Research On Attribute-Based Access Control Encryption Scheme For Edge Cloud Computing

Today,the rapid development of edge cloud computing is accelerating the data sharing between cloud computing platforms and mobile users.However,these data usually contain sensitive information,which is not only exposed to the risk of disclosure from semi-trusted cloud servers,but also from malicious senders in the organization.In order to solve the security problems of data,the access control encryption(ACE)was introduced to secure the data flow,which achieves secure write control and secure read control by the access control policy.It introduces the authority to check all communications between the sender and the receiver,called the sanitizer,and drop illegal ciphertexts according to the access control policy.This paper mainly explores the attribute-based access control encryption scheme(ABACE),studies a series of issues such as how to improve the security and practicability of the scheme,and proposes two attribute-based access control encryption schemes under edge cloud computing.The specific research work is as follows:(1)A secure and efficient attribute-based access control encryption scheme(PSFlow)is designed.Firstly,this paper proposes an attribute-based outsourced access control encryption scheme(AOACE)to solve the problem that the computation cost of ABACE is large in the encryption and decryption stages,and the set of user attribute needs to be strictly authenticated,which realizes data flow control,and reduces the calculation cost of the sender and receiver through the outsourcing calculation in the edge node.Then in order to further improve the computational efficiency in the sanitization phase,this paper proposes a secure and efficient attribute-based access control encryption scheme(PSFlow)for edge cloud computing based on AOACE scheme.It uses parallel computing to accelerate the sanitization process.Each edge node uses a multi-server model to perform the sanitization operation in parallel,and optimizes the sanitization efficiency in each edge server according to the shared pool built in advance.The experimental results show that PSFlow is not only secure,but also more efficient than the previous ABACE scheme in the encryption,decryption and sanitization stages.(2)A secure sender policy access control encryption scheme(SPACE)is designed.Firstly,in view of the lack of flexibility of the global policy ABACE and the lack of access control of the sent content in the traditional ABACE scheme,this paper proposes a sender policy access control encryption scheme,which introduce a sender policy that includes the content access structure and the receiver attributes.Through this policy and attribute based signature,the content awareness sanitization function is realized.Then we design a ciphertext-policy sanitizable attribute-based encryption scheme(CP-SABE),and combine the structure-preserving signature and non-interactive zero-knowledge proof system to achieve secure write control.Finally,we give the concrete construction of SPACE.In the SPACE scheme,the data creator will assign a set of content attributes to each data and sign it,and the access control policy will be embedded in the sender’s encryption key.Only when the content attribute and receiver attribute of the ciphertext meet the sender’s policy can the ciphertext be forwarded to the cloud server after sanitizing.Finally,the comparison with the existing ABACE scheme shows that SPACE is more safe and practical.