Research Of Access Control Scheme In Cloud Based On Attribute-based Encryption

With the rapid development of cloud computing, many companies and individuals trend to outsource their applications and private data to the cloud. However, the data storage service is provided by the semi-trusted cloud servers in cloud computing environment, and it’s difficult to directly apply traditional access control schemes to the cloud. The access control schemes that are based on attribute-based encryption (ABE) have become an important technique to ensure the data security in the cloud. Nevertheless, existing access control schemes often require lots of computation and communication overhead to implement fine-grained policy updating and attribute revocation. The cloud users have to compromise between performance and flexibility of the access control scheme. To solve the above problems, we design two secure and effective access control schemes. The specific research works are summarized as follows:1) An access control scheme supporting dynamic authenticated policy updatingFor security and efficiency of policy updating, this paper presents a scheme that enables the cloud server to authenticate whether the policy updating key is issued by the data owner. The illegal users’malicious policy updating request will be prevented. The data owner could outsource the policy updating tasks of the ciphertext to the cloud server, and reduce his computation and communication overhead. After the cloud server authenticates that the policy updating key is from a valid data owner, it will update the access policy of the ciphertext stored in the cloud through the policy updating key. We take advantage of the Pedersen commitment and Zero Knowledge Proof of Knowledge (ZKPK) protocol to guarantee the security and authentication of the policy updating in this paper, and implement a multi-authority access control scheme supporting dynamic authenticated policy updating.2) An access control scheme supporting efficient revocationTo achieve an efficient fine-grained access control scheme, we propose a novel scheme that efficiently supports user’s attribute revocation in this paper. Firstly, an access controller is introduced to our scheme, and then a secure two-party key generation protocol is designed for the access controller and attribute authority. With this secure key generation protocol, the attribute authority generates the attribute key for the data users and the access controller obtains the attribute version key of the users. The data user’s private key is cooperatively generated by two different entities, which solves the key escrow problem. At the same time, the efficient revocation of the user’s attribute can be implemented by directly updating the user’s attribute version key that stored in the access controller.