| With the continuous development of cloud technologies,users are more willing to outsource their private data to the cloud.In this case,how to guarantee the security of the data stored in the cloud and the privacy of the users sharing the outsourced data has become a key issue to be resolved urgently.The access control scheme can limit users' access privileges according to their attributes,which guarantees the security of outsourced data to a certain extent.However,traditional access control schemes mainly focus on preventing sensitive data from being utilized by malicious users,while ignoring the requirements of the flexibility of the access structure and the anonymity of users' attributes.On the one hand,the access control scheme requires a high-precision access policy,which makes the access control structure more complicated,and brings heavy computational and time overhead to users.On the other hand,in traditional access control schemes,users need to provide personal attributes information to the attribute authority.If the attribute authority is malicious,the attribute authority may deduce the users' personal information from their attributes,which results in the leakage of user privacy information.To solve the above two problems that access structure is complicated and attributes result in the leakage of user s'privacy,the corresponding solutions are proposed in this paper,which are summarized as follows:1)Attribute ranking based access control scheme with single attribute authorityIn this paper,an attribute ranking and decryption test-based access control scheme is proposed with the help of attribute-based encryption(ABE)and decryption test.The proposed scheme aims to simplify the access structure,improve the efficiency of scheme,and initially realize the anonymity of attributes.Specifically,user's attributes are classified and ranked,which helps the attribute authority manage users' attributes more flexibly.Secondly,the access control scheme supporting attribute ranking is designed.In the proposed scheme,the data owner is allowed to encrypt their data with the minimum privilege attribute satisfying the access policy.As a result,the efficiency of the proposed scheme and the anonymity of users'attributes is ensured.Finally,decryption test is introduced to determine whether a user has permission to access the data and perform the subsequent decryption operations,which ensures the safety of the outsourced data.The theoretical and experimental analysis demonstrates that both the proposed scheme can optimize the access control structure,reduce the computational and time overhead of users,and improve the execution efficiency of the access control.2)Negative constraints-based access control scheme with multiple attribute authorityIn this paper,a multi-attribute authorities access control scheme is proposed by utilizing the technologies of oblivious transfer(OT)and attribute revocation.The proposed scheme aims to improve the expression ability of the access structure,realize the complete anonymity of attributes,and support the dynamic operations of the users.Firstly,negative constraints are introduced into the access control structure.which makes the access policy more flexibly.Secondly,multi-attribute authorities are adopted to manage the attributes jointly,which effectively overcomes the bottleneck of single-point performance.Moreover,the m-out-of-n OT is adopted to distribute the sub-decryption key in a fuzzy way.Hence,the complete anonymity of attributes is realized,and the user's privacy information is further protected.Finally,the attribute revocation is introduced to support the updating of users' attributes,where the forward secrecy and backward secrecy of the outsourced data is ensured.Theoretical and experimental analysis shows that the proposed scheme ensures the anonymity of attributes to attribute authorities,and meets the requirements of privacy information protection,without sacrificing the efficiency of the scheme. |
PDF Full Text Request