Research On Privacy-Preserving Attribute-Based Authentication

With the rise of new network forms and network services such as Internet of things,big data and cloud computing,users gradually begin to use cloud servers for data storage and data sharing.The security,efficiency and application of the traditional public key encryption system represented by identity-based authentication can not meet the needs of secure multi-party authentication.In order to solve the above problems,attribute-based authentication system were proposed.Attribute-based authentication systems regard user identity as a collection of attributes.In authentication,users can control to release different attribute subsets according to different authentication objects,so attribute-based authentication has strong flexibility.Attribute-based authentication can not expose the user's real identity,has certain privacy protection,and can authenticate the legitimacy of the receiver at the same time.An attribute-based authentication system also supports one to many communication,so it has been widely used in the fields of encryption and digital signature.An access control encryption(ACE)scheme divides users and information into different levels.There are two rules for users to read and write information: 1.No Readup Rules: a user can not read the information with higher security level,but can only read the information with the same or lower security level;2.No Write-down Rules: a user can not write information with lower security level,but can only write information with the same or higher security level.Existing schemes have the following problems:1.the communication cost is linear with the number of receivers;2.unauthorized senders can also send messages to receivers.To solve the above problems,this paper proposes an attribute-based information flow control scheme by introducing attributed-based authentication to ACE.This scheme not only provides the features of ACE,but also has the following features: 1.prior to sending a message to a receiver,the sender needs to be authorized;2.using attribute-based systems,this scheme can implement flexible information flow control strategy and enable users to control release their attributes;3.the communication cost is linear with the number of required attributes;4.the receiver can outsource the decryption operations to a server to reduce the computation cost,while still ensuring data confidentiality.