Binding access policies to data,Ciphertext-policy attribute-based encryption(CP-ABE)enables data access control to be independent from a certain application and lets users face data directly. It is regarded as one of the most suitable access control methods in cloud storage system and gets the attention of extensive researches. In those researches, Hierarchical cryptography architecture(HCA) is often applied to improve the efficiency of the system. There exist two open issues: illegal leakage of symmetric keys and low efficiency of revocation of an attribute of a user. We propose an Access control scheme under Hierarchical cryptography architecture(ACS-HCA). In this scheme,key derivation mechanism and forward derivation function are used to avoid the leakage of symmetric keys, All-orNothing transform is used to prevent the illegal reuse of symmetric keys, and attribute revocation is realized without re-issuing other users’ private keys. Analyses and simulations demonstrate that our scheme sustains less encrypting cost on each owner and less decrypting cost on each user, but gain high efficiency in revocation of an attribute of a user.
展开▼
