A Secure Cloud Storage System Based On Multi-authority Ciphertext Policy Attribute-based Encryption

With the continuous development of cloud storage technology and the widely used cloud storage services, more and more users outsource their data to the cloud storage; storage virtualization technology ation technology integrates different type storage resources, users can Interview data resources in the cloud through a single user interface, and needn?t to reveal details of the underlying physical infrastructure. Cloud storage can provide virtually unlimited storage capacity, while significantly reducing development and maintenance costs.However, when users make use of cloud storage applications, the significant data security and user?s privacy would be leakage risks. The CP-ABE(Cipher Policy-Attribute Based Encryption) is a fuzzy data access control, access control is embedded into the encrypted data, this feature is particularly suitable for cloud storage environment, but the CP-ABE limitations in practice mainly because the efficiency and scalability is not so high. Moreover, in practical cloud storage environments there are numbers of authorization centers, where each authorization center can manage the use properties within his rule, and the user can hold different authorization issued by the center. Lewko, who proposed the MA-CP-ABE(Multi-Authority Policy-Attribute Based Encryption) scheme based on the CP-ABE, which does not require any central authority。However, their method is constructed in composite of order bilinear groups that incurs heavy computation cost In addition, for the revocation of user attributes Lewko scheme still did not solve the problem.To solve the above two problems, on this paper, we design a MA-CP-ABE data access control model based on the analysis of CP-ABE and Lewko?s MA-CP-ABE scheme, the main innovation of this paper is two aspects:1.We use the third-party certification center instead of using the global attribute authorization center in system. It is responsible for each user and authorization center in the system by issuing unique identification to prevent collusion attacks,Every attribute authority is responsible managing the users? attributions and the private secret key in each domain, this can reduce the heavy computation cost.2.We adopt the key segmentation technology to replace the proxy re-encryption technology. For the common problem existing in the CP-ABE and MA-CP-ABE is user attributes revocation, the main technology is the proxy heavy encryption technology, its drawback is that real-time and re-encryption operate consumption is too large; In this article, we adopt the key segmentation technology to reduced the computational cost of user attributes revocation, and realize the dynamic management of users.Finally, by using MA-CP-ABE data access control module to join Openstack system, we implement the function of data access control in Swift cloud storage system.