Research On Access Control With Attribute-based Encryption In Cloud Computing

With the development of cloud computing, to protect the security of the data in the cloud without delay. Access control is an effective way to ensure the data security in the cloud. Due to data outsourcing to cloud servers and the server may be untrusted, the data access control becomes a challenging issue in cloud computing environment. Ciphertext-Policy Attribute-based Encryption(CP-ABE) is regarded as one of the most suitable technologies for data access control in cloud storage, because it gives data owners more direct control on access policies. However, it is difficult to directly apply existing CP-ABE schemes to data access control for cloud storage systems because of the privacy-preserving 、collusion attack and the attribute revocation problem, etc. So in this thesis, we proposed two multi-authority CP-ABE schemes to achieve the access control in cloud computing.We first propose a privacy-preserving multi-authority CP-ABE scheme named AIMA-CPABE under the cloud computing. in this scheme, the Data Owner associate an expressive access structure tree with the ciphertext, so it can achieve fine-grained access control. In AIMA-CPABE sheme, by using anonymous key issuing protocol, we can achieve privacy-preserving. Corrupted authorities can’t get anything about user’s GID while the system executing the protocol, therefore, corrupted authorities can’t collect user’s attributes by tracing GID. Furthermore, AIMA-CPABE supports attribute revocation and dynamic policy update. At last,we compare AIMA-CPABE with other multi-authority ABE schemes, and the result shows that our scheme has some advantages in terms of functionality and security. Compared with Chase’s scheme[50], AIMA-CPABE can achieve attribute-level revocation and against N-1 authority collusion.In this thesis, we also propose another multi-authority CP-ABE scheme MAACEAR. We establish a system model for this scheme, in this model, we leverage Third Party Auditor and CP-ABE techniques to achieve a multi-authority access control and efficient attribute revocation. Security analysis demonstrates that MAAC-EAR can achieve fine-grained access control, collusion resistance, privacy preservation and secure attribute revocation. Performance evaluation shows that MAAC-EAR is more efficient compared with the existing schemes in terms of functionality as well as computation, communication and storage overhead.