支持撤销的多授权中心访问控制方案

为了缓解单授权中心的计算压力，近些年提出了多授权中心的访问控制方案.这些方案对于用户及属性的撤销问题并没有有效地解决.本文提出了一种基于CP-ABE的支持用户和属性撤销的多授权中心访问控制方案.通过引入密钥加密密钥（key encryption key，KEK）树实现用户和属性层级的撤销，同时将计算压力分散给多个授权中心，并将部分解密交给云服务器，减少了用户的计算消耗.通过安全性证明和实验结果表明，方案可以抵御合谋攻击，同时有效地降低撤销过程中密文和密钥更新的消耗时间.￣ 

A Multi-Authorities Access Control Scheme Supporting Revocation

In recent years, in order to alleviate the pressure on the calculation of a single authorization center, multi-authorities access control schemes were proposed. But these schemes are inefficient in the revocation of user and attribute level. In this paper, a scheme was proposed based on multi-authorities and the key encryption key (KEK) tree was used to achieve revocation. In the scheme, the computation load was distributed to multi-authorities center and partial decryption was transferred to the cloud server. The security proof result shows that the scheme can resist collusion attack, and experiment results show that the scheme can effectively reduce the time consumption of ciphertext and key update in revocation process.