Research Of Access Control Schemes Based On Attribute-based Encryption In Cloud Computing

The privacy and secure access of sensitive data stored in the cloud server are important content in cloud computing security research. Attribute-based encryption(ABE) features a mechanism that enables an access control over encrypted data using access policies and ascribed attributes among private keys and ciphertexts. As ABE can simultaneously provide flexible access control and data confidentiality functionalities, it has become an important solution of the above problem. This thesis takes further research on the existing ABE schemes, aiming at proposing a secure, effective, scalable and fine-grained access control scheme adapt to cloud computing.On the basis of in-depth analysis of the related work, this thesis proposes two efficient attribute-based access control schemes in cloud computing with efficient attribute and user revocation capability. In the first one, the single-authority ABE, the ciphertext encryption employs linear secret sharing thoughts, which can represent any access structure, and the scheme combines subset difference technology, which makes the user revocation can be done on each attribute level rather than on system level. In the second one, the multi-authority ABE, attribute authorities are independent of each other. The scheme has constant ciphertext length and a constant number of pairing computation. When user’s attribute revocation occurs, the two schemes transfer most re-encryption work to the cloud server, reducing the data owner’s computational cost on the premise of security.The analysis and simulation result show that the schemes proposed in this thesis ensure the privacy and secure access of sensitive data stored in the cloud server with expressive access structures, and be able to cope with the dynamic changes of users’ access privileges in large-scale systems. Besides, the multi-authority ABE eliminates the key escrow problem, achieves the length of ciphertext optimization and enhances the efficiency of the encryption and decryption operations. In a world, the schemes are efficient and scalable to securely manage the outsourced data in cloud computing.