Research On Access Control With Attribute-based Encryption In Cloud Computing

Cloud computing is an emerging computing paradigm, which is considered to be the core application architecture of the next-generation Internet technology. Most application software and data are moved into huge data centers of the cloud service provider in the cloud computing environment. When users outsource sensitive data on the cloud service provider, it will bring many problems of data security and access control. The cloud service provider and the data owner are not in the same trusted domain, so the access policy cannot be enforced by the semi-trusted cloud service provider. The cloud service provider may give the user’s data to the third party without the user’s permission, resulting in the disclosure of data information. Traditional methods usually require the data owner to encrypt the data and deliver decryption keys only to authorized users. However, these solutions normally introduce a heavy computation overhead on the data owner in the process of key distribution and data management. Therefore, how to ensure the confidentiality of sensitive data and legitimate access is an important problem we have to concern.To prevent privileged user from unauthorized access to data and achieve fine-grained access control, attribute-based encryption is transplanted into access control in the cloud computing environment. Attribute-based encryption is an extension of identity-based encryption. Different from the conventional encryption algorithm, attribute-based encryption has many-to-many communication mode. The encrypting party does not need to know the identity of the decrypting party. As long as the decrypting party meets the corresponding conditions he can decrypt successfully. Due to the special significance of attribute-based encryption in application, it attracts more and more attention from scholars.This article mainly concentrates on the issue of access control based on attribute encryption in the cloud computing environment. The main work of this paper is as follows:Firstly, several typical attribute-based encryption schemes are introduced, including basic attribute-based encryption and multi-authority attribute-based encryption. We point out the characteristics and the research progress of each scheme. Based on these work, we summarize the existing problems of attribute-based encryption cryptosystems, and propose further ideas.Secondly, we study the cloud storage access control based on key-policy attribute-based encryption. The present schemes have the problems of large amount of management and maintenance of user access structure and heavy burdens of key distribution. We propose a KP-ABE based cloud storage access control scheme based on a trusted third party authority. We introduce a trusted authority to manage user access structure certificate, thus reducing the burden of data access key distribution. Under the premise of maintaining the confidentiality of data, this paper uses proxy re-encryption technique to transfer the re-encryption process of ciphertext components to the cloud service provider, so that the computational cost of data owner will be reduced. Performance analysis shows that in this scheme, users require less storage space of keys compared with the existing similar scheme.Finally, we study multi-authority based weighted attribute encryption in the cloud computing environment. The existing multi-authority based attribute-based encryption schemes in the cloud computing environment generally don’t consider the attribute with weight, but in the practical application environment, the attribute with weight is meaningful. We propose a multi-authority based weighted attribute encryption scheme in the cloud computing environment, which adopts the concept of weight into the scheme. The attribute authorities assign different weights to different attributes according to their importance in the system. The attribute authorities transfer the attribute set into attribute weight separation set according to the weight of attribute. This scheme can reflect the significance of attributes, which has more practical meaning. Theoretical analysis shows the correctness and security of the scheme.