Research On Attribute-based Encryption Mechanisms With Special Access Policies

The Internet of Things(Io T)connects various items with the Internet for identification and management.It is mostly used in multi-disciplinary and multi-field cross-industry,involving intelligent transportation,public safety,industrial testing,etc.For the massive data in Io T,data owners choose to store it in the cloud server.Moreover,in order to ensure the security of data in cloud servers and support flexible sharing capabilities,the data access control mechanisms are indispensable.In cloud-assisted Io T,Ciphertext-Policy Attribute-Based Encryption(CP-ABE)uses attributedefined access policies to achieve fine-grained access control,which can not only ensure data security,but also achieve multi-user flexible data sharing.However,in general CP-ABE,attributes are assumed to be completely independent,the decryption overhead and ciphertext length are linear with the number of attributes involved,frequent key generation requests cause great computational pressure,and the attribute information in the access policy is not completely protected effectively,which will also leak the privacy information of the data owner.To solve these problems,this dissertation proposes two CP-ABE schemes with special access policies,and the specific research results are as follows:(1)To solve the problems of completely independent attributes and high computational cost in CP-ABE,we designs a weighted offline/online CP-ABE scheme with verifiable outsourcing decryption.The scheme allows users to define access structures over weighted attributes,and aggregates attributes with the same attribute name to compress the length of ciphertext.It supports offline/online key generation,which reduces the computational pressure of authorities responding to a large number of key requests.Most computing tasks are performed in the offline phase.Besides,an efficient batch verification method is designed to ensure that the cloud performs the outsourcing decryption honestly.Therefore,the user can batch verify the correctness of the decryption results with only a few operations.The security analysis and performance comparison show that the proposed scheme is CPA-secure and can better achieve weighted access control,compressed cipher length,efficient key generation and the assurance of outsourced decryption results.(2)To solve the problem that the attributes in the access policy are not fully protected,we designs a CP-ABE scheme supporting full policy hiding.The scheme removes mapping function of access structure from the ciphertext and uses bloom filter to help authorized users locate their attributes efficiently for successful decryption.Moreover,the value obtained by the unauthorized user querying the bloom filter can neither successfully decrypt nor identify the attribute name,which effectively resists dictionary attacks.The scheme adds a testing phase before decryption to check whether the user’s attributes satisfy the access structure in advance,and uses verifiable outsourcing technology to transfer most of the computing overhead during the test and decryption phases to the cloud.The security analysis and performance comparison illustrate that the scheme is CPA-secure and has high decryption efficiency while protecting policy privacy.