| Cloud computing has the advantages of low cost,convenient data management and access without geographical location restrictions,which can provide a new model for the transmission,storage and utilization of massive data,and thus has been widely concerned by academia and industry.Consequently,a series of cloud security problems have arisen,such as access control,search,audit and deduplication of encrypted data.Therefore,many cryptographic primitives have been proposed to serve for cloud computing,in which attribute-base encryption is considered as one of the most suitable encryption systems for cloud environment due to its ability to achieve fine-grained and non-interactive access control.Attribute-based encryption can guarantee the data confidentiality and achieve flexible data sharing in cloud storage.However,there are still some problems existing in practical applications:(1)abusing of user keys: the same decryption rights could be shared by multiple users,and thus malicious users cannot be traced when key abuse occurs;(2)dynamic changing of user rights: when user keys were lost or stolen,or after a malicious user was traced,some or all of the user access rights need to be revoked in a timely and effective manner.Moreover,the “old” data in the cloud storage needs to be updated to ensure the forward security.In view of the above problems,this paper mainly has the following two works:(1)We propose a novel updateable attribute-based encryption scheme that supports whitebox tracing and direct traitor revocation.The proposed scheme realizes the traceability by embedding a ‘‘fixed point'' into the user's key,and each user is assigned with a unique identity to achieve direct revocation.In addition,the secret exponent used to encrypt a message will be divided into two parts: one is assigned to the access policy and the other is associated with a revocation list.Then when the revocation list was changed,only a part of the ciphertext components need to be updated,which greatly simplifies the process of ciphertext update.Furthermore,compared with the existing schemes,the proposed scheme is more efficient and can achieve effective revocation and ciphertext update.Finally,based on the computational l strong Diffie-Hellman assumption and the decisional q-Bilinear Diffie-Hellman exponent assumption,the white-box traceability and selective security of the propose scheme are proved under the standard model.(2)In the research works on dynamic changing of user rights,the existing attribute-base encryption schemes can support user-level revocation,but not achieve a fine-grained attribute revocation.Moreover,after the user attribute changes occurred,there exist some schemes that can provide both attribute-level revocation and user-level revocation at the same time.However,this revocation mechanism will increase revocation redundancy and reduce revocation efficiency when a user possesses many attributes.To this end,we propose an updateable attribute-base encryption scheme that supports multi-level revocation.By utilizing the complete subtree method under the subset-cover framework,the user attributelevel revocation can be realized.Furthermore,the user-level revocation can be achieved by embedding a revocation list into the ciphertext.When the user rights in the system are changed,a more efficient and secure revocation level can be preferentially selected according to the change request,which effectively improves the revocation efficiency and reduces the redundancy of revocation.Finally,based on the decisional q-Bilinear DiffieHellman exponent assumption,the indistinguishable security of the proposed scheme is proved by using reduction argument. |
PDF Full Text Request