Cloud Storage Access Control Scheme And System Based On Fast Attribute Based Encryption

The cloud storage is the most basic service in cloud computing, which widely used in practical engineering. It has many advantages such as high reliability, low cost and so on. However, cloud storage service is facing the problem of data privacy protection, data security and access mechanism flexibility with the growing demand. Users pay more attention to improve the data security and the flexibility of access control, so cloud storage access control based on ABE become a hot spot of research.In view of the problem that encryption and decryption efficiency is not high in most existing ABE schemes. This paper mainly focuses on how to improve its efficiency. Combining with cloud storage access control mechanism, we designed a new cloud storage access control scheme and system based on fast ABE. The details are as follows:1) Ciphertext-policy attribute-based encryption scheme exists in multiple attribute subsets. In fact, these subsets are managed by different authorities. CP-ABE with a single authority needs to have all of attributes in order to calculate and distribute the attribute keys. Besides, center authority undertakes increasingly heavy burden with the increase of the user attributes, which can't satisfy the requirements of real applications. To solve this problem, this paper introduces multi-authority into CP-ABE scheme by using bilinear mapping and access tree structure. It makes mutual cooperation between authorities by allowing independent attribute authorities manage within the scope of its attributes, and assigning the corresponding attribute keys. By this way, it can effectively reduce the pressure of center authority and improve the system efficiency.2) The increasing complexity of access control policy and attribute numbers make encryption and key generation cost significant increased in existing ABE schemes. In response to this problem, we introduced the online/offline encryption technology into ABE scheme. The encryption process is divided into two parts: online and offline. Offline part preprocesses with a large number of complex operations in free time. So, it takes only a little simple calculations for online part to generate ciphertext. For that we propose an improved online/offline encryption multi-authority CP-ABE scheme. It proved that our scheme is the safety of CPA under the standard model, improved the efficiency greatly by theoretical analysis and experimental simulation, and get suitable for resource-limited devices.3) The decryption process requires a large number of complex bilinear pairing operations or power operations in ABE schemes. So we take a lot of bilinear pairing operations to a third party server by introducing the thought of outsourcing. Then,the sever transmits the results to user that realize decryption operation with less amount of calculation. Based on proposed scheme, we designed a fast MA-ABE scheme which is CPA security similarly. Finally, we compared with classical schemes. Experiments show that encryption and decryption efficiency of our scheme improved significantly.4) In this paper, we designed a new cloud storage access control scheme based on fast ABE, and the scheme of specific implementation process is given. Finally, we will deploy our scheme on Amazon S3 cloud storage platform and achieve a secure, efficient and fine-grained cloud storage access control system.