameters are sent to the cloud to be sent to the cloud to encrypt the ciphertext.Only the users with the corresponding attributes can decrypt the attribute group key and get the attribute group parameters,then update the private key and complete the cipher predecryption from the cloud.The attribute authority and sender do not need to participate in the work of attribute revocation when the attribute revocation is revoked,which reduces the amount of calculation of the authoritative institutions and the access users in the traditional scheme;Secondly,on the basis of a multi-authority attribute based encryption scheme,the second attribute revocation schemes are constructed.The attribute group and the Chinese remainder theorem are combined to achieve the attribute revocation,and the sender and the authority do not need to participate in the revocation work.The trusted authority chooses the random number to construct the basic formula of the Chinese remainder theorem,and redistributes the attribute group key,and does not need to regenerate and store the key encryption key tree,which reduces the calculation and storage of the trusted mechanism in the first scheme.Compared with the first scheme,users do not need to store attribute group path keys in attribute revocation process,and only need to store three decryption constants.The second scheme further reduces the users' amount of memory and computation;Thirdly,the security proofs of the two schemes in this paper are based on the problem of deterministic difficulty,and prove the anti-collusion,forward security and backward security of the scheme.Compared with the existing attribute revocation scheme in terms of function,storage and computation,simulation experiments are carried out.The analysis and experiment show that the two schemes can efficiently complete the attribute revocation task by using the trusted center and cloud service provider,and reduce the storage and calculation of the attribute authority,sender and access user. |
PDF Full Text Request