Authentication And Access Control Security Issues In Cloud Environment

Cloud computing is an operation mode with dynamic extension ability,which can be seen as the development and application of distributed computing,parallel processing computation and grid computing.Based on cloud computing technologies,cloud computing platforms can deal with millions or even billions of information in a few seconds,thus the hardware,software,and a large number of IT resources can be provided to the user in the form of services.In cloud computing,the resource-limited users outsource their data storage and computing tasks to cloud servers,and hence are able to enjoy the high quality of storage and computing services while reducing their own burden.In fact,it has realized the dream that computation is used as a kind of infrastructure.Cloud computing platforms for intelligent terminals can collect mass perception data storage and realize comprehensive processing and analysis to provide various types of integrated services including the Internet of Vehicles.As a new symbol of smart city in the future,the Internet of Vehicles is composed of terminal sensing devices,a communication management system and cloud architecture information processing platforms.The vehicle and the supporting terminal sensing device can complete the collection of its own environment and status information.By communicating with each other,all vehicles can transmit their own information to the cloud system.Through data analysis and processing,these large amounts of information of the vehicles can be analyzed and processed,and the best way of different vehicles is calculated,while supporting timely reporting of road conditions,arrangement of the light cycle,and automatic driving.With the rapid development of the Internet of Vehicles,the demand for data collection and storage and computing integration capability of the server becomes higher and higher.With the rapid development of the Internet of Vehicles,the requirements on data storage and computation become more challenging.It has become a trend to introduce cloud computing services into the Internet of Vehicles.Although cloud computing platforms for intelligent terminals bring many benefits to people,they inevitably faces some new security challenges.The main security challenges exist in two aspects.The first one is the identity authentication issue in the data collection stage.Another one is the data access control problem for cloud storage.This dissertation first analyzes the security challenges in the Internet of Vehicles,and proposes different data pro-cessing technologies and encryption algorithms to tackle these security challenges.In recent decades,a large number of cryptographic algorithms and security protocols have been pro-posed and widely used to resistant various security threats in cloud computing.Identity based encryption is a classic encryption technique.In identity based encryption technology,people is able to decrypt ciphertexts only when their identity information is what is required by the encryptor,which can be applied to solve the problem of identity authentication.As an extension of identity-based encryption,attribute-based encryption can be used to solve data access control problems in cloud computing.The main contributions of this dissertation can be summarized as follows:Firstly,we propose a new identity-based handoff authentication scheme,in which a special double-trapdoor chameleon hash function is used.Compared with the existing identity-based handoff authentication construction,the main advantage of the proposed scheme e-liminates the assumption that the private key generator is fully trusted.Besides,the detailed security analysis shows that the proposed scheme not only satisfies robust security proper-ties,but also enjoys desirable efficiency for the real-world applications.Secondly,in ciphertext-policy attribute-based encryption?CP-ABE?,the access policy is attached to the ciphertext in plaintext form,which may also leak some private information about end-users.Existing methods only partially hide the attribute values in the access policies,while the attribute names are still unprotected.In this dissertation,we propose an efficient and fine-grained big data access control scheme with privacy-preserving policy.Specifically,we hide the whole attribute rather than only its values in the access policies.To assist data decryption,we also design a novel Attribute Bloom Filter to evaluate whether an attribute is in the access policy and locate the exact position in the access policy if it is in the access policy.Security analysis and performance evaluation show that our scheme can preserve the privacy of any Linear Secret Sharing Scheme?LSSS?^[1]access policy without employing much overhead.Finally,existing CP-ABE schemes will leak users'attribute values to the attribute authority?AA?in the phase of key generation,which poses a significant threat to users'privacy.To address this issue,we propose a new CP-ABE scheme which can successfully protect the user's attribute values against the AA based on the Oblivious Transfer technique.In addi-tion,we use Attribute Bloom Filter to protect the attribute type of the access policy in the ciphertext.Finally,security and efficiency evaluations show that the proposed scheme can achieve the desired security goals,while keeping comparable computation overhead.