| Cloud data sharing is a typical example of cloud computing applications, which has a great application value in real-life. However, the application of cloud data sharing faces many security issues, which can be concluded to two aspects. On the one hand, there are a large number of users in the data sharing group. How to manage the cloud users safely and efficiently, how to prevent the malicious users from destroying the system and how to control the user's access to the data in the cloud, which are problems that need to be solved. On the other hand, for users, the cloud is a third party. In order to guarantee the security of data in the process of storage and transmission, the general approach is to encrypt the data and then outsource the encrypted data to the cloud. A problem is that much encrypted data in the cloud increase the difficulty of the data usage. Aiming at the problem of data sharing in cloud computing, this paper designs two secure multi-user data sharing schemes for cloud computing. The detailed shcemes can be shown as follows:1) The cloud data sharing scheme based on user authenticationMany users are involved in the cloud data sharing group. In order to ensure the security of system and data, we utilize the group signature to authenticate users'identity in the group. We suppose that only authenticated users can access the data in the cloud. Moreover, the amount of the data in the cloud is huge and it is stored as an encrypted form. In order to save the cost of storage and computation in the user side,we use the multi-owner ciphertext search technology to provide the data retrieve for users in this paper. Users' data and the corresponding keywords will be outsourced to the cloud. If one user needs a certain data, he/she can locate the data through the keyword matching, which improves the security of the data sharing and also improves the efficiency of the data utilization.2) The cloud data sharing scheme based on attribute-based encryptionThe attribute-based encryption is a secure and efficient cryptography, whicih is widely used for designing the data access control mechanism in cloud computing.Using attribute-based encryption can reduce the cost of user management and improve the scalability of the system. The attributes of one user are distributed by the attribute authorization authority. The access policies are defined by the data owner.Only one user whose attributes can satisfy the access policy,he/she can access the corresponding data. In order to improve the security of the attribute authorization,we exploit the tree-based signature to authenticate authorization entities. The proposed authentication protocol can resist many malicious attacks. Compared to the aforementioned user authentication-based data sharing scheme, the attribute-based encryption data sharing scheme can be used in large-size data sharing application scenario. |
PDF Full Text Request