Abstract: In attribute-based encryption schemes, access policy may contain some sensitive information, how to achieve policy hidden and have abundant expressive ability of access policy at the same time is one of the urgent problems in the cloud computing environment. Users’ attributes often change in the system, so attribute revocation has become a hot spot of research in recent years. In this paper, a hierarchical access control scheme with hidden policy is proposed. To solve the problem of attribute revocation, the technique of proxy re-encryption is integrated into CP-ABE scheme. Compared with the previous schemes, the scheme both protect the policy and has flexible access control capability. Furthermore, the hierarchical authorization structure which reduces the burden and risk in the case of one single authority making the scheme secure.

Key words: cloud computing, CP-ABE, access control, hidden policy, attribute revocation

摘要： 在属性加密方案中，访问策略中可能包含一些敏感信息，如何在具备丰富的策略表示能力的同时实现访问策略的隐藏已成为云计算环境中亟待解决的问题之一。另外，考虑到在系统中用户的属性会有经常性的变更，属性撤销也成为近年来研究的一个热点。提出一种基于属性策略隐藏的层次化访问控制方案，融合代理重加密技术和CP-ABE方案，解决属性撤销的问题。与之前的方案相比，既保护了策略的隐私，又具有较灵活的访问控制能力，并且引入层次化授权结构，减少了单一授权的负担和风险，提高了安全性。

关键词: 云计算, CP-ABE, 访问控制, 隐藏策略, 属性撤销