Access Control Mechanism In Cloud Storage Based On Attribute-based Encryption

With the rapid development of cloud computing,cloud storage services become more economical and convenient,and data can be uploaded to the cloud storage at very low cost.Considering the efficiency and cost issues,more and more individuals and enterprises choose to outsource their data to cloud storage for sharing.The benefits of higher efficiency and lower costs,security issues are exposed.The cloud storage cannot be completely trusted as a third party service,the need for an access control mechanism to solve the data security problem is very strong.The attribute-based encryption(ABE)access control technology solves the problems of the traditional access control technology,such as the coarse-grained control,the large data redundancy,and the poor flexibility.In the access control scheme based on ABE,the user is identified by the attributes,and the data is encrypted by specifying attributes and the logic between attributes,which reduces the burden of data owner when doing data encryption,and realizes a more flexible strategy.Because of the access control based on attribute encryption can be a good solution to the problems encountered in cloud storage,a large number of access control programs using the technology.This thesis focuses on the access control scheme based on ABE.After analyzing the advantages and disadvantages of the existing schemes,a more flexible and efficient scheme is proposed.The main work of this thesis is as follow:(1)Introducing the background and significance of access control schemes based on ABE,and some basic theory and knowledge of attribute based encryption,the current situation of research and the existing schemes are analyzed and compared.(2)A access control scheme with time restriction key delegate is proposed,to aim at the disadvantages of existing schemes.The need of double encryption in are presented for authorization revocation recovery is improved.Combining the processing method of digital attribute in the scheme through special numeric attributes,a more convenient user authorization recovery method,and a comparative experiment with the scheme are presented.(3)Using the multi value of "AND" gate strategy as the access structure,a multi authority access control scheme is proposed,to improve the shortcomings in scheme are presented that the need for central authority to integrate keys,and to prevent the collusion attack.The updating of cipher-text and keys can be outsourced to the cloud storage without exposing plaintext.At the same time,the calculation efficiency comparison and simulation experiment are conducted.