Research On Attribute Based Encryption Suitable For Both Fog And Cloud Computing Environments

The development of cloud computing and fog computing brings great convenience to people’s production and life.However,with the massive amount of data gathered into the network,the security of data in fog and cloud computing environments faces great threats and challenges.In order to address these security threats and challenges,effective encryption processing of data needs to be implemented.Given that data encryption algorithms in fog and cloud computing environments are different from conventional encryption algorithms,fine-grained data encryption and access control for different data contents and different user levels need to be achieved.Therefore,it is of great importance to realize fine-grained data encryption and access control in fog and cloud computing environments.Attribute based encryption(ABE)can achieve finegrained data encryption and data access control.However,on the one hand,current ABE algorithms cannot be applied in both fog and cloud mixed environments.On the other hand,current ABE algorithms are not yet able to achieve fine-grained data encryption while being resistant to quantum computing attacks.In order to solve the above theoretical and technical problems,this thesis faces the fog and cloud mixed environments,then proposes three fine-grained data encryption and data sharing schemes.The main contributions of this thesis are as follows.Firstly,we propose a novel data sharing scheme in fog and cloud computing environments(NDSS-FC).Our NDSS-FC scheme enables fine-grained data access control in fog and cloud computing environments,to guarantee secure attribute revocation,dynamic user management,as well as collusion attack resistance.In the NDSS-FC scheme,we integrate the traditional cloud computing with the promising fog computing,build a new analogous CP-ABE structure,classify data owners and users into two types,which are devices with moderate storage and computation resources and devices with constraint storage and computation resources,and design fog nodes to provide outsourced decryption services for devices with constrained storage and computation resources.We design the one-way function tree(OFT)technique,and seamlessly merge the OFT technique with the new analogous CP-ABE structure to realize secure attribute revocation.We construct a polynomial to distribute the version key embedded in both the ciphertext and user’s secret key to dynamically manage users.We uniquely assign a random number to each user,and embed this unique random number into user’s secret key to resist collusion attacks.Secondly,we propose a lattice based fine-grained data access control and sharing scheme in fog and cloud computing environments(LB-DACSS).Our LB-DACSS scheme enables finegrained data access control in fog and cloud computing environments as well as resisting quantum computing attack,to guarantee secure attribute revocation and collusion attack resistance.In the LB-DACSS scheme,we integrate the traditional cloud computing with the promising fog computing,combine lattice based cryptography(LBC)with the new analogous CP-ABE structure,classify data owners and users into two types,and design fog nodes to provide outsourced decryption services for devices with constrained storage and computation resources.We dynamically update and distribute relevant components associated with the revoked attribute in the ciphertext and secret key to ensure secure and efficient attribute revocation.We uniquely assign a random number to each user,and embed this unique random number into user’s secret key to resist collusion attacks.Finally,we propose a multi-authority threshold attribute based encryption scheme from RLWE in fog and cloud computing environments(MAT-ABE-FC).Our MAT-ABE-FC scheme enables fine-grained data access control in fog and cloud computing environments as well as resisting quantum computing attack,to guarantee secure attribute revocation and support multiauthority.In the MAT-ABE-FC scheme,we integrate the traditional cloud computing with the promising fog computing,combine LBC with the new analogous multi-authority CP-ABE structure,classify data owners and users into two types,and design fog nodes to provide outsourced decryption services for devices with constrained storage and computation resources.We dynamically update and distribute relevant components associated with the revoked attribute in the ciphertext and secret key to ensure secure and efficient attribute revocation.We apply the hierarchical Extended Shamir Secret Sharing Scheme to hide the master secret key,and substitute the global and unique key generation center for multiple attribute authorities to support multi-authority.