Research Of Cloud Storage Access Control Supporting User Privacy Protection

With the rapid development of cloud computing, cloud storage is becoming more and more popular because of its advantage of high reliability and scalability.When people store their data into clouds, because of losing their absolute control of data and cloud storage provider not being fully trusted by the customers, customer will have some concerns about data security. Such security concerns have become the biggest obstacle to the rapid development of cloud storage.Ciphertext-policy attribute-based encryption(CP-ABE) on the one hand can protect the confidentiality of data from the cloud storage provider, on the other hand enables fine-grained access control. However, important issues such as efficient user revocation are not straightforward, which constrains the adoption of CP-ABE in cloud storage. This paper proposed a new access control model with efficient user revocation for cloud storage—EACCS-EUR(Encryption-based access control in cloud storage with efficient user revocation). It assumed that the CSP is semi-trusted and introduced the access attributes managed by the data owner. In this model, the CSP execute command of revoking user issued by the data owner while it can not obtain the content of the data.First, it discussed the theories of cloud storage access control. The advantages and disadvantages of various access control and two common attribute-based encryption were separately compared when they were applied in cloud storage, in order to provide the theory support for the EACCS-EUR model.Then, it designed and proposed the EACCS-EUR model. This model was made up of key generation, data encryption and decryption, data storage, data access control, and user revocation. It achieved the secure sharing of data information and data privacy protection through the access control of a file, which is user-centered.Finally, it achieved of the EACCS-EUR simulation system. Using java language, it designed and implemented key generation module, data encryption and decryption module,data storage module, data access control module, and user revocation module which provides platform support for follow-up experiments. Several experiments show that the computational cost of user revocation is lower than EASiER(Encryption-based Access Control in SocialNetworks with Efficient Revocation),which is a CP-ABE model that achieve user revocation by improving encryption.