The Research On Access Control Based On Encryption In Cloud Computing

With the rapid developments of cloud computing and services,there has been a growing trend to use cloud for data storage.How to ensure that the cloud computing environment can provide quality services for the legitimate user, as well as prevent illegal user from unauthorized access to resources has become one of the hot research of cloud computing security.In order to protect the privacy of the data, the data owner use encryption method to encrypt their data, so that only the user who has the authority can access the data.The focus of this paper is access control system based on the encryption in cloud environment, authorized users can use the private key to decrypt the data,other people can not see the encrypted data content.In this dissertation,we systematically researched the access control system based on the encryption in cloud environment.The main contributions are as follows:1.Two extended models was proposed based on the original RBE scheme.We studied the original role-based encryption scheme firstly, and then extended it with two models,i.e. MRBE and LMRBE. The problem of multirole inheritance was solved in the MRBE model and temporary user revocation mechanism was added in the LMRBE model.2.The security of RBE was proved.The demonstration showed that the RBE scheme is chosen plaintext security.3.An access control system based on layer encryption key technology(LEKAC) was proposed. When the RBE scheme described above was used in the cloud computing environment, we needed to assume that the cloud service providers and access control policy manager was credible. For they were not credible, we proposed LEKAC. The scheme not only can realize the secure data sharing, but also can prevent the public cloud providers and access control policy managers view the user’s private data. Thus the system works well in the cloud computing environment.4.For the LEKAC scheme cannot effectively against the collusion attack between the cloud service providers and access control policy managers, a modified LEKAC scheme was presented. This scheme can prevent the cloud service providers and access control strategy managers from collusion attack efficiently.5.Based on the MRBE scheme, a secure hybrid cloud storage architecture was proposed and a practical application of the above hybrid cloud architecture was given. The architecture used the public cloud to store enterprise’s confidential data. At the same time, the related sensitive information was stored in the private cloud allows enterprises store their datas in the public cloud. Furthermore, the safety of datas can be ensured. Finally, the practical application of the above hybrid cloud architecture showed the system can be well used in the electronic medical record system.