Research On Hierarchical Key Management And Attributebased Encryption For Data Sharing In Cloud Computing

With the explosive growth of users' data,data storage problem becomes more and more independent and intractable.The cloud storage service is just to cater to this market opportunity,which could provide outsourced storage solution for resource-constrained multitenant.In cloud storage systems,the users' data is stored on remote servers,and managed by cloud server providers.However,the cloud service providers may be run in the honest-butcurious model or the malicious model.The cloud storage systems should provider the function of privacy protection for preventing the unauthorized sharing on outsoured data from the user perspective.Thus,how to share the outsourced data to multiple users with secure,flexible and scalable in cloud storage mode is a pressing problem.This thesis maily research this issue from the aspects of access control on ciphertext domain,or rather hierarchical key management and attribute-based encryption.The main contributions are described as follows:(1)For fine-grained data sharing with dynamical sharing permissions in cloud computing,multi-privilege group key management and hierarchical key management require the data owner to update the system public imformation.Moreover,the data owner in hierarchical key management scheme needs to communicate with users who are in the involved groups in a point to point manner.It will have a risk of a single point of failure if the hierarchical structure is complex and the number of users is large.In order to remedy this shortcoming,we propose a self-deternination hierarchical key management scheme for outsourced data sharing.This scheme integrates the design advantages of multi-privilege group key management and hierarchical key management.Its significant feature is that the data owner maintains the hierarchical structure formed by different users only through the public parameters of system.Meanwhile,the symmetrical encryption key of group can be computed by each user in that group with the way of group key agreement based on multili-near map.When the access permissions of groups or users dynamically change,not only the data owner but also the users who are in the higher level group can issue the new public parameters for lower level group.Once obtaining these new public parameters,the users with lower level could re-compute the corresponding new symmetric encryption keys by themselves.(2)Many secure hierarchical key management schemes with direct key derivation need to use symmetric encryption technology for encrypting some public parameters.Such a process will adds additional compututaion cost in Setup and Dynamical Key Management phases.By adopting the knowledge of linear geometry to process the hierarchical structure,we propose a novel hierarchical key management scheme for solving the outsourced data sharing in resource-constrained environment.In this scheme,the data owner issues one vector for each group.All of these vectors form a public matrix as the public parameters of system.The symmetrical encryption key of each group is associated with its private vector and the corresponding public vector,i.e.,the inner product of these two vectors.Given two user group and they do not statisfy the hierarchical relation,these respective private vectors are orthogonal to the mutual public vectors.Otherwise,the inner product between the private vector of higher group and the public vector of lower group is equal to the indirect key.Using this indirect key,users in higher level group can obtain the symmetrical encryption key of lower level group.The data owner just needs to update the public matrix of system when managing the dynamic access control.Through the security analysis and simulation experiments,we can see that the proposed scheme is secure and very lightweight.(3)For multi-authority cloud storage systems,we propose an attribute-based access control scheme with two-factor protection.The proposed scheme integrates two kinds of cryptological technology,i.e.,the identity-based encryption and the attribute-based encryption In our proposed scheme,any user can recover the outsourced data if and only if this user holds the sufficient attribute secret keys with respect to the access policy and authorization key in regard to the outsourced data.In addition,the proposed scheme enjoys the property of constant-size ciphertext.By using the server-aided re-encryption technology,our proposed scheme achieves the double-level revocation mechanism: attribute-levle revocation issued by the attribute authority and user-level revocation issued by the data owner.Moreover,the process of these two revocations doesn't need secure channels.It can resist the eavesdropping attack of the revoked users.The security analysis,performance comparison and simulation results show that the proposed scheme is not only secure but also practical for outsourced data sharing in multi-authority cloud storage systems.