Research On Access Control Scheme Based On Attribute Encryption Mechanism In Fog Computing

Fog computing is a new computing paradigm with great research prospects.It extends the data processing ability and computing ability of cloud computing to the network edge,and meets the requirements of edge intelligent services by the fog nodes located closer to the terminal devices.However,with the frequent occurrence of Internet of things security incidents,it is very important to establish an efficient data security and privacy protection mechanism in fog computing.Attribute based encryption(ABE)technology is an effective means to ensure the security of data sharing,but in the fog environment,the computing resources of terminal devices are limited,the traditional attribute encryption mechanism encryption and decryption operation is complex,the system operation efficiency is low,and the device in fog computing has mobility,the privilege management is difficult,at the same time,the access policy in attribute encryption mechanism includes the process of user privacy data,explicit sending There is a risk of privacy leakage in the system.To solve these problems,this paper proposes an access control scheme based on attribute encryption,which supports computing outsourcing,attribute revocation and policy hiding,and realizes secure data sharing and fine-grained access control in fog computing network.The main work of this paper is as follows(1)An attribute based encryption access control scheme supporting computing outsourcing is proposed.In this scheme,a three-layer system model of "cloud fog terminal" is constructed.The fog node is located at the edge of the network and close to the terminal equipment.Because the traditional attribute based encryption technology in cloud computing is not suitable for the Internet of things devices with limited computing resources in the fog environment,this paper uses the fog node as the outsourcing agent to outsource part of the complex encryption and decryption operations to the fog node,so as to reduce the computing burden of the terminal device,make its encryption and decryption time at a constant level,and greatly improve the calculation efficiency of the system.(2)An attribute based encryption access control scheme supporting attribute revocation is proposed.In the fog environment,the location of terminal devices moves frequently,and it is difficult to manage attribute changes.Based on the outsourcing of encryption and decryption,this paper introduces the technology of attribute group key,and uses the double encryption mechanism of selectively distributing the group key in each attribute group to realize the dynamic update of the key,which meets the requirements of attribute level immediate revocation,and realizes the flexible authority management.(3)An attribute based encryption access control scheme supporting policy hiding is proposed.Data is transmitted wirelessly between IOT terminal devices and fog nodes,and the access policy in attribute encryption mechanism often contains the user's privacy information,so there is a risk of user privacy leakage in explicit transmission.To solve the problem of user privacy leakage caused by explicit sending of access policy,this paper introduces cuckoo filtering algorithm to hide the mapping function in access policy.Aiming at the problem of attribute matching and recovery in hiding strategy,a cuckoo filter matrix is designed to accurately locate the line number and related attributes.Different from the partial policy hiding scheme which only hides attribute values,this scheme can hide the whole access policy and protect the privacy of users to the maximum extent.