Research On Access Control Scheme Based On Attribute-Based Encryption In Fog Computing

As an extension of cloud computing,fog computing reduces the communication delay and network congestion by outsourcing a large amount of computing to fog nodes at the edge of the Internet of Things.It solves the problem of cloud that the computing is too concentrated,the communication delay is high,and the calculation efficiency of the system is low.Secure storage and access control of sensitive data stored in cloud servers is the important part of the security research of fog.Access control technology of ABE links user and data through attribute set and access control policy,which solves the problem of fine-grained access that cannot be performed in data access control.Access control has been applied well in cloud.In this thesis,the attribute-based encryption access control scheme is deeply studied and applied in fog computing.It provides a secure,efficient,scalable and fine-grained data access control solution for data storage in fog computing.This thesis first proposes privacy-preserving ABE access control scheme in fog computing.In addition to encrypting the data,the scheme partially hides the access structure,and can be successfully decrypted only if the user's attributes can satisfy the hidden access structure,thus realizing the protection of privacy.By introducing the idea of outsourcing,the solution outsources part of the encryption and decryption work to the fog node.Users with limited computing capacity can complete the encryption and decryption of the shared data with only a small amount of calculation.Secondly,considering that the traditional bi-linear pairing operation based on attribute-based encryption access control scheme is computationally expensive and will occupy too much computing resources,this thesis proposes two paring-free multi-authority ABE access control scheme in fog computing,using simple scalar multiplication on elliptic curves replaces complex bilinear pairings,reducing overall computational overhead.The solution uses multiple authorities to manage attributes,which avoids the single point failure and key escrow problems in a single authority,and improves the security of the system.At the same time,the second scheme introduces the concept of weighted attribute,being provided to enhance the expression of attribute,which can not only extend the expression from binary to arbitrary state,but also reduce the complexity of access policy.