Jisuanji kexue yu tansuo (Nov 2020)
Multi-authority Access Control Scheme in Cloud Environment
Abstract
Ciphertext-policy attribute-based encryption (CP-ABE) is very suitable for data access control in cloud environment. The existing CP-ABE algorithm does not consider that the access structure of multiple files has a hierarchical relationship, and it needs to encrypt each file to realize its access control requirements, which leads to large costs. In addition, most schemes only have a single authorized institution to manage the key, which has high requirements on the computing power and honesty of the authorized institution. This paper proposes a cloud data access control scheme based on blockchain with multi-authority (BMAC). In BMAC, this paper designs a hierarchical CP-ABE algorithm, for multiple data files with hierarchical access structure, one encryption only, then visitors can decrypt part of the files when meeting some access conditions and get all files when meeting all conditions. This paper also designs a multi-authority key management method based on blockchain, which enables all authorized institutions to distribute private keys honestly and concurrently through blockchain technology. Performance and security analysis show that BMAC can effectively protect data confidentiality, resist collusion attack, achieve secure and efficient fine-grained data access control and decentralized private key distribution.
Keywords
