Research On The Access Control With Attribute Based Cryptographic

Nowadays, Cloud computing has been becoming a very promising technology, which dramatically changes the modern IT industry. Cloud storage is an important service in cloud computing,which allows data owners reducing heavy data management, being freed from the local management system by outsourcing the data to cloud storage terminal. Among the cloud storage system, data owners often fear that the data will be used in the wrong way, or accessed by unauthorized users. Therefore, in the cloud storage system, the implementation of data access control is a very serious challenge.Access control technology is an important method for user data confidentiality and privacy protection. In traditional access control model, the data stored in the cloud storage server is the form of plaintext. When the user wishes to obtain the data, it will send the own message to its authentication access controller. When the access controller confirms that the user is a legitimate trust, they will apply to query out the user data from the serve. But there is a huge security risk to the access storage structure. In cloud computing environments, how to use a non-traditional access control ways to achieve the access control which forcing people to carry it out further research. Our contributions can be summarized as follows:(1)This thesis introduces the definition and model of traditional access control technology, and then the attribute-based encryption system, including two algorithms: KP-ABE and CP-ABE, and attribute-based access control model, which provides a theoretical framework for the design of subsequent programs.(2)We analyze an overlay cloud storage system that achieves fine-grained, policy-based access control, which introduces a trusted third party key manager, so as to achieve identifiable data deletion, but it cannot guarantee the security of the data. By analyzing and drawing its programs, we propose three kinds of attack scenarios, and propose an access control scheme in the fifth chapter.(3)Based on the CP-ABE algorithm, we propose an access control scheme for general sensitive data cloud environment.(4)Based on the scheme in(3) and the attacks in(2), we add a trusted third party authoritative organizations, propose an access control scheme using CP-ABE encryption algorithms, so as to adapt cloud computing environments with achieving property revocation on the attributes and dynamic key update feature. The main idea is to use AES symmetric encryption algorithms and CP-ABE algorithm, respectively to encrypt the data and the symmetric key; while updating key version by introducing a property number aims to achieve its dynamic updating. In this paper, we also propose the analysis on its safety to achieve data security and the realization of fine-grained access control.