Research On Access Control Scheme With Attribute-based Encryption

The development of cloud computing and various other latest computing technologies have promoted the wide acceptance of data sharing.In the public network environment,data can be accessed by anyone who is interested,and this may result leakage of private information.The access control scheme using attribute-based encryption can protect data privacy and provide fine-grained access control.In this thesis,we analyze attribute-based encryptions in the current environment and present their limitations.Our findings include: 1)the access policy may contain hidden attributes;2)some authorities may be dishonest;and 3)users normally have limited computing power.We then optimize and improve the existing schemes by making the attribute-based encryption schemes more adaptable and robust in the existing environment.Our thesis has delivered the following contributions:(1)A new ciphertext-policy attribute-based encryption(CP-ABE)scheme with hidden policies is proposed.It has employed verifiable outsourced decryption for privacy protection of access policy.Bloom Filter is used to protect the attribute information of the access policy in the ciphertext as well as the sets of attributes in the key.During the decryption process,the cloud server uses the bloom filter to restore the access map for the authorized users,and it realizes the outsourcing decryption while hiding the access policy.In addition,in order to verify the correctness of decryption of the cloud server,the scheme introduces verifiable outsourcing decryption to improve the security of the system.The scheme satisfies the chosen plaintext attack security under the assumption.Compared with related existing schemes,our proposed CP-ABE scheme requires only a little computational overhead during the transformation of the access policy,and it enjoys better efficiency in the decryption.(2)A robust and distributed CP-ABE scheme is proposed so that not only the trust on a single authority can be removed but also the dishonest authorities can be identified.The goals of authority recovery,user revocation and verifiable outsourcing decryption can be achieved in the proposed scheme.The verifiable secret sharing technology is used to guarantee the correctness of the output even if there exists some dishonest authorities.And we employ a cloud server to assist user revocation,use online/offline encryption and outsourcing decryption to reduce users' computing costs,which improves the efficiency of the system.The scheme satisfies the chosen plaintext attack security under the assumption.In the proposed scheme,the robustness and efficiency in the encryption and decryption process are higher compared with the related schemes.