Implementing Secure Data Access Control For Cloud Storage System Supporting File Attribute Modification

Nowadays, to reach the goal of sharing data between members, an increasing number of enterprises and organizations begin to use platforms of data storage and sharing provided by the third parties. In these services platform, the advantage of cloud storage as its low-cost, on-demand services draws lots of attentions.The data owner needs to encrypt the data before uploading it in that the cloud services provider is not fully trusted, and then restricts the users' access rights by defining an appropriate access policy. It has been a hot topic how to control the data with a fine-grained access control and ensure the data security in the cloud computing literature. Tremendous known schemes have reported how to realize the fine-grained access to the encrypted data and the cancellation of the users' access rights by combining the technologies of attribute-based encryption and proxy re-encryption. However, previous known works failed to consider the situation of attributes modifications in the encrypted data. In other words, to the best knowledge of the authors, none of the existing schemes about cloud data sharing supports the “upgrading” or “downgrading” attributes in encrypted data.In the dissertation, we presents a cloud storage data sharing scheme based on attribute-based encryption and proxy re-encryption technology, which supports modifying the file attributes. We summarize the proposal in what follows with respect to two aspects.1. The scheme allows the data owners to dynamically modify any attributes of the outsourced data. In the data owners' view, the file's attributes is in fact ever-changing. Therefore, the data owners can realize the truly fine-grained access to his data just by modifying the files' attributes on his demand. In our scheme, the data owner can easily and freely modify any attributes of any file without changing the file's access policy.2. The proposed scheme supports efficient cancellation of users' access rights by defining a so-called “valid attribute”. The scheme compulsively attaches the valid attribute to each file's access policy with an AND gate, and accordingly generates the attributes keys for users. The revocation of users' access rights can be achieved by updating the valid attribute and the corresponding attribute key for the valid users. Thus the users' access rights cancellations can be obtained in a simple and efficient way by using a proxy re encryption scheme.