| The centralized cloud computing model cannot meet the storage and calculation requirements of the massive data generated by the Internet of Things terminal devices.Therefore,research scholars propose that edge computing complements cloud computing.However,the data generated by terminal devices near the edge of the network may be very sensitive,so how to ensure data security is also one of the challenges facing edge computing.The attribute-based encryption mechanism is favored by scholars because it can flexibly implement fine-grained access control.Applying the attribute-based encryption mechanism to edge computing can ensure the security of sensitive data.However,there are still many problems,including a single point of bottleneck caused by a single authority;time and location-sensitive data are not considered;access restrictions caused by a single trust domain;and bilinear mapping technology based on attribute encryption will cause heavy calculation overhead,which results in attribute-based encryption mechanisms that cannot be directly applied to terminal devices with limited resources.This article is based on the above questions,the specific work content is as follows:(1)The attribute-based encryption scheme under the centralized cloud computing model only considers general attributes such as occupation,age,etc.In some practical application scenarios,data access control also needs to consider dynamic attributes(time and location).Therefore,this paper proposes a Time and Location Multi-authority Outsourcing Attribute-Based Encryption(TLMO-ABE)scheme that supports time and location.In addition to the general attributes of data users,the scheme also considers the problem of access time and location constraints,combining time domain information and location domain information into attribute encryption algorithms,allows data users to access within the time range and location range set by the data owner,enabling data users to fine-grained and personalized access according to its own attributes;multiple attribute authorization agencies are used to manage attributes at the same time,and the private keys of data users are jointly generated and distributed by these attribute authorization agencies,solving the performance bottleneck of a single authorized institution;Aiming at the limitation of mobile terminal resources in edge computing,most of the decryption operations are outsourced to edge nodes,reducing the burden on mobile terminalequipment.The results of this analysis show that this solution achieves finer-grained access control with access time and location constraints outside the conventional attributes with lower overhead in the edge computing environment,and effectively guarantees data security.(2)By introducing and improving the HABE scheme,a cross-domain multi-authority outsourcing attribute-based encryption scheme(CDMO-ABE)is constructed,which enables data users to not only access data in the domain and can access data in foreign domains.This solution uses a hierarchical architecture within the domain,that is,the DCA manages multiple attribute authorities in each domain,and each attribute authority manages multiple disjoint users and attributes;a distributed structure is used between domains.When users in this domain want to access data stored in the cloud by users in foreign domains,they need to submit access requests layer by layer,and then establish a secure connection with the DCA,and then the attribute authority of the foreign domain generates the user attribute private key and then the DCA returns to the requesting domain user to implement cross-domain data access.Secondly,this solution also outsources most decryption calculations to edge nodes,reducing the burden on mobile terminal devices. |
PDF Full Text Request