| With the rapid development of cloud computing, it has been a growing trend to use cloud for data storage. Cloud storage provides file sharing space, users no longer need to establish file sharing system, which saves the cost of IT equipment. However, how to guarantee the security of user data becomes the key problem which hinders the development of cloud storage. Data security involves many aspects, among which access control is an important technology to solve related issues.To design effective access control schemes for cloud storage, the following issues should be taken into consideration: 1) fine-grained access control: access strategy should distinguish users with different privileges as much as possible; 2) privacy protection: the data and access control information stored in clouds should be protected; 3) system efficiency: the overhead of the whole scheme should be reduced, especially the overhead of computing and storing on users. The main points of this paper are as follows:Firstly, for the deficiencies exiting in the original multi-authority CP-ABE, an improved scheme is proposed, which reduces the computing and storaging burden of data owners and users while supporting user revocation. At the same time, a security analysis for the improved scheme and comparison between the original and the improved schemes in feathers and storage overhead are presented respectively.Secondly, a secure cloud storage access control scheme is proposed based on the improved scheme mentioned above, which achieves data confidentiality and fine-grained access control on encrypted data. This scheme is built on a third trusted party(TTP) service that can be employed either locally or remotely. It removes the burden of encrypting, decrypting and key managing from data owners, which greatly reduces users' computing, key managing and storaging overhead. By utilizing multi-authority attribute-based cryptography technology, an many-write-many-read fine-grained access control cloud storage file sharing system are obtained, unlike most cloud storage file sharing systems that only support one-write-many-read, increasing the flexibility of file sharing system.Finally, a proxy re-encryption-based scheme is proposed, which allows a user's attribute access right to expire automatically after a predetermined period of time. To achieve this goal, we incorporate the concept of time into combination of CP-ABE and PRE. Furthermore, a detailed description of the scheme from aspects of design ideas, implementation method and algorithms is presented. |
PDF Full Text Request