Ciphertext-Policy Attribute-Based Encryption Access Control Scheme In Cloud

The rapid development of cloud computing has greatly improved people's lives.To reduce the burden of local storage,more and more users are willing to upload data to the cloud.However,outsourcing data makes users lose control of their own data,and data access will be unrestricted.Privacy leak raises users' concerns.How to implement access control,to prevent unauthorized users from obtaining private data,is the key to realizing the security of cloud data and promoting the further development of cloud computing.Ciphertext-policy attribute-based encryption(CP-ABE) is considered to be one of the most effective technologies to implement access control on the cloud data.It embeds the access control policy defined by the data owner into the ciphertext,and only the users whose attributes meet the access control policy can decrypt the ciphertext.Considering that the access control policy itself may contain sensitive information,the policy-hiding CP-ABE access control schemes are proposed.However,the existing policy-hiding CP-ABE access control schemes have the problem of low authentication efficiency.Meanwhile,some schemes also support outsourced computing to improve the efficiency of decryption,however,access control may not strictly enforced in these schemes.To solve these problems,this paper focuses on the CP-ABE access control schemes.Combining policy-hiding,outsourced computing and blockchain,the following two schemes are proposed:(1)Considering the low authentication efficiency of the existing schemes,a policy-hiding CP-ABE access control scheme with fast authentication is proposed.In this scheme,user keys are divided into proxy keys and decryption keys.The proxy keys are outsourced to the cloud to complete partial authentication.The decryption keys are kept by the users themselves to complete the final authentication and decryption.Users complete authentication with the help of the cloud service provider.Then,they can know whether they meet the corresponding access control policy with a simple calculation.Meanwhile,users can apply the intermediate results obtained in the authentication phase to the final decryption phase,which can greatly simplify the decryption operation and improve the decryption efficiency.In addition,under the premise of security,our scheme also supports efficient user and attribute revocation,which makes the system flexible.(2)To realize the secure data sharing in vehicular social networks,a self-authentication CP-ABE access control scheme based on blockchain is proposed.Considering the limited computing power of vehicular social nodes,an efficient authentication is realized by using access control policy with the form of predicate.Meanwhile,an outsourced decryption mechanism is introduced,and the partial tedious decryption process is completed by the cloud service provider.Because of the publicly verifiable and immutable features of blockchain,the problem of weak access control enforcement and data tampering can be solved.In addition,publicly data revocation is realized,which can save users' communication overhead of accessing the revoked data without their knowledge.Finally,the security analyses of the two proposed CP-ABE access control schemes are given,which prove the proposed schemes are secure.The proposed schemes are compared with several existing schemes in performance,the theoretical analyses and simulation results prove they are efficient and feasible.