Research On Secure CP-ABE Access Control Schemes In Big Data

While creating value for people,big data brings about security problems that cannot be underestimated,and the most prominent ones are big data privacy protection and the secure sharing of data.As one of the key technologies for big data security,access control ensures that data is only accessible to users with appropriate permissions,and ciphertext-policy attribute-based encryption scheme can achieve the combination of data privacy and fine-grained access control,so it is more applicable to new computing environments and has received extensive attention.However,the existing CP-ABE access control schemes only support the data owner's access control for ordinary users.Under the big data environment,data services will become the core resource of the cloud computing platform,and the secure sharing of data requires more flexibility.Aiming at the security requirement of enterprise big data application environment,the paper designs a scheme based on CP-ABE for secure sharing of data and fine-grained access control in big data application scenarios.Firstly,for multi-level users in the big data environment,not only do they require the safe sharing of data,but also customize their own access control policies according to their needs,and proposes a secure multi-level access control scehme based on CP-ABE.The scheme introduces department users,and divides access control into two levels: data owners and department users,and they can define access control policies separately to implement more flexible,fine-grained and secure access control.The analysis results show that the scheme can reduce the direct encryption and duplicate encryption of large-scale data,and the computational overhead is decreased.At the same time,the scheme has security and confidentiality.Secondly,for the problem of flexible revocation of attributes in big data environment,the KEK tree is introduced,and an access control scheme that supports flexible revocation of attributes is proposed.This scheme uses the KEK tree to manage user groups and attribute groups.After the data is encrypted,the ciphertext is re-encrypted using the attribute group key.When the attributes and user privileges are changed,the cloud storage service provider re-encrypts the corresponding ciphertext and private key in units of different users in the same attribute set,thereby reducing the cost of privacy protection.The experiment results show that the efficiency of this scheme is better than that of the existing CP-ABE scheme and it ensures the secure access control of the data.Research shows that the multi-level access control scheme based on CP-ABE in the big data environment can implement more flexible and fine-grained access control,and the access control scheme that supports flexible attribute revocation can liberate the data owner's management burden and achieve agility and efficiency.So the proposed schemes have certain reference significance for the study of access control schemes in the big data environment.