| With the rapid development and application of cloud storage technology,users tend to store their data remotely in the cloud to storage space.Although cloud storage is efficient and convenient,how to ensure the confidentiality and integrity of data in cloud storage remains to be solved.Some users use data encryption storage technology to protect the confidentiality of cloud storage data,but it cannot solve the problem of fine-grained access control in cloud storage.Ciphertext-policy attribute-based encryption(CP-ABE)is considered as an effective cryptographic approach to prevent the untrusted cloud serves from leaking private data and achieve fine-grained access control.In the CP-ABE schemes,the data owners make access policy to restrict the users with specific attributes to decrypt the shared data.However in the CP-ABE schemes,the access policy is sent along with a ciphertext explicitly,and anyone who obtains a ciphertext can know the access policy associated with the ciphertext.However in some cases with high sensitivity requirements,the schemes are not applicable.Therefore the paper mainly focuses on the hidden access policy CP-ABE scheme and achieves the following results.First of all,the research results of CP-ABE with hidden access was analyzed.According to different access structures,these schemes are divided into three categories,which are based on AND gate structure,tree access structure and Linear Secret Sharing Scheme(LSSS)structure.Among the three access structures,the AND gate structure is simple,but its expressiveness is weaker.The tree access structure and LSSS owns stronger expressiveness,but the schemes based them are complex.The paper mainly researches the CP-ABE based on the tree access structure and LSSS structure.Secondly,an efficient file hierarchy hidden policy attribute-based encryption scheme is proposed in cloud storage based on the special tress access structure.The scheme can achieve encrypt multiple files with hierarchical structure at one time.At the same time,the central authorization organization and attribute authorization organizations are used to generate secret key.This approach can solve the problem of secret key security if the single authorization center broken.Finally the proposed scheme is proved to be secure under DBDH assumption.The theoretical analysis shows that the proposed scheme is highly efficient in terms of encryption and decryption.The scheme also can resist conspiracy attack.Thirdly,an efficient hidden policy attribute-based encryption scheme is proposed based on the LSSS access structure.In the current research results on hidden policy CP-ABE,many of the existing policy-hidden schemes are based on the bilinear group of composite order.It is well known that the performance of bilinear group with composite order is worse than the prime order.So the scheme is constructed based on the prime order bilinear group to achieve partially policy hidden.At the same time,the outsourcing decryption technology is introduced in the scheme,namely,partial decryption operation relies on the cloud which can relieve the decryption pressure of the user.Finally the proposed scheme is proved to be secure under q-parallel BDHE assumption and the theoretical analysis shows that the proposed scheme is highly efficient.Finally,the electronic file system based on cloud storage is built.In order to ensure the security of the electronic file of cloud storage,the system used symmetric encryption algorithm and attribute-based encryption algorithm to ensure the security of the file.SM4 is used to encrypt the file and CP-ABE is used to encrypt the file’s key which can achieve finegained access control.By running the local plug-in,the system uses SM3 algorithm to calculate the hash value of the user attributes and the corresponding access policy of the file,and then transmits the hash value to the cloud,so that user in the system can only browse the encrypted file that he can decrypt.After a series of tests,the system can achieve these functions. |
PDF Full Text Request