Study On Privacy Protection Based Access Control System In Cloud Computing

With the rapid development of the computer technology, cloud computing has become a hot topic in the field of research and application. It gathered a lot of computer resources together to form a virtual IT resource pool, users need not understand the specific implementation details of cloud platform, they can pay as they use. While cloud computing is not only to provide users with convenient, but also to bring many security issues. In order to achieve data sharing, the data owner will upload data to the cloud servers, and cloud servers are responsible for storing and managing data, which means that users will lose direct control of the data. On the one hand, the cloud server maybe steals the user’s private data.Data owner, on the other hand, often does not want to grant all users the same access rights. It is a problem worthy of study to realize the different users have different access rights. Therefore, the study of access control scheme to protect users’ privacy in cloud environment is of great significance.In order to protect the stored data privacy in the cloud by the data owner independently, we present PS-ACS, an privilege separation based privacy protection access control system. The cloud users are divided into private area(PRA) and public area(PUA) logically. The number of users in PRA is small and their identity is clear. Key-Aggregate Encryption called KAE is used to achieve the read access right of users in this area. The data owner only need to send a constant-size aggregate key to an authorized user, he can access to the file.The algorithm not only reduces the cost of the key management and transmission, but also improves the access efficiency. When the user needs to modify the data file, an improved attribute-based signature scheme called IABS is proposed. Once the data owner produces a signature policy, he sends it to the cloud server directly to reduce the level of trust on the certification center. Then the signature of user can pass the authentication of the cloud server without revealing his identity, so the user can modify the cipher text file successfully. For the users of PUA, the number is big, and their identity is not clear. A hierarchical attribute-based encryption solution called HABE is used in this thesis, to avoid the problem of single point of failure and complicated key distribution brought by only one authority center.The relevant background knowledge and security issues of cloud computing is analyzed in this thesis. We also give a deep analysis of the existing access control technology. Then for the data privacy and user identity privacy issues in cloud conputing environment, the PS-ACS solution is proposed. We analyze the security and complexity, and simulate the access time after the detailed description of the solution. Functional and performance testing results show that PS-ACS system model provides security protect for the system under acceptable performance influence. At last the feasibility of the proposed system is proved. So the user’s ability to control data file can extend to the cloud, to achieve the purpose of the protection of data privacy according to the request of users.