Research On Attribute-based Encryption Scheme Based On Semi-trusted Cloud

With the rapid growth of cloud servers,users gradually transfer data and computing from PC to cloud servers,which vastly enhances the utilization of servers and decreases the software and hardware investment of users.However,in a semi-trusted cloud storage environment,malicious users or service providers may abuse data,so data should be encrypted first when sharing in cloud environments.In the case of multi_a-use_ar dat_wa sha_ering,the calculation amount of data owner and the storage amount of cloud memory will raise linearly as the number of users under the traditional public key encryption system.In order to reduce the supply good control over data access.The ABE can provide well control over data access,which can quite settle the problem of multi-user data sharing in cloud environments.ABE can provide a more fine-grained access control policy,and its access control permission depends on the matching relationship between the user attribute sets and the defined control policies.Most of available ABE schemes cannot realize flexible matching between user attributes and comparable attributes in policies,that is,only the"="matching of Boolean attributes can be achieved,it is impossible to match the range of">"and"<"for comparable attributes.Secondly,user permissions change and other situations often occur.A secure CP-ABE solution needs to consider the issue of user attribute revocation.At the same time,in some application scenarios,it is also required the implementation of the access policy update in the ciphertext.Therefore,this thesis takes the semi-trusted cloud environment as the application background,based on CP-ABE,and specifically focuses on the following aspects of research and improvement:(1)Aiming at the demand for fine-grained attribute revocation,in order to decrease computation cost of users and attribute authority,the thesis uses the sibling intractable function family to implement a CP-ABE revocation scheme that supports keyless escrow and decryption outsourcing.(2)This thesis realize the unified processing of common Boolean attributes and comparable range attributes in CP-ABE with the help of multi-dimensional range derivation functions,realize the comparison and matching of the two types of attributes in the user's private key and ciphertext.The calculation cost of the data owner and the storage cost of the cloud are decreased.(3)This thesis implements a flexible attribute-level policy update scheme.Firstly,the new and old access policies are compared,three subsets related to the access matrix row index are generated,the policy update keys are generated for the attributes in the three subsets,and the relevant ciphertexts are updated respectively.The thesis also drags in the proxy re-encryption,the proxy server is used for ciphertext update and outsourcing decryption to reduce the calculation of users,while ensuring the security of plaintext data and user's private key in a semi-trusted cloud environment.