Research For The Ciphertext-policy Attribute-based Encryption In Cloud Space

With the emergence and advancement of the Internet of things and various cloud computing models,more and more users upload data to the cloud server to enjoy the convenient data backup and sharing services brought by the cloud.However,with the exponential growth of data on the cloud,how to protect the security and integrity of data on cloud is the biggest challenge in cloud computing framework.Attribute-based encryption(ABE)presented as a new public key cryptographic primitive,which can provide fine-grained access control and flexible one-to-many encryption,has become a promising solution to cloud data security problems.As a type of ABE,ciphertext policy attribute-based encryption(CP-ABE),which allows data owners to customize an attribute-based access expressions for each ciphertext to achieve flexible and precise access control,is more suitable to be used as a secure access control infrastructure in cloud environment.However,the traditional CP-ABE scheme is not suitable for deployment in all scenarios because of some limitations.Therefore,in this thesis,for different cloud scenarios,this thesis proposes three CP-ABE schemes that have specific advantages and can adapt to specific cloud applications.First,a fully constant CP-ABE(FC-CP-ABE)scheme for lightweight Io T devices has been presented,in the FC-CP-ABE,the length of the ciphertext does not change with the access structure,nor does the key change with the size of the user's attribute set,that is,the ciphertext and private keys are all constant size.In addition,in order to reduce the computational pressure of the users with Io T devices,an outsourced privacy-protective decryption algorithm has been designed for FC-CP-ABE.By outsourcing most decryption operations to the proxy cloud server,the computing burden of users will be reduced,thus saving the limited resources of the Io T devices.Besides this,the outsourcing decryption algorithm is fully privacy-protected which means in the process of partial online decryption,the proxy server will not know any information about the access structure of the ciphertext and the user's attribute set.This will greatly protects the user privacy.Second,a fully distributed Attribute-based Encryption and Authentication Scheme(FDO-ABEAuthen)for Mobile Edge Computing(MEC)has been constructed.In FDOABEAuthen scheme,not only are the attribute authoritities fully distributed,but multiple independent and isolated storage nodes are supported.Not only this,by improving the Schnorr non-interactive zero-knowledge proof(Schnorr-NI-ZKP)protocol,a timestampbased non-interactive zero-knowledge proof scheme(TB-NI-ZKP)has been proposed,which improve Schnorr-NI-ZKP protocol to resist replay attack and impersonation attack.By using the TB-NI-ZKP,an Attribute-based Authentication(ABAuthen)Scheme for the fully decentralized Attribute-based Encryption Scheme has been designed,which can effectively authenticate the sanity of the user's attributes without data storage.The ABAuthen scheme makes FDO-ABE scheme more suitable for mobile edge computing environment.In addition,in order to transfer intensive decryption computations from Io T devices to Cloudlet,an efficient outsourced decryption algorithm has been adopted to the FDO-ABEAthen scheme which allows mobile Io T users to get the data only by calculating some negligible operations.Through the security analysis and performance experiment,it can be inferred that the FDO-ABEAuthen scheme is secure and efficient.Third,in order to better solve the problem of privacy data protection in smart health and the flaw that in traditional CP-ABE,the explicit attribute values in the access policy would reveal privacy,at the same time,to improve the security and efficiency of the hidden policy CP-ABE(HP-CP-ABE)scheme,a prime order LSSS-based partially HPCP-ABE(PHP-CP-ABE)is proposed,which can fully resist Attribute Values Guessing Attacks(fr AVGA).Besides this,in order to reduce the computational burden on the user brought by the decryption testing algorithm,an online decryption testing algorithm(privacy-preserving online decryption testing,PPODT))with privacy-preserving has been designed for our fr AVGA-PHP-CP-ABE scheme.Through the rigorous security proof,we can know that this scheme(PPODT-fr AVGA-PHP-CP-ABE)can perfectly resist AVGA and has selective IND-CPA security.At the same time,through theoretical analysis and experimental verification,it can be found that under the same conditions,the scheme PPODT-fr AVGA-PHP-CP-ABE has higher security and efficiency than other HP-CP-ABE schemes.