Research And Implementation Of Attribute-based Access Control Subsystem In Cloud Storage

Cloud computing has gradually developed from a concept in laboratories to a mature application technology, rapidly popularized throughout the entire world. A number of new cloud-based solutions have arisen accordingly, one of which is cloud storage. One of the main objectives of cloud storage is to provide users with space for file sharing. Users no longer have to build their own file sharing system, which reduces the expenses on purchasing IT equipment. However, a key problem that might hinder the development of cloud computing is how to ensure user data security. Among the many aspects that data security involves, access control, as one of the key defence for data safety, plays a crucial role.Because of the complexity of cloud environment, entities in it are not trusted. Therefore, cryptographic access control becomes the most direct means to prevent user data leakage. In recent years, scholars have integrated attribute-based encryption, a method based on identity-based encryption, into access control. This thesis chooses access control in cloud storage as research direction, and carries out in-depth analysis of the underlying problems of attribute-based access control. Problems such as lack of expressiveness in access policy, inadequate effectiveness and precision in revoking permissions, and reliance on single authority in key generation, cannot be fully solved by the existing attribute-based encryption algorithms. This study improves the current methods and mechanisms, and proposes a more full-featured attribute-based encryption algorithm.Concerning the proposed solution, this thesis presents a detailed theoretic analysis from two aspects: security and performance overhead. In the respect of security, it proves the collusion resistance, data confidentiality, and backward and forward secrecy of the algorithm. From the aspect of performance overhead, it analyzes the time complexity and space complexity of the algorithm.Finally, a simple file sharing system is designed and realized on the basis of the proposed algorithm. This system simplifies the real cloud storage environment, and aims at realizing basic functions including file encrypting and uploading, file storing, and file downloading and decrypting. File initialization encrypting and decrypting are implemented on the client side, and file re-encrypting, file storing, file distributing and key components generating are realized on the server side.