Access Control And Ciphertexts Search On Attribute-Based Encryption In Cloud Storage

Every coin has two sides,and cloud storage is not an exception.People have to confront more severe security risks while enjoying the decrease of terminal overhead.Under insecure circumstances,encryption is a powerful mechanism to ensure data confidentiality.However,people find it is too complicated to share the data after it is encrypted.In the conventional way,the data owner has to distribute the cryptographic key to persons who have rights to read or write the data.Afterwards,requesters who receive the key can decrypt the ciphertext and then search the plaintext for the right information.Though the traditional way of access control by key distribution and the manner of plaintext search after decryption could provide the secure sharing,they are inefficient.This makes them not suit for the application scenarios of multiple users or mass data.In contrast,access control over ciphertexts is one such proper technique that could reduce the complexity of key management,consequently decrease the terminal overhead and improve the flexibility.Efficient search over ciphertexts is another such proper technique that could realize data search without decryption,consequently eliminate the damagement towards security and efficiency caused by the transformation between plaintext and ciphertext.Therefore,pay attention to technologies of access control and efficient search over ciphertexts is of great significance to the application and development of cloud computing and storage.Until now,numerous studies in this area have been carried out.The scholars proposed ciphertext policy,key policy and dual policy attribute-based schemes to improve the flexibility of access control.They proposed multi-center management schemes which are used in the distributed cloud environment to solve the problems of performance bottleneck and power centralization presented in single authority schemes.They proposed constant ciphertext size schemes and decryption outsourcing schemes to increase the efficiency.They proposed conjunctive keyword search schemes to improve search effect which is not contentable in single word search schemes.Based on the summary of existent researches,we present three schemes,respectively on policy hiding,decryption efficiency and multi-keyword search.Then demonstrate them to be secure and practical by theoretical analysis and security proof.Afterwards,we propose a cloud storage system scheme base on practical requirements and preceding techniques to support secure data sharing.In general,the main contents of the dissertation are as follows:(1)Two attribute-based encryption schemes are presented to realize policies hiding in complex structures.Attribute-based encryption allows credible enforcement of fine grain access control in a cryptographic way,so attracts a lot attention.However,attribute-based encryption also has the privacy problem:access structures representing the control policies have to be sent along with the ciphertexts to assist decryption.So far,attribute-based encryption schemes could already hide the policies in the 'and' gate.But,the 'and' gate is too weak in flexibility to express complex access policies.On the other hand,though the trees are straightforward and flexible,they are too difficult to hide the policies.Therefore,we improve the structure of trees to make them not only straightforward and flexible,but also could utilize the method of the 'and' gate to hide the policies.(2)An attribute-based encryption scheme is presented to support online-offline encryption and outsourcing decryption.The working attribute-based encryption schemes are mostly realized on bilinear pairs of ellipse curves.They have to operate a large number of bilinear mappings and modular exponentiations during encryption and decryption.In order to ease the burdens of limited terminals,we divide the procedure of encryption into an offline phase and an online phase,and divide the decryption key into an outsourcing key and a terminal key,both of which use the idea of proxy re-cryption.Firstly,in the phase of offline encryption,the scheme creates a random ciphertext component for each attribute value.Secondly,in the phase of online encryption,the owner calculates a modification component for each related attribute value.Thirdly,in the phase of outsourcing decryption,the service provider in the cloud figures out the actual secret values by bring the random ciphertext components and the modification components into calculation,then preprocesses the ciphertext into the intermediate plaintext.As a result,most of the encryption overhead is accomplished in the offline phase,and the computation overhead of the phase of online encryption is reduced to the constant number.Most of the decryption operations are transmited from the terminal to the cloud,so significantly reduce the communication and computation overhead of the data requesters.(3)A searchable encryption scheme is presented to support non-field conjunctive keyword search and multi-user search simultaneously.There are some flaws in usual conjunctive keyword searchable schemes,such as the limitations of communication mode and search mode.Firstly,these schemes do not possess the ability of "one to more".They are inefficient due to time and again encryption when there are a lot of users.Secondly,these schemes support search operations on structured data with definite semanteme,other than the unstructured data.Then they are limited in availability.Based on the attribute-based cryptography,we realize fine grain access control over ciphertexts by encrypting keywords with access policies and generating private keys according to requesters' attributes.As a result,significantly decrease the sending nodes'overhead on communication and computation in multi-user scenarios.Based on the polynomial equation,our scheme could do search on unstructured data as well as the structured data by realizing non-field conjunctive search towards keywords.As a consequence,significantly improves the flexibility of conjunctive search.(4)A cloud storage scheme is presented to realize secure data sharing.The above schemes focus mainly on the cryptographic algorithms.They have to be enriched before they can used to construct the actual system.Further works include integrating the algorithms,complementing security mechanisms,improving the performance and efficiency,establishing the work procedure,formalizing the data interaction,and so on.In this part,we firstly integrate encryption,access control and efficient search seamlessly by combining access control and search together.Secondly,we alleviate the burdens of the system and terminal customers through decryption outsourcing and proxy re-encryption.Thirdly,we accomplish the practical design of the cloud storage system by establishing the work procedure and formalizing the data interaction.Fourthly,we achieve a secure and reliable work flow by incorporating PKI,symmetric algorithms with attribute-based algorithms.At last,we realize an experimental cloud storage system to verify the design.