Research On Data Access Control And Privacy Protection Based On Attribute-based Encryption In Cloud Storage

Cloud computing can provide data owners with data storage,data comput-ing,data sharing and other convenient services based on Internet.Taking the data sharing service provided by cloud service providers as an example,indi-vidual users or enterprises store data on semi-trusted cloud service platforms such as public cloud to realize data sharing,so as to reduce the burden of local data storage and management.However,after uploading data to the cloud,data owners will lose the physical control of the data,and the unauthorized user may access to the outsourced data.In addition,privacy-preserve is also the concern of individual users and enterprises.In order to ensure the security of outsourced data,the traditional method is to encrypt the data before outsourcing the data to the public cloud,so as to realize the access control of data.However,although this method can realize the security protection of data,it is difficult for users to access data efficiently,namely,how to ensure that data users can retrieve and download the encrypted data effectively.As a derivative of cloud computing,cloud storage can provide users with convenient data storage,data sharing and other services.For different security requirement in data sharing and data retrieval,various cryptographic algorithms have been proposed,such as attribute-based encryption(ABE)and searchable encryption(SE)have become a hotspot due to they can realize the fine-grained access control of data and the retrieval of encrypted data,especially the com-bination of them(attribute-based with keyword search)can realize the access control of shared data and the retrieval of encrypted encrypted data at the same time.However,with different application scenarios and requirements,exist-ing schemes still need to be further studied to solve various challenges,such as the challenges of security and efficiency.In view of the existing problems in the research of outsourcing computing service and searching the encrypted data in data access control,corresponding solutions are designed respectively.The main innovations of this article are as follows:1.We propose a verifiable and secure-outsource algorithm for calculating modular exponentiation under single server model.Based on this algorithm,we design an attribute-based encryption scheme with verifiable outsourced encryp-tion and decryption.In view of the problem that the computing consumption of the data user increases with the complexity of the access control policy in the attribute-based encryption scheme,the proposed scheme can support the data owner to outsource the encryption task to the cloud service provider,and re-alize that data owner can verify the correctness of the cloud service provider's computing results.Thus the data owner can effectively and safely complete the data encryption operation.In addition,the scheme supports the outsourcing of decryption calculation,and the calculation complexity of generating transfor-mation key by data user is constant.Therefore,the proposed scheme can realize the outsourcing of encryption and decryption calculation at the same time,and ensure that the client can complete the encryption and decryption operation ef-ficiently.2.We propose an efficient attribute based multi-keyword search scheme with keyword ciphertext-aggregation.To solve the problem that the compu-tation and storage complexity of keyword ciphertext increases linearly with the number of keywords in the existing attribute-based multi-keyword search schemes,an efficient attribute based multi-keyword search with keyword ciphertext-aggregation is proposed.The proposed scheme defines the keyword binary tree and combines it with the subset cover technology in the binary tree to aggre-gate number of keyword ciphertext into a constant level.Due to the number of the keyword ciphertext is decreased,then the cost of cloud server for keyword ciphertext storage is also reduced.Therefore,the proposed scheme can greatly reduce the computational cost of building keyword ciphertext on the data owner side and the storage cost on the cloud server side.3.We propose a location-based service scheme with rectangular region search for protecting users'privacy.We propose a blind filtering protocol based on the comparable attribute-based encryption,and then we design an efficient location-based service supporting rectangular region query based on the blind filtering protocol.Under the condition of protecting the users'privacy,such as query location and query result,the third party can help users to accurately filter out the point of interest which is within the rectangular query area centered on the user's location from the encrypted database.Meanwhile,considering that the tool used in the scheme is attribute-based encryption,the proposed scheme also supports the access control on service data.Therefore,this scheme can ensure that only the authorized client can complete the location service query accurately,efficiently.4.We propose a location-based service scheme with circular region search for protecting users'privacy.The purpose of the scheme design is to ensure that users enjoy high-quality location query services while protecting users'query privacy.In this scheme,a new blind filtering algorithm is designed by using attribute-based encryption and homomorphic encryption.The new algorithm can ensure that the third-party can judge whether the euclidean distance between the user's location and a point of interest is less than or equal to the query radius in a blind way.That is to say,under the condition of proxy and location based service provider without knowing user's location,the proxy can filter out the point of interest in the circular query area centered on the user's location from the encrypted database.