| With the advent of the era of Internet of 5G,users can rely on the edge of computing platform to handle huge amounts of data.Although the data sharing based on edge computing improves the efficiency of data collection and analysis and saves the communication overhead of data back and forth transmission,it also causes many problems of data privacy leakage because edge computing is closer to the user side.The collected data,for example,involve the position sensitive data,such as privacy,edge service providers as often as possible according to the need to access the data,which is likely to lead to data privacy,data owners lose control over the data,so to realize data sharing and interaction is a difficult work.Most of the existing schemes use data encryption to ensure privacy,but the current data access control schemes focus more on cloud computing and pay less attention to edge computing,while the encryption schemes based on cloud computing are not suitable for edge computing.With the rapid growth of the demand for safe and reliable mass data collection,how to access and manage mass data safely and efficiently under the edge computing environment has become a problem.Attribute-based encryption(ABE)solution while it is possible to realize flexible and reliable access control,but with the increase of the access strategy complexity,high cost of calculation.Therefore,in the edge computing to build a secure data access control scheme of low power consumption has become a current research hot spot.In this paper,the encryption scheme based on ciphertext-policy ABE(CP-ABE)is studied in depth,including:1.Aiming at the problem of policy updating in edge computing environment,a policy updating mechanism based on outsourcing ciphertext attribute encryption is proposed,which can dynamically update policy and reduce the computing cost of attribute encryption algorithm.Firstly,we use linear secret sharing schemes(LSSS) to construct the access policy,and realize the dynamic update of access policy by outsourcing the policy update to cloud server.Secondly,we outsource part of the complex decryption operation in the terminal device to the edge node by introducing the technology of key conversion,so as to reduce the risk of bandwidth consumption and the leakage of ciphertext transmission back and forth.In addition,we also analyze the security features of the scheme,and check the correctness of ciphertext update through the data owner.This paper gives a security proof of the indistinguishability against chosen plaintext attack(IND-CPA)under the decisional q-parallel Bilinear Diffie-Hellman Exponent(q-parallel BDHE).Finally,the experimental results show that the proposed scheme can effectively reduce the user’s computing cost during the decryption process.2.Aiming at the problem of user retraction in edge environment,a retraction mechanism based on outsourced ciphertext attribute encryption is proposed,which can realize efficient retraction of read and write operations and ensure the confidentiality of user data.Firstly,we ensure the control of the data owner by forbidding the writer to modify the access policy in the ciphertext,dividing the master secret into two different components without compromising the security of the CP-ABE scheme.Secondly,combined with attribute based signature(ABS)algorithm,an efficient undo mechanism for multiple users in edge computing environment is implemented.Finally,the security of the proposed solution is verified,and it is experimentally demonstrated that the solution can be implemented without increasing energy consumption and communication overhead or degrading performance. |
