Research On Cloud Attribute-based Data Sharing Methods Supporting Fine-grained Dynamic Access Control

Based on the cloud platform,the sharing of traffic data,medical data and other data,that is,cloud data sharing,can alleviate traffic congestion and obtain medical care services.Cloud data sharing can serve people and benefit society.At present,the research on cloud data sharing mechanism for different environments is relatively extensive.Attribute-based encryption and proxy re-encryption are commonly used cryptographic techniques when designing cloud data sharing schemes,but there are still some defects in cloud data sharing schemes using these two technologies.In the cloud data sharing schemes based on weighted attribute-based encryption,the ciphertext and single-user weighted attribute private keys are too long,and the dynamic access control mechanism is not efficient enough.At the same time,access policies can be further expanded.In the cloud data sharing schemes based on conditional proxy re-encryption,they neither support adding weights to conditions nor support design conditional policies with the sum of the weights of different conditions.In addition,in order to satisfy flexible access policies,the encryption time of attribute-based encryption schemes is unacceptable for sensor devices with extremely poor computation power,which makes attribute-based encryption not widely used in cloud data sharing scenarios of the Internet of Things that rely on sensor devices to collect data.To solve the above problems,in-depth and extensive researches on the application of weighted attribute-based encryption and proxy re-encryption technology in cloud data sharing are conducted in this thesis,and the following works are carried out:1)For traditional cloud data sharing scenarios,to achieve fine-grained dynamic access control,compress the size of private keys and ciphertext,and expand access policies,a CPABE scheme supporting fine-grained attribute revocation and weight exchangeability(RWE-ABE)is constructed in this thesis and a cloud data sharing scheme based on RWE-ABE is proposed.On the one hand,this scheme converts the weight threshold value into a 0-coding set and embeds it into the ciphertext,reducing the ciphertext size.On the other hand,the attribute weight value is converted into a 1-coding set,reducing the weighted private key size of the single-user.At the same time,the cloud data sharing scheme maps the same kind of attributes to the same secret value,realizes the weight exchangeability among attributes,and expands the expressive ability of access policies.Then,based on the user list embedded into the ciphertext,the direct revocation of attributes is realized.The revocation need not update the user key,and the revocation cost caused by the change of the user list will not increase linearly.Finally,based on the EDPBDHE(Extended Decisional Parallel Bilinear Diffie-Hellman Exponent)assumption,the scheme is provably secure against the adaptive chosen ciphertext attack under the standard model.Using a provably secure attribute-based scheme to encrypt data can theoretically guarantee the security and availability of the scheme when it is used to share data in the cloud.Compared with the related weighted attribute-based encryption schemes,the proposed scheme improves much in term of the computational efficiency.It can support more access control policies.The more efficient the scheme is,the better the user experience can be provided to users in the cloud data sharing system.The proposed scheme can be applied to cloud data sharing scenarios where data collectors are devices with relatively strong computation capabilities such as smartphones and personal computers.2)For Io T cloud data sharing scenarios,to solve the problem that sensor devices cannot efficiently perform ABE encryption operations,and to design fine-grained conditional policies to control ciphertext permissions,based on the proposed RWE-ABE scheme,a cross-domain proxy re-encryption scheme with the sum of the weights as the condition(WSC-PRE)is constructed in this thesis,and a cloud data sharing scheme based on WSC-PRE is proposed.In the design of this scheme,the sensor device adopts the identity-based encryption mechanism to encrypt data,which greatly reduces the computational overhead of encryption,so that the sensor with limited computation resources can complete the encryption operation.Based on this,a client device with relatively stronger computation power can design a conditional policy according to the interval range of the sum of weights of the conditions,generate a re-encryption key that converts identity-based ciphertext into attribute-based ciphertext,and realizes finegrained access control.WSC-PRE also supports identity-based ciphertext retrieval.Users can perform keyword-based file retrieval without revealing ciphertext information,and select specified content to complete cloud data sharing.Compared with attribute-based ciphertext retrieval,the identity-based retrieval mechanism in this thesis performs higher execution efficiency.Based on the EDPBDHE assumption,the scheme is provably secure against adaptive chosen ciphertext attack under the random oracle model.Based on the DBDH(Decisional Bilinear Diffie-Hellman)assumption,the ciphertext keywords and trapdoors of the scheme can be provably secure against keyword guessing attacks under the random oracle model.Compared with related proxy re-encryption schemes,this scheme shows considerable advantages in operating efficiency and can support more complex condition policies.The proposed scheme can be applied to cloud data sharing scenario in the Internet of Things where the data collector is a device with relatively poor computation power such as a sensor.