Research On Attribute-based Encryption Mechanism In Cloud Storage

Cloud computing is a new promising computing model. It is built on the architecture which is virtualized, paralleled and distributed. It makes distributed computing nodes into a sharing of virtual pool with the virtualization technology to provide users inexpensive service. Users need no longer to spend much to purchase hardware and software equipment but can get powerful computing and storage capacity with the use of cloud computing.As a basic service of cloud computing, Cloud storage successfully solved the large amount of data information storage problems. Unfortunately, It also caused more and more security issues. Cloud storage providers are not always fully trustable business companies. Exposing data in untrusted environments will easily get security threats from all sides, such as malicious attackers, internal malicious staff snooping etc. Therefore, the protection of data security and privacy is a big challenge. The most widely used security technologies is Encryption. Under the cloud storage environment, attribute-based encryption is a promising cryptographic techniques. It performs well in solving the problems of cloud storage, such as data confidentiality, fine grained access control, key management distribution. With the ciphertext policy or key policy in access control, It become flexible, changeable, and the user's permissions is easy described and explained. It has the characteristics of high efficiency, dynamic, flexibility and privacy. In this paper, we have made some researches on the attribute-based encryption in cloud storage:This paper analysis two large space based attribute-based encryption scheme, summarized the problems existed in the structure matrix in linear secret sharing scheme, and introduced the transformation of the access structure tree to the linear secret sharing. Then, We proposed an online/offline attribute based encryption scheme which is based on access structure tree. We use the access control tree in access policy, and divide the key generation and encryption into online/offline phases. Key generation and encryption in online phase can be done in a very short time. It avoid the problem that key could not be formed when constructing access control structure and meet the requirement that masses of encryption services in cloud storage. We made verification through the experiment based on jpbc and analsised the advantages and disadvantages of our scheme.To solve the problem of large computation in decryption and key tracing, We proposed a new attribute-based encryption scheme suitable for cloud storage. After adding a factor into users' secret key, the cloud decryption server generates a decryption recording table T. Data providers can monitor users' decryption behavior at any time. The scheme provide a reference factor to detect malicious users. After querying table T, data providers can quickly check significance of the key and get users' identity associating with the key. On the other hand, most of the decryption operation is transformed to the cloud decryption server. Users need only one exponential operation to recover the plaintext which largely reduce the client decryption work.We make analysis for our scheme and prove it is secure. Then,we verify the scheme by experiment based on jpbc. Analysis shows that the proposed scheme is secure, high-efficiency and traceable for key management in cloud storage.