Research On Key Delegation Of Attribute-based Encryption

Permission delegation is an important research issue in access control.It allows a user to delegate some of his permissions to others to reduce his workload or enables others to complete some tasks on his behalf when he is unavailable to do so.As an ideal access control scheme for read permission of outsourced data objects on cloud storage,Ciphertext-Policy Attribute-Based Encryption(CP-ABE)has attracted much attention.The traditional CP-ABE scheme deals with the delegation of read permission by delegating the user's private key to other users,which lacks further consideration of the granularity and traceability of permission delegation.If the delegation key is leaked between different users,the identity of the user who leaked the delegation key cannot be determined.Therefore,a CP-ABE key delegation scheme is presented in our paper.The main work is as follows:1.In view of the above shortcomings of the existing schemes,this paper proposes a flexible,fine-grained CP-ABE key delegation scheme that supports white-box traceability.The data user acts as the delegator and the Key Generation Center(KGC)to complete the key delegation.According to the access structure of the data object to which the delegator is trying to delegate the read permission,the minimal attribute sets is calculated.Then,according to the minimum decryption ability principle,the minimal attribute set that meets the access requirements is selected to construct the delegation key.Secondly,KGC embeds the delegatee's identity into the key to trace the delegation key.The delegation key is built with a minimal attribute set,so the scheme has fine-grained characteristics and supports multi-step monotonic delegation.The key contains the user's identity,which makes the scheme have traceable and anti-collision features and can prevent key delegation abuse.On the premise of ensuring data security,the delegator can share the heavy key generation task of KGC,which makes the system more efficient.2.This scheme is compared with existing CP-ABE key delegation schemes in regard to performance,calculation cost and storage cost.A small-scale experiment is carried to verify this scheme's feasibility and the generation time of the delegation key is shorter than that of the original key.