Summary of the invention
Technical problem: the object of this invention is on the basis of CP-ABE, a kind of brand-new framework MAH-ABE (Multiple and Hierarchical attribute based encryption) access control model is proposed, solve the fail safe in cloud computing access control system and privacy problem, the invention provides a kind of cloud computing safety access control method based on encryption attribute, reach efficient, flexibly, fine-grained feature.
Technical scheme: the ABE security framework-MAH-ABE. framework that the present invention proposes a kind of tool gradational point of many trust authority in field not only according to private domain and public sphere to distinguish attribute; and the grade of the attribute of public sphere according to trust authority is divided; the trust authority of different rights is made to administer different attribute key distribution mechanisms; greatly reduce the workload of single trust authority, improve the data-privacy protectiveness of user simultaneously.
One of instrument very crucial when Bilinear Pairing is design ABE encipherment scheme.First the theorem of Bilinear Pairing is provided: choose the group G that two rank are a Big prime p
1and G
2, define a bilinear map e:G that can effectively calculate
1× G
1→ G
2, this mapping must meet:
(a) bilinearity: one maps e:G
1× G
1→ G
2there is bilinearity, as e (g
a, h
b)=e (g, h)
ab, for all g, h ∈ G
1with all a, b ∈ Z
p.
(b) non-degeneracy: there is g, h ∈ G
1, make e (g, h) ≠ 1.Namely can not by all G
1× G
1element be all mapped to G
2in certain identical element.
One, architecture
Fig. 1 gives the system model figure of MAH-ABE, forms primarily of following main body, and cloud service providing end (a cloud service provider) is called for short CSP, a first order trust authority, multiple regions trust authority, data subject and data user.CSP provides cloud stores service, and the data of having encrypted are stored in high in the clouds, for data users share by data subject.In order to obtain high in the clouds data, from high in the clouds, the encrypt file downloaded required for them is decrypted data user.Compared with traditional access control structure, this structure mainly have modified 5 parts: the setting transforming node in foundation (5) the access control tree of layering (3) public sphere of division (2) attribute structure of (1) grade trust authority and the multi-field access control tree of customer group classification (4) of private domain.Have modified these parts, is very little to the increase of the expense based on encryption attribute model, but is very large to the efficient of whole access control structure and fine-grained raising, and the fail safe of system and privacy are not impaired.
We provide the explanation of several concrete part below:
Public sphere and private domain: in the present invention, divided two kinds of fields, public sphere (PUD) and private domain (PRD).PRD mainly has the user of special access right towards a part, as the household of data subject, and Personal Assistant etc., when main body is agreed to authorize, the authorities such as this types of populations not only can have reading authority, also can have management document, amendment file.The feature in this field is that user is few, property set small scale, is easy to management, and PUD is mainly towards overall situation user, and as the employee of group company, the client of health insurance company, because customer volume is huge, attribute number is various, needs fine-grained attribute assignment mechanism.And data owner does not need to know specifically which user is in PUD environment.
Encryption key distribution mode: in PRD environment, because user is few, attribute small scale, adopts CP ABE access control scheme.User agent can entrust trust authority to distribute and managing keys, or oneself in person participates in distribution and the management of key.The attribute that user in PRD obtains is called data attribute (data attribute), and it is the categorical attribute of file.Each file sticks data attribute, as blog_file, photo_file etc.So the number of the size of user key and the data attribute of acquisition is linear.And in PUD environment, because customer volume is huge, attribute number is various, therefore we adopt tool gradational region trust authority (domain authority, DA) leading subscriber attribute is carried out, different DA has the authority of different size, and each DA is administered by his father's trust authority mandate, forms the gradational mechanism of tool.User in PUD has role attribute (role attribute, RA), and each DA is responsible for the private key distributing and manage the user that it is administered.In PUD field, user does not need to know which user has access rights when encryption upload file, only needs regulation to have and specifies the user of RA can access this file, significantly reduce the workload of user agent.
Hierarchical encryption structure: in PUD, this programme adopts hierarchical encryption structure, as shown in Figure 2.Suppose that the level of key is 2, then ground floor is attribute individuality or community set, and the second layer can only be that attribute is individual.As: { Dept:Hospital A, Addr:West, { Position:physician, level:3}, { Position:nurse, level:4}}, ground floor is that { Dept:Hospital A, Addr:West} is denoted as A
0, the second layer is that { { Position:physician, level:3}, { Position:nurse, level:4}} are denoted as A
1and A
2.In sum, remember that user key structure is A={A
0, A
1..., A
m, A
0represent ground floor key, A
irepresenting i-th community set (1≤i≤m) of second layer key. this key structure simply can be expressed as A by us like this
0={ 0, Dept:HospitalA}, A
1={ 1, Position:physician}, A
2={ 2, Position:nurse}.
Access control tree and conversion node: in two kinds of fields, we all adopt access control to set, and leaf node is property value, and nonleaf node is threshold value.Suppose num
xfor child's number of node, k
xfor the threshold value of node x, as the k of AND and OR
xvalue is respectively 2 and 1.Our defined function parent (x) returns the father node of x simultaneously, the sequence number of index (x) return node x, and att (x) returns the property value of leaf node representative.If an attribute structure meets an access control tree, then at least a property set of this attribute structure meets all properties of access control tree.In general, it is unallowed that the attribute between different attribute collection joins together to meet access control tree.But because PUD domain attribute collection is various, we define a kind of node and are called switching node (translating node), and the property value of the child nodes of switching node from different property sets, namely can allow federation properties.
The step comprised based on the cloud computing safety access control method of encryption attribute of the present invention is:
Step 1). divide two kinds of user environments, public sphere PUD and private domain PRD;
Step 2). trust authority is Stochastic choice generator first, generates Bilinear Groups and bilinear map, then selects the key hierarchy in PUD field, and generate master key and the PKI of PUD, master key retains, and PKI is open;
Step 3). the Bilinear Groups that trust authority utilizes step 2 to generate and bilinear map, generate master key and the PKI of PRD, master key retains, and PKI is open;
Step 4). trust authority creates the lower credible clamp mechanism of one deck, distribute ground floor attribute individuality or community set, and generate master key, lower one deck trust authority can create less clamp mechanism, distribute second layer attribute individuality or community set, second layer attribute individuality or community set are the subset of ground floor attribute individuality or community set, and distribute key, the like;
Step 5). user provides relevant information to trust authority, the validated user authority of application association area, if the authority in application PUD field, performs step 6, and the authority in application PRD field performs step 7;
Step 6). the information that trust authority is submitted to according to user, judges that can this user apply for the authority in PUD field, if can not, then return sky; If can, will send to corresponding credible clamp mechanism according to this user profile, corresponding credible clamp mechanism distributes corresponding attribute individuality or community set, generates a key module, sends to user; Redirect performs step 8;
Step 7). the information that trust authority is submitted to according to user, judges that can this user apply for the authority in PRD field, if can not, then return sky, if can, by data attribute corresponding for the information distribution that provides according to this user, generate key module, send to user;
Step 8). data owner is that the file uploading to high in the clouds chooses unique identification to file symmetric cryptography, retain key, and choose public sphere property set composition public visit control tree, choose the private visit of private domain's property set composition and control tree, with two kinds of trees to file key encryption generating ciphertext, and be sent to high in the clouds;
Step 9). user initiates the access to file to high in the clouds, high in the clouds returns the ciphertext of respective file, the private key that user's input step 6 or 7 generates, mate with the access control tree T in ciphertext, if coupling obtains respective file key, after deciphering, obtain file, if do not mate, return sky;
Step 10). data owner give notice to trust authority, cancels associated user's attribute, submits association attributes sequence and out-of-service time, entrusts trust authority to upgrade associated user's authority;
Step 11). trust authority is given notice to relevant credible clamp mechanism, and credible clamp mechanism upgrades the out-of-service time of association attributes, generates new private key and sets up, send to associated user;
Step 12). data owner give notice to high in the clouds, upgrades access control tree, submit association attributes sequence and out-of-service time, entrusts high in the clouds to upgrade access control structure tree;
Step 13). after high in the clouds receives lastest imformation, generate associated component, final updating in relevant access control tree, and exports new ciphertext, replaces original ciphertext;
Step 14). user owner cancels file, and file identification and the signature of oneself are sent to high in the clouds;
Step 15). by this file erase after high in the clouds confirmation signature, return owner and delete successful information.
Described PUD, its key structure is hierarchical encryption structure, and described trust authority is the gradational trust authority of tool.
Access control tree controls tree for public visit and private visit controls two kinds, tree, and the node that public visit controls in tree exists association node, supports the access of federation properties collection.
Beneficial effect: the inventive method is for the fail safe under cloud computing environment and privacy problem, on the basis of CP-ABE, the access control model that MAH-ABE is new is proposed, public sphere and private domain are divided, private domain adopts the access control of CP-ABE ciphertext, public sphere adopts the many trust authority of grade to come management attribute and key, decreases management complexity.Meanwhile, model is introduced this attribute of out-of-service time and is performed attribute renewal rewards theory.This model is efficient, flexibly, and fine granularity and safety.We provide specific description below.
[having divided different field] the present invention is based on the different qualities of customer group, has divided public sphere and private domain not two kinds of fields.In the middle of model in the past, all users are in the middle of a field, by the constraint of same access control model, have same key management and the method for salary distribution.Inconvenience is brought to there being the user of special access right.In such as individual health record cloud computing system, private domain is the relatives of data owner, friend, and they enjoy special authority, and data owner can authorize the file system of this kind of user management oneself.Public sphere is the doctor of each hospital, nurse, the staff etc. of insurance company.They have the authority etc. of checking user owner data.The attribute in these two kinds of fields should have different speciality, should enjoy different key managements and the method for salary distribution.The present invention has divided two kinds of dissimilar customer groups, makes the access of data more flexible, the management fine granularity more of user.
[division of grade trust authority] the present invention has divided tool is gradational trusts trust authority more, breaches the conventional method that there is user in single trust authority administrative institute.Adopt single faith mechanism, the frequent mutual system load ability of not only giving of user and trust authority brings bottleneck, adds potential potential safety hazard simultaneously.Once trust authority is not had the illegal user of authority to steal, then he likely utilizes illegal means to steal the data of all users, brings huge loss to corporate users.And all give a TA by all key distribution work, infeasible in the middle of practice, should there be different responsibilities in different mechanisms, the clamp mechanism of administration oneself separately.Each clamp mechanism should define and specify various community set within the scope of authority of oneself, and the user that the department that is distributed to administers.User in the present invention is in different trust authority, even if a certain trust authority is subject to security threat, also can not have influence on the fail safe of other trust authority, the privacy of user obtains protection.
[foundation of access control tree] the present invention is that the user of different field establishes different access control trees, in public sphere, because attribute is various, establishes the access control tree of the associating supported between different attribute collection.In a large amount of models based on CP-ABE, the community set be used in access control structure only has one, and namely data owner in the middle of a community set, can only choose attribute and carry out various combination to meet access strategy.Isolate completely between property set, the contact between property set can not be set up.This greatly reduces the flexibility of access control.Because user needs to cross over multiple community set when being necessary, choose attribute to meet a certain access control structure.The node of access control tree of the present invention has two types: ordinary node and association node.Ordinary node only supports the association of attribute in single set, and what multiple community sets of single set were crossed in association node support combines access, substantially increases the flexibility of access control structure.
Embodiment
Method flow
1. system parameters generates
In PUD, Setup (d=2) → (PK.MK) .d is the level of key, is assumed to be 2.Trust authority first Stochastic choice generator is g, and rank are the Bilinear Groups G of p
0with bilinear map e:G
0× G
0=G
t, Stochastic choice random number α, β
i∈ Z
p,
generation PKI and master key are:
MK
PUD=(β
1,β
2,g
α)
In PRD, random selecting parameter alpha
3, β
3∈ Z
pgeneration PKI and master key are
2. generate private key for user
Distribute in PRD private key for user .PRD, the property set that user u obtains is
random selecting r ∈ Z
p, and be each attribute a
jselect a random value r
j∈ Z
p, the private key calling keyGen generation user u is
The trust authority mandate of first order region. in PUD, each first order DA is made up of two parts: the community set A={A of ID and his administration
0, A
1... A
mwherein A
i={ a
i, 1, a
i, 2... a
i, n, a
i, jrepresent A
ia jth attribute in individual community set.First order DA is authority the maximum, as each branch company of company.If there is new first order DA(to be set to DA
i) add, trust authority is DA by calling CreateDA (PK, MK, A) method
icreate master key.Obtain the DA after authority
ithe DA being limited to next stage by having the right distributes authority, as each department of subsidiary.DA
ithe master key situation result obtained is as follows:
Wherein, A is attribute structure, r
{ u}being unique ID of this DA, is also A
0iD,
each property set A
iiD, E
ifor different A
ibetween conversion, this decryption part branch is hereinafter told about in detail.
Subordinate DA/ private key for user structure. (1) DA
ifor subordinate DA authorizes private key, be designated as DA
i+1, call
(2) DAi is this DA
iinterior subscriber authorisation private key, calls
for the attribute structure of next stage user/DA, it must be a subset of the attribute structure of upper level DA, as A={A
0, A
1, A
2,
next stage user/DA private key structure is
3. document creation
User agent is that unique ID chosen by the file uploading to high in the clouds, and random selecting key FEK, to file symmetric cryptography, i.e. E
dEK(F) ← FEK.Then user agent calls Encrypt method and encrypts generating ciphertext CT to key FEK, and generates access control tree T, the T=(T be made up of attribute resource
pUD) OR (T
pRD), T
pUDfor access control tree in PUD, T
pRDfor access control tree in PRD.The ciphertext form being finally stored in high in the clouds is E (F)=<CT, E
fEK(F) >.
Set up access control tree T
pUDprocess is as follows:
I. be each node selection multinomial q in access control tree
x, order of a polynomial is d
x, then d
x=k
x-1.
Ii. be root node R random selecting s ∈ Z
p, meet q
r(0)=s, with polynomial interpolation random selecting q
rindividual value carrys out defining polynomial q
r.
Iii. for the upper node x except root node of tree, q is made
x(0)=q
parent (x)(index (x)) and then random selecting d
xindividual complete for all polynomial.
According to above three steps, then for creating access control tree T in PRD environment
pRD.
Make Y be the set of leaf node, X is that the set of switching node is (only at T
pUDin use X), then plaintext M is by the encryption of following formula:
Defining one helps data W to obtain expressly with the user helped in PRD:
I.e. α
3=γ-α
CT and W is together stored in high in the clouds.
4. file access
User u sends request application access file to high in the clouds, then corresponding ciphertext is sent to user by high in the clouds.User calls and utilizes Decrypt (CT, SK
u) algorithm deciphering:
(1) if u is user in PUD, call T (A) and confirm SK
uin attribute whether meet access control tree T
pUD.T (A) is the recursive fashion from leaf node to root node.
I t is leaf node, if
a
i∈ A is DecryptDode (CT, SK then
u, t, i) and=null, if att (t)=a
i, j∈ A
i, A
i∈ A, then
Ii t is nonleaf node, and the child nodes of definition t is z, B
tfor meeting the k of thresholding
tthe set of individual z node, S
zfor k
xthe label set of individual z node, definition F
z=DecryptDode (CT, SK
u, t, i) and be the result of determination of attribute in arbitrary node in T and A, if there is no such S set
z, then F
z=⊥.If had, and (1) label i ∈ S
z, (2) label i ' ∈ S
zand there is i ' ≠ i, then z is a switching node, makes DecryptDode (CT, SK
u, z, i ') and=F '
zif i ≠ 0(is not at A
0in) by F '
zconvert F to
z:
Otherwise
Iii according to lagrange character, calculate father node t time,
Wherein
k=index(z),B′
z={index(z):z∈B
t}
Iv R is root node,
Then decrypting process is as follows:
Obtain expressly.
(2) if u is user in PRD, call T (A) and confirm SK
uin attribute whether meet access control tree T
pRD, decrypting process and CP-ABE process similar,
W is utilized to obtain expressly
5. file is cancelled
User will cancel file, only needs file ID and the signature of oneself to be sent to high in the clouds.High in the clouds is confirmed to be request that this user agent sends afterwards just by this file erase.
6. attribute is cancelled
MAH-ABE has efficient attribute revocation mechanism.DA for when user's distributive property is executed for each property set increases out-of-service time (expiration_time) X.Attribute in access control tree contains time attribute Y, if X >=Y, and attribute matches, then can access this file.User just can control the access rights of user by the value changing time attribute.
User property is cancelled. and this task completes primarily of the DA belonging to user.
(1) DA calculates minimal attribute set Minim alSet (the A) → A that access privilege can be made to cancel
min, A
new=A-A
min, make T (A
new) return sky.
(2) to A
minin each property set give the new out-of-service time,
and generate private key assembly new accordingly,
(3) user is sent back to.Send (Sk
u) adopt lazy re-encryption here, namely user can upgrade the private key of user automatically when next login system, and does not need to upgrade in time, avoids causing burden to system.
If file attribute is cancelled. user thinks the access rights of transaction file, only needs the out-of-service time changing leaf node, more corresponding lastest imformation is sent to high in the clouds, proxy-encrypted by high in the clouds.Because the node attribute information of a part is had in high in the clouds, cannot infer whole plaintext, the security privacy of data obtains protection at this point.(1) arranging the community set needing the leaf node upgraded is Ymin.
(2) upgrade the out-of-service time of leaf node, generate and newly set up
(3) access control leaf nodes content is upgraded
Delete discarded node y
i∈ { Y-Ymin}, delete
(4) new ciphertext is exported
For convenience of description, we suppose there is following application example:
A file F is stored in high in the clouds by a data owner O, and user U obtains private key to trust authority application, then initiates the access to file F to high in the clouds.Data owner performs three operations to file: 1. the attribute of cancelling associated user.2. upgrade access control structure tree.3. delete this file.Then its embodiment is:
(1) trust authority first Stochastic choice generator, generates Bilinear Groups and bilinear map, then selects the key hierarchy in PUD field, generates master key and the PKI of PUD.Master key retains, and PKI is open.
(2) trust authority then generates master key and the PKI of PRD.Master key retains, and PKI is open.
(3) trust authority distributes the master key (have when clamp mechanism and distribute) of the credible clamp mechanism of next stage.
(4) data owner is that the file F uploading to high in the clouds chooses unique ID, to file symmetric cryptography, retains key K.
(5) data owner chooses PUD domain attribute collection composition access control tree T
pUD, choose PRD domain attribute collection composition access control tree T
pRD, with two kinds of trees to key K encryption generating ciphertext CT, and be sent to high in the clouds.
(6) user provides relevant information to trust authority, the validated user authority of application association area.If the authority in application PUD field, performs (7), the authority in application PRD field performs (8).
(7) information submitted to according to user of trust authority, judges that can this user apply for the authority in PUD field.If can not, then return sky.If can, the information provided according to this user is sent to corresponding credible clamp mechanism (qualified more than one of clamp mechanism possibility).Different clamp mechanisms distributes to the different role attribute collection of this user.Finally generate relevant key module SK, send to user.
(8) information submitted to according to user of PRD, judges that can this user apply for the authority in PRD field.If can not, then return sky.If can, by data attribute corresponding for the information distribution that provides according to this user, generate key module SK, send to user.
(9) user U initiates the access to file F to high in the clouds, and high in the clouds returns ciphertext CT, and user inputs private key SK, and the access control tree T of association area mates, if coupling, performs (10), if do not mate, then performs (11).
(10) return to the key K of user file F, after deciphering, obtain file F.
(11) sky is returned.
(12) data owner gives notice to trust authority, submits association attributes sequence S and out-of-service time, entrusts trust authority to upgrade associated user corresponding to S.
(13) trust authority is given notice to relevant credible clamp mechanism, and credible clamp mechanism upgrades the out-of-service time of association attributes, generates new private key assembly, sends to associated user.
(14) data owner gives notice to high in the clouds, submits association attributes sequence S and out-of-service time, entrusts high in the clouds to upgrade access control structure tree T.
(15) after high in the clouds receives lastest imformation, generate associated component, final updating is in relevant access control tree.
(16) high in the clouds exports new ciphertext CT, replaces original ciphertext.
(17) user owner cancels file: file ID and the signature of oneself are sent to high in the clouds.
(18) high in the clouds confirm signature after by this file erase, return owner and delete successful information.
(19) overall process terminates.