Research Of Attribute Encryption Access Control System Oriented Cloud Storage

In recent years, with the radip development of cloud computing, cloud storage as a typical application way of cloud computing is also of great concern by the community. Cloud storage is just a cloud computing system, using network technologies or distributed computing and so on, combining the application with storage devices, and providing data storage, access and other functions. Cloud storage enables users to access and storage data on cloud without place and time restrictions, as long as there is any networked device can be connected to the cloud. Cloud storage has ease of use, low cost and high scalability features, which is different from the traditional local storage system, so that the users are more convenient to use the data. Though cloud storage has a great advantage over traditional storage systems, it also caused great concern on data security issues in cloud environments. For example, when the data stored in the cloud, users will lose absolute control of the data, not as local storage system can visually see the storage location of data. Furthermore, during transmission data may be exposure due to theft by unauthorized user, and whether the data access control was legal in the cloud security system. And for cloud service providers, they can not be trusted to some extent, these conditions all can cause the safety problems of the data. As the owner of the data, the user is most concerned about is how to protect the integrity, confidentiality, and legal access to their sensitive data stored in the cloud. These data security issues restrict the development and popularization of cloud computing in the Internet.At present, the main technology of secure cloud storage is the access control and user authorization, the method of solving the data security problems of cloud data is build a suitable access control systems. Traditional access control such as discretionary access control and mandatory access control due to its low security, lack of flexibility and other shortcomings, can not meet today’s complex distributed environment. In this paper, based on the analysis of cloud storage access control and data encryption technology, used trust-role-based access control model and attribute encryption technology, based on local business system, proposed a attribute encryption access control system oriented cloud storage.The main work is as follows:1) Analyzing the cloud storage data security issues (mainly for data protection), and the current correlational research to solve data security issues on cloud, comparing several typical access control and encryption technology, proposed a attribute encryption access control system oriented cloud storage through the use of trust-role-based access control model and attribute encryption technology, to protect the integrity, confidentiality of data, and the legitimate access to the system.2) Building a cloud platform through Hadoop architecture, and migrating local business system data to the distributed database Hbase. Through trust-role-based access control model to control user permissions in the cloud environment, using symmetric encryption algorithms DES encrypt system sensitive data, and using attribute encryption algorithms encrypt symmetric key that generated DES encryption mechanism, making the system sensitive data and encryption keys are encrypted. Finally, a multi-attribute key distribution optimization technology to optimize key distribution, to reduce the spend time of access control policy tree in the system.3) Finally, deployed and implemented the attribute encryption access control oriented cloud storage on the basis of local business system (Shaanxi Local Power Engineering Information Management System). The data of local business system are all stored in the cloud, local business system used attribute encryption access control system in the cloud environment to protect the security of data in the system.Through safety tests, the choice of encryption algorithm in the system, the efficiency of DES symmetric encryption algorithm is much higher than attribute encryption algorithm, conform to the choice of the system hierarchy structure which is the DES algorithm to encrypt data, and attribute encryption algorithm to encrypt the key of DES. Based on the research of the number of system properties and leaf nodes of access control policy tree of different factors that influencing the encryption algorithm, and used multi-attribute key distribution optimization techniques to reduce the number of leaf nodes of access control policy tree, improved the system encryption and decryption efficiency, and ultimately achieving purposes of secure cloud storage.