Attribute-Based Encryption For Access Control Of Cloud Data

The secure access over distributed data storage is a classic research field. But due tothe requirements of Cloud, this field is facing a new challenge that how to preserve theprivacy of access over an un-trusted Cloud data storage. For this challenge, storingencrypted date on Cloud is a promising idea. However, on the one hand, the traditionalencryption and access control can not cooperate well to solve above challenge; on theother hand, due to the complexity and inflexibility of key management, symmetric keyencryption also not suitable for Cloud scenario. Therefore, attribute-based encryption(ABE), a novel cryptographic primitive, is found to be a useful method to solve abovechallenge.By investigating many related works on ABE, we propose an optimizedciphertext-policy attribute-based encryption (CP-ABE) scheme to reduce the number ofpublic parameters. With respect to the storage and communication cost, employing ourscheme to realize Cloud data storage is more efficient than employing the exiting CP-ABEschemes. In details, a hash function is employed to collision-free map attribute space tothe mathematic group. By this method, the number of public parameters is linear in thebinary length of the range of the hash function. Moreover, this value is much smaller thanthe original scheme, in which the number of public parameters is linear in the size ofattribute space. In addition, our scheme is provably semantic secure under the decisionalbilinear Diffie-Hellman assumption. Furthermore, we consider that CP-ABE scheme cannot directly used in practice, since it can not efficiently encrypt large file and various datatype. Therefore, we extend our CP-ABE scheme to a hybrid encryption by combining itwith a symmetric-key encryption. Moreover, the hybrid encryption enhances the securityof CP-ABE without any additional cost. Summarily, the hybrid encryption brings out thesecure and fine-grained access over Cloud data storage, and improves the efficiencycompared with the previous works.According to our proposed schemes, we construct a secure system of ABE for clouddata storage and access. From our experiments, we further verify its correctness efficiency,which is mentioned above. Our schemes achieve secure, scalable and fine-grained dataaccess control in cloud data with optimized-size public parameters and ciphertext.