Research And Application Of Attribute-Based Encryption Access Control Mechanism

Benefited from the rapid development of Internet technology,cloud computing services have been rapidly popularized and penetrated into all aspects of social production and life.At the same time,network security issues have become increasingly prominent,which puts forward higher requirements for data security in the network.Attribute encryption is very suitable for data protection in network because it has two characteristics of data encryption and fine-grained access control.In recent years,attributes encryption researchers have put forward many attributes encryption access control schemes,but there are still some problems,such as data protection is not secure enough,computing resources are consumed too much,storage space is occupied too much,and can not be better applied to distributed systems.Aiming at these problems,this paper studies the access control mechanism of attribute encryption,and does the following work:(1)A ciphertext policy attribute encryption scheme supporting attribute revocation is proposed.This scheme can not only revoke large-scale attribute set,but also revoke the user's attributes at the attribute level.It also has the characteristics of constant size of ciphertext and selective ciphertext security,which can further reduce the pressure of storage and bandwidth,and improve the security of access control.In this scheme,a user's attributes are revoked,and the corresponding resources can not be accessed,but it does not affect the access rights of other legitimate attributes of the user,and access privileges of other users will not be affected.Functional and experimental comparisons between this scheme and other existing attribute revocation schemes are made.The experimental results show that the computational efficiency in encryption,re-encryption and decryption has obvious advantages.(2)A ciphertext policy attribute encryption scheme based on multi-attribute centers is proposed.The scheme decentralizes attribute management,not only realizes the multiattribute centers strategy,which is suitable for deployment in distributed systems,but also resists collusion attacks from multiple servers or users.It also has two advantages: constant size of ciphertext and selective ciphertext security.In this scheme,the increase of the number of attribute centers will share the computational pressure of the original single attribute center,greatly reduce the time consumed in the initialization phase and the time consumed in the generation of private keys.When setting access thresholds,different thresholds can be set for each attribute center,which increases the flexibility of access policy.Experiments show that the more the number of attribute centers,the higher the overall performance of the system and the stronger the security.(3)Relying on the actual project,the attribute encryption access control scheme is applied to the port intelligent lighting system under cloud computing environment.The access process of the system users is more closely controlled,the symmetrical encryption and attribute encryption of the system data and the system key are carried out respectively,which solves the problems of coarse granularity,easy to break and imperfect mechanism in the process of access control and data encryption in the original system,and significantly improves the security of system data without taking up too much system resources,and achieved good application results.