Research On Access Control Technology With Attribute-based Encryption In Cloud Storage

Cloud computing is a new interactive mode of Internet-based related service,which uses virtualization technology to abstract the underlying hardware and software resources to shield the heterogeneity so that enterprises and users can access to computers and storage systems.As the basic function in cloud computing,cloud storage solves the problem of data storage,but its security problem is also very prominent.If the security problem can't be solved,It not only limits the application service scope of cloud computing,but also poses a great potential for the privacy and data security of cloud platform users.One of the most critical security issues is the access control problem.The Attribute-Based Encryption(ABE)scheme can embed an access control policy in a ciphertext or a key.As a fine-grained data encryption scheme,it is an important solution to solve the access control problem in an open network environment.This thesis has carried on the research of attribute-based encryption access control technology.The specific work is as following:1.Review the current research status of attribute-based encryption access control technology at home and abroad,and expounds the practical significance of research.Introduce the basic ABE access control system model.Analyze the security hypothesis and security model for basic ABE access control system model.2.An policy-hidden attribute-based encryption scheme with traceable keys is proposed for the problem of access policy leaks privacy,key abuse and not resistant to user collusion attacks in a scheme based on attribute encryption.In this scheme,the user attribute set which expressed a multi-value and gate structure is converted into a access tree,hiding the privacy information of the access structure.The scheme solve the problem of key abuse by adding a tracking factor to the key by combining the signature mechanism.It uses two-factor authentication mechanism to solve the problem of user collusion attack.It was comprehensively analyzed from three aspects: characteristic analysis,security analysis and performance analysis.3.An policy-hidden attribute-based encryption scheme supporting cipher-text verifiability is proposed for the problem of the verification of the correctness of the encryption and decryption calculation results and user dynamic cancellation.It uses the digital signature technology to implement the correctness of the verifiable encryption and decryption calculation results.It uses two-factor authentication mechanism to implement dynamic undo of users.Compare and analyze the strengths and weaknesses of the scheme with existing scheme.The innovation of this thesis includes:1.An policy-hidden attribute-based encryption scheme with traceable keys is proposed.The scheme implements anonymous authentication of user identity,complete hiding of access structure,and white box traceability of keys.Under the premise of not affecting the encryption and decryption efficiency,it can effectively resist the choice of plaintext attack,user collusion attacks and realize the indistinguishability of ciphertext;At the same time,it reduces the communication cost and calculate cost by reducing the number of bilinearity operations.2.An policy-hidden attribute-based encryption scheme supporting cipher-text verifiability is proposed.The scheme realizes the complete hiding of the access policy,realizes the dynamic revocation of the user.It uses the digital signature technology to implement the correctness of the verifiable encryption and decryption calculation results.Security analysis shows that the solution can resist selective plaintext attacks.