| With the popularity of cloud technology,users are accustomed to storing their private data in the cloud for sharing.To protect the security and privacy of data,users store the data in an encrypted form.This poses a new challenge: how to realize that users are only allowed to access authorized data? This problem is effectively solved by Ciphertext-Policy Attribute-Based Encryption(CP-ABE).CP-ABE has flexible access control structure,so that,the data can be decrypted successfully only if the user attributes satisfy the structure.But there are still some problems with CP-ABE.For example,access control policy may leak important information,so access control policy needs to be hidden.The time required for data encryption and decryption depends on the complexity of the access structure.Therefore,implementing CP-ABE in mobile devices will put tremendous computing pressure on the device,so how to reduce the computational complexity on the mobile device is a problem that should be solved.Besides,user dynamic join or exit causes changes in user access rights,so user revocation is another tricky problem in CP-ABE.This paper mainly considers the above issues and does the following work:1.Considering the computational complexity of the encryption stage,the online/offline encryption method is utilized.The data owner uses a high-performance server to perform a large amount of computation beforehand,without knowing the plaintext and the access structure.After the data owner obtains the plaintext and attributes,he/she can quickly complete the entire encryption process through a tiny amount of computation in his/her mobile device,thereby reducing the computing burden of the mobile device in the encryption phase.Besides,the scheme uses a proxy server to decrypt data.Since the proxy server is semi-trusted,to verify the accuracy of the data decrypted by the proxy server,a short signature method is utilized to verify the accuracy of the decrypted data.Analysis results show that the scheme reduces the computational burden of mobile devices and verify the correctness of the data decrypted by the proxy server,At the same time,we hide the attributes in the access tree to avoid leaking important information from the access control policy.2.User revocation is an essential part of CP-ABE.However,existing user revocation schemes use re-encryption and key update to enforce user revocation,resulting in poor security or a large amount of computation.Therefore,it proposes a time-based user revocation CP-ABE scheme.In this scheme,each user is assigned a validity period for accessing data.Once the validity period expires,the user will not be able to access the data,thus realizing the user's time-based revocation.To prevent tampering or forging the validity period,a short signature method is used,which improves the security of the data and reduces the computational complexity of the whole algorithm effectively. |
PDF Full Text Request