| Attribute based encryption has ability to achieve data security and privacy protection in cloud storage that not only protects the confidentiality of data,but also provides the characteristic of "one-to-many" encryption.In recent years,it has been paid great attention in the field of cryptography and industry.However,most existing attribute-based encryption schemes face two important security problems: data deletion verifiability and key escrow.After data is uploaded,the data owner loses direct control over the data and cannot ensure whether the data is safely deleted.If the data that should be deleted is not safely deleted,it may be collected and used by third party storage media,which results in information leakage.Therefore,it poses a great threat to the user’s data security.On the other hand,the attribute authority is responsible for generating the user secret key.Hence,the attribute authority has ability to generate the secret key of the any user and decrypt any ciphertext.If the attribute authority is corrupted,the data security will be seriously threatened.Aiming at the above problems,two attribute-based encryption schemes are proposed to solve the problems of data deletion verifiability and key escrow.The main work is summarized as follows:(1)We propose a multi-authority attribute-based encryption for assuring data deletion.In the proposed scheme,each authority is responsible for monitoring different attribute sets and generate keys for users accordingly.Each user’s key is bound to the his/her GID,which can resist collusion attacks among malicious authorities.The presented scheme associates data with attributes,makes the corresponding ciphertext unrecoverable by canceling the corresponding attributes and realizes the verifiability of data deletion by using Merkle hash tree.Based on the decisional bilinear Diffie-Hellman(BDH)assumption,the proposed scheme is proved to be secure under the selective-police model.Experimental results show that the scheme is efficient.(2)We propose a key escrow-free attribute-based encryption with user revocation.There are two security problems in existing ciphertext-policy attribute-based encryption,namely key escrow and user revocation.Based on the above problem,we first present an improved key issuing protocol.Through implementing this protocol,the key authority can not obtain the user’s secret value.Hence,it has no ability to generate a complete secret key independently,which solves the key escrow problem.To address the user revocation problem,a group manager is introduced to be responsible for updating the unrevoked user’s group secret key and generate the re-encryption key.We use re-encryption technology to re-encrypt the original ciphertext to prevent the user from decrypting the ciphertext.Based on the divisible computable Diffie-Hellman(DCDH)assumption,the designed scheme is proved secure and can resist the collusion attack between malicious users and revocation users.We use outsourced decryption technology to reduce the user’s decryption cost.Experimental analysis shows that the proposed scheme is efficient. |
PDF Full Text Request