Research On An Attribute-based Access Control Scheme In Cloud Computing

The control access in a cloud, is that only authorized cloud-users can followspecific permission to access specific data and without authorized cloud-users can notaccess any data, namely for cloud-users implement authentication and accessmanagement in a cloud computing platform.Cloud computing as a service model with network provides service forcloud-users, and whose security objectives firstly are data security stored and privacyinformation protected service, so that cloud-user can prevent the cloud serviceproviders from leaking or betraying users’ privacy maliciously. For the sake of datasecurity, the data-storage service in a cloud should ensure the data which stored in theform of ciphertext; Meantime, privacy protecting requires the cloud-users to exposeidentity information as little as possible in the cloud. Since attribute-basedcryptosystem allows users to customize access policies about ciphertext, thecryptosystem becomes a research focus on the current access and control systemswhere data is in the manner of ciphertext in a cloud. Through analysing existingtechnologies of attribute-based control and access in a cloud, this article proposes twoattribute-based schemes about control and access in a cloud.Against the problem that the existing access and control schemes has the strongdependence on the third party in a cloud. Combining with existing PKI platform, wedesign the first scheme which constructs a distributed cloud access control model,then takes advantage of the large-universe technique to improve attribute-basedencryption algorithm in paper[6].This scheme is proposed which is attribute-based anddistributed access control scheme in a cloud. By analysing and proving we can see,the scheme is safe, flexible, robust and has good scalability.Cloud computing with powerful computing capabilities takes a great challenge toauthentication mode based on the simple “user’s name+password” in the existingcloud. With regard to this problem, through applying the technology of digitalcertificate authentication and extraction signature algorithm into the existingtechnique of attribute-based access and control in a cloud, a new attribute ofcloud-based access and control scheme is proposed. As a result, the user can access the corresponding cloud service without rememberring the user’s name and legalusers can not be faked. By analyzing and proving, the scheme can not only satisfyusers’ authentication, but also protect the users’ privacy.