Searchable Privacy Protection Cloud Service Mechanism Based On Attribute Access Control

In recent years,the rapid development of cloud computing technology allows users to buy it without much money and the maintenance cost of pre-hardware,and allows users to get the powerful computing power of cloud computing and cheap storage as required without caring about their own data storage.Cloud computing has brought us a lot of convenience,but its limitations also expose some security issues.Under the cloud environment,owning to the data out of the user's physical control,unauthorized users can obtain the information contained in the data through the cloud server.In order to ensure the safety of data in the cloud,some users store the encrypted data in the cloud.This method to some extent protects the privacy of data,but leads to the sharing problems of cloud data and the issues of service efficiency.In order to solve this problem,this thesis presents a scheme,which combines the attribute-based access control technology based on circuit structure and the searchable encryption technology based on secure index to realize multi-user ciphertext access control on cloud platform.The scheme can be divided into two stages: encryption and decryption.In the encryption phase,the data owner generates the access control policy and the keyword index,as well as encrypts the data.According to access control policies the authorization center generates encryption key.In the decryption phase,the user generates a search trapdoor which makes a search request to the cloud server.The cloud server will verify the user's attributes.If the user's attributes meet the requirements,the cloud server will search for the ciphertext and return the results to the user.Finally,the user can decrypt the ciphertext and get the plaintext.In this thesis,in order to reduce the huge computational pressure of the encryption and decryption phase,this thesis studies how to introduce a semi-trusted proxy server in the cloud environment.Under the guarantee of file content,undisclosed keyword information and user privacy,scheme in this thesis will generate keyword index and authorize the operation of pre-decryption to the proxy server;and will make full use of the powerful computing power of cloud computing;and will reduce the user's local costs.In this way,the availability of scheme can further be improved.At the end of this thesis,the security analysis and efficiency analysis of the scheme are given.The analysis shows that this scheme has high security and good performance.