Research On Key Techniques Of Improving The Usability Of Cryptographic Access Control In Cloud Storage

With the rapid development of the cloud-storage technique, data security has beenwidely researched in both industry and academia. Most users want to employ cloud-storage service without destroying the original security of data. Giving the data protect-ing requirement in cloud-storage, researchers begin to use cryptographic access controlscheme for protecting data security while the data is storing and sharing online. How-ever, applying this scheme in cloud-storage will evidently increase user’s cost as well asdecrease user’s efficiency of accessing, especially when there exists large-scale data shar-ing, meager user attributes, frequent access and centralized data access. How to deal withcomplex key distribution, large cost of revoking, limit user resource and decrease extracost of cryptographic access control scheme is the key problem need to be solved in theresearch of protecting data security of cloud-storage.In this dissertation, the data security requirement is analyzed from the user’s aspect,then a cryptographic access control model of cloud-storage is built and different imple-mentations for various user types of the model is given at the same time. Based on themodel and it’s implementations, the efficiency promotion of cryptographic access controlscheme is deeply discussed in three aspects: including keys distribution promotion, poli-cies revocation optimization and access efficiency promotion. The main contributions ofthis dissertation are as follows:1. A cryptographic access control model in cloud-storage and it’s implementationsare proposed. After a deep analyzing of the data security requirement in cloud-storage,a cryptographic access control model is proposed combining the current cryptographicaccess control technique and new cryptographic technique. Then different implementa-tions of the model is gained from simple-personal user, community-personal user andenterprise user respectively. Among these implementations, basic cryptographic accesscontrol scheme can provide compact and available data protection for simple-personalusers. While the community-personal user who has more data sharing requirements em-ploys “Ciphertext-Policy Attribute-Based Encryption (CP-ABE)” which encrypts the ac-cess policy together with the data and then issues the ciphertext to cloud. This kind oftactic reduces the overhead of data sharing. Another kind of ciphertext access control im-plementation based on agency is mainly designed for business users who need more data sharing and relatively concentrated data access. This mechanism can take full advantageof the enterprise’s existing computing and storage facilities to reduce the impact of theciphertext access control mechanism on corporate staff and the original data applications.2. The key-distribution optimizing technique based on attribute union is proposed.In the ciphertext access control scheme based on CP-ABE, the encryption overhead of theCP-ABE algorithm is the key factor that affects the efficiency of key distribution. WhilethetimeofencryptionthattheCP-ABEalgorithmtakesispositivelyrelatedtothenumberof leaf nodes in the access control tree. According to certain rules, the key distributionoptimizing technique raised here can add”joint property” to the original attributes forpart of the users. As a result, the whole process of key distribution is accelerated, makingthe CP-ABE based ciphertext access control scheme suitable for large-scale data sharingapplications when user’s attributes are meager.3. The privilege revoking optimizing technique based on substituted re-encryptionis proposed. Revoking authorized user access in the ciphertext access control mechanismoften requires re-encryption of the affected data, which may produce large amounts ofcomputation cost and bandwidth overhead. An improved threhold scheme that splits thedata into multiple data blocks before the data is uploaded to cloud storage is adopted inthis privilege revoking optimizing technique. Therefore, it is impossible to reconstructany valid message from the remainders if any one of the data blocks loses. After the revo-cation of access right, the re-encryption of a data block is equivalent to re-encrypting theentire data, whichcaneffectivelylightentheextraoverheadcausedbyprivilege revoking.Thus, the ciphertext access control program is able to respond effectively to data sharingapplications where the access rights change frequently.4. The cloud storage access efficiency optimizing technique based on local agencyis proposed. Business users using cloud storage have some characteristics such as largeamount of data, frequent sharing and relatively concentrated access. Simply using theciphertext access control mechanism to protect data storage and sharing security mayreduce the access efficiency of cloud storage. In this paper, the proposed cloud storageaccess efficiency optimizing technique can deploy local agency on enterprise’s existingcomputation and storage resources. Then instead of staff, the local agency will completerelated operation of the ciphertext access control. Ultimately the impact of the ciphertextaccess control mechanism on business users is effectively reduced. Above research aimed at data security requirements for cloud storage not only en-hances the efficiency of the ciphertext access control mechanism on the premise of datasecurity but also promotes the application of ciphertext access control technique in cloudstorage. It has certain theoretical significance and practical value.