Research On Access Control Technology For Big Data Based On CP-ABE

With the development of network technology,the surrounding information grows in an explosive way,and constantly processing this information has become our daily work.Compared with the traditional data,the characteristics and its advantages make the application of big data appear particularly important in our daily life.However,in recent years,the security of big data and flexible access control requirements have become one of the obstacles to its development.At present,the main technology used in big data access control is the attribute Encryption mechanism(Attributed-Based Encryption,ABE),where the ciphertext policy attribute base encryption mechanism(Ciphertext-Policy Attribute-Based Encryption,CP-ABE)is widely used due to the advantages of its own flexibility.The extensive application of these technologies has some practical significance for the protection of data privacy.For some problems of the current CP-ABE based big data access control technology,this paper proposes the following two improvement schemes based on CP-ABE:A ciphertext policy attribute-based encryption scheme is proposed for high computing complexity,only single user-level revocation or single fine-grained attribute-level revocation.This paper designs five types of entities,and establishes multiple attribute authorization centers to update the attribute version key,while combining security calculation,to make security calculation between different entities and generate the user key.When fine-grained attribute cancellation is conducted,multiple attribute authorization centers send the calculation results to the cloud storage server,and the cloud storage server and the key generation center generate and update the user private key,so as to conduct fine-grained attribute cancellation.Update the list of users managed by the cloud storage server for user-level revocation.Then the multi-authorization model security analysis and anti-conspiracy attack,while the security proof based on the DBDH difficulty hypothesis under the random predictor model,when the challenger cannot break the mathematical difficulty problem,the scheme meets the security of selected plain text attack.Finally,by comparing the function and efficiency analysis with other schemes,the scheme solves the secret key hosting,resists conspiracy attack,realizes user cancellation and attribute cancellation,and reduces the system computational complexity and improves the work efficiency of the whole system.For the key hosting caused by single-attribute encryption and the higher system computing complexity caused by multi-attribute authorization,a property cancellation scheme based on homomorphic encryption is proposed.This paper designs five types of entities,and integrates the homomorphism encryption method and the security two-party computing method,as well as multiple attribute authorization centers.The cloud storage server and the key generation center conduct the security two-party protocol calculation to generate their respective independent coordinates,which they use for homomorphism encryption calculation,and finally generate their respective sub-keys,delivered to the user respectively,and the final user private key is generated by the user organization.During property revocation,the Property Authorization Center updates the property version key and sends it to the cloud storage server to update the user key.Finally,the work efficiency of the scheme is improved by attribute cancellation and data decryption and time consumption.Through the improvement of CP-ABE based big data access control technology,the security access mechanism for information in systems such as social network,transportation,medical treatment,and education is further improved,which improves the security of information access,and effectively solves some of the security problems existing in the current big data access control.