Research On Attribute Revocation Based On CP-ABE Encryption

With the rapid development of information age,new technologies such as Big Data,Internet of Things(IoT),cloud computing have been applied to medical,military and scientific research fields.People put more information and data on the server to realize sharing and accessibility.Although this provides various conveniences and data information support for people's life and work,it also brings about the security of information and data.With the demand for information security,attribute-based encryption technology emerges as the times require.Attribute-based encryption is an extension and extension of identity-based encryption.It was first identified by user identity,and then developed to identify by user attributes and attribute sets.Most access control structures are user's attribute sets to achieve access control for data applicants.In attribute-based encryption mechanism,the cost of revocation and change of attributes is large.It is of great practical significance to use attributes to encrypt better and reduce the computational cost of system in attribute revocation.The contributions of this paper are mainly reflected in the following two aspects:(1)Aiming at the problem of high cost of attribute revocation in CP-ABE,based on the indirect attribute revocation scheme of CP-ABE,an indirect attribute revocation scheme,IRAM(Indirect Attribute Revocation Scheme for Reducing the Number of Attribute Matching),is proposed to reduce the number of attribute matches.IRAM reduces the number of matches between user attributes and nodes in the control tree by deleting the leaf nodes of the tree that are not in the user attributes set,and then deleting the parent nodes whose number is less than the threshold value.To reduce the number of exponential operations,only one recursion can be done.At the same time,in order to ensure the fine granularity of attribute revocation in IRAM scheme,we introduce the third party organization and version number.When the number of attributes is large and revocation occurs frequently,we update the key of attributes that have not been revoked according to the different version numbers of user attributes,so that users who have not revoked attributes can use the latest key to decrypt the ciphertext,so as to obtain finer-grained attributes.Sex revocation.Through theoretical analysis and experiments,it is proved that IRAM scheme can reduce system overhead better under the condition of ensuring fine-grained attribute revocation.(2)On the basis of IRAM scheme,a CP-ABE scheme for multi-authorization agencies supporting fine-grained revocation of user attributes is proposed.This scheme adds version numbers for user attributes and keys(composed of authorized agency ID and version number,different from IRAM version number),and introduces multi-CA and multi-AA institutions to achieve fine-grained attribute revocation under multi-authorized agencies.The scheme implements encryption operation in two phases of authorization center and authorization agency disposition,so as to avoid the leakage of ciphertext information after a single CA authorization center and A A attribute agency are broken.Finally,the security proof is given,which proves that the original security of the scheme is guaranteed when the fine-grained attribute revocation is realized.