| In recent years, due to the rapid development of cloud storage, more and more users or enterprises choose to upload private data into the cloud storage. Through renting storage space from cloud service provider (CSP for short), users only need to pay a small amount of fees while enjoying high-quality storage service. But the data stored in the cloud leaked frequently, how to protect the security of the cloud data is always the important factors which hinder the development of the cloud storage. Cloud storage security involves many aspects, access control technology is one of the important means to protect the security of cloud data. However, cloud storage is different from the traditional storage service, such as the traditional storage service data managers is credible, and the cloud storage service providers (CSP) is not credible. Therefore, the traditional access control technique is not applicable to cloud storage environment.In recent years, ciphertext-policy attribute-based encryption method has been proposed, which can be used as a means of cloud storage access control. But in the mobile cloud storage environment, ciphertext-policy attribute-based encryption method exists two shortcomings. First, when the data owner encryption strategy change, the data owner have to re-encrypt the data and re-encrypting calculation cost is big. Secondly, at present most attribute-based encryption scheme need users to do bilinear pairings computation many times during decryption stage, which cost too much for mobile terminal. For this reason, a new cloud storage access control scheme proposed in this thesis which makes up for the deficiencies of these two aspects. Through using the idea of proxy re-encryption, when the data owner encryption strategy change, data owner needs to send only a small number of parameter information for CSP and CSP perform re-encryption algorithm to complete re-encrypted ciphertext work. Before using the algorithm, data owner computational complexity of re-encrypting ciphertext is proportional to the number of attributes that access control policies includes. However, after using the algorithm, data owner computational complexity of re-encrypting ciphertext is constant. For users decrypting ciphertext with the problem of the large amount of calculation, our method was inspired by outsourcing decryption ideas. Decryption is divided into two parts. Firstly, CSP uses transform key (TK for short) to complete part of the cipher decryption. Finally, users use its own secret key (SK for short) to complete the decryption. With giving part of the cipher decryption task to CSP, user’s computational complexity of decryption is constant, which is different from original user computational complexity. It is proportional to the number of attributes which users include.Finally, in terms of the security of the schemes proposed in this thesis, it is secure against collusion attack and protecting data confidentiality. In terms of the performance of the scheme, this thesis mainly analyzed data owner computation of re-encrypting ciphertext and the user’s calculation of decrypting ciphertext. In order to verify the accuracy of the performance analysis, this thesis validates the actual operating efficiency is consistent with the performance analysis by simulation experiments. |
PDF Full Text Request