Research On Technologies Of Access Control Based On Attribute Encryption Mechanism

With the wide application of cloud computing,the problems of cloud security have become the bottleneck restricting its development.Access control technology is one of the effective methods to solve the problem of cloud security.According to the access requirement which users proposed and the security policy which is established by the cloud,it granted certain privileges that satisfy the requirement and rejected other users who are not satisfied with the conditions.So that can ensure the safe and rational use of resources.This thesis introduced XACML(Extensible Access Control Markup Language)framework and the revocable factor into model based on the research of access control for cloud storage.In terms of fine grain and user attribute revocation in cloud storage access control,the revocable XACML model,scheme and prototype system of cloud storage access control based on CP-ABE(Ciphertext-Policy Attribute-Based Encryption)were proposed.The main contributions of this paper are listed as follows:This thesis proposed the revocable XACML model of cloud storage access control based on CP-ABE(CPABEAC-XAML).It mainly achieved organic integration of XACML framework and CP-ABE via the common set of attribute.And divided the set of user attribute to basic attribute set of access control and attribute set based on privilege of access.Different access control and user revocation methods are adopted for different attribute sets.This model not only ensure the confidentiality and scalability of data,but also achieve fine-grained,highly efficient and revocable access control.The revocable access control scheme of XACML based on CP-ABE was proposed.Designing the scheme of cloud storage access control in terms of proposed model of CPABEAC-XAML.XACML framework is introduced to solve the problem that directly applied mechanism of ABE to some efficiency and scalability in cloud storage access control.Partition of User attributes is solving the security of regenerating key process and the efficiency of regenerating users' privacy key when an attribute is revoked.This scheme combined XACML framework to achieve fine-grained and revocable access control based on trusted third party authorization center through storing the data of basic information table and attribute set list of access privilege to cloud storage center.For undoing some users,achieving undoing by the way of sending command to cloud service provider through user owners.By this way,it can ensure confidentiality of data and reduce system consumption and time for proxy re-encryption.Achieve a prototype system through model and scheme of cloud storage access control,and verify the efficiency and practicability of scheme.The prototype system consists of client TA authorization center and Swift module of data storage.Client was mainly responsible for choosing corresponding encryption algorithm and decryption algorithm,generating ciphertext and raw data when users uploaded or downloaded data.TA authorization center was to generate private key,public key and main key for access users,manage users and attributes and users' registration.For storage module of Swift object,it was responsible for storage of encrypted key documents and keys that user uploaded to cloud platform,constructing the policy of access control,recording and updating corresponding users' attribute set lists of access privilege,user revocationand etc.