Research On Secure Data Storage,Access Control And Data Sharing Mechanism In Multi-Authority Cloud Storage System

Secure data access control has become a challenging issue in cloud storage system schemes. Some attribute-based encryption techniques have been proposed to achieve more secure data access control for sharing data in a semi-trusted cloud storage system with multiple attribute authorities. However, based on Dolev-Yao model, security goals such as active attack resistance, confidentiality, anti-collusion, and attribute revocation security for most schemes cannot be all perfectly guaranteed since the capable adversary can overhear, intercept, replay, and synthesis arbitrary information in the open communication channels. Therefore, security issues, such as failure to guarantee data confidentiality and integrity, manage access control of data and privacy preserving, have become the development bottleneck of cloud computing. To address these security issues, we do the further researches on the security theory and algorithms, and proposed some secure protocols with high practical value, which can balance security and efficiency.The main contributions of this thesis are as follows:Firstly, a security analysis is given on the basic data access control scheme for multi-authority cloud storage system (DAC-MACS) and the extensive data access control scheme (EDAC-MACS), which were proposed by K.Yang et al.. Then we point out the vulnerabilities of both scheme, and present three successfully-launched active attacks, which are attack 1 on key update, attack 2 on ciphertext update and attack 3 on decryption algorithm respectively. The attack 1 and 2 can directly break the revocation security of K. Yang et al.'s schemes, and the attack 3 lets colluding users decrypt any ciphertext authorized to the combined attribute set of the colluding users.Secondly, we propose a new extensive D AC-MACS scheme, denoted as the NED AC-MACS, to withstand above active attack 1 on key update and attack 2 on ciphertext update, so as to support more secure attribute revocation. We modify some DAC-MACS's algorithms, and perform the vital ciphertext update communication between cloud server and AAs with some more secure algorithms. Our NED AC-MACS scheme mainly includes two improvements on the DAC-MACS at Secret Key Generation phase and Attribute Revocation phase, and it can run correctly according to the correctness proof of NEDAC-MACS. Formal cryptanalysis and performance analysis of our NEDAC-MACS are conducted to testify that the NEDAC-MACS is security-enhanced without reducing more efficiency.Thirdly, we balance security goals with computation elasticity and try to give a solution to resolve the issues on attribute revocation, attribute keys distribution, the drawbacks of the decryption algorithm in some MA-ABE-based schemes, and the efficiency of outsourcing decryption. We then propose a secure multi-authority ABE (SMA-ABE) scheme and a secure sharing data scheme in the multi-authority cloud systems (SDSS-MAC), respectively.Finally, we propose the Privacy-preserving Anonymous Data Sharing Scheme in Multi-authority Cloud Storage Systems scheme (PPADS-MAC) to achieve anonymous key distribution and privacy preservation of user's sensitive information in the process of protocol implementation. Meanwhile, the PPADS-MAC can significantly reduce the "Key Escrow" problem, and can also achieve fine-grained access control, anonymous access to data and tracing the original encryptor.