Research On Access Control Of Outsourced Data Based On ABE

Cloud-based cloud storage framework provides a convenience of storge for companies and users.In order to save local storage,companies and users outsource their data to cloud server.Because of the loss of direct control over the data,the security and privacy issues become the important factors which data owners take into consideration.To protect the privacy of the data,the data owner will encrypt the data which contains sensitive information before uploading,and hoping to be able to specify part of users who can decrypt the data.As a result,there is the access control scheme baesd on attribute-based encryption scheme is growing up.The access control based on attribute-based encryption can realize the fine-grained access control of the outsourced-storge data,and allows the data owner to define the appropriate access structure,which can ensure the confidentiality of sensitive data.In this thesis,the scheme is based on ciphertext policy attribute-based encryption access control mechanism.To ensure protect the sensitive data of data owner,we put forward two proposals to slove problems dividually of the self-destruction of sensitivie data and dynamic updating of access structure and authority time.By the implementation of timed access control scheme,the data owner can define the access structure and authority time by himself;by the implementation of dynamic access policy and authority time scheme,the data owner can update the access structure and authority time associated with the ciphertext.Moreover,by the construction of new access structure,the data owner can achieve assured deletion of sensitive data.The contributions and innovations of this paper are as follows:(1)According to the issue of timed self-destruction of outsourced sensitive data,an timed access control scheme is proposed based on CP-ABE.The data is divided into two parts according to its hash value.The data owner define the access structure and authority time,and encrypt the smaller part of the data under the pre-defined access structure and authority time.When the authority generates private keys for users,it will decide at that time wether the attributes of user are effective or not,and determine wether the attributes participate the generation of private keys or not.By the implementation of this scheme,we can ensure that only the users who satisfy the access structure and authority time can decrypt the data correctly,so as to ensure the datasecurity of the data owners.(2)On the basis of the first scheme,in order to meet the requirement of the data owners,which is updating the access structure and authority time,a scheme is proposed to update those dynamically.This scheme can support the updating of any kind of access structures,including Boolean expression,LSSS matrix and threshold structure.In addition,the data owner can delete the data stored in the cloud server by designing a new access structure.Finally,we prove the security of the scheme,and the scheme is analyzed from different aspects such as correctness,integrity and performance.