Research On Attribute-based Access Control Technology In Cloud Computing

Cloud computing has become a research hotspot due to its renowned advantages, such as flexibility, high scalability. Online data sharing is one of the most promising cloud applications. In cloud computing, user stores large data for ease of data sharing and cost saving on local management. At the same time, cloud service provider is the manager of the data. And key authority has more power than ever. However, they cannot be fully trusted entities because they may leak user's data for benefits. Therefore, how to efficiently and securely share the data stored in cloud becomes one of the most challenges. Access control can protect system information and resources through appropriate access policies and management technologies. As the first line of defense, it is paramount that prevents unauthorized access to the shared data. In order to protect the security and privacy of user data in cloud, we require further research the security requirements of cloud platform and development some security and efficient access control schemes.Ciphertext policy attribute based encryption(CP-ABE) is a useful encryption technology for secure data sharing in cloud computing. The paper deeply analyzes the related work of access control in cloud computing, based on CP-ABE, under the premise of ensuring the security of user data, focusing on how to reduce storage cost and computation overhead on the user, and a series of suitable for cloud environment CP-ABE schemes are proposed.Specifically, major contributions of this dissertation are summarized as the following four aspects:1. An efficient and security file hierarchy CP-ABE scheme is proposed for high-resolution the problem of multiple hierarchical files sharing. According to the characteristics shared file with the multi-level hierarchical, we proposed the layered model of access structure. During the phase of encryption, the hierarchical files are encrypted by using the integrated access structure. The ciphertext components related to attributes could be shared by the files. Thus, both time cost of encryption and ciphertext storage are reduced. At the same time, transport node and related calculation are introduced in the integrated access structure. So, the decryption nodes related to access structure could also be shared in decryption. And the decryption cost can also be reduced. Analysis results show that the proposed scheme is not only proved to be CPA secure under the DBDH assumption, but also shows its high efficiency in performance analysis.2. A flexible attribute expression CP-ABE scheme is revisited in cloud computing in order to resolve the problems of key escrow and attribute expression. In this scheme, the key escrow problem is solved by two methods: secure two-party key issuing protocol for cloud computing and BLS shore signature scheme. They can ensure that neither key authority nor cloud service provider can generate the whole secret keys of users individually. Moreover, the weighted attribute is provided to enhance the attribute expression, which can not only extend attributes from binary state to arbitrary states, but also reduce the complexity of access policy. Therefore, both ciphertext storage and time cost in encryption are saved. In addition, we conduct and implement experiment for the proposed scheme. The simulation shows that it is efficient both in terms of computation complexity and storage cost. And the security of the proposed scheme is also proved under the generic group model.3. A compact and outsourced decryption CP-ABE scheme is proposed in order to save storage cost and computation overhead of users. In CP-ABE scheme, to reduce the storage cost of user's key and the time cost of decryption, our scheme is provided. And access structure associated with ciphertext can support three policies: AND, OR, and Threshold. At the same time, it can verify the result of outsourcing decryption only using some hash computations and XOR operations. Based on the a MSE- DDH problem, the proposed scheme is proved to be CCA secure in the random oracle model. In addition, the analyses show that it is efficient to achieve access control in cloud computing, especially when the terminal devices associated with user are constrained.4. A fast and full outsourced CP-ABE scheme is proposed in order to mitigate the computational cost at user and key authority sides. The reason is that most CP-ABE schemes suffer from the problems of the computational complexities in terms of key generation, encryption, and decryption. It can implement key generation outsourcing, encryption outsourcing and decryption outsourcing. In the proposed scheme, the whole work of the system can deliver expensive computational tasks to some semi-trusted third parties, expect the phase of system initialization. Thus it leaves a constant number of simple computations at local. It can also verify the correctness of the decryption result by using BLS short signature. In addition, efficiency analysis and experimental results show that the proposed scheme clearly lightens the load at local and is especially suitable for resource-constrained environments.In the end of this paper, we summarize our work and discuss the problems need to be researched further.