| Cloud computing is an emerging and promising computing model in recent years. This new model will put the data of the data owner to a place that the data owner cannot control, the security and confidentiality of their data cannot be guaranteed. Access control technology is a common method to ensure the information security that under realistic network environment, however, some old access control model cannot satisfy the dynamic and fine-grained cloud storage environment. At the same time, the use of public key cryptography for data encryption and decryption will bring a lot of key distribution and management. This practice brings a heavy overhead computation to the data owner inevitably, and do not have good scalability. Thus, a new cipher-text access control technology that combines attribute-based access control and attribute-based encryption made a good solution to these problems.In this paper, the author proposes an efficient attribute revocation model and attribute management mechanism, roughly as follows:(1) The author puts forward an balanced binary tree to reduce the traversal time and improve the efficiency of the attribute-based decryption algorithm. Attribute-based decryption algorithm involves the calculation of the number of bilinear, if the access policy are made complex will lead to more computing on bilinear. It will solve the efficiency problem of the attribute-based decryption algorithm.(2) In order to prevent unnecessary re-encryption work, the author introduces lazy re-encryption technology and proposed the use of a trusted proxy server to do the proxy re-encryption work, it reduce the data owner’s workload greatly and improve the efficiency of privileges revoke. Once permissions were allocated, cannot avoid the revocation of privileges, revoke privileges bring re-encryption work of data and the private key component inevitably, we will dispersed the workload of data owner.(3) The author also proposes an effective mechanism to store and manage attributes. it make some improvement in the allocation and revocation of the attribute. In attribute-based access control, the attribute is a key factor, but in the complex and varied cloud environment, the attribute is also complex and varied, it is imperative for us to have a attribute management mechanism.(4) In order to ensure a safe environment, the author research and analysis the Kerberos authentication protocol, and then apply it to the program, so that can ensure the user who can access to resources are legitimate.(5) The author implements the proposed scheme and conducts data analysis through system simulation, then analysis the superiority of the improved scheme. |
PDF Full Text Request