Research On Attribute Based Encryption Distributed Access Control Mechanism

With the development and popularization of cloud computing in the Internet,the amount of data stored on untrusted cloud servers is increasing,and users' data security is facing great challenges.How to ensure that the privacy information on the cloud server can be shared between users and only be accessed by authorized users is an important security problem to be solved.The attribute-based encryption mechanism that can implement fine-grained access control is an effective solution.However,the large computation cost of the attribute-based encryption mechanism in the multi-user environment and the issue of massive user key distribution and management limit the practical application of the attribute-based encryption mechanism.In order to meet the requirements of efficient,secure and scalable distributed authorization access control,this thesis first improves the existing solutions and uses a method of outsource decryption to propose a multi-authority distributed authorization access control scheme.The advantages of the scheme are:(1)Each attribute authority in the system is independent of each other and can dynamically join and withdraw from the system.Besides,each AA can support an efficient revocation process.(2)By using key separation technology,no entity in the system can decrypt ciphertext alone.(3)It is applicable to fog computing model.The mediator can act as a fog node and per-decryption on ciphertext to meet the data access requirements of lightweight users.Secondly,the first proposed solution is extended to use hierarchical relationships between attributes.By layering the attributes in the attribute tree of the attribute authority management,the upper user can delegate the key to the lower user.A distributed fine-grained access control with controlled delegation is designed.In addition to the advantages of the first scheme,the scheme also has the following characteristics:(1)By using the hierarchical management of attributes,the difficulty of key management is reduced.(2)Under a distributed access control environment,a controlled key delegation method is implemented to prevent the misuse of the key delegation between users.Finally,the thesis gives that both schemes give security definitions and prove the security of the scheme under the general group model.In addition,performance analysis shows the efficiency and feasibility of the proposed schemes.