| In the cloud storage service model, the users can outsource data storage to the cloud storage service provider through the Internet, and the mass data are performed by a powerful computing and data center. However, the outsourcing of data storage makes users lose the direct control over their own data, and data security has become an important issue for users. As a way to protect data security, the access control can enable authorized access to data. The traditional access control methods are no longer applied for the complex cloud storage environments, and the attribute-based encryption mechanism that has the characteristics of flexibility and extensibility can achieve fine-grained access control. Therefore, the attribute based access control data for cloud-based storage systems becomes the research subject of this dissertation, and it is carried out as follows.In order to solve the issues of mobile devices’ s limited computing capacity, less battery power and poor storage space, we propose a secure and efficient attribute-based access control scheme. In the system model, we introduce encryption and decryption servers and implement secure computation outsourcing by adding the permission attribute. The encryption server will generate the verification tag for the corresponding ciphertext, and the challenger initiates the verification of data integrity before decryption. The cloud server wil perform the verification based on the the verification tag. The decryption server does most decryption computing for users who request access to the data, and the security of outsourcing decrypt computing is ensured due to users’ holding their own private key. Furthermore, we propose a multi-authority attribute-based data access control scheme for cloud storage systems. In the scheme, the encryption computation is outsoured to the attribute authority center by the intermediate ciphertext and the overhead of users is reduced. The scheme implements the efficient attribute revocation, and the backward and forward security of secret keys are ensured. Moreover, it achieves the specified user access control by introducing the structure of the user access control list.We combine the attribute based encryption and cloud storage systems in this dissertation, and propose two attribute based access control schemes for mobile cloud storage systems and multi-authority systems respectively. The results of analysis shows that the computation overheads of two schemes are reduced while ensuring secure access to data. The simulation experiment indicates that two schemes can reduce the computation cost of the user compared with exsiting schems. On the basis of data security, the reduction of user’s computation can avoid users with less power being a performance bottleneck of the cloud storage system, and improve the efficiency of overall system. |
PDF Full Text Request