Research On Attribute-based Encryption System In Cloud-fog Environment

With the rapid development of cloud computing technology,huge amounts of user sensitive data are stored in cloud servers.However,its remote usage mode causes users not only to enjoy cloud server super computing services and storage services,but also to transfer the physical control rights of their own data to the cloud server.The attribute-based encryption scheme has the characteristics of "one-to-many" encryption and fine-grained access control,and has natural advantages in ensuring the security and privacy of cloud data.In systems with a large number of users,problems such as user key disclosure,key expiration and user violations occur from time to time,so it is very important to have an efficient user revocation mechanism for attribute-based encryption schemes.In the ciphertext policy attribute encryption scheme participated by the cloud server,although the introduction of the cloud server reduces the communication cost of the key update data to a constant level,however,in the user revocation phase,the cloud server needs to perform key update calculation for all legitimate users,and the amount of calculation is still positively related to the magnitude of legitimate users in the system.In addition,with the rapid development of self-driving,human-computer interaction and the Internet of everything,many real-time interactive applications have emerged.Cloud computing architecture can provide super centralized computing services,but there will be a certain delay in the process of data transmission and processing,which makes it difficult for simple cloud computing architecture to be suitable for many applications that require real-time interaction.Fog computing architecture transfers cloud computing power to the edge of the network,and applications unload computing tasks step by step along the network path,reducing the delay of data transmission and processing.However,fog nodes have limited computing power,are deployed in geographically dispersed areas and are vulnerable to attacks from internal and external adversaries.Some existing schemes use attribute-based schemes to encrypt shared sensor data to achieve fine-grained access control of sensor data,but the operation to ensure the security of continuous data streams brings heavy computing pressure to sensors and fog nodes.Based on the research of previous attribute-based encryption schemes,combining with the different characteristics and problem requirements in the cloud environment,this paper gives different solutions.The main results are as follows:(1)Based on the cloud server-aided indirect revocation scheme,this paper proposes a cloud-aided efficient revocable ciphertext policy attribute-based encryption scheme which supports robust ciphertext re-encryption in cloud environment.The scheme combines the "KUNodes" algorithm with the key update data to change the form in which the key update data exists.In each revocation stage of the system,the cloud only needs to update the key update data,but does not need to use the key update data to update the keys of all legitimate users.The key evolution technology is used to update the key in the cloud,and the cloud uses the updated key for secondary encryption of the ciphertext,so that the user who should be revoked loses the right to decrypt within the revocation reaction time.The most complicated computing in the user decryption algorithm is outsourced to the cloud,which relieves the computing pressure of the user terminal.The scheme is simulated and verified based on the Charm framework and the selective security of the scheme is proved in the standard model.The experimental and theoretical research results show that the scheme greatly reduces the amount of calculation for updating the user key in the revocation phase,and improves the revocation efficiency of the ciphertext policy attribute encryption scheme.(2)In order to alleviate the pressure of fog node computing and solve the security problem of data flow transmission in cloud-fog environment,this paper proposes a security scheduling scheme which supports permission sharing in a new cloud-fog environment.The scheme uses the symmetric encryption mechanism to achieve the secure transmission of sensor data,and uses the Blom algorithm to reduce the traffic in the symmetric key generation phase.In view of the relatively fixed network path of the data stream transmission application and the uninterrupted data transmission,this paper first uses attributes to identify the information of the node to complete the secure orchestration of the specific application-specific path.Secondly,the attribute encryption system is used to realize the fine-grained and secure sharing of application service permissions.Finally,the selective security of the privilege sharing scheme is proved under the standard model.The performance analysis results show that this scheme is suitable for terminal devices with limited computing power,and realizes finegrained access control of application service permissions.