CN108390876B - Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server - Google Patents

Abstract

The invention belongs to the technical field of protocols as characteristics, and discloses a method for supporting revocation of outsourcing and verification of access control of multiple authorization centers and a cloud server, wherein the method comprises the following steps: system initialization, including initialization of a global authentication center and other authorization centers; the authorization center distributes an attribute set for the user and generates a key required by decryption for the user; encrypting the file by the data owner, wherein the encryption process comprises outsourcing encryption, verification of an outsourcing result and final encryption of the data owner; a user sends a file access request to a cloud service provider, and the process comprises outsourcing decryption by the cloud service provider, verifying an outsourcing result and finally decrypting the user; certain users or certain attributes in the system are revoked. The method has the advantages of high system access efficiency, low calculation overhead, support of dynamic user authority management and the like, and can be used for protecting the safety of private data of the user in cloud storage, reducing the calculation overhead of the user and dynamically managing the authority of the user in the system.

Description

Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server

Technical Field

The invention belongs to the technical field of protocols as characteristics, and particularly relates to a method for supporting revocation of outsourcing and verification of access control of multiple authorization centers and a cloud server.

Background

Currently, the current state of the art commonly used in the industry is such that:with the continuous development of information technology, the life of people is greatly improved. Among them, the development of cloud computing is rapid, and people attract extensive attention. Cloud computing is an entity with huge computing capacity and storage capacity, and is a transmission method of network storage, virtualization, load balancing, distributed computing, parallel computing, utility computing and the likeThe product of the combination of statistical computing technology and network technology development. It is powerful in that it can distribute computing resources dynamically to users over a network. Meanwhile, the user can store own data or resources in the cloud server, or outsource some complex computing tasks to a cloud service provider. In this way, the user is no longer limited by the geographical location and limited computing resources, and in addition, complex computing tasks can be deployed on remote distributed computers, which marginalizes the computing and greatly improves the computing efficiency. The cloud storage is a data outsourcing service technology derived and developed from a cloud computing concept, and means that a large number of various different types of storage devices in a network are gathered through application software to cooperatively work to provide data to the outside through functions such as cluster application, network technology or a distributed file system, and the cloud storage has the advantages of being low in cost, easy to use in interface and high in expandability. It is not very safe for the user to store the sensitive data of the user in the cloud. Cloud providers are not fully trusted and may compromise users' data by virtue of interests colluding with illegitimate users. The security and lack of control of data are the biggest hurdles that hinder the development of cloud storage. Access control can ensure that only authorized users can access sensitive data, which is considered as an important means for solving the security problem of cloud storage. However, the conventional access control scheme has many problems, it cannot be applied to a finer-grained and more flexible access control environment, and a trusted entity is required to implement an access control policy. An access control scheme based on attribute encryption can solve the above problems, and is considered to be an access control technology suitable for being applied to protecting data security in a cloud storage environment. Attribute-based encryption mechanisms have evolved over identity-based encryption mechanisms. In 2005, Sahai and Waters first proposed the concept of attribute-based encryption (ABE). It is a more flexible encryption mechanism that supports one-to-many than traditional public key encryption. In the attribute-based encryption system, the original identification representing the user identity is expanded into a series of attributes, and a ciphertext and a user key are respectively identified by an access control strategy and a describable attribute set. By introducing an access structure, it can be guaranteedOnly users whose attribute sets satisfy the access policy can successfully decrypt the ciphertext. The encryption mechanism based on the attribute greatly reduces the calculation overhead of encryption and decryption of users, can ensure the confidentiality of data, and is suitable for the condition of numerous users in a distributed environment. Attribute-based encryption is divided into two categories: (1) attribute encryption for ciphertext policy (CP-ABE): in the attribute encryption of the ciphertext strategy, ciphertext corresponds to an access control strategy, namely, an encryptor defines a control strategy and some attributes, wherein the strategy is used for encrypting the ciphertext, and the attributes are used for describing a secret key of a user; (2) attribute encryption for key policy (KP-ABE): in the attribute encryption of the key policy, the key corresponds to the access control policy, and the encryption process is opposite to that of the ciphertext policy. Although both KP-ABE and CP-ABE can realize fine-grained access control, CP-ABE can make the data owner decide the specific access control strategy, therefore CP-ABE is regarded as the most suitable data access control scheme in cloud storage. In the CP-ABE scheme, each legitimate user in the system is assigned certain attributes, and a key for each user is generated according to the attribute set of each user. The data owner firstly encrypts the data plaintext by using a symmetric key, then encrypts the key by using a public key encryption method, and in the public key encryption process, the data owner comprises an access structure T. If a user wants to decrypt the ciphertext, its attributes must satisfy the access structure T. The data owner enforces its access control policy by setting the access structure T. Existing CP-ABE schemes are mostly based on one rights issuer, where all keys are managed and issued. However, in practical applications, a user may have attributes granted from multiple rights issuer, and a data owner may also share data to users managed by other rights issuer. For example, in a medical cloud system, patients may share their medical record data with doctors who are granted by medical institutions and with researchers who are granted by research institutes and who are from different attribute domains, so the multi-authority CP-ABE scheme is more suitable for use in a cloud storage system. In attribute-based encryption systems, the computational overhead of the encryption and decryption stages is also not small. In the processIt is a good choice to outsource part of the computing to a cloud service provider. However, the cloud facilitator is not fully trusted and may only perform partial computations, return an intermediate value, or deliberately return an erroneous result. Therefore, it is very important to provide a method capable of verifying the computing result of the cloud service provider. In addition, the access control technology based on attribute encryption also brings great management burden, and especially the revocation problem is always troublesome. On one hand, the number of users in the cloud storage system is huge, and the users may frequently replace the users. In addition, the user's attributes may also change frequently. The user may be granted certain new attributes and may be revoked certain current attributes, with his access rights to the data being changed. On the other hand, when the authority of a certain user needs to be revoked, the related ciphertext needs to be re-encrypted, and the file after re-encryption cannot be decrypted by the previous key any more, so that other affected users need to upgrade the key to decrypt, and each user is no longer independent and mutually interferes with each other. In addition, if the rights are revoked frequently, the computational burden is also large, and the dynamic property increases the overhead and difficulty of updating the key. Most of the prior art is not efficient enough and does not support flexible revocation of users and attributes in a cloud storage system, so that a method for supporting revocation outsourcing and verifying access control of multiple authorization centers is necessary.

In summary, the problems of the prior art are as follows:the prior art is not efficient enough, and does not support flexible revocation of users and attributes in a cloud storage system; the calculation complexity is high, the cost is large, and the cancellation is difficult.

The difficulty and significance for solving the technical problems are as follows:the access control technology based on attribute encryption also brings great management burden, and especially the revocation problem is always troublesome. On one hand, the number of users in the cloud storage system is huge, and the users may frequently replace the users. In addition, the user's attributes may also change frequently. The user may be granted some new attributes or may be revoked some current attributes, and his access right to the data may followAnd (3) changing the operation. On the other hand, when the authority of a certain user needs to be revoked, the related ciphertext needs to be re-encrypted, and the file after re-encryption cannot be decrypted by the previous key any more, so that other affected users need to upgrade the key to decrypt, and each user is no longer independent and mutually interferes with each other. In addition, if the rights are revoked frequently, the computational burden is also large, and the dynamic property increases the overhead and difficulty of updating the key.

Disclosure of Invention

Aiming at the problems in the prior art, the invention provides an access control method for a verifiable multi-authorization center and a cloud server, which support outsourcing revocation.

The invention is realized in such a way that a method for supporting revocation of outsourcing and verification of access control of multiple authorization centers comprises the following steps: initializing a global authentication center CA and other authorization centers AA, distributing corresponding identity identifiers for all authorization centers and users in the system, and generating global public parameters and keys required by encryption; the authorization center distributes an attribute set for the user and generates a key required by decryption; encrypting the file by the data owner; a user sends a file access request to a cloud service provider; certain users or certain attributes in the system are revoked.

Further, the key includes: the agent key which is stored in the cloud end and used for completing partial decryption and the user private key which is kept by the user and used for completing final decryption;

the encryption process comprises the steps that a cloud service provider conducts partial encryption calculation, a generated ciphertext is sent to a data owner, and the data owner completes final encryption; after encryption is completed, uploading the ciphertext to a cloud service provider for storage;

after receiving the request, the cloud service provider uses the proxy key of the user stored in the cloud end to partially decrypt the file and sends the partially decrypted ciphertext to the user; after receiving the ciphertext, the user decrypts the ciphertext by using the private key of the user, and only the user with the attribute meeting the access strategy can successfully decrypt the ciphertext;

when a user is revoked, the data owner sends the identity of the revoked user to the cloud service provider, the cloud service provider searches the proxy key list and deletes the proxy key of the user, and the user cannot decrypt the proxy key to recover the plaintext if the proxy key is lost; when attribute revocation occurs, the data owner needs to re-encrypt the ciphertext, and meanwhile, the authorization center needs to update keys of other non-revoked users in the system; partial work of ciphertext re-encryption and key updating is outsourced to a cloud service provider to be completed.

Further, the initializing specifically includes:

(1) CA initialization, CA firstly selects a system security parameter lambda and an attribute domain U, and then selects three multiplication cyclic groups G with order p₁，G₂And G_T，g₁，g₂Is G₁，G₂Bilinear mapping of the generator of (1) as e: G₁×G₂→G_TAnd two hash functions H: {0,1 }are selected^*→Z_p，F:G_T→Z_p. CA selects a random number a E Z_pAnd finally generating a global public parameter:

the CA issues a globally unique identity aid for each legal authorization center in the system and issues a globally unique identity uid for each legal user;

(2) AA initialization, AA_aidThe managed attribute set is defined as

The associated set of rights issuer is defined as I_A；AA_aidFirst, two random numbers alpha are selected_aid,β_aid∈Z_pFor attribute sets

Each attribute x in (2)_k，AA_aidAll randomly select a unique version number v_kAt the mostThe post-calculation attribute public key, the authorization center public key and the authorization center private key are as follows:

further, the step of the authorization center allocating the attribute set to the user and generating the key required for decryption specifically includes:

(1)AA_aidfirstly, each legal user is assigned with a corresponding attribute set S_uid,aidThen a globally unique random number z is selected for each user_uid∈Z_pAs the user private key, the agent key and the user private key of the user are calculated as follows:

SK_uid＝z_uid；

(2) generated proxy key PxK_uid,aidWill be sent to the cloud facilitator store, which executes L_PxK＝L_PxK∪{uid,PxK_uid,aidAdding the proxy key of the user to a proxy key list L_PxKIn, user private key SK_uidThen the data is sent to the corresponding user and is stored by the user.

Further, encrypting the file by the data owner specifically includes:

(1) the cloud service provider firstly selects a random number s' belonging to Z_pFor i e {1, …, l }, λ is randomly chosen_i′,γ_i′∈Z_pThe ciphertext is computed as follows:

outputting partially encrypted ciphertext CT_out＝{s′,C₀,(C_i,1,C_i,2,λ_i′,γ_i′)_{i∈{1,…,l}}}；

(2) Data owner receives CT_outThen, whether the result is correct or not is verified, and first, the result is checked

Whether the result is true or not; if the result is not true, directly outputting b to be 0, and representing that the result of the outsourcing calculation is not correct; otherwise, for i ∈ {1, …, l }, the data owner calculates:

t_i＝(aλ_i′-v_ρ(i)·γ_i-H(ρ(i))·γ_i)modp；

then, a security parameter r is selected, and s is randomly selected₁,…,s_l∈{0,1}^rAnd calculating:

if it is not

The output b is 1, which indicates that the calculation result is correct; otherwise, the output b is equal to 0, which indicates that the result is wrong;

(3) data owner verifies CT_outIf the result is correct, the rest of encryption operations are continuously completed, wherein A represents an l multiplied by n matrix, and l is the total number of the attributes; the function rho maps each row of the matrix into an attribute, and the data owner first selects a secret random number s ∈ Z_pAnd a random vector

Wherein, y₂,…,y_nIs used to share s. For i ∈ {1, …, l }, calculate

A_iRepresents the ith row of matrix A; then, γ is randomly selected again₁,γ₂,…,γ_l∈Z_pAnd computes the ciphertext as follows:

wherein, C', C_i,3,C_i,4For correcting s, λ_i,γ_i。C_vFor verifying the result of the outsource decryption; finally, the complete ciphertext CT is output as { C, C', C₀,(C_i,1,C_i,2,C_i,3,C_i,4)_{i∈{1,…,l}},C_v,(A,ρ)}。

Further, the step of sending the file access request to the cloud service provider by the user specifically includes:

(1) when a user sends a file access request, a cloud service provider firstly checks whether an attribute set of the user accords with an access structure; if his attributes satisfy the access structure, a set of constants w can be found_i∈Z_pSo that

Where I ═ {1, …, l }, the partially decrypted ciphertext is then computed as follows:

after decryption succeeds, sending the partially decrypted ciphertext CT' to a user;

(2) after receiving the partially decrypted ciphertext CT' from the cloud service provider, the user verifies whether the calculation result is correct; user only needs to calculate

Whether the result is true or not; if yes, the output b is equal to 1, and the calculation result is correct; otherwise, outputting b-0 to indicate that the cloud service provider returns an error result;

(3) after the user verifies that the CT' is correct, the user uses the private key SK of the user_uidThe plaintext can be recovered, calculated as follows:

further, revoking some users or some attributes in the system specifically includes:

(1) when the user revocation happens, the data owner sends the identity uid of the revoked user to the cloud service provider, and after receiving the user revocation information, the cloud service provider searches the agent key list L_PxKAnd deletes the proxy key corresponding to the uid, and then updates the proxy key list to L'_PxK；

(2) When attribute revocation occurs, the data owner needs to re-encrypt the ciphertext and the authorization center needs to update the keys of other non-revoked users;

firstly, the authorization center generates some key updating materials to prepare for the subsequent key updating; the uid represents the identity of all other non-revoked users, and the associated rights issuer first generates a new attribute version number

Calculate a version update key of

Reuse it for all owned properties

The non-revoked user computing agent updates the key to

AA_aidUpdating the attribute public key for the revoked attribute to

And broadcasting a message to data owners in the system so that they can receive the updated attribute public key;

will be sent to the cloud service to update proxy key PxK_uid,aid，

Will be sent to the data owner;

cloud service provider receives proxy update key

Then, all owned properties will be

Non-revoked user of (2) updates the corresponding proxy key

Proxy key PxK_uid,aidWill be updated as:

the data owner receives the version update key

Thereafter, the ciphertext update key is calculated as

And sending the encrypted ciphertext to a cloud service provider for re-encrypting the ciphertext;

the cloud service provider updates the key after receiving the ciphertext

Then, the corresponding ciphertext is updated to

The re-encrypted ciphertext will be published as follows:

another object of the present invention is to provide a cloud server applying the method for supporting revocation of outsource verifiable multi-authority access control.

In summary, the advantages and positive effects of the invention are:the invention considers the application scene of multiple authorization centers, avoids the problems of single point failure and system bottleneck brought by a single authorization center, enriches the attribute domain of the user, improves the efficiency of the system and better meets the actual application requirements. According to the invention, calculation outsourcing is introduced, and most of calculation of encryption and decryption can be outsourced to a cloud service provider to be completed, so that the calculation overhead of data owner encryption and user decryption is greatly reduced, and the access efficiency of the system is improved.

According to the invention, a corresponding outsourcing calculation verification scheme is adopted, and once a cloud service provider returns an error result, a user can immediately perceive the error result by running a corresponding verification algorithm, so that the correctness of a subsequent calculation result can be ensured. In the user revocation process, the work of ciphertext re-encryption and key updating does not need to be finished, and a data owner only needs to enable a cloud service provider to delete the proxy key stored in the cloud end of the revoked user; in the attribute revocation process, most of updating and re-encryption calculation is outsourced to a cloud service provider, and a user only needs to complete a small amount of calculation.

The invention introduces the global authentication center CA, can distribute globally unique identity identifications aid and uid for all authorization centers and users in the system respectively, and only the private key belonging to the same uid can be used for decryption, thereby avoiding collusion attack among users.

Drawings

Fig. 1 is a flowchart of a method for supporting revocation of outsourced verifiable multi-authority access control according to an embodiment of the present invention.

Fig. 2 is a flowchart of an implementation of a method for supporting revocation of outsourced verifiable multi-authority access control according to an embodiment of the present invention.

Fig. 3 is a sub-flowchart of a user accessing data according to an embodiment of the present invention.

Fig. 4 is a sub-flow diagram of revocation as provided by an embodiment of the present invention.

Fig. 5 is a time-simulated graph of encryption consumption provided by an embodiment of the present invention.

Fig. 6 is a graph of a time simulation of decryption consumption provided by an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

The invention is applied to a method for supporting revocation outsourcing and verifying multi-authorization-center access control in cloud storage, so as to ensure the security of private data of users, reduce the calculation overhead of the users and dynamically manage the authority of the users in a system.

As shown in fig. 1, the method for supporting revocation of outsourced verifiable multi-authorization-center access control provided by the embodiment of the present invention includes the following steps:

s101: system initialization, including the initialization of a global Certificate Authority (CA) and other authorization centers (AA);

s102: the authorization center distributes an attribute set for the user and generates a key required by decryption for the user;

s103: encrypting the file by the data owner, wherein the encryption process comprises outsourcing encryption, verification of an outsourcing result and final encryption of the data owner;

s104: a user sends a file access request to a cloud service provider, and the process comprises outsourcing decryption by the cloud service provider, verifying an outsourcing result and finally decrypting the user;

s105: certain users or certain attributes in the system are revoked.

The application of the principles of the present invention will now be described in further detail with reference to the accompanying drawings.

As shown in fig. 2, the method for supporting revocation of outsource and authentication of access control of multiple authorization centers provided by the embodiment of the present invention specifically includes the following steps:

step 1: and (5) initializing the system.

1.1) CA initialization. CA firstly selects a system security parameter lambda and an attribute domain U, and then selects three multiplication cyclic groups G with order p₁，G₂And G_T，g₁，g₂Is G₁，G₂Bilinear mapping of the generator of (1) as e: G₁×G₂→G_TAnd two hash functions H: {0,1 }are selected^*→Z_p，F:G_T→Z_p. CA selects a random number a E Z_pAnd finally generating a global public parameter:

in addition, all authorities and users need to register with the CA in order to verify their legitimate identities. The CA issues a globally unique identity aid for each legal authorization center in the system and issues a globally unique identity uid for each legal user;

1.2) AA initialization. AA_aidThe managed attribute set is defined as

The associated set of rights issuer is defined as I_A。AA_aidFirst, two random numbers alpha are selected_aid,β_aid∈Z_pFor attribute sets

Each attribute x in (2)_k，AA_aidAll randomly select a unique version number v_kAnd finally, calculating the attribute public key, the authorization center public key and the authorization center private key as follows:

step 2: the authorization center assigns a set of attributes to the user and generates the keys required for decryption for it.

2.1)AA_aidFirstly, each legal user is assigned with a corresponding attribute set S_uid,aidThen a globally unique random number z is selected for each user_uid∈Z_pAs the user private key. Then, the agent key and the user private key of the user are calculated as follows:

SK_uid＝z_uid；

2.2) generated proxy Key PxK_uid,aidWill be sent to the cloud facilitator store, which executes L_PxK＝L_PxK∪{uid,PxK_uid,aidAdding the proxy key of the user to a proxy key list L_PxKIn (1). User private key SK_uidThen the data is sent to the corresponding user and is stored by the user.

And step 3: the data owner encrypts the file.

3.1) the cloud service provider first selects a random number s' epsilon Z_pλ 'is randomly chosen for i ∈ {1, …, l }, all'_i,γ′_i∈Z_pThe ciphertext is computed as follows:

then, the partially encrypted ciphertext CT is output_out＝{s′,C₀,(C_i,1,C_i,2,λ′_i,γ′_i)_{i∈{1,…,l}}}。

3.2) data owner receives CT_outThereafter, it will be verified whether the result is correct. First, check

Whether or not this is true. If not, the direct output b is equal to 0, which represents that the result of the outsourcing calculation is not correct. Otherwise, for i ∈ {1, …, l }, the data owner calculates:

t_i＝(aλ_i′-v_ρ(i)·γ_i-H(ρ(i))·γ_i)modp；

then, a security parameter r is selected, and s is randomly selected₁,…,s_l∈{0,1}^rAnd calculating:

if it is not

The output b is 1, which indicates that the calculation result is correct. Otherwise, the output b is 0, indicating that the result is erroneous.

3.3) data owner verified CT_outIf correct, the rest of the encryption operation will be continued to be completed. Let A denote an l n matrix, l being the total number of attributes. The function p maps each row of the matrix to an attribute. The data owner first selects a secret random number s ∈ Z_pAnd a random vector

Wherein, y₂,…,y_nIs used to share s. For i ∈ {1, …, l }, calculate

A_iRepresenting the ith row of matrix a. Then, γ is randomly selected again₁,γ₂,…,γ_l∈Z_pAnd computes the ciphertext as follows:

wherein, C', C_i,3,C_i,4For correcting s, λ_i,γ_i。C_vFor verifying the outcome of the decryption of the outsource. Finally, the complete ciphertext CT is output as { C, C', C₀,(C_i,1,C_i,2,C_i,3,C_i,4)_{i∈{1,…,l}},C_v,(A,ρ)}。

And 4, step 4: and the user sends a file access request to the cloud service provider.

As shown in fig. 3, this step is specifically implemented as follows:

4.1) when a user makes a file access request, the cloud facilitator first checks whether his set of attributes conforms to the access structure. If his properties satisfy the access structure, a set of constants w can be found_i∈Z_pSo that

Where I ═ {1, …, l }, the partially decrypted ciphertext is then computed as follows:

and after the decryption is successful, sending the partially decrypted ciphertext CT' to the user.

4.2) after the user receives the partially decrypted ciphertext CT' from the cloud service provider, whether the calculation result is correct or not is verified. User only needs to calculate

Whether or not this is true. If true, the output b equals 1, indicating a calculationThe result is correct. Otherwise, the output b ═ 0 indicates that the cloud service provider returned an erroneous result.

4.3) after the user verifies that the CT' is correct, only the private key SK of the user is needed_uidThe plaintext can be recovered, calculated as follows:

and 5: certain users or certain attributes in the system are revoked.

As shown in fig. 4, this step is specifically implemented as follows:

5.1) when the user revocation occurs, the data owner sends the identity uid of the revoked user to the cloud service provider, and the cloud service provider searches the agent key list L after receiving the user revocation information_PxKAnd deletes the proxy key corresponding to the uid, and then updates the proxy key list to L'_PxK。

5.2) when attribute revocation occurs, the data owner needs to re-encrypt the ciphertext and the authorization center needs to update the keys of other non-revoked users.

5.21) the rights issuer will first generate some keying material in preparation for later key updates. Where the uid is to indicate the identity of all other non-revoked users, the associated rights issuer first generates a new attribute version number

Then calculates a version update key of

Reuse it for all owned properties

The non-revoked user computing agent updates the key to

Then, AA_aidUpdating the attribute public key for the revoked attribute to

And broadcasts a message to the data owners in the system so that they can receive the updated attribute public key. Then, the user can use the device to perform the operation,

will be sent to the cloud service to update proxy key PxK_uid,aid，

Will be sent to the data owner.

5.22) cloud service provider receives the proxy update key

Then, all owned properties will be

Non-revoked user of (2) updates the corresponding proxy key

Proxy key PxK_uid,aidWill be updated as:

5.23) data owner receives version update Key

Thereafter, the ciphertext update key is calculated as

And sends it to the cloud service provider for use in re-encrypting the ciphertext.

5.24) cloud service provider receives cipher text updating key

Then, the corresponding ciphertext is updated to

The re-encrypted ciphertext will be published as follows:

the application effect of the present invention will be described in detail with reference to the simulation.

1. Simulation conditions

The simulation environment is as follows: a desktop computer is configured with

CPU G630@270GHz 4.00GB RAM, operating system 64 bits Ubuntu 14.04. Based on the Charm tool, the implementation language is Python.

2. Simulation content and result analysis

As shown in fig. 5 and 6, as a result of accessing the data file by using the method of the present invention, it can be seen from fig. 5 that the time consumed by the cloud service provider to outsource encryption is much longer than the time consumed by the data owner to encrypt the data file in the encryption process, and the time consumed by the data owner to encrypt the data file is about 0.05s as the number of attributes increases. Just because most of complex calculations are outsourced to cloud service providers, a data owner only needs to complete a small amount of calculations, and the calculation overhead of the data owner is greatly reduced. In fig. 6, the time consumed for outsourced decryption is much longer than the time consumed for user decryption, and becomes longer as the number of attributes increases, while the time consumed for user decryption is about 0.03s and is almost constant. Similarly, most complex calculations are outsourced to cloud service providers, so that a user only needs to complete simple exponential operation, and the calculation overhead of the user is greatly reduced.

As can be seen from the simulation results, the method can greatly reduce the calculation overhead of users in the system and improve the access efficiency of the system, which is very important in practical application.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (6)

1. An access control method supporting revocation of outsource and capable of being authenticated by multiple authorization centers is characterized by comprising the following steps: initializing a global authentication center CA and other authorization centers AA, distributing corresponding identity identifiers for all authorization centers and users in the system, and generating global public parameters and keys required by encryption; the authorization center distributes an attribute set for the user and generates a key required by decryption; encrypting the file by the data owner; a user sends a file access request to a cloud service provider; revoking certain users or certain attributes in the system;

the encrypting the file by the data owner specifically includes:

(1) the cloud service provider firstly selects a random number s' belonging to Z_pλ 'is randomly chosen for i ∈ {1, …, l }, all'_i,γ′_i∈Z_pThe ciphertext is computed as follows:

outputting partially encrypted ciphertext CT_out＝{s′,C₀,(C_i,1,C_i,2,λ′_i,γ′_i)_{i∈{1,…,l}}}；

(2) Data owner receives CT_outThen, whether the result is correct or not is verified, and first, the result is checked

Whether the result is true or not; if the result is not true, directly outputting b to be 0, and representing that the result of the outsourcing calculation is not correct; otherwise, for i ∈ {1, …, l }, the data owner calculates:

t_i＝(aλ′_i-v_ρ(i)·γ_i-H(ρ(i))·γ_i)mod p；

then, a security parameter r is selected, and s is randomly selected₁,…,s_l∈{0,1}^rAnd calculating:

if it is not

The output b is 1, which indicates that the calculation result is correct; otherwise, the output b is equal to 0, which indicates that the result is wrong;

(3) data owner verifies CT_outIf the result is correct, the rest of encryption operations are continuously completed, wherein A represents an l multiplied by n matrix, and l is the total number of the attributes; the function rho maps each row of the matrix into an attribute, and the data owner first selects a secret random number s ∈ Z_pAnd a random vector

Wherein, y₂,…,y_nIs used to share s; for i ∈ {1, …, l }, calculate

A_iRepresents the ith row of matrix A; then, γ is randomly selected again₁,γ₂,…,γ_l∈Z_pAnd computes the ciphertext as follows:

wherein, C', C_i,3,C_i,4For correcting s, λ_i,γ_i；C_vFor verifying the result of the outsource decryption; finally, the complete ciphertext CT is output as { C, C', C₀,(C_i,1,C_i,2,C_i,3,C_i,4)_{i∈{1,…,l}},C_v,(A,ρ)}。

2. The method of supporting revocation of outsourced verifiable multi-authority access control of claim 1, wherein said key comprises: the agent key which is stored in the cloud end and used for completing partial decryption and the user private key which is kept by the user and used for completing final decryption;

the encryption process comprises the steps that a cloud service provider conducts partial encryption calculation, a generated ciphertext is sent to a data owner, and the data owner completes final encryption; after encryption is completed, uploading the ciphertext to a cloud service provider for storage;

after receiving the request, the cloud service provider uses the proxy key of the user stored in the cloud end to partially decrypt the file and sends the partially decrypted ciphertext to the user; after receiving the ciphertext, the user decrypts the ciphertext by using the private key of the user, and only the user with the attribute meeting the access strategy can successfully decrypt the ciphertext;

when a user is revoked, the data owner sends the identity of the revoked user to the cloud service provider, the cloud service provider searches the proxy key list and deletes the proxy key of the user, and the user cannot decrypt the proxy key to recover the plaintext if the proxy key is lost; when attribute revocation occurs, the data owner needs to re-encrypt the ciphertext, and meanwhile, the authorization center needs to update keys of other non-revoked users in the system; partial work of ciphertext re-encryption and key updating is outsourced to a cloud service provider to be completed.

3. The method of claim 2, wherein the initializing specifically comprises:

(1) CA initialization, CA firstly selects a system security parameter lambda and an attribute domain U, and then selects three multiplication cyclic groups G with order p₁，G₂And G_T，g₁，g₂Is G₁，G₂Bilinear mapping of the generator of (1) as e: G₁×G₂→G_TAnd two hash functions H: {0,1 }are selected^*→Z_p，F:G_T→Z_p(ii) a CA selects a random number a E Z_pAnd finally generating a global public parameter:

the CA issues a globally unique identity aid for each legal authorization center in the system and issues a globally unique identity uid for each legal user;

(2) AA initialization, AA_aidThe managed attribute set is defined as

The associated set of rights issuer is defined as I_A；AA_aidFirst, two random numbers alpha are selected_aid,β_aid∈Z_pFor attribute sets

Each attribute x in (2)_k，AA_aidAll randomly select a unique version number v_kAnd finally, calculating the attribute public key, the authorization center public key and the authorization center private key as follows:

SK_aid＝{α_aid,β_aid}。

4. the method of claim 3, wherein the authorization center assigns a set of attributes to the user and generates the key required for decryption, and further comprising:

(1)AA_aidfirstly, each legal user is assigned with a corresponding attribute set S_uid,aidThen a globally unique random number z is selected for each user_uid∈Z_pAs the user private key, the agent key and the user private key of the user are calculated as follows:

SK_uid＝z_uid；

(2) generated proxy key PxK_uid,aidWill be sent to the cloud facilitator store, which executes L_PxK＝L_PxK∪{uid,PxK_uid,aidAdding the proxy key of the user to a proxy key list L_PxKIn, user private key SK_uidThen the data is sent to the corresponding user and is stored by the user.

5. The method for supporting revocation of outsourced verifiable multi-authority access control as claimed in claim 4, wherein the step of the user issuing the file access request to the cloud service provider specifically comprises:

(1) when a user sends a file access request, a cloud service provider firstly checks whether an attribute set of the user accords with an access structure; if his attributes satisfy the access structure, a set of constants w can be found_i∈Z_pSo that

Where I ═ {1, …, l }, the partially decrypted ciphertext is then computed as follows:

after decryption succeeds, sending the partially decrypted ciphertext CT' to a user;

(2) after receiving the partially decrypted ciphertext CT' from the cloud service provider, the user verifies whether the calculation result is correct; user only needs to calculate

Whether the result is true or not; if yes, the output b is equal to 1, and the calculation result is correct; otherwise, outputting b-0 to indicate that the cloud service provider returns an error result;

(3) after the user verifies that the CT' is correct, the user uses the private key SK of the user_uidThe plaintext can be recovered, calculated as follows:

6. the method for supporting revocation outsourcing verifiable multi-authority access control according to claim 5, wherein revoking certain users or certain attributes in the system specifically includes:

(1) when the user revocation happens, the data owner sends the identity uid of the revoked user to the cloud service provider, and after receiving the user revocation information, the cloud service provider searches the agent key list L_PxKAnd deletes the proxy key corresponding to the uid, and then updates the proxy key list to L'_PxK；

(2) When attribute revocation occurs, the data owner needs to re-encrypt the ciphertext and the authorization center needs to update the keys of other non-revoked users;

firstly, the authorization center generates some key updating materials to prepare for the subsequent key updating; the uid represents the identity of all other non-revoked users, and the associated rights issuer first generates a new attribute version number

Calculate a version update key of

Reuse it for all owned properties

The non-revoked user computing agent updates the key to

AA_aidUpdating the attribute public key for the revoked attribute to

And broadcasting a message to data owners in the system so that they can receive the updated attribute public key;

will be sent to the cloud service to update proxy key PxK_uid,aid，

Will be sent to the data owner;

cloud service provider receives proxy update key

Then, all owned properties will be

Non-revoked user of (2) updates the corresponding proxy key

Proxy key PxK_uid,aidWill be updated as:

the data owner receives the version update key

Thereafter, the ciphertext update key is calculated as

And sending the encrypted ciphertext to a cloud service provider for re-encrypting the ciphertext;

the cloud service provider updates the key after receiving the ciphertext

Then, the corresponding ciphertext is updated to

The re-encrypted ciphertext will be published as follows:

Images