Research On Secure Data Sharing In Cloud Based On Extendable And Punctural Attribute-based Encryption

Nowadays,cloud computing is considered to be an effective tool to enable data sharing among different users due to its scalability,budget saving and convenient access,and can significantly improve production efficiency.Based on cloud computing technology,the cloud computing platform can process tens of millions or even hundreds of millions of information within a few seconds,and this information will be provided to users and manufacturers via the Internet,so that users with limited resources can manage software and maintain hardware.The rapid development of cloud computing has prompted the emergence of various cloud computing-based application scenarios.Typical application scenarios based on cloud computing include data collaboration and group messaging distribution.In a typical collaboration scenario,data owner outsources the data to cloud platform,and users can access and share the data.In consideration of the semi-trusted cloud platform,attribute-based encryption(ABE)has been utilized to guarantee data confidentiality and fine-grained access control.However,how to allow the collaborated data to be accessed only by authorized users correctly under flexible and dynamic access policy is a challenging problem.In addition,cloud computing platforms have also been widely used for message distribution between users and Internet of things(IoT)devices,and Cloud IoT has emerged.With the help of Cloud IoT,mobile users can regularly remotely control their smart devices.Group messaging services have become indispensable for communications in the IoT cloud.Currently,ABE has been used to protect the confidentiality of messages in the cloud IoT due to its fine-grained access control features.However,only achieving confidentiality is not enough,as IoT devices are vulnerable to attacks,so that authenticity and forward secrecy of the sender are particularly important for group messaging.Data security and privacy in messaging services are also one of the most concerned issues for users.For the security issues mentioned above,we analyzes the two main concerns and provides solutions based on a large number of relevant basic research:1)A cloud data security sharing scheme based on extendable attribute encryption is proposed.This scheme implements extendable access control and enhanced integrity checking in cloud computing.We first introduce an efficient policy extending framework with ciphertext-policy ABE,which allows users who satisfy the current access policy to customize new access policies and add them to current policies in a non-restrictive or restrictive way.At the same time,we achieve integrity checking against the malicious users with equality test algorithm,so that it can be ensured that the added access policy comes from an authorized user.In order to improve the model,we further provide a dynamic public auditing protocol based on rank-based Merkle Hash Tree,which permits users to verify the ciphertext integrity before decryption and supports efficient integrity tag updating for ciphertext updating operations in the policy extending phase.The security analysis and experimental results indicate that our scheme is secure and efficient for data collaboration scenario in cloud computing.2)A cloud data security sharing scheme based on puncturable dual-policy ABE is proposed.We first propose a puncturable dual-policy ABE(Pt-DP-ABE)scheme in which both senders and receivers are allowed to specify their policies,and legitimate users can puncture the private key to revoke the decryption ability of the key marked by the selected tag.On this basis,we further take into account the property of "authenticate the sender’s identity",with the aid of a non-interactive zero-knowledge proof system,design and implement attribute-based authenticated group message delivery(AB-AGMD)scheme in cloud IoT,which can protect the confidentiality and authenticity of group messages,and also ensures forward secrecy.Finally,we prove the security of AB-AGMD,and implement the experimental system to show that it is practical for secure group message delivery in cloud IoT.