Research On Attribute-based Encryption Scheme With Keyword Search In Software Defined Networks

Software-defined network is one of the most popular and promising technologies in the current network field,and its advantages are beyond the traditional network.However,most of the current research work focuses on the rule distribution and resource scheduling of SDN,but little attention is paid to the security of SDN itself.How the SDN controller ensures that sensitive information can only be provided to authorized users,while ensuring efficient information sharing,is a core issue that cannot be avoided in current SDN research.This paper combines attribute-based encryption mechanism with keyword search with the SDN architecture,and proposes an SDN encryption layered architecture that supports access control and ciphertext search.According to different application scenarios in software defined network and the characteristics of KP-ABE and CP-ABE,a key policy attribute-based encryption scheme with keyword search and a ciphertext policy attribute-based encryption scheme with keyword search are proposed.In the key policy attribute-based encryption scheme with keyword search,if a data user wants to access certain information in other domains,he first sends the owned attribute set to the domain authority of the domain in which the domain authority checks whether the user's attributes are legitimate.If they are legitimate,the domain authority assigns a specific access structure to him to specify the type of information he can access,and then generate the private key for him.In the ciphertext policy attribute-based encryption scheme with keyword search,the access structure is formulated by the data owner to specify the requirements that the data users who want to obtain the information must meet in terms of attributes.Then,the data user calculates the trapdoor by the keywords of the information and the private key he owns,and sends it to the SDN controller.Finally,the SDN controller determines whether to return the corresponding ciphertext by performing related calculations on the index and the trapdoor.The two schemes proposed in this paper realize inner-domain information sharing and fine-grained access control,and provide users with ciphertext search function to ensure that users can not access unauthorized information or illegal network resources.They ensure the security of ciphertext,save network bandwidth and local resources,and improve the scalability and flexibility of access control in SDN.It is proved that the two schemes proposed in this paper have good performance through the proof and analysis in many aspects.