| Cloud computing is a popular service paradigm,that integrates IT resources,data storage,computation capability and application as its resources,renting these resources to the clients in the on-demand manner,and the clients pay for this service as a pay-as-you-use way.This novel service model helps free enterprise and individual clients from expensive infrastructure and expertise in-house,and instead attracts more and more clients to oursouce their data and computation service to the centralized data center,due to its high-level convenience,significant price advantage,reliability and extensibility.Whereas,the role of cloud service provider is always played by some large-scale IT en-terpirses,instead of the totally trust entities in traditional paradigms.Faced with the"Semi-trust" cloud server,which is generally assumed in academia,clients' outsourced service suffers from the following newly born security threats:Firstly,this semi-trust platform is curious about clients,outsourced data content or logs.Once these private data is no longer controlled by the client itself physically,confidentiality preservation becomes one of the most critical challenges.Secondly,access control of the shared data and services cannot be enforced by the trust computing base(TCB),and the cloud service provider may leak these information to unauthorized entities for its own bene-fits.Thirdly,the concern on access control for outsourced service also includes user's privacy,trusted accounting,etc..These issues have been focused on by quite many re-searchers,and also become the big obstacle to popularize this attractive service model,as our prospective.The goal of access control is to constrain that the outsourced data and computing service can only be accessed by authorized users.Currently,for storage service,it is one of the ideal ways to outsource the shared data in encrpytion form to the assumed semi?trust cloud,leaving the access control mechanism enforced by whether the user has the capability to decrypt the ciphertext successfully.According to such cryptographic so-]ution to access control issues,the system can not only prevent cloud's curiousity about the private information,but also decouple the access control enforcement from the trust dependence for cloud platform:the service provider(or called data owner)directly des-ignate and control the access privilege for the recipients.In the past decades,attribute-based encryption has attracted broad attentions due to its fined-grained managing model for access control system in cloud storage.Especially,ciphertext-policy attribute-based encryption is the more suitable algorithm,in which,user's secret key is associated with a set of attributes,such that the encryptor could designate access policy to control the intended users,by combining arbitrary attributes and logic gates.Developing from this cryptographic model,other attribute-based access control techniques,such as signatures and anonymous authentications are also integrated to construct secure cloud comput-ing.However,current attribute-based access control schemes cannot directed applied to outsourced services in cloud,because of its poor extensibility for various servious re-quirements,inadequate suitability for new architectures,and other reasons.Firstly,the algorithm of attribute-based encryption cannot provide with effective solution to issues such as timed access privilege releasing,numeric attribute comparison,which signif-icantly affects the policy flexibility and availability of attribute-based access control.Secondly.the high-complexity algorithm in encryption and decryption is greatly as-saulting the energy-constrained terminals,so as the delay-sensitive services for the loss of user experience.Thirdly,facing the service outsourcing model,whose access control cannot be enforced by data confidentiality,signature approach alone cannot prevent thesemi-trust entities' unauthorized behaviour.Our main research work and contributions are as follows:1.Faced with the critical requirement of timed release mechanism in cloud storage,this dissertation provides fined-grained data access control,taking into account both the accessing time and user's attribute sets.In this scheme,the data owner autonomously designates every user's privilege releasing time for the shared data,and the trusted authority manages the timed releasing function to designated users.To realizing this function,this scheme helps largely save the computation,storage and communication cost of data owneres and the authority.Furthermore,this dissertation provides effective approach for structure design faced with various time-sensitive access policies.2.This dissertation provides comparable attribute-based encryption scheme.In or-der to make attribute-based encryption better suit inequality comparison for nu-meric attributes in access policy,we offer relevant solutions to it,and help to construct data access control with better flexibility and reliability.Against the fact that existing schemes have too-complex structures and still leave large room for promotion,this study uses the idea of 0/1 encoding to organize sub-attributes for numeric attributes,in order to achieve attribute comparison with computation,storage and communication cost saving.3.We provide verifiable,times-constrained fined-grained access control scheme.Faced with service outsourcing system in fog-to-cloud architecture,from perfor-mance perspective,users should enjoy the outsourced service with low latency.And,from security perspective,the access control can be realized due to the provider's rationality to enlarge its economic utility,especially,when confiden-tiality no longer works for access control enforcement.Through the combination of attribute-based access control and k-times anonymous authentication in a non-interactive manner,this scheme not only ensures the low-latency requirements,but also provides convincing credential for payment according to resource us-age.Additionally,the introduction of merkle-hash tree(MHT)prevents cloud's service amount forgery by checking sampled services,with service providers'constrained resources.4.This dissertation provides verifiable and privacy preserving data access control scheme for latency-sensitive services.In the fog-to-cloud architecture,this scheme mainly tackles terminals' constrained computation capability,and the realization of fast data query.The study firstly uses the outsourcing technique to frees own-ers' and users,computation burden.Secondly,by utilizing use's mobiliy pre-diction,the scheme can effectively use the fogs' limited caching resouces,and makes it possible to offload data beforehand.Lastly,in a lightweight way,this scheme realizes user's authentication with anonymoity and unlinkability,and fur-ther helps trusted payment between cloud,fogs and users. |
PDF Full Text Request