CN102916954A - Attribute-based encryption cloud computing safety access control method - Google Patents

Abstract

The invention provides an ABE (Attribute-Based Encryption) cloud computing safety access control method, mainly aiming to solve the problems of safety and privacy protection of a cloud computing access control structure. The invention aims to provides a CP-ABE-based brand-new framework MAH-ABE (multiple and hierarchical attribute-based encryption) access control model which is a hierarchic domain-division multi-authority ABE safety framework-MAH-ABE. According to the framework, the attributes are differentiated as private domain and public domain, and the attributes of the public domain are divided as the levels of the authorities, and the authorities with different rights master different attribute key distribution mechanisms, thereby greatly reducing workload of the single authority, improving the user data privacy protection; and in addition, the characteristics of high efficiency, flexibility and fine grit are achieved.

Description

A kind of cloud computing safety access control method based on encryption attribute

Technical field

The present invention is a kind of security solution of cloud computing environment.Be mainly used in solving fail safe and the Privacy Safeguarding problem of cloud computing access control structure, belong to cloud computing safe practice field.

Background technology

Cloud computing be based upon virtual, a kind of brand-new computing architecture that parallel distributed is calculated.In recent years, cloud computing upgraded to one of IT industry with strongest influence power the most effective, and many enterprises are transplanted to a large number of services the cloud service center one after another.On the one hand, the user no longer needs to invest a large amount of software and hardware facilities and employs the software talent to safeguard these facilities, thereby has saved infrastructure construction expense and human cost.On the other hand, cloud computing is paid according to user's demand for services according to lower price, and very high flexibility and convenience are arranged.

The outsourcing stores service pattern of cloud storage has caused the existence of superuser, and they have the ability of unauthorized access user data, easily cause data message and privacy leakage etc. to internal attack problem.Fail safe is one of widely used key factor of restriction cloud computing technology, and the safety problem of therefore studying under the cloud computing environment is significant.The research of access control model is a large focus that solves safety issue.

Three large subject matters of access control model are: the division of (1) faith mechanism.(2) foundation of access control control tree.(3) the fine-grained division of calling party.The method in past has certain defective and deficiency in the realization of these three problems.Present most of researcher only has large quantity research to Second Problem, such as key policy attribute encipherment scheme KP-ABE (key-policy attribute-based encryption) and ciphertext policy attribute encipherment scheme CP-ABE (ciphertext-policy attribute-based encryption), (1) and the research of (3) individual problem also be in the elementary step.And one improve and also practical access control system to only depend on single trust authority and single customer group be far from being enough, can bring various fail safes and privacy problem.The existence of these problems has brought certain difficulty to the popularization of cloud computing.

Summary of the invention

Technical problem: the purpose of this invention is on the basis of CP-ABE, a kind of brand-new framework MAH-ABE (Multiple and Hierarchical attribute based encryption) access control model is proposed, solve fail safe and privacy problem in the cloud computing access control system, the invention provides a kind of cloud computing safety access control method based on encryption attribute, reach efficient, flexibly, fine-grained characteristics.

Technical scheme: the present invention proposes the ABE security framework of the gradational minute many trust authority in field of a kind of tool-MAH-ABE. framework and not only distinguishes attribute according to private domain and public sphere; and the attribute of public sphere divided according to the grade of trust authority; make the trust authority of different rights administer different attribute key distribution mechanism; greatly reduce the workload of single trust authority, improved simultaneously user's data-privacy protectiveness.

Bilinear Pairing is one of instrument very crucial when designing the ABE encipherment scheme.The theorem of given first Bilinear Pairing: choosing two rank is the group G of a large prime number p ₁And G ₂But, the bilinear map e:G of an effectively computable of definition ₁* G ₁→ G ₂, this mapping must be satisfied:

(a) bilinearity: a mapping e:G ₁* G ₁→ G ₂Has bilinearity, as e (g ^a, h ^b)=e (g, h) ^Ab, for all g, h ∈ G ₁With all a, b ∈ Z _p

(b) non-degeneracy: have g, h ∈ G ₁, so that e (g, h) ≠ 1.Namely can not be with all G ₁* G ₁Element all be mapped to G ₂In certain identical element.

One, architecture

Fig. 1 has provided the system model figure of MAH-ABE, mainly is comprised of following main body, and cloud service provides end (a cloud service provider) to be called for short CSP, a first order trust authority, a plurality of regional trust authority, data subject and data user.CSP provides the cloud stores service, and data subject will be encrypted good data and is stored in high in the clouds, shares for the data user.In order to obtain the high in the clouds data, the data user downloads their needed encrypt file and is decrypted from high in the clouds.Compare with traditional access control structure, this structure has mainly been revised 5 parts: transform the setting of node in foundation (5) the access control tree of the multi-field access control tree of layering (3) public sphere of division (2) attribute structure of (1) grade trust authority and private domain's customer group classification (4).Having revised these parts, is very little to the increase based on the expense of encryption attribute model, but is very large to the efficient and fine-grained raising of whole access control structure, and Security of the system and privacy are not impaired.

Below we provide the explanation of several concrete parts:

Public sphere and private domain: divided two kinds of fields among the present invention, public sphere (PUD) and private domain (PRD).PRD mainly has the user of special access right towards a part, such as the household of data main body, and Personal Assistant etc., when main body was agreed to authorize, this types of populations not only can have the reading authority, also the authorities such as management document, revised file can be arranged.The characteristics in this field are that the user is few, and the property set small scale is easy to management, and PUD is mainly towards the overall situation user, such as the employee of group company, and the client of health insurance company, because customer volume is huge, the attribute number is various, needs fine-grained attribute assignment mechanism.And the data owner does not need to know specifically which user is in the PUD environment.

The encryption key distribution mode: in the PRD environment, because the user is few, the attribute small scale adopts CP ABE access control scheme to get final product.User agent can be entrusted trust authority distribution and managing keys, perhaps oneself in person participates in distribution and the management of key.The attribute that user among the PRD obtains is called data attribute (data attribute), and it is the categorical attribute of file.Each file sticks data attribute, such as blog_file, and photo_file etc.So the number of the size of user key and the data attribute of acquisition is linear.And in the PUD environment, because customer volume is huge, the attribute number is various, therefore we adopt gradational regional trust authority (the domain authority of tool, DA) come the leading subscriber attribute, different DA has the authority of different sizes, and each DA forms the gradational mechanism of tool by his father's trust authority mandate administration.User among the PUD has role attribute (role attribute, RA), and each DA is responsible for distributing and manage the user's that it administers private key.In the PUD field, the user does not need to know which user has access rights when encrypting upload file, only needs regulation to have and specifies the user of RA can access this document, has greatly alleviated the workload of user agent.

The hierarchical encryption structure: in PUD, this programme adopts the hierarchical encryption structure, as shown in Figure 2.The level of supposing key is 2, and then ground floor is attribute individuality or community set, and the second layer can only be individual for attribute.As: { { { Position:nurse, level:4}}, ground floor are that { Dept:Hospital A, Addr:West} is denoted as A for Position:physician, level:3} for Dept:Hospital A, Addr:West ₀, the second layer is that { { { Position:nurse, level:4}} are denoted as A for Position:physician, level:3} ₁And A ₂In sum, note user key structure is A={A ₀, A ₁..., A _m, A ₀Expression ground floor key, A _iI community set of expression second layer key (1≤i≤m). we can simply be expressed as A with this key structure like this ₀={ 0, Dept:HospitalA}, A ₁={ 1, Position:physician}, A ₂={ 2, Position:nurse}.

Access control tree and conversion node: in two kinds of fields, we all adopt the access control tree, and leaf node is property value, and nonleaf node is threshold value.Suppose num _xBe child's number of node, k _xBe the threshold value of node x, such as the k of AND and OR _xValue is respectively 2 and 1.We defined function parent (x) returns the father node of x simultaneously, the sequence number of index (x) return node x, and att (x) returns the property value of leaf node representative.If an attribute structure satisfies an access control tree, then this attribute structure property set satisfies all properties of access control tree at least.In general, to join together to satisfy access control tree be unallowed to the attribute between the different attribute collection.But because PUD domain attribute collection is various, we have defined a kind of node and have been called switching node (translating node), and the property value of the child nodes of switching node can from different property sets, namely allow federation properties.

The step that comprises based on the cloud computing safety access control method of encryption attribute of the present invention is:

Step 1). divide two kinds of user environments, public sphere PUD and private domain PRD;

Step 2). trust authority is selected generator at first at random, generates Bilinear Groups and bilinear map, then selects the key hierarchy in PUD field, generates master key and the PKI of PUD, and master key keeps, and PKI is open;

Step 3). Bilinear Groups and bilinear map that trust authority utilizes step 2 to generate, master key and the PKI of generation PRD, master key keeps, and PKI is open;

Step 4). trust authority creates the lower credible clamp mechanism of one deck, distribute ground floor attribute individuality or community set, and generation master key, lower one deck trust authority can create less clamp mechanism, distribute second layer attribute individuality or community set, second layer attribute individuality or community set are the subset of ground floor attribute individuality or community set, and distributing key, the like;

Step 5). the user provides relevant information to trust authority, the validated user authority of application association area, if the authority in application PUD field, execution in step 6, the authority execution in step 7 in application PRD field;

Step 6). trust authority judges that according to the information that the user submits to can this user apply for the authority in PUD field, if can not, then return sky; If can, will send to corresponding credible clamp mechanism according to this user profile, corresponding credible clamp mechanism distributes corresponding attribute individuality or community set, generates a key module, sends to the user; Redirect execution in step 8;

Step 7). trust authority judges that can this user apply for the authority in PRD field, if can not according to the information that the user submits to, then return sky, if can, data attribute that will be corresponding according to the information distribution that this user provides, generate key module, send to the user;

Step 8). data owner is that the file that uploads to high in the clouds is chosen unique identification to the file symmetric cryptography, keep key, and choose public sphere property set composition public visit control and set, choose private domain's property set and form private visit control tree, to file secret key encryption generating ciphertext, and send to high in the clouds with two kinds of trees;

Step 9). the user initiates the access to file to high in the clouds, the ciphertext of respective file is returned in high in the clouds, user's input step 6 or 7 private keys that generate, mate with the access control tree T in the ciphertext, if coupling obtains the respective file key, obtain file after the deciphering, if do not mate, return sky;

Step 10). data owner gives notice to trust authority, cancels associated user's attribute, submits association attributes sequence and out-of-service time, entrusts trust authority to upgrade associated user's authority;

Step 11). trust authority is given notice to relevant credible clamp mechanism, and credible clamp mechanism upgrades the out-of-service time of association attributes, generates new private key and sets up, and sends to the associated user;

Step 12). data owner gives notice to high in the clouds, upgrades the access control tree, submits association attributes sequence and out-of-service time, entrusts high in the clouds to upgrade the access control structure tree;

Step 13). after high in the clouds receives lastest imformation, generate associated component, during final updating is set to relevant access control, and export new ciphertext, replace original ciphertext;

Step 14). the user owner cancels file, and file identification and the signature of oneself are sent to high in the clouds;

Step 15). high in the clouds is confirmed behind the signature this document to be deleted, and returns the owner and deletes successful information.

Described PUD, its key structure are the hierarchical encryption structure, and described trust authority is the gradational trust authority of tool.

The access control tree is set for public visit control and private visit control is set two kinds, and there is association node in the node in the public visit control tree, the access of support federation properties collection.

Beneficial effect: the inventive method is for the fail safe under the cloud computing environment and privacy problem, on the basis of CP-ABE, the new access control model of MAH-ABE is proposed, public sphere and private domain have been divided, the private domain adopts the access control of CP-ABE ciphertext, the public sphere adopts the many trust authority of grade to come management attribute and key, has reduced management complexity.Simultaneously, model is introduced this attribute of out-of-service time and is carried out attribute renewal operation.This model is efficient, flexibly, and fine granularity and safety.Below we provide specific description.

[having divided different field] the present invention is based on the different qualities of customer group, divided not two kinds of fields of public sphere and private domain.In the middle of the model in the past, all users are in the middle of a field, are subjected to the constraint of same access control model, and same key management and the method for salary distribution are arranged.There is the user of special access right to bring inconvenience.In the individual health record cloud computing system, the private domain is data owner's relatives, friend, and they enjoy special authority, and data owner can authorize the file system of this class user management oneself.The public sphere is the doctor of each hospital, nurse, the staff of insurance company etc.They have authority of checking user owner data etc.The attribute in these two kinds of fields should have different speciality, should enjoy different key managements and the method for salary distribution.The present invention has divided two kinds of dissimilar customer groups, makes the access of data more flexible, and user's management is fine granularity more.

[division of grade trust authority] the present invention has divided the gradational trust authority of trusting of tool more, has broken through the conventional method that there is the user in single trust authority administrative institute.Adopt single faith mechanism, the system load ability of frequently not only giving alternately of user and trust authority is brought bottleneck, has increased simultaneously potential potential safety hazard.In case trust authority is not had the illegal user of authority to steal, then he might utilize illegal means to steal all users' data, brings huge loss to corporate users.And all give a TA with all key distribution work, in the middle of practice and infeasible, should there be different responsibilities in different mechanisms, separately the clamp mechanism of administration oneself.Each clamp mechanism should define within the scope of authority of oneself and specify various community sets, and the user that administers of the department that is distributed to.User among the present invention is in different trust authority, even a certain trust authority is subject to security threat, also can not have influence on the fail safe of other trust authority, and user's privacy has obtained protection.

[foundation of access control tree] the present invention is that the user of different field has set up different access control trees, in the public sphere, because attribute is various, has set up the access control tree of supporting the associating between the different attribute collection.A large amount of take CP-ABE in the model on basis, the community set that is used in the access control structure only has one, namely the data owner can only be in the middle of a community set, chooses attribute and carries out various combinations and satisfy access strategy.Isolate fully between the property set, can not set up the contact between the property set.This greatly reduces the flexibility of access control.Because the user need to cross over a plurality of community sets when being necessary, choose attribute and satisfy a certain access control structure.The node of access control tree of the present invention has two types: ordinary node and association node.Ordinary node is only supported the association of attribute in the single set, the association node support cross over single set a plurality of community sets unite access, the flexibility that has greatly improved the access control structure.

Description of drawings

Fig. 1 is system model figure of the present invention.

Fig. 2 is the user's of PUD environment hierarchical encryption structural representation.

Embodiment

Method flow

1. system parameters generates

In PUD, Setup (d=2) → (PK.MK) .d is the level of key, is assumed to be 2.It is g that trust authority is selected generator at first at random, and rank are the Bilinear Groups G of p ₀With bilinear map e:G ₀* G ₀=G _T, select at random random number α, β _i∈ Z _p,

Generating PKI and master key is:

${\mathrm{PK}}_{\mathrm{PUD}}=(G_0,g,{\mathrm{<figure-callout\; id="1"\; label="h"\; filenames="121013121529.png"\; state="\{\{state\}\}">h</figure-callout>}}_1=g^{{\mathrm{\&beta;}}_1},{\mathrm{<figure-callout\; id="2"\; label="h"\; filenames="121013121529.png"\; state="\{\{state\}\}">h</figure-callout>}}_2=g^{{\mathrm{\&beta;}}_2},e{(g,g)}^{\mathrm{\&alpha;}})$

MK _PUD=(β ₁,β ₂,g ^α)

In PRD, Selecting All Parameters α at random ₃, β ₃∈ Z _pGenerating PKI and master key is

${\mathrm{PK}}_{\mathrm{PRD}}=\{G_0,g,{\mathrm{<figure-callout\; id="3"\; label="h"\; filenames="121013121529.png"\; state="\{\{state\}\}">h</figure-callout>}}_3=g^{{\mathrm{\&beta;}}_3},e{(g,g)}^{{\mathrm{\&alpha;}}_3}\}$

${\mathrm{MK}}_{\mathrm{PRD}}=({\mathrm{\&beta;}}_3,g^{{\mathrm{\&alpha;}}_3})$

2. generation private key for user

Distribute among the PRD private key for user .PRD, the property set that user u obtains is

Choose at random r ∈ Z _p, and be each attribute a _jSelect a random value r _j∈ Z _p, the private key that calls keyGen generation user u is ${\mathrm{SK}}_u=\{\hat{D}=g^{\frac{{\mathrm{\&alpha;}}_3+r}{{\mathrm{\&beta;}}_3}},{\&ForAll;a}_j\&Element;\hat{A}:{\hat{D}}_j=g^r\&CenterDot;H{\left(j\right)}^{r_j},{\hat{D}}_j^{\&prime;}=g^{r_j}\}$

The trust authority mandate of first order zone. in PUD, each first order DA is comprised of two parts: the community set A={A of ID and his administration ₀, A ₁... A _mA wherein _i={ a _{I, 1}, a _{I, 2}... a _{I, n}, a _{I, j}Expression A _iJ attribute in the individual community set.First order DA is authority the maximum, such as each branch company of company.If there is new first order DA(to be made as DA _i) add, trust authority is DA by calling CreateDA (PK, MK, A) method _iCreate master key.DA after the acquisition authority _iTo have the right to be limited to the DA distribution authority of next stage, such as each department of subsidiary.DA _iResulting master key situation result is as follows:

${\mathrm{MK}}_i=(A,D=g^{\frac{\mathrm{\&alpha;}+r^{\left\{u\right\}}}{{\mathrm{\&beta;}}_1}}{D}_{i,j}=g^{r_i^{\left\{u\right\}}}.H{\left(a_{i,j}\right)}^{r_{i,j}^{\left\{u\right\}}},$

$D_{i,j}^{\text{\&prime;}}=g^{r_{i,j}^{\left\{u\right\}}},0\&le;i\&le;m,1\&le;j\&le;n_i,$

$E_i=g^{\frac{r^{\left\{u\right\}}+r_i^{\left\{u\right\}}}{{\mathrm{\&beta;}}_2}},1\&le;i\&le;m)$

Wherein, A is attribute structure, r ^{{ u}}Being unique ID of this DA, also is A ₀ID,

Each property set A _iID, E _iBe used for different A _iBetween conversion, this decryption part branch is hereinafter told about in detail.

The DA/ of subordinate private key for user structure. (1) DA _iFor the DA of subordinate authorizes private key, be designated as DA _I+1, call

(2) DAi is this DA _iInterior subscriber authorisation private key calls

Be the attribute structure of next stage user/DA, it must be a subset of the attribute structure of upper level DA, such as A={A ₀, A ₁, A ₂,

Next stage user/DA private key structure is

${\mathrm{SK}}_u/{\mathrm{MK}}_{i+1}=(\tilde{A},\tilde{D}=g^{\frac{\mathrm{\&alpha;}+r^{\left\{u\right\}}+{\tilde{r}}^{\left\{u\right\}}}{{\mathrm{\&beta;}}_1}},$

${\tilde{D}}_{i,j}=g^{r_i^{\left\{u\right\}}+{\tilde{r}}_i^{\left\{u\right\}}}.H{\left(a_{i,j}\right)}^{r_{i,j}^{\left\{u\right\}}+{\tilde{r}}_{i.j}^{\left\{u\right\}}},$

${\tilde{D}}_{i,j}^{\&prime;}=g^{r_{i,j}^{\left\{u\right\}}+{\tilde{r}}_{i.j}^{\left\{u\right\}}},0\&le;i\&le;m,1\&le;j\&le;n_i,$

${\tilde{E}}_i={\text{g}}^{\frac{(r^{\left\{u\right\}}+r_i^{\left\{u\right\}}+{\tilde{r}}^{\left\{u\right\}}+{\tilde{r}}_i^{\left\{u\right\}})}{{\mathrm{\&beta;}}_2}},1\&le;i\&le;m)$

3. document creation

User agent is that the file that uploads to high in the clouds is chosen unique ID, chooses at random key FEK, to file symmetric cryptography, i.e. E _DEK(F) ← FEK.Then user agent calls the Encrypt method key FEK is encrypted generating ciphertext CT, and generates the access control tree T that is comprised of the attribute resource, T=(T _PUD) OR (T _PRD), T _PUDBe access control tree among the PUD, T _PRDBe access control tree among the PRD.The ciphertext form that is stored at last high in the clouds be E (F)=＜CT, E _FEK(F) 〉.

Set up access control tree T _PUDProcess is as follows:

I. be the multinomial q of each node selection in the access control tree _x, order of a polynomial is d _x, d then _x=k _x-1.

Ii. choose at random s ∈ Z for root node R _p, satisfy q _R(0)=and s, choose at random q with polynomial interpolation _RIndividual value is come defining polynomial q _R

Iii. for the upper node x except root node of tree, make q _x(0)=q _{Parent (x)}(index (x)) and then choose at random d _xIndividual complete all multinomial definition.

According to above three steps, be to create access control tree T in the PRD environment again _PRD

Make that Y is the set of leaf node, X is that the set of switching node is (only at T _PUDIn use X), then plaintext M is encrypted by following formula:

$\mathrm{CT}=+(T_{\mathrm{PUD}},T_{\mathrm{PRD}},$

$\tilde{C}=M\&CenterDot;e{(g,g)}^{\mathrm{\&alpha;}\&CenterDot;s},C=h_1^s,\stackrel{\&OverBar;}{C}=h_2^s,\hat{C}=h_3^s,$

$\&ForAll;y\&Element;Y\&SubsetEqual;T_{\mathrm{PUD}}:C_y=g^{q_y\left(0\right)},C_y^{\&prime;}=H{\left(\mathrm{att}\left(y\right)\right)}^{{q_y}^{\left(0\right)}},$

$\&ForAll;y\&Element;Y\&SubsetEqual;T_{\mathrm{PRD}}:{\hat{C}}_y=g^{{{\hat{q}}_y}^{\left(0\right)}},{\hat{C}}_y^{\&prime;}=H{\left(\mathrm{att}\left(y\right)\right)}^{{{\hat{q}}_y}^{\left(0\right)}},$

$\&ForAll;x\&Element;X\&SubsetEqual;T_{\mathrm{PUD}}{\widehat{:C}}_x=h_2^{q_x\left(0\right)})$

Defining one helps data W to obtain expressly with the user who helps among the PRD:

$W=e{(g,g)}^{\mathrm{\&gamma;s}}=e{(g,g)}^{\mathrm{\&alpha;s}}\&CenterDot;e{(g,g)}^{{\mathrm{\&alpha;}}_{3}s},$

Be α ₃=γ-α

CT and W together are stored in high in the clouds.

4. file access

User u sends request application access file to high in the clouds, then high in the clouds sends to the user with corresponding ciphertext.The user calls and utilizes Decrypt (CT, SK _u) the algorithm deciphering:

(1) if u is user among the PUD, calls T (A) and confirm SK _uIn attribute whether satisfy access control tree T _PUDT (A) is the recursive fashion from the leaf node to the root node.

I t is leaf node, if

A _i∈ A is DecryptDode (CT, SK then _u, t, i)=null, if att (t)=a _{I, j}∈ A _i, A _i∈ A, then

$\mathrm{DecryptDode}(\mathrm{CT},{\mathrm{SK}}_u,t,i)$

$=e(D_{i,j},C_t)/e(D_{i,j}^{\&prime;},C_t^{\&prime;})$

$=e(g,g)r_i^{\left\{u\right\}}\&CenterDot;q_t\left(0\right)$

Ii t is nonleaf node, and the child nodes of definition t is z, B _tFor satisfying the k of thresholding _tThe set of individual z node, S _zBe k _xThe label set of individual z node, definition F _z=DecryptDode (CT, SK _u, t, i) and be the result of determination of attribute among arbitrary node and the A among the T, if there is not such S set _z, F then _z=⊥.If have, and (1) label i ∈ S _z, (2) label i ' ∈ S _zAnd have i ' ≠ i, then z is a switching node, makes DecryptDode (CT, SK _u, z, i ')=F ' _ZIf i ≠ 0(is not at A ₀In) with F ' _ZConvert F to _z:

$F_z=e({\hat{C}}_z,E_i/E_{\stackrel{`}{i}})\&CenterDot;F_z^{\&prime;}=e{(g,g)}^{r_i^{\left\{u\right\}}\&CenterDot;q_z\left(0\right)}$

Otherwise $F_z=\frac{e({\hat{C}}_z,E_{\stackrel{\&prime;}{i}})}{F_z^{\&prime;}}=e{(g,g)}^{r^{\left\{u\right\}}\&CenterDot;q_z\left(0\right)}.$

Iii is according to lagrange character, when calculating father node t,

$F_t={\mathrm{\&Pi;}}_{z\&Element;B_t}{F}_Z^{{\mathrm{\&Delta;}}_k,B_z^{\&prime;}\left(0\right)}=\left\{\begin{array}{cc}e{(g,g)}^{r_i^{\left\{u\right\}}\&CenterDot;q_t\left(0\right)},& i\&NotEqual;0\\ e{(g,g)}^{r^{\left\{u\right\}}},& i=0\end{array}\right\},$ Wherein

k=index(z),B′ _z={index(z):z∈B _t}

Iv R is root node,

$F_r=e{(g,g)}^{r^{\left\{u\right\}}\&CenterDot;q_r\left(0\right)}=e{(g,g)}^{r^{\left\{u\right\}}\&CenterDot;s}$

Then decrypting process is as follows:

$\frac{\tilde{C}\&CenterDot;F_r}{e(C,D)}=\frac{M\&CenterDot;e{(g,g)}^{\mathrm{\&alpha;}\&CenterDot;s}\&CenterDot;e{(g,g)}^{r^{\left\{u\right\}}\&CenterDot;s}}{e(g^{s\&CenterDot;{\mathrm{\&beta;}}_1},g^{\frac{(r^{\left\{u\right\}}+\mathrm{\&alpha;})}{{\mathrm{\&beta;}}_1}})}=M$ Obtain expressly.

(2) if u is user among the PRD, calls T (A) and confirm SK _uIn attribute whether satisfy access control tree T _PRD, decrypting process and CP-ABE process are similar,

$F_r=\mathrm{DecrptNode}(\mathrm{CT},{\mathrm{SK}}_u,R)$

$=e{(g,g)}^{r{\hat{q}}_R\left(0\right)}=e{(g,g)}^{\mathrm{rs}},$

Utilize W to obtain expressly

$M=\frac{\tilde{C}\&CenterDot;\left(\widehat{C,}\hat{D}\right)}{F_r.W}=\frac{M\&CenterDot;e{(g,g)}^{\mathrm{\&alpha;s}}e{(g,g)}^{({\mathrm{\&alpha;}}_3+r)s}}{e{(g,g)}^{\mathrm{rs}}e{(g,g)}^{(\mathrm{\&alpha;}+{\mathrm{\&alpha;}}_3)s}}$

5. file is cancelled

The user will cancel file, only file ID and the signature of oneself need to be sent to high in the clouds.High in the clouds is confirmed to be the request that this user agent sends and just this document is deleted afterwards.

6. attribute is cancelled

MAH-ABE has efficient attribute revocation mechanism.Be that the user assignment attribute is that each property set increases an out-of-service time (expiration_time) X when executing at DA.Attribute in access control tree contains time attribute Y, if X 〉=Y, and attribute is complementary, and then can access this document.The user just can control by the value that changes time attribute user's access rights.

User property is cancelled. and this task is mainly finished by the DA under the user.

(1) DA calculates minimum property set Minim alSet (A) that access privilege is cancelled → A _Min, A _New=A-A _Min, so that T (A _New) return sky.

(2) to A _MinIn each property set give the new out-of-service time,

And the corresponding new private key assembly of generation, $\mathrm{keyUpdate}(S{k}_u,t_i^{\mathrm{new}})\&RightArrow;{{\mathrm{Sk}}_u}^{\mathrm{new}}=\{A_{\min },\{D_{i\&CenterDot;j}^{\mathrm{new}},{D_{i,j}^{\&prime;}}^{\mathrm{new}}{\}}_{\&Element;A\min }\}$

(3) send back to the user.Send (Sk _u) adopt lazy re-encryption here, namely the user can upgrade user's private key automatically in next login system, and does not need to upgrade in time, avoids causing burden to system.

If file attribute is cancelled. the user thinks the access rights of transaction file, only needs to change the out-of-service time of leaf node, more corresponding lastest imformation is sent to high in the clouds, and is proxy-encrypted by high in the clouds.Because the node attribute information of a part is had in high in the clouds, can't infer whole plaintext at this point, the safe privacy of data has obtained protection.(1) community set that the leaf node that need to upgrade is set is Ymin.

(2) out-of-service time of renewal leaf node, generate newly and set up

$y_i\&Element;Y_{\min },\mathrm{updateAttFile}(y_i,t_i)\&RightArrow;\{y_i^{\mathrm{new}},C_{y_i}^{\mathrm{new}},C_{y_i}^{\&prime;\mathrm{new}}\}$

(3) upgrade access control leaf nodes content $y_i\&Element;Y\min ,\mathrm{update}(C_{y_i},C_{y_i}^{\&prime;})\&RightArrow;C_{y_i}^{\mathrm{new}},C_{y_i}^{\&prime;\mathrm{new}},$ The node y that deletion is discarded _i∈ { Y-Ymin}, delete

(4) export new ciphertext ${\mathrm{CT}}^{\mathrm{new}}=(T^{\mathrm{new}},\tilde{C},C,\stackrel{\&OverBar;}{C},\&ForAll;y\&Element;Y:C_{y^{\mathrm{new}}}^{\&prime;},\&ForAll;x\&Element;X:{\hat{C}}_x).$

For convenience of description, our supposition has following application example:

A data owner O is stored in high in the clouds with a file F, and user U obtains private key to the trust authority application, then initiates the access to file F to high in the clouds.Data owner carries out three operations to file: 1. the attribute of cancelling the associated user.2. upgrade the access control structure tree.3. deletion this document.Then its embodiment is:

(1) trust authority is selected generator at first at random, generates Bilinear Groups and bilinear map, then selects the key hierarchy in PUD field, generates master key and the PKI of PUD.Master key keeps, and PKI is open.

(2) trust authority then generates master key and the PKI of PRD.Master key keeps, and PKI is open.

(3) trust authority is distributed the master key (distributing when clamp mechanism is arranged) of the credible clamp mechanism of next stage.

(4) the data owner is that the file F that uploads to high in the clouds chooses unique ID, to the file symmetric cryptography, keeps key K.

(5) the data owner chooses PUD domain attribute collection composition access control tree T _PUD, choose PRD domain attribute collection and form access control tree T _PRD, with two kinds of trees key K is encrypted generating ciphertext CT, and sends to high in the clouds.

(6) user provides relevant information to trust authority, the validated user authority of application association area.If the authority in application PUD field is carried out (7), the authority in application PRD field is carried out (8).

(7) trust authority judges that according to the information that the user submits to can this user apply for the authority in PUD field.If can not, then return sky.If can, will send to according to the information that this user provides corresponding credible clamp mechanism (more than one of qualified clamp mechanism possibility).Different clamp mechanisms is distributed to the different role attribute collection of this user.Generate at last relevant key module SK, send to the user.

(8) PRD judges that according to the information that the user submits to can this user apply for the authority in PRD field.If can not, then return sky.If can, data attribute that will be corresponding according to the information distribution that this user provides generates key module SK, sends to the user.

(9) user U initiates the access to file F to high in the clouds, and ciphertext CT is returned in high in the clouds, and the user inputs private key SK, and the access control of association area tree T mates, if coupling is then carried out (10), if do not mate, then carries out (11).

(10) return to the key K of user file F, obtain file F after the deciphering.

(11) return sky.

(12) the data owner gives notice to trust authority, submits association attributes sequence S and out-of-service time, entrusts trust authority to upgrade associated user corresponding to S.

(13) trust authority is given notice to relevant credible clamp mechanism, and credible clamp mechanism upgrades the out-of-service time of association attributes, generates new private key assembly, sends to the associated user.

(14) the data owner gives notice to high in the clouds, submits association attributes sequence S and out-of-service time, entrusts high in the clouds to upgrade access control structure tree T.

(15) after high in the clouds receives lastest imformation, generate associated component, final updating is in relevant access control tree.

(16) new ciphertext CT is exported in high in the clouds, replaces original ciphertext.

(17) the user owner cancels file: file ID and the signature of oneself are sent to high in the clouds.

(18) high in the clouds is confirmed behind the signature this document to be deleted, and returns the owner and deletes successful information.

(19) overall process finishes.

Claims (3)

1. cloud computing safety access control method based on encryption attribute is characterized in that the step that the method comprises is:

Step 1). divide two kinds of user environments, public sphere PUD and private domain PRD;

Step 2). trust authority is selected generator at first at random, generates Bilinear Groups and bilinear map, then selects the key hierarchy in PUD field, generates master key and the PKI of PUD, and master key keeps, and PKI is open;

Step 3). Bilinear Groups and bilinear map that trust authority utilizes step 2 to generate, master key and the PKI of generation PRD, master key keeps, and PKI is open;

Step 4). trust authority creates the lower credible clamp mechanism of one deck, distribute ground floor attribute individuality or community set, and generation master key, lower one deck trust authority can create less clamp mechanism, distribute second layer attribute individuality or community set, second layer attribute individuality or community set are the subset of ground floor attribute individuality or community set, and distributing key, the like;

Step 5). the user provides relevant information to trust authority, the validated user authority of application association area, if the authority in application PUD field, execution in step 6, the authority execution in step 7 in application PRD field;

Step 6). trust authority judges that according to the information that the user submits to can this user apply for the authority in PUD field, if can not, then return sky; If can, will send to corresponding credible clamp mechanism according to this user profile, corresponding credible clamp mechanism distributes corresponding attribute individuality or community set, generates a key module, sends to the user; Redirect execution in step 8;

Step 7). trust authority judges that can this user apply for the authority in PRD field, if can not according to the information that the user submits to, then return sky, if can, data attribute that will be corresponding according to the information distribution that this user provides, generate key module, send to the user;

Step 8). data owner is that the file that uploads to high in the clouds is chosen unique identification to the file symmetric cryptography, keep key, and choose public sphere property set composition public visit control and set, choose private domain's property set and form private visit control tree, to file secret key encryption generating ciphertext, and send to high in the clouds with two kinds of trees;

Step 9). the user initiates the access to file to high in the clouds, the ciphertext of respective file is returned in high in the clouds, user's input step 6 or 7 private keys that generate, mate with the access control tree T in the ciphertext, if coupling obtains the respective file key, obtain file after the deciphering, if do not mate, return sky;

Step 10). data owner gives notice to trust authority, cancels associated user's attribute, submits association attributes sequence and out-of-service time, entrusts trust authority to upgrade associated user's authority;

Step 11). trust authority is given notice to relevant credible clamp mechanism, and credible clamp mechanism upgrades the out-of-service time of association attributes, generates new private key and sets up, and sends to the associated user;

Step 12). data owner gives notice to high in the clouds, upgrades the access control tree, submits association attributes sequence and out-of-service time, entrusts high in the clouds to upgrade the access control structure tree;

Step 13). after high in the clouds receives lastest imformation, generate associated component, during final updating is set to relevant access control, and export new ciphertext, replace original ciphertext;

Step 14). the user owner cancels file, and file identification and the signature of oneself are sent to high in the clouds;

Step 15). high in the clouds is confirmed behind the signature this document to be deleted, and returns the owner and deletes successful information.

2. the cloud computing safety access control method based on encryption attribute according to claim 1, its feature exists

In, described public sphere PUD, its key structure are the hierarchical encryption structure, described trust authority is the gradational trust authority of tool.

3. the cloud computing safety access control method based on encryption attribute according to claim 1, its feature exists

In, the access control tree is set for public visit control and private visit control is set two kinds, and there is association node in the node in the public visit control tree, the access of support federation properties collection.

Images