CN102916954B

CN102916954B - Attribute-based encryption cloud computing safety access control method

Info

Publication number: CN102916954B
Application number: CN201210389845.5A
Authority: CN
Inventors: 陈丹伟; 邵菊
Original assignee: Nanjing Post and Telecommunication University
Current assignee: Guangdong Heng Electrical Information Polytron Technologies Inc
Priority date: 2012-10-15
Filing date: 2012-10-15
Publication date: 2015-04-01
Anticipated expiration: 2032-10-15
Also published as: CN102916954A

Abstract

The invention provides a cloud computing security access control method based on attribute encryption, which is mainly used to solve the security and privacy protection problems of the cloud computing access control structure. The purpose of this invention is to propose a method based on CP-ABE A brand-new framework MAH-ABE (Multiple and Hierarchical attribute based encryption) access control model is a ABE security framework with hierarchical domain-based multi-trust institutions-MAH-ABE. The framework not only distinguishes attributes according to private domains and public domains , and the attributes in the public domain are divided according to the level of trust institutions, so that trust institutions with different permissions are in charge of different attribute key distribution mechanisms, which greatly reduces the workload of a single trust institution and improves the user's data privacy protection. It provides features to achieve high efficiency, flexibility, and fine-grainedness.

Description

A security access control method for cloud computing based on attribute encryption

技术领域 technical field

本发明是一种云计算环境的安全解决方案。主要用于解决云计算访问控制结构的安全性和隐私保护性问题，属于云计算安全技术领域。The invention is a security solution for cloud computing environment. It is mainly used to solve the security and privacy protection problems of the cloud computing access control structure, and belongs to the field of cloud computing security technology.

背景技术 Background technique

云计算是建立在虚拟化，并行分布计算上的一种全新的计算架构。近几年来，云计算升级为IT届最有效最具影响力的产业之一，许多企业纷纷将大量业务移植到云服务中心。一方面，用户不再需要投资大量的软件和硬件设施雇佣软件人才维护这些设施，从而节省了基础设施建设费用和人力成本。另一方面，云计算按照较低的价格，按照用户的服务需求付费，有着很高的灵活性和便利性。Cloud computing is a new computing architecture based on virtualization and parallel distributed computing. In recent years, cloud computing has been upgraded to one of the most effective and influential industries in the IT industry, and many enterprises have transplanted a large amount of business to cloud service centers. On the one hand, users no longer need to invest in a large amount of software and hardware facilities and hire software talents to maintain these facilities, thus saving infrastructure construction costs and labor costs. On the other hand, cloud computing pays according to the user's service needs at a lower price, which has high flexibility and convenience.

云存储的外包存储服务模式导致了特权用户的存在，他们具有非授权访问用户数据的能力，易导致数据信息和隐私泄露等内部攻击问题。安全性是制约云计算技术广泛使用的重要因素之一，因此研究云计算环境下的安全问题具有重要意义。访问控制模型的研究是解决安全性问题的一大热点。The outsourced storage service model of cloud storage leads to the existence of privileged users, who have the ability to access user data without authorization, which can easily lead to internal attacks such as data information and privacy disclosure. Security is one of the important factors restricting the widespread use of cloud computing technology, so it is of great significance to study security issues in cloud computing environment. The research of access control model is a hot spot in solving security problems.

访问控制模型的三大主要问题是：（1）信任机制的划分。（2）访问控制控树的建立。（3）访问用户细粒度的划分。过去的方法在这三个问题的实现上有一定的缺陷和不足。目前大部分研究人员仅对第二个问题有大量研究，如密钥策略属性加密方案KP-ABE(key-policy attribute-based encryption)和密文策略属性加密方案CP-ABE(ciphertext-policy attribute-based encryption)，第(1)和第(3)个问题的研究还处于初步阶段。而一个完善而且实用的访问控制系统仅仅靠单一的信任机构和单一的用户群是远远不够的，会带来各种安全性和隐私性问题。这些问题的存在给云计算的推广带来了一定的难度。The three main problems of the access control model are: (1) The division of trust mechanism. (2) Establishment of access control tree. (3) Fine-grained division of access users. The past methods have certain defects and deficiencies in the realization of these three problems. At present, most researchers only have a lot of research on the second problem, such as the key policy attribute encryption scheme KP-ABE (key-policy attribute-based encryption) and the ciphertext policy attribute encryption scheme CP-ABE (ciphertext-policy attribute-based encryption). based encryption), the research on the (1) and (3) questions is still in the preliminary stage. A complete and practical access control system is far from enough to rely on a single trust organization and a single user group, which will bring various security and privacy issues. The existence of these problems has brought certain difficulties to the promotion of cloud computing.

发明内容 Contents of the invention

技术问题：本次发明的目的是在CP-ABE的基础上，提出一种全新的框架MAH-ABE(Multiple and Hierarchical attribute based encryption)访问控制模型，来解决云计算访问控制系统中的安全性和隐私性问题，本发明提供了一种基于属性加密的云计算安全访问控制方法，达到高效，灵活，细粒度的特点。Technical problem: The purpose of this invention is to propose a new framework MAH-ABE (Multiple and Hierarchical attribute based encryption) access control model on the basis of CP-ABE to solve the security and For privacy issues, the present invention provides a cloud computing security access control method based on attribute encryption, which achieves the characteristics of high efficiency, flexibility and fine-grained granularity.

技术方案：本发明提出一种具有等级的分领域多信任机构的ABE安全框架-MAH-ABE.框架不仅按照私人领域和公共领域来区分属性，而且将公共领域的属性按照信任机构的等级来划分，使不同权限的信任机构掌管不同的属性密钥分发机制，大大降低了单一信任机构的工作量，同时提高了用户的数据隐私保护性。Technical solution: The present invention proposes an ABE security framework with hierarchical multi-trust institutions in domains - MAH-ABE. The framework not only distinguishes attributes according to private domains and public domains, but also divides attributes in the public domain according to the levels of trust organizations , so that trust agencies with different permissions are in charge of different attribute key distribution mechanisms, which greatly reduces the workload of a single trust agency, and at the same time improves the user's data privacy protection.

双线性配对是设计ABE加密方案时非常关键的工具之一。首先给出双线性配对的定理：选取两个阶为一个大素数p的群G₁和G₂，定义一个可有效计算的双线性映射e:G₁×G₁→G₂，该映射必须满足:Bilinear pairing is one of the key tools when designing an ABE encryption scheme. Firstly, the theorem of bilinear pairing is given: select two groups G ₁ and G ₂ whose order is a large prime number p, and define an efficient computable bilinear map e: G ₁ ×G ₁ →G ₂ , the map Must meet:

(a)双线性：一个映射e:G₁×G₁→G₂具有双线性，当e(g^a,h^b)=e(g，h)^ab，对于所有的g，h∈G₁和所有的a，b∈Z_p。(a) Bilinear: A mapping e:G ₁ ×G ₁ →G ₂ is bilinear, when e(g ^a ,h ^b )=e(g,h) ^ab , for all g, h∈G ₁ and all a, b ∈ Z _p .

(b)非退化性：存在g，h∈G₁，使得e(g，h)≠1。即不能将所有G₁×G₁的元素都映射到G₂中某个相同元素。(b) Non-degenerate: there exists g, h∈G ₁ such that e(g, h)≠1. That is, all elements of G ₁ ×G ₁ cannot be mapped to the same element in G ₂ .

一、体系结构1. Architecture

图1给出了MAH-ABE的系统模型图，主要由以下几个主体组成，云服务提供端（a cloud service provider）简称CSP，一个第一级可信机构，多个区域可信机构，数据主体和数据用户。CSP提供云存储服务，数据主体将加密好的数据存储在云端，供数据用户分享。为了获取云端数据，数据用户从云端下载他们所需要的加密文件进行解密。与传统的访问控制结构相比较，这种结构主要修改了5个部分：(1)等级可信机构的划分（2）属性结构的分层（3）公共领域和私人领域的用户群分类（4）多领域访问控制树的建立（5）访问控制树中转化节点的设置。修改了这些部分，对基于属性加密模型的开销的增加是很小的，但是对整个访问控制结构的高效和细粒度的提高是很大的，并且系统的安全性和隐私性不受损。Figure 1 shows the system model diagram of MAH-ABE, which is mainly composed of the following main bodies, a cloud service provider (a cloud service provider) referred to as CSP, a first-level trusted institution, multiple regional trusted institutions, data Subjects and Data Users. CSP provides cloud storage services, and data subjects store encrypted data in the cloud for data users to share. In order to obtain cloud data, data users download the encrypted files they need from the cloud for decryption. Compared with the traditional access control structure, this structure mainly modifies five parts: (1) the division of hierarchical trusted institutions (2) the hierarchy of attribute structure (3) the classification of user groups in public and private domains (4) ) Establishment of multi-domain access control tree (5) Setting of conversion nodes in access control tree. After modifying these parts, the increase of the overhead of the attribute-based encryption model is small, but the efficiency and fine-grained improvement of the entire access control structure are great, and the security and privacy of the system are not compromised.

下面我们给出几个具体部分的说明：Below we give a description of several specific parts:

公共领域和私人领域：本发明中划分了两种领域，公共领域（PUD）和私人领域（PRD）。PRD主要面向一部分有特殊权限的用户，如数据主体的家人，私人助理等，在主体同意授权时，这类群体不仅可以有阅读权限，也可以有管理文件，修改文件等权限。这个领域的特点是用户少，属性集规模小，易于管理，PUD主要面向大环境用户，如集团公司的员工，医疗保险公司的客户，由于用户量庞大，属性个数繁多，需要细粒度的属性分配机制。而数据属主并不需要知道具体是哪些用户在PUD环境中。Public domain and private domain: In this invention, two domains are divided, public domain (PUD) and private domain (PRD). PRD is mainly for some users with special rights, such as the family members of the data subject, personal assistants, etc. When the subject agrees to authorize, such groups can not only have the right to read, but also have the right to manage and modify files. This field is characterized by few users, small attribute sets, and easy management. PUD is mainly for users in large environments, such as employees of group companies and customers of medical insurance companies. Due to the large number of users and the large number of attributes, fine-grained attributes are required. distribution mechanism. The data owner does not need to know which users are in the PUD environment.

密钥分配方式：在PRD环境中，由于用户少，属性规模小，采用CP ABE访问控制方式即可。用户主体可以委托可信机构分发和管理密钥，或者自己亲自参与密钥的分发和管理。PRD中的用户获得的属性叫做数据属性（data attribute），它为文件的分类属性。每一个文件都贴上数据属性，如blog_file,photo_file等。所以用户密钥的大小和获得的数据属性的个数成线性关系。而PUD环境中，由于用户量庞大，属性个数繁多，因此我们采用具有等级的区域可信机构（domain authority,DA）来管理用户属性，不同的DA有不同大小的权限，而每一个DA都由他的父可信机构授权管辖，形成具有等级的机构。PUD中的用户具有角色属性（role attribute，RA）,每个DA负责分发和管理它所管辖的用户的私钥。在PUD领域里，用户在加密上传文件的时候并不需要知道哪些用户具有访问权限，只需要规定有指定RA的用户可以访问该文件，大大减轻了用户主体的工作量。Key distribution method: In the PRD environment, due to the small number of users and small attribute scale, the CP ABE access control method is sufficient. The user principal can entrust a trusted organization to distribute and manage keys, or participate in the distribution and management of keys himself. The attribute obtained by the user in PRD is called data attribute (data attribute), which is the classification attribute of the file. Each file is pasted with data attributes, such as blog_file, photo_file, etc. Therefore, the size of the user key is linearly related to the number of data attributes obtained. In the PUD environment, due to the large number of users and the large number of attributes, we use a hierarchical regional trusted authority (domain authority, DA) to manage user attributes. Different DAs have different permissions, and each DA has Authorized by his parent trusted authority to form a hierarchical authority. Users in PUD have role attributes (role attribute, RA), and each DA is responsible for distributing and managing the private keys of users under its jurisdiction. In the PUD field, users do not need to know which users have access rights when encrypting and uploading files. They only need to specify that users with designated RAs can access the files, which greatly reduces the workload of the main user.

分层密钥结构：在PUD中，本方案采用分层密钥结构，如图2所示。假设密钥的层次为2，则第一层为属性个体或者属性集合，第二层只能为属性个体。如：{Dept：Hospital A，Addr:West,{Position:physician,level:3},{Position:nurse,level:4}},第一层为{Dept：Hospital A，Addr:West}记作A₀，第二层为{{Position:physician,level:3}，{Position:nurse,level:4}}，记作A₁和A₂。综上所述，记用户密钥结构为A={A₀,A₁，...,A_m},A₀表示第一层密钥，A_i表示第二层密钥的第i个属性集合（1≤i≤m）.这样我们可以将这个密钥结构简单表示成A₀={0，Dept：HospitalA},A₁={1，Position:physician},A₂={2，Position:nurse}。Hierarchical key structure: In PUD, this scheme adopts a hierarchical key structure, as shown in Figure 2. Assuming that the key level is 2, the first level is attribute individual or attribute set, and the second level can only be attribute individual. Such as: {Dept: Hospital A, Addr: West, {Position: physician, level: 3}, {Position: nurse, level: 4}}, the first layer is {Dept: Hospital A, Addr: West} and recorded as A ₀ , the second layer is {{Position:physician,level:3}, {Position:nurse,level:4}}, denoted as A ₁ and A ₂ . To sum up, the user key structure is A={A ₀ ,A ₁ ,...,A _m }, A ₀ represents the first layer key, A _i represents the i-th attribute of the second layer key Set (1≤i≤m). In this way, we can simply express this key structure as A ₀ = {0, Dept: HospitalA}, A ₁ = {1, Position: physician}, A ₂ = {2, Position: nurse}.

访问控制树和转化节点：在两种领域中，我们均采用访问控制树，叶节点为属性值，而非叶节点是门限值。假设num_x为节点的孩子个数，k_x为节点x的门限值，如AND和OR的k_x值分别为2和1。同时我们定义函数parent(x)返回x的父节点，index(x)返回节点x的序号，att(x)返回叶节点代表的属性值。如果一个属性结构满足一个访问控制树，则至少该属性结构的一个属性集满足访问控制树的所有属性。一般来说，不同属性集之间的属性联合起来满足访问控制树是不允许的。但是由于PUD领域属性集繁多，我们定义了一种节点叫做转换节点（translating node）,转换节点的孩子节点的属性值可以来自不同的属性集，即允许联合属性。Access Control Trees and Transformation Nodes: In both domains, we use access control trees, where leaf nodes are attribute values and non-leaf nodes are threshold values. Assume that num _x is the number of children of the node, and k _x is the threshold value of node x, such as the values of k _x of AND and OR are 2 and 1 respectively. At the same time, we define the function parent(x) to return the parent node of x, index(x) to return the serial number of node x, and att(x) to return the attribute value represented by the leaf node. If an attribute structure satisfies an access control tree, then at least one attribute set of the attribute structure satisfies all attributes of the access control tree. In general, the combination of attributes between different attribute sets to satisfy the access control tree is not allowed. However, due to the large number of attribute sets in the PUD domain, we define a node called a translating node. The attribute values of the child nodes of the translating node can come from different attribute sets, that is, joint attributes are allowed.

本发明的基于属性加密的云计算安全访问控制方法所包含的步骤为：The steps included in the cloud computing security access control method based on attribute encryption of the present invention are:

步骤1）.划分两种用户环境，公共领域PUD和私人领域PRD；Step 1). Divide two user environments, public domain PUD and private domain PRD;

步骤2）.可信机构首先随机选择生成元，生成双线性群和双线性映射，接着选择PUD领域的密钥层次，生成PUD的主密钥和公钥，主密钥保留，公钥公开；Step 2). The trusted organization first randomly selects generators to generate bilinear groups and bilinear maps, and then selects the key level of the PUD field to generate the master key and public key of the PUD. The master key is retained, and the public key public;

步骤3）.可信机构利用步骤2生成的双线性群和双线性映射，生成PRD的主密钥和公钥，主密钥保留，公钥公开；Step 3). The trusted organization uses the bilinear group and bilinear map generated in step 2 to generate the master key and public key of the PRD, the master key is kept, and the public key is made public;

步骤4）.可信机构创建下一层可信子机构，分配第一层属性个体或属性集合，并生成主密钥，下一层可信机构能创建更小的子机构，分配第二层属性个体或者属性集合，第二层属性个体或属性集合为第一层属性个体或属性集合的子集，并分配密钥，依次类推；Step 4). The trusted organization creates the next layer of trusted sub-organizations, assigns the first layer of attribute individuals or attribute sets, and generates master keys, and the next layer of trusted organizations can create smaller sub-organizations and assign the second layer of attributes Individuals or attribute sets, the second-level attribute individuals or attribute sets are subsets of the first-level attribute individuals or attribute sets, and keys are assigned, and so on;

步骤5）.用户向可信机构提供相关信息，申请相关领域的合法用户权限，如果申请PUD领域的权限，执行步骤6，申请PRD领域的权限执行步骤7；Step 5). The user provides relevant information to the trusted organization and applies for legal user authority in the relevant field. If applying for the authority of the PUD field, perform step 6, and apply for the authority of the PRD field to perform step 7;

步骤6）.可信机构根据用户提交的信息，判断该用户能否申请到PUD领域的权限，如果不能，则返回空；如果能，将根据该用户信息发送给相应可信子机构，相应的可信子机构分配对应的属性个体或属性集合，生成一个密钥组件，发送给用户；跳转执行步骤8；Step 6). According to the information submitted by the user, the trusted organization judges whether the user can apply for the authority of the PUD field. If not, it returns empty; The letter organization assigns the corresponding attribute individual or attribute set, generates a key component, and sends it to the user; jump to step 8;

步骤7）.可信机构根据用户提交的信息，判断该用户能否申请到PRD领域的权限，如果不能，则返回空，如果能，将根据该用户提供的信息分配对应的数据属性，生成密钥组件,发送给用户；Step 7). According to the information submitted by the user, the trusted organization judges whether the user can apply for the authority of the PRD field. If not, it will return empty. Key component, sent to the user;

步骤8）.数据属主为上传到云端的文件选取唯一标识对文件对称加密，保留密钥，并选取公共领域属性集组成公共访问控制树，选取私人领域属性集组成私人访问控制树，用两种树对文件密钥加密生成密文，并发送到云端；Step 8). The data owner selects a unique identifier for the file uploaded to the cloud, encrypts the file symmetrically, reserves the key, and selects a public domain attribute set to form a public access control tree, and selects a private domain attribute set to form a private access control tree. Plant a tree to encrypt the file key to generate ciphertext and send it to the cloud;

步骤9）.用户向云端发起对文件的访问，云端返回对应文件的密文,用户输入步骤6或7生成的私钥，和密文里的访问控制树T进行匹配，若匹配得到对应文件密钥，解密后获得文件,若不匹配,返回空；Step 9). The user initiates access to the file to the cloud, and the cloud returns the ciphertext of the corresponding file. The user inputs the private key generated in step 6 or 7, and matches it with the access control tree T in the ciphertext. If it matches, the corresponding file encryption key is obtained. Key, get the file after decryption, if not match, return empty;

步骤10）.数据属主向可信机构发出通知，撤销相关用户属性，递交相关属性序列和失效时间，委托可信机构更新相关用户权限；Step 10). The data owner sends a notice to the trusted organization, revokes the relevant user attributes, submits the relevant attribute sequence and expiration time, and entrusts the trusted organization to update the relevant user permissions;

步骤11）.可信机构向相关可信子机构发出通知，可信子机构更新相关属性的失效时间，生成新的私钥组建，发送给相关用户；Step 11). The trusted organization sends a notification to the relevant trusted sub-organization, and the trusted sub-organization updates the expiration time of the relevant attributes, generates a new private key assembly, and sends it to the relevant user;

步骤12）.数据属主向云端发出通知，更新访问控制树，递交相关属性序列和失效时间，委托云端更新访问控制结构树；Step 12). The data owner sends a notification to the cloud, updates the access control tree, submits the relevant attribute sequence and expiration time, and entrusts the cloud to update the access control structure tree;

步骤13）.云端接收到更新信息后，生成相关组件，最后更新到相关访问控制树中，并输出新密文,替换原来的密文；Step 13). After receiving the update information, the cloud generates relevant components, and finally updates to the relevant access control tree, and outputs new ciphertext to replace the original ciphertext;

步骤14）.用户属主撤销文件，将文件标识和自己的签名发送到云端；Step 14). The owner of the user revokes the file, and sends the file ID and his own signature to the cloud;

步骤15）.云端确认签名后将该文件删除，返回属主删除成功的信息。Step 15). The cloud deletes the file after confirming the signature, and returns the message that the owner deleted it successfully.

所述的PUD，其密钥结构为分层密钥结构，所述的可信机构为具有等级的可信机构。The key structure of the PUD is a hierarchical key structure, and the trusted institution is a hierarchical trusted institution.

访问控制树为公共访问控制树和私人访问控制树两种，公共访问控制树中的节点存在联合节点，支持联合属性集访问。There are two types of access control tree: public access control tree and private access control tree. The nodes in the public access control tree have joint nodes, which support joint attribute set access.

有益效果：本发明方法针对云计算环境下的安全性和隐私性问题，在CP-ABE的基础上，提出MAH-ABE新的访问控制模型，划分了公共领域和私人领域，私人领域采用CP-ABE密文访问控制，公共领域采用等级多信任机构来管理属性和密钥，减少了管理复杂度。同时,模型引入失效时间这个属性来执行属性更新操作。该模型是高效，灵活，细粒度并且安全的。下面我们给出具体的说明。Beneficial effects: the method of the present invention aims at the security and privacy issues in the cloud computing environment, and on the basis of CP-ABE, proposes a new access control model of MAH-ABE, which divides the public domain and the private domain, and the private domain adopts CP-ABE ABE ciphertext access control, the public domain uses hierarchical multi-trust institutions to manage attributes and keys, reducing management complexity. At the same time, the model introduces the attribute of failure time to perform attribute update operations. The model is efficient, flexible, fine-grained and secure. Below we give specific instructions.

[划分了不同领域]本发明基于用户群的不同特性，划分了公共领域和私人领域不两种领域。在过去的模型当中，所有的用户都是在一个领域当中，受同一种访问控制模型的约束，有同一种密钥管理和分配方式。给有特殊权限的用户带来了不便。比如个人健康记录云计算系统中，私人领域为数据属主的亲人，朋友，他们享有特殊的权限，数据属主可以授权这类用户管理自己的文件系统。公共领域为各个医院的医生，护士，保险公司的工作人员等。他们有查看用户属主数据的权限等。这两种领域的属性应具有不同的特质，应该享有不同的密钥管理和分配方式。本发明划分了两种不同类型的用户群，使数据的访问更加灵活，用户的管理更加细粒度。[Different areas are divided] Based on the different characteristics of the user groups, the present invention divides the public area and the private area. In the past model, all users are in one domain, subject to the same access control model, and have the same key management and distribution method. Inconvenience to users with special privileges. For example, in the personal health record cloud computing system, the private domain is the relatives and friends of the data owner, who enjoy special permissions, and the data owner can authorize such users to manage their own file system. The public domain is doctors, nurses, insurance company staff, etc. in various hospitals. They have permission to view the user's own data etc. The properties of these two realms should have different qualities and should enjoy different ways of key management and distribution. The invention divides two different types of user groups, making data access more flexible and user management more fine-grained.

[等级可信机构的划分]本发明划分了具有等级的多信任可信机构，突破了单一可信机构管理所有用户的传统方法。采用单一的信任机制，用户和信任机构的频繁交互不仅给系统负载能力带来瓶颈，同时增加了潜在的安全隐患。一旦可信机构被没有权限的不合法用户窃取，则他有可能利用不合法手段窃取所有用户的数据，给团体用户带来巨大的损失。而且将所有的密钥分发工作都交给一个TA,在实际运用当中并不可行，不同的机构应该有不同的职责，各自管辖自己的子机构。各个子机构应该在自己的权力范围之内定义和指定各种属性集合，并分发给部门所管辖的用户。本发明中的用户处在不同的可信机构，即使某一可信机构受到安全威胁，也不会影响到其他可信机构的安全性，用户的隐私性得到了保护。[Division of Hierarchical Trusted Organizations] The present invention divides multi-trusted trusted organizations with levels, breaking through the traditional method of managing all users by a single trusted organization. With a single trust mechanism, the frequent interaction between users and trust institutions not only brings bottlenecks to the system load capacity, but also increases potential security risks. Once a trusted organization is stolen by an unauthorized user, he may use illegal means to steal all user data, causing huge losses to group users. Moreover, it is not feasible to hand over all the key distribution work to one TA in practice. Different organizations should have different responsibilities and each govern their own sub-organizations. Each sub-organization should define and specify various attribute sets within its own authority, and distribute them to users under the jurisdiction of the department. In the present invention, users are in different trusted institutions, even if a certain trusted institution is threatened, it will not affect the security of other trusted institutions, and the user's privacy is protected.

[访问控制树的建立]本发明为不同领域的用户建立了不同的访问控制树，在公共领域中，由于属性繁多，建立了支持不同属性集之间的联合的访问控制树。在大量的以CP-ABE为基础的模型中，用在访问控制结构中的属性集合只有一个，即数据属主只能在一个属性集合当中，选取属性进行各种组合来满足访问策略。属性集之间是完全孤立的，不能建立属性集之间的联系。这大大降低了访问控制的灵活性。因为在必要的时候用户需要跨越多个属性集合，选取属性来满足某一访问控制结构。本发明的访问控制树的节点有两种类型：普通节点和联合节点。普通节点只支持单个集合内属性的关联，联合节点支持跨越单个集合的多个属性集合的联合访问，大大提高了访问控制结构的灵活性。[Establishment of access control tree] The present invention establishes different access control trees for users in different fields. In the public field, due to the large number of attributes, an access control tree supporting the union between different attribute sets is established. In a large number of CP-ABE-based models, there is only one attribute set used in the access control structure, that is, the data owner can only be in one attribute set, and various combinations of attributes are selected to meet the access policy. The attribute sets are completely isolated, and the connection between the attribute sets cannot be established. This greatly reduces the flexibility of access control. Because users need to span multiple attribute sets when necessary, select attributes to satisfy a certain access control structure. There are two types of nodes in the access control tree of the present invention: ordinary nodes and joint nodes. Ordinary nodes only support the association of attributes within a single collection, while joint nodes support joint access to multiple attribute collections spanning a single collection, which greatly improves the flexibility of the access control structure.

附图说明 Description of drawings

图1是本发明的系统模型图。Fig. 1 is a system model diagram of the present invention.

图2是PUD环境的用户的分层密钥结构示意图。Fig. 2 is a schematic diagram of a hierarchical key structure of a user in a PUD environment.

具体实施方式 Detailed ways

方法流程Method flow

1.系统参数生成1. System parameter generation

在PUD中，Setup(d=2)→(PK.MK).d为密钥的层次，假设为2。可信机构首先随机选择生成元为g，阶为p的双线性群G₀和双线性映射e:G₀×G₀=G_T，随机选择随机数α,β_i∈Z_p,生成公钥和主密钥为：In PUD, Setup(d=2)→(PK.MK).d is the level of the key, which is assumed to be 2. The trusted institution first randomly selects the bilinear group G ₀ with generator g and order p and the bilinear map e:G ₀ ×G ₀ =G _T , randomly selects random numbers α,β _i ∈ Z _p , Generate public and master keys as:

${PK PK}_{PUD PUDs} = = (({G G}_{00},, g g,, {h h}_{11} = = {g g}^{{β β}_{11}},, {h h}_{22} = = {g g}^{{β β}_{22}},, e e {((g g,, g g))}^{α α}))$

MK_PUD=(β₁,β₂,g^α)MK _PUD =(β ₁ ,β ₂ ,g ^α )

在PRD中，随机选取参数α₃，β₃∈Z_p生成公钥和主密钥为In PRD, randomly select parameters α ₃ , β ₃ ∈ Z _p to generate public key and master key as

${PK PK}_{PRD PRD} = = {{{G G}_{00},, g g,, {h h}_{33} = = {g g}^{{β β}_{33}},, e e {((g g,, g g))}^{{α α}_{33}}}}$

${MK MK}_{PRD PRD} = = (({β β}_{33},, {g g}^{{α α}_{33}}))$

2.生成用户私钥2. Generate user private key

分配PRD用户私钥.PRD中，用户u获得的属性集为随机选取r∈Z_p，并为每一个属性a_j选择一个随机值r_j∈Z_p，调用keyGen生成用户u的私钥为 ${SK}_{u} = {\hat{D} = g^{\frac{α_{3} + r}{β_{3}}}, {&ForAll; a}_{j} &Element; \hat{A} : {\hat{D}}_{j} = g^{r} \cdot H {(j)}^{r_{j}}, {\hat{D}}_{j}^{'} = g^{r_{j}}}$ Assign PRD user private key. In PRD, the attribute set obtained by user u is Randomly select r∈Z _p , and select a random value r _j ∈ Z _p for each attribute a _j , call keyGen to generate the private key of user u as ${SK}_{u} = {\hat{D.} = g^{\frac{α_{3} + r}{β_{3}}}, {&ForAll; a}_{j} &Element; \hat{A} : {\hat{D.}}_{j} = g^{r} \cdot h {(j)}^{r_{j}}, {\hat{D.}}_{j}^{'} = g^{r_{j}}}$

第一级区域可信机构授权.在PUD中，每一个第一级DA由两部分组成：ID和他管辖的属性集合A={A₀,A₁,...A_m}其中A_i={a_i，1,a_i，2,...a_i，n}，a_i，j表示A_i个属性集合中的第j个属性。第一级DA为权限最大者，如公司的各个分公司。如果有新的第一级DA（设为DA_i）加入，可信机构通过调用CreateDA(PK，MK，A)方法为DA_i创造主密钥。获得权限后的DA_i将有权限为下一级的DA分配权限，如子公司的各个部门。DA_i所得到的主密钥形势结果如下：The first-level regional trusted agency authorization. In PUD, each first-level DA consists of two parts: ID and the attribute set A={A ₀ ,A ₁ ,...A _m } where A _i = {a _{i, 1} , a _{i, 2} ,...a _{i, n} }, a _{i, j} represents the jth attribute in the attribute set of A _i . The first-level DA is the one with the most authority, such as the various branches of the company. If a new first-level DA (set as DA _i ) joins, the trusted institution creates a master key for DA _i by calling the CreateDA(PK, MK, A) method. After obtaining the authority, DA _i will have the authority to assign authority to the DA of the next level, such as various departments of the subsidiary. The results of the master key situation obtained by DA _i are as follows:

${MK MK}_{i i} = = ((A A,, D D. = = {g g}^{\frac{α α + + {r r}^{{{u u}}}}{{β β}_{11}}} {D D.}_{i i,, j j} = = {g g}^{{r r}_{i i}^{{{u u}}}} . . H h {(({a a}_{i i,, j j}))}^{{r r}_{i i,, j j}^{{{u u}}}},,$

${D D.}_{i i,, j j}^{′ ′} = = {g g}^{{r r}_{i i,, j j}^{{{u u}}}},, 00 \leq \leq i i \leq \leq m m,, 11 \leq \leq j j \leq \leq {n no}_{i i},,$

${E E.}_{i i} = = {g g}^{\frac{{r r}^{{{u u}}} + + {r r}_{i i}^{{{u u}}}}{{β β}_{22}}},, 11 \leq \leq i i \leq \leq m m))$

其中，A为属性结构，r^{u}是该DA的唯一ID，也是A₀的ID，是每个属性集A_i的ID，E_i用于不同A_i之间的转换，这在下文中的解密部分会详细讲述。Among them, A is the attribute structure, r ^{u} is the unique ID of the DA, and it is also the ID of A ₀ , is the ID of each attribute set A _i , and E _i is used for conversion between different A _i , which will be described in detail in the decryption section below.

下级DA/用户私钥结构.(1)DA_i为下级DA授权私钥，记为DA_i+1，调用(2)DAi为该DA_i内的用户授权私钥，调用为下一级user/DA的属性结构，它必定是上一级DA的属性结构的一个子集，如A={A₀,A₁,A₂}，下一级user/DA私钥结构为Lower-level DA/user private key structure. (1) DA _i is the private key authorized by the lower-level DA, denoted as DA _i+1 , call (2) DAi authorizes the private key for the user in the _DAi , call It is the attribute structure of the next-level user/DA, which must be a subset of the attribute structure of the upper-level DA, such as A={A ₀ ,A ₁ ,A ₂ }, The structure of the next-level user/DA private key is

${SK SK}_{u u} / / {MK MK}_{i i + + 11} = = ((\overset{~ ~}{A A},, \overset{~ ~}{D D.} = = {g g}^{\frac{α α + + {r r}^{{{u u}}} + + {\overset{~ ~}{r r}}^{{{u u}}}}{{β β}_{11}}},,$

${\overset{~ ~}{D D.}}_{i i,, j j} = = {g g}^{{r r}_{i i}^{{{u u}}} + + {\overset{~ ~}{r r}}_{i i}^{{{u u}}}} . . H h {(({a a}_{i i,, j j}))}^{{r r}_{i i,, j j}^{{{u u}}} + + {\overset{~ ~}{r r}}_{i i . . j j}^{{{u u}}}},,$

${\overset{~ ~}{D D.}}_{i i,, j j}^{' '} = = {g g}^{{r r}_{i i,, j j}^{{{u u}}} + + {\overset{~ ~}{r r}}_{i i . . j j}^{{{u u}}}},, 00 \leq \leq i i \leq \leq m m,, 11 \leq \leq j j \leq \leq {n no}_{i i},,$

${\overset{~ ~}{E E.}}_{i i} = = {g g}^{\frac{(({r r}^{{{u u}}} + + {r r}_{i i}^{{{u u}}} + + {\overset{~ ~}{r r}}^{{{u u}}} + + {\overset{~ ~}{r r}}_{i i}^{{{u u}}}))}{{β β}_{22}}},, 11 \leq \leq i i \leq \leq m m))$

3.文件创建3. File Creation

用户主体为上传到云端的文件选取唯一ID,随机选取密钥FEK,对文件对称加密，即E_DEK(F)←FEK。接着用户主体调用Encrypt方法对密钥FEK加密生成密文CT，并生成由属性资源组成的访问控制树T，T=(T_PUD)OR(T_PRD),T_PUD为PUD中访问控制树，T_PRD为PRD中访问控制树。最后存储在云端的密文形式为E(F)=<CT，E_FEK(F)>.The user subject selects a unique ID for the file uploaded to the cloud, randomly selects the key FEK, and encrypts the file symmetrically, that is, E _DEK (F)←FEK. Then the user subject invokes the Encrypt method to encrypt the key FEK to generate ciphertext CT, and generate an access control tree T composed of attribute resources, T=(T _PUD )OR(T _PRD ), T _PUD is the access control tree in the PUD, T _PRD is the access control tree in PRD. The final ciphertext stored in the cloud is in the form of E(F)=<CT, E _FEK (F)>.

建立访问控制树T_PUD过程如下：The process of establishing an access control tree T _PUD is as follows:

i.为访问控制树中的每一个节点选取一个多项式q_x,多项式的阶为d_x,则d_x=k_x-1。i. Select a polynomial q _x for each node in the access control tree, and the order of the polynomial is d _x , then d _x =k _x -1.

ii.为根节点R随机选取s∈Z_p,满足q_R(0)=s，用多项式插值法随机选取q_R个值来定义多项式q_R。ii. Randomly select s∈Z _p for the root node R, satisfying q _R (0)=s, use polynomial interpolation method to randomly select q _R values to define the polynomial q _R .

iii.对于树上除根节点以外的节点x,令q_x(0)=q_parent(x)(index(x))然后再随机选取d_x个点把所有多项式定义完整。iii. For the node x on the tree except the root node, set q _x (0)=q _parent(x) (index(x)) and then randomly select d _x points to define all polynomials completely.

按照以上三步骤，再为PRD环境中创建访问控制树T_PRD。Follow the above three steps to create an access control tree T _PRD for the PRD environment.

令Y为叶节点的集合，X为转换节点的集合(只在T_PUD中用到X)，则明文M按如下公式加密：Let Y be the set of leaf nodes, and X be the set of conversion nodes (X is only used in T _PUD ), then the plaintext M is encrypted according to the following formula:

$CT CT = = + + (({T T}_{PUD PUDs},, {T T}_{PRD PRD},,$

$\overset{~ ~}{C C} = = M m \cdot &Center Dot; e e {((g g,, g g))}^{α α \cdot &Center Dot; s the s},, C C = = {h h}_{11}^{s the s},, \overset{&OverBar; &OverBar;}{C C} = = {h h}_{22}^{s the s},, \overset{^^}{C C} = = {h h}_{33}^{s the s},,$

$&ForAll; &ForAll; y the y &Element; &Element; Y Y &SubsetEqual; &SubsetEqual; {T T}_{PUD PUDs} : : {C C}_{y the y} = = {g g}^{{q q}_{y the y} ((00))},, {C C}_{y the y}^{' '} = = H h {((att att ((y the y))))}^{{q q}_{y the y}^{((00))}},,$

$&ForAll; &ForAll; y the y &Element; &Element; Y Y &SubsetEqual; &SubsetEqual; {T T}_{PRD PRD} : : {\overset{^^}{C C}}_{y the y} = = {g g}^{{\overset{^^}{q q}}_{y the y}^{((00))}},, {\overset{^^}{C C}}_{y the y}^{' '} = = H h {((att att ((y the y))))}^{{\overset{^^}{q q}}_{y the y}^{((00))}},,$

$&ForAll; &ForAll; x x &Element; &Element; X x &SubsetEqual; &SubsetEqual; {T T}_{PUD PUDs} {\overset{^^}{: : C C}}_{x x} = = {h h}_{22}^{{q q}_{x x} ((00))}))$

定义一个帮助数据W用来帮助PRD中的用户来获得明文：Define a helper data W to help users in PRD to obtain plaintext:

$W W = = e e {((g g,, g g))}^{γs γs} = = e e {((g g,, g g))}^{αs αs} \cdot \cdot e e {((g g,, g g))}^{{α α}_{33} s the s},,$

即α₃=γ-αThat is, α ₃ =γ-α

CT和W一同存储在云端。CT and W are stored together in the cloud.

4.文件访问4. File Access

用户u向云端发送请求申请访问文件，则云端将相应的密文发送给用户。用户调用利用Decrypt(CT，SK_u)算法解密：User u sends a request to the cloud to apply for accessing files, and the cloud sends the corresponding ciphertext to the user. The user invokes the Decrypt(CT, SK _u ) algorithm to decrypt:

(1)若u为PUD中用户，调用T(A)确认SK_u中的的属性是否满足访问控制树T_PUD。T(A)是从叶节点到根节点的递归方式。(1) If u is a user in PUD, call T(A) to confirm whether the attributes in SK _u satisfy the access control tree T _PUD . T(A) is the recursive way from the leaf node to the root node.

i t为叶节点，如果A_i∈A则DecryptDode(CT，SK_u,t，i)=null，如果att(t)=a_i，j∈A_i,A_i∈A，则i t is a leaf node, if A _i ∈ A then DecryptDode(CT, SK _u , t, i) = null, if att(t) = a _{i, j} ∈ A _i , A _i ∈ A, then

$DecryptDode DecryptDode ((CT CT,, {SK SK}_{u u},, t t,, i i))$

$= = e e (({D D.}_{i i,, j j},, {C C}_{t t})) / / e e (({D D.}_{i i,, j j}^{' '},, {C C}_{t t}^{' '}))$

$= = e e ((g g,, g g)) {r r}_{i i}^{{{u u}}} \cdot \cdot {q q}_{t t} ((00))$

ii t为非叶节点，定义t的孩子节点为z，B_t为满足门限的k_t个z节点的集合，S_z为k_x个z节点的label集合，定义F_z=DecryptDode(CT，SK_u,t，i)为T中任意节点与A中属性的判定结果，如果没有这样的集合S_z,则F_z=⊥。如果有，且（1）label i∈S_z,（2）label i′∈S_z且存在i′≠i,则z是一个转换节点，令DecryptDode(CT，SK_u,z,i′)=F′_Z，如果i≠0（不在A₀内）将F′_Z转换成F_z：ii t is a non-leaf node, define the child node of t as z, B _t is the set of k _t z nodes that meet the threshold, S _z is the label set of k _x z nodes, define F _z =DecryptDode(CT, SK _u , t, i) is the judgment result of any node in T and the attribute in A, if there is no such set S _z , then F _z =⊥. If yes, and (1) label i∈S _z , (2) label i′∈S _z and there exists i′≠i, then z is a transition node, let DecryptDode(CT,SK _u ,z,i′)= F′ _Z , if i≠0 (not in A ₀ ) convert F′ _Z to F _z :

${F f}_{z z} = = e e (({\overset{^^}{C C}}_{z z},, {E E.}_{i i} / / {E E.}_{\overset{` `}{i i}})) \cdot \cdot {F f}_{z z}^{' '} = = e e {((g g,, g g))}^{{r r}_{i i}^{{{u u}}} \cdot &Center Dot; {q q}_{z z} ((00))}$

否则 $F_{z} = \frac{e ({\hat{C}}_{z}, E_{\overset{'}{i}})}{F_{z}^{'}} = e {(g, g)}^{r^{{u}} \cdot q_{z} (0)} .$ otherwise $f_{z} = \frac{e ({\hat{C}}_{z}, {E.}_{\overset{'}{i}})}{f_{z}^{'}} = e {(g, g)}^{r^{{u}} \cdot q_{z} (0)} .$

iii 根据lagrange性质，计算父节点t时，iii According to the lagrange property, when calculating the parent node t,

$F_{t} = Π_{z &Element; B_{t}} F_{Z}^{Δ_{k}, B_{z}^{'} (0)} = \{\begin{matrix} e {(g, g)}^{r_{i}^{{u}} \cdot q_{t} (0)}, & i &NotEqual; 0 \\ e {(g, g)}^{r^{{u}}}, & i = 0 \end{matrix}\},$ 其中 $f_{t} = Π_{z &Element; B_{t}} f_{Z}^{Δ_{k}, B_{z}^{'} (0)} = \{\begin{matrix} e {(g, g)}^{r_{i}^{{u}} &Center Dot; q_{t} (0)}, & i &NotEqual; 0 \\ e {(g, g)}^{r^{{u}}}, & i = 0 \end{matrix}\},$ in

k=index(z),B′_z={index(z):z∈B_t}k=index(z),B′ _z ={index(z):z∈B _t }

iv R为根节点，iv R is the root node,

${F f}_{r r} = = e e {((g g,, g g))}^{{r r}^{{{u u}}} \cdot &Center Dot; {q q}_{r r} ((00))} = = e e {((g g,, g g))}^{{r r}^{{{u u}}} \cdot &Center Dot; s the s}$

则解密过程如下：Then the decryption process is as follows:

$\frac{\tilde{C} \cdot F_{r}}{e (C, D)} = \frac{M \cdot e {(g, g)}^{α \cdot s} \cdot e {(g, g)}^{r^{{u}} \cdot s}}{e (g^{s \cdot β_{1}}, g^{\frac{(r^{{u}} + α)}{β_{1}}})} = M$ 得到明文。 $\frac{\tilde{C} \cdot f_{r}}{e (C, D.)} = \frac{m &Center Dot; e {(g, g)}^{α &Center Dot; the s} &Center Dot; e {(g, g)}^{r^{{u}} &Center Dot; the s}}{e (g^{the s \cdot β_{1}}, g^{\frac{(r^{{u}} + α)}{β_{1}}})} = m$ get plaintext.

(2)若u为PRD中用户，调用T(A)确认SK_u中的的属性是否满足访问控制树T_PRD，解密过程和CP-ABE过程类似，(2) If u is a user in PRD, call T(A) to confirm whether the attributes in SK _u satisfy the access control tree T _PRD , the decryption process is similar to the CP-ABE process,

${F f}_{r r} = = DecrptNode DecrptNode ((CT CT,, {SK SK}_{u u},, R R))$

$= = e e {((g g,, g g))}^{r r {\overset{^^}{q q}}_{R R} ((00))} = = e e {((g g,, g g))}^{rs rs},,$

利用W得到明文Use W to get the plaintext

$M m = = \frac{\overset{~ ~}{C C} \cdot \cdot ((\overset{^^}{C C,,} \overset{^^}{D D.}))}{{F f}_{r r} . . W W} = = \frac{M m \cdot \cdot e e {((g g,, g g))}^{αs αs} e e {((g g,, g g))}^{(({α α}_{33} + + r r)) s the s}}{e e {((g g,, g g))}^{rs rs} e e {((g g,, g g))}^{((α α + + {α α}_{33})) s the s}}$

5.文件撤销5. File revocation

用户要撤销文件，只需要将文件ID和自己的签名发送到云端。云端确认是该用户主体发出的请求后就将该文件删除。To revoke a file, the user only needs to send the file ID and his own signature to the cloud. After the cloud confirms that it is the request sent by the user subject, the file is deleted.

6.属性撤销6. Attribute revocation

MAH-ABE具有高效的属性撤销机制。在DA为用户分配属性施时为每一个属性集增加一个失效时间(expiration_time)X。在访问控制树中的属性含有时间属性Y，如果X≥Y,且属性相匹配，则能访问该文件。用户就可以通过改变时间属性的值来控制用户的访问权限。MAH-ABE has an efficient attribute revocation mechanism. When DA assigns attributes to users, an expiration time (expiration_time) X is added to each attribute set. The attributes in the access control tree contain the time attribute Y, if X≥Y, and the attributes match, the file can be accessed. The user can control the user's access rights by changing the value of the time attribute.

用户属性撤销.该任务主要由用户所属的DA完成。User attribute revocation. This task is mainly completed by the DA to which the user belongs.

(1)DA计算出能使用户访问权限撤销的最小属性集Minim alSet(A)→A_min，A_new=A-A_min，使得T(A_new)返回空。(1) DA calculates the minimum attribute set MinimalSet(A)→A _min that can revoke the user's access right, A _new =AA _min , so that T(A _new ) returns empty.

(2)对A_min中的每一个属性集赋予新的失效时间，并生成相应的新的私钥组件， $keyUpdate (S k_{u}, t_{i}^{new}) &RightArrow; {Sk}_{u}^{new} = {A_{\min}, {D_{i \cdot j}^{new}, {D_{i, j}^{'}}^{new}}_{&Element; A \min}}$ (2) Assign a new failure time to each attribute set in A _min , And generate the corresponding new private key component, $keyUpdate (S k_{u}, t_{i}^{new}) &Right Arrow; {Sk}_{u}^{new} = {A_{\min}, {{D.}_{i &Center Dot; j}^{new}, {D.}_{i, j}^{'}^{new}}_{&Element; A \min}}$

(3)发回给用户。send(Sk_u)这里采用懒惰重加密，即用户在下次登录系统的时候会自动更新用户的私钥，而不需要及时更新，避免给系统造成负担。(3) send back to the user. send(Sk _u ) here adopts lazy re-encryption, that is, the user's private key will be automatically updated when the user logs in to the system next time, and does not need to be updated in time to avoid burdening the system.

文件属性撤销.如果用户想更新文件的访问权限，只需要改变叶节点的失效时间，再将相应的更新信息发送到云端，通过云端代理加密。因为云端只得到一部分的节点属性信息，无法就此推断出整个明文，数据的安全隐私得到了保护。(1)设置需要更新的叶节点的属性集合为Ymin。File attribute revocation. If the user wants to update the access rights of the file, he only needs to change the expiration time of the leaf node, and then send the corresponding update information to the cloud, which is encrypted by the cloud proxy. Because the cloud only obtains part of the node attribute information, it is impossible to deduce the entire plaintext from this, and the security and privacy of the data are protected. (1) Set the attribute set of the leaf node to be updated as Ymin.

(2)更新叶节点的失效时间，生成新组建(2) Update the failure time of leaf nodes and generate new components

${y the y}_{i i} &Element; &Element; {Y Y}_{min min},, updateAttFile updateAttFile (({y the y}_{i i},, {t t}_{i i})) &RightArrow; &Right Arrow; {{{y the y}_{i i}^{new new},, {C C}_{{y the y}_{i i}}^{new new},, {C C}_{{y the y}_{i i}}^{' ' new new}}}$

(3)更新访问控制树叶节点内容 $y_{i} &Element; Y \min, update (C_{y_{i}}, C_{y_{i}}^{'}) &RightArrow; C_{y_{i}}^{new}, C_{y_{i}}^{' new},$ 删除废弃的节点y_i∈{Y-Ymin}，delete (3) Update the content of the access control leaf node ${the y}_{i} &Element; Y \min, update (C_{{the y}_{i}}, C_{{the y}_{i}}^{'}) &Right Arrow; C_{{the y}_{i}}^{new}, C_{{the y}_{i}}^{' new},$ Delete obsolete nodes y _i ∈ {Y-Ymin}, delete

(4)输出新密文 ${CT}^{new} = (T^{new}, \tilde{C}, C, \overset{&OverBar;}{C}, &ForAll; y &Element; Y : C_{y^{new}}^{'}, &ForAll; x &Element; X : {\hat{C}}_{x}) .$ (4) Output new ciphertext ${CT}^{new} = (T^{new}, \tilde{C}, C, \overset{&OverBar;}{C}, &ForAll; the y &Element; Y : C_{{the y}^{new}}^{'}, &ForAll; x &Element; x : {\hat{C}}_{x}) .$

为了方便描述，我们假定有如下应用实例：For the convenience of description, we assume the following application examples:

一个数据属主O将一个文件F存储在云端，用户U向可信机构申请获得私钥，然后向云端发起对文件F的访问。数据属主对文件执行三个操作：1.撤销相关用户的属性。2.更新访问控制结构树。3.删除该文件。则其具体实施方式为：A data owner O stores a file F in the cloud, and the user U applies to a trusted organization for a private key, and then initiates access to the file F to the cloud. The data owner performs three operations on the file: 1. Revokes the attribute of the relevant user. 2. Update the access control structure tree. 3. Delete the file. Then its specific implementation method is:

（1）可信机构首先随机选择生成元，生成双线性群和双线性映射，接着选择PUD领域的密钥层次，生成PUD的主密钥和公钥。主密钥保留，公钥公开。(1) The trusted organization first randomly selects generators to generate bilinear groups and bilinear maps, and then selects the key hierarchy in the PUD field to generate the master key and public key of the PUD. The master key is kept and the public key is made public.

（2）可信机构接着生成PRD的主密钥和公钥。主密钥保留，公钥公开。(2) The trusted authority then generates the master key and public key of the PRD. The master key is kept and the public key is made public.

（3）可信机构分配下一级可信子机构的主密钥(有子机构的时候分配)。(3) The trusted organization distributes the master key of the next level trusted sub-organization (distributed when there are sub-organizations).

（4）数据属主为上传到云端的文件F选取唯一ID,对文件对称加密，保留密钥K。(4) The data owner selects a unique ID for the file F uploaded to the cloud, encrypts the file symmetrically, and retains the key K.

（5）数据属主选取PUD领域属性集组成访问控制树T_PUD，选取PRD领域属性集组成访问控制树T_PRD，用两种树对密钥K加密生成密文CT，并发送到云端。(5) The data owner selects the PUD domain attribute set to form the access control tree T _PUD , selects the PRD domain attribute set to form the access control tree T _PRD , encrypts the key K with the two trees to generate the ciphertext CT, and sends it to the cloud.

（6）用户向可信机构提供相关信息，申请相关领域的合法用户权限。如果申请PUD领域的权限，执行(7),申请PRD领域的权限执行(8)。(6) The user provides relevant information to the trusted organization and applies for legal user authority in the relevant field. If applying for the authority of the PUD field, execute (7), and apply for the authority of the PRD field to execute (8).

（7）可信机构根据用户提交的信息，判断该用户能否申请到PUD领域的权限。如果不能，则返回空。如果能，将根据该用户提供的信息发送给对应的可信子机构(符合条件的子机构可能不止一个)。不同的子机构分配给该用户不同的角色属性集。最后生成相关的密钥组件SK，发送给用户。(7) The trusted organization judges whether the user can apply for permission in the PUD field based on the information submitted by the user. If not, return empty. If yes, send the information provided by the user to the corresponding trusted sub-organization (there may be more than one qualified sub-organization). Different sub-organizations assign different sets of role attributes to the user. Finally, the relevant key component SK is generated and sent to the user.

（8）PRD根据用户提交的信息，判断该用户能否申请到PRD领域的权限。如果不能，则返回空。如果能，将根据该用户提供的信息分配对应的数据属性，生成密钥组件SK,发送给用户。(8) Based on the information submitted by the user, PRD judges whether the user can apply for permission in the PRD field. If not, return empty. If yes, the corresponding data attribute will be assigned according to the information provided by the user, and the key component SK will be generated and sent to the user.

（9）用户U向云端发起对文件F的访问，云端返回密文CT,用户输入私钥SK，和相关领域的访问控制树T进行匹配，若匹配则执行(10),若不匹配,则执行(11)。(9) The user U initiates access to the file F to the cloud, the cloud returns the ciphertext CT, the user enters the private key SK, and matches it with the access control tree T of the relevant field. If it matches, execute (10), if it does not match, then Execute (11).

（10）返回给用户文件F的密钥K，解密后获得文件F。(10) Return the key K of the file F to the user, and obtain the file F after decryption.

（11）返回空。(11) returns empty.

（12）数据属主向可信机构发出通知，递交相关属性序列S和失效时间，委托可信机构更新S对应的相关用户。(12) The data owner sends a notification to the trusted organization, submits the relevant attribute sequence S and expiration time, and entrusts the trusted organization to update the relevant users corresponding to S.

（13）可信机构向相关可信子机构发出通知，可信子机构更新相关属性的失效时间，生成新的私钥组件，发送给相关用户。(13) The trusted organization sends a notification to the relevant trusted sub-organization, and the trusted sub-organization updates the expiration time of the relevant attributes, generates a new private key component, and sends it to the relevant user.

（14）数据属主向云端发出通知，递交相关属性序列S和失效时间，委托云端更新访问控制结构树T。(14) The data owner sends a notification to the cloud, submits the relevant attribute sequence S and expiration time, and entrusts the cloud to update the access control structure tree T.

（15）云端接收到更新信息后，生成相关组件，最后更新到相关访问控制树中。(15) After the cloud receives the update information, it generates relevant components and finally updates them to the relevant access control tree.

（16）云端输出新密文CT,替换原来的密文。(16) The cloud outputs new ciphertext CT to replace the original ciphertext.

（17）用户属主撤销文件：将文件ID和自己的签名发送到云端。(17) User owner revocation file: Send the file ID and your own signature to the cloud.

（18）云端确认签名后将该文件删除，返回属主删除成功的信息。(18) The cloud deletes the file after confirming the signature, and returns the information that the owner deleted it successfully.

（19）全过程结束。(19) The whole process is over.

Claims

1., based on a cloud computing safety access control method for encryption attribute, it is characterized in that the step that the method comprises is:

Step 1). divide two kinds of user environments, public sphere PUD and private domain PRD;

Step 2). trust authority is Stochastic choice generator first, generates Bilinear Groups and bilinear map, then selects the key hierarchy in PUD field, and generate master key and the PKI of PUD, master key retains, and PKI is open;

Step 3). trust authority utilizes step 2) Bilinear Groups that generates and bilinear map, generate master key and the PKI of PRD, master key retains, and PKI is open;

Step 4). trust authority creates the lower credible clamp mechanism of one deck, distribute ground floor attribute individuality or community set, and generate master key, lower one deck trust authority can create less clamp mechanism, distribute second layer attribute individuality or community set, second layer attribute individuality or community set are the subset of ground floor attribute individuality or community set, and distribute key, the like;

Step 5). user provides relevant information to trust authority, the validated user authority of application association area, if the authority in application PUD field, performs step 6), the authority in application PRD field performs step 7);

Step 6). the information that trust authority is submitted to according to user, judges that can this user apply for the authority in PUD field, if can not, then return sky; If can, will send to corresponding credible clamp mechanism according to this user profile, corresponding credible clamp mechanism distributes corresponding attribute individuality or community set, generates a key module, sends to user; Redirect performs step 8);

Step 7). the information that trust authority is submitted to according to user, judges that can this user apply for the authority in PRD field, if can not, then return sky, if can, by data attribute corresponding for the information distribution that provides according to this user, generate key module, send to user;

Step 8). data owner is that the file uploading to high in the clouds chooses unique identification to file symmetric cryptography, retain key, and choose public sphere property set composition public visit control tree, choose the private visit of private domain's property set composition and control tree, with two kinds of trees to file key encryption generating ciphertext, and be sent to high in the clouds;

Step 9). user initiates the access to file to high in the clouds, high in the clouds returns the ciphertext of respective file, user's input step 6) or 7) private key in key module, mate with the access control tree T in ciphertext, if coupling obtains respective file key, obtain file after deciphering, if do not mate, return sky;

Step 10). data owner give notice to trust authority, cancels associated user's attribute, submits association attributes sequence and out-of-service time, entrusts trust authority to upgrade associated user's authority;

Step 11). trust authority is given notice to relevant credible clamp mechanism, and credible clamp mechanism upgrades the out-of-service time of association attributes, generates new private key assembly, sends to associated user;

Step 12). data owner give notice to high in the clouds, upgrades access control tree, submit association attributes sequence and out-of-service time, entrusts high in the clouds to upgrade access control structure tree;

Step 13). after high in the clouds receives lastest imformation, generate associated component, final updating in relevant access control tree, and exports new ciphertext, replaces original ciphertext;

Step 14). user owner cancels file, and file identification and the signature of oneself are sent to high in the clouds;

Step 15). by this file erase after high in the clouds confirmation signature, return owner and delete successful information.

2. the cloud computing safety access control method based on encryption attribute according to claim 1, is characterized in that, described public sphere PUD, and its key structure is hierarchical encryption structure, and described trust authority is the gradational trust authority of tool.

3. the cloud computing safety access control method based on encryption attribute according to claim 1, it is characterized in that, access control tree controls tree for public visit and private visit controls two kinds, tree, and the node that public visit controls in tree exists association node, supports the access of federation properties collection.