Research On Identity Authentication And Data Access Control Schemes In Cloud Computing

Cloud computing as a new paradigm of information service is raising an innovation wave of information technology and sweeping all over the world. However, mobile users lose their controls on physical equipments in cloud computing, even cannot guarantee the security and confidentiality of information resources. Therefore, data security and user privacy concerned by mobile users have became the key technical bottleneck in the large-scale development of cloud computing. As important security defenses, identity authentication and encrypted data access control can manage the access of user and data through the list of“identity-attribute-key",so as to guarantee the security of cloud system.This paper investigates three-factor-based user identity authentication schemes and attribute-based encrypted data access control schemes, so as to provide effective solutions for unified remote user identity authentication and encrypted data access control in cloud computing environments. The specific works in this paper are listed as follows.In the design and analysis of remote user identity authentication schemes: ? We propose an anonymous identity authentication scheme based upon password, mobile device and biometrics in single server architecture. The analysis shows that our proposal not only achieves secure authentication, good user experience and friendliness, but also guarantees user privacy from being compromised. ?In order to accommodate the multiserver architecture in cloud computing, we propose a three factor-based remote user anonymous identity authentication scheme with a trusted center. It not just makes up the security flaws in Li et al.'s scheme, but also supports forward security about the session key, and provides optional security level and privacy preservation mode. Finally, the analysis shows that our proposal is more secure, robust and practical.In the design of the encrypted data access control schemes:? We present an improved ciphertext-policy attribute-based encryption(CP-ABE) scheme in single attribute authority architecture, and construct an encrypted data access control solution that is suitable for mobile users in hybrid cloud system. Our scheme splits the original secret keys into a control key, a decryption key and a set of transformation keys. Our construction not just achieves flexible attribute alteration, but also supports efficient outsourcing computation with verification mechanism. The analysis shows our scheme is secure,flexible and robustness. ? In multiple attribute authority architecture,we propose an improved multi-authority CP-ABE scheme. Our scheme achieves fine-grained access control on encrypted data without any trusted center or extra interaction among multiple authorities.Furthermore, we extend our scheme to apply attribute-based access control in proxy-based multicloud environment. In addition, proxies can promote the collaborated access control among multiple clouds. The analysis indicates that our construction is secure, flexible and practical for mobile users in proxy-based multicloud system.Finally, we present a framework of unified access control management on identity authentication and encrypted data in cloud computing environments. Our framework combines identity, attribute,and key through access control list to integrate our proposed authentication schemes with data access control schemes. It helps to achieve unified access control management on user identity and encrypted data in cloud computing.