Research On Attribute Encryption Access Control System Based On Multi-Authorization

In the widely used Internet of Things(Io T),data owners usually need to maintain one-tomany relationships and provide services for multiple users.Accordingly,effective access control is a challenging issue to be addressed.Effective access control can allow the access request of the authenticated user to the data,and reject the access request of the unauthenticated user.At the same time,the data owners need to develop and maintain the access control rules,which will promotes the development of the Ciphertext-Policy Attribute-Based Encryption(CP-ABE)System.In a single-authorization-based system,we must have absolute trust in the single authority,which increases the risk of the attacker obtaining private data.Therefore,in order to reduce the risk,the multi-authorization mechanism comes in response to this challenge.The current researches on CP-ABE are mainly about the development of access structure and the improvement of system efficiency.However,Now the mainstream secret sharing mechanism is in the form of tree and linear secret sharing scheme,but the required storage space and computational cost in these two schemes will increase with the number of attributes.The appearance of ordered binary decision diagram changes the current situation,but there is currently no fully functional multi-authorization mechanism about it.Besides,although the outsourcing decryption can help with reducing the local computing cost by offloading the complex pairing-based operations and power operations to cloud server,the existing schemes related to outsourcing decryption are not efficient enough to verify the correctness of the outsourcing decryption calculation and message.Consequently,this thesis aims at better improving the functions and the efficiency of system from the perspectives of access strategy and outsourcing.The main research contents of this thesis are summarized as follows:1.Extend the single-authorization attribute encryption system,where the access policy is an ordered binary decision diagram(OBDD).In addition,a multi-authorization CP-ABE system based on OBDD is proposed.In the process of system encryption,key generation and decryption,the computational cost is only related to the attribute set of the access policy,that is to say,as long as the attribute set is unchanged,the computational complexity will not increase as the addition of the total attribute set.Moreover,this thesis also proposed user and attribute revocation methods for this multi-authorization system,and the proposed system is capable of resisting collusion attacks and chosen plaintext attacks.2.Optimize the general multi-authorization attribute encryption system,where the access policy is the linear secret sharing scheme(LSSS).Besides,an outsourced CP-ABE system based on LSSS is proposed.Outsourcing is divided into outsourcing attribute revocation and verifiable outsourcing decryption.By means of partitioning,the ciphertext and key are divided into attribute related components and independent components to achieve the purpose of attribute revocation,and some attribute revocations are outsourced to the server to reduce the amount of computation of the attribute authentication institution at each phase of revocation.Generate the verified key of the corresponding ciphertext in the encryption phase.In the phase of outsourcing transformation ciphertext,the cloud server decrypts some ciphertext with the user's transformation key.Then,during the decryption phase,the user first verifies the correctness of the transformed ciphertext sent by the cloud server with the verified key.If it is correct,the user decrypts the transformed ciphertext with his own decryption key.At last,theoretical analysis and experimental analysis significantly prove the efficiency of the proposed system.