Distributed Service Access Control Mechanism Based On Attribute Encryption

In the current era of network,various online services are emerging constantly,and users can register,request,and obtain services through the network.The ubiquitous network allows users to access services anywhere,among which cloud services are a typical case.It provides users with various types of services such as hardware,software and applications online.With the increasing types of services,the relationship between users and service providers becomes complex.On the one hand,users can subscribe to different services from different service providers at the same time,and each service subscribed to has a time limit.On the other hand,service providers can offer a variety of different services and customize different service packages to meet different needs of users.In the case of large number of users and numerous services,users need to query,compare and select various services,and services providers will face great challenges in how to manage and control users' access to services safely and effectively.This thesis focuses the issue of network online service publishing,authorization and access control.Firstly,a hierarchical time attribute encryption scheme is designed,in which service providers can organize and publish services effectively,and flexibly authorize and control users' access to services.The scheme has the following advantages:(1)The service provider will build a service attribute tree based on the inclusion relation,which can effectively reduce the difficulty of service management and access control in the system;(2)Each node of the service attribute tree corresponds to a service package as an attribute,the service package subscribed by users is determined by the service attribute key.This hierarchical service attribute tree achieves efficient key management and distribution;(3)Introducing a time attribute,each service package subscribed to by the user is finely restricted by the time attribute key,so as to achieve efficient revocation of user rights;(4)Fog computing,a marginalized computing model,is introduced to provide service access and control for users,which reduces the delay of service access.Secondly,the above scheme is extended as a multi-attribute authority hierarchical time attribute encryption scheme to realize distributed service access control.The advantages of this scheme are as follows:(1)Supporting users to access services of multiple service providers across domains;(2)It has good scalability and supports dynamic joining and exiting of service providers;(3)Supporting the unified service publishing platform gathered by multi-service providers,through which each service provider publishes the directory of its own service attribute tree,and users can query and subscribe online through this platform,thus greatly improving the the efficiency of online service management.Finally,this thesis proves the security of the two proposed schemes under the general group model,and analyzes the performance of the proposed scheme through performance comparison and experimental simulation.