Research On Attribute-Based Encryption Access Control Schemes Over Cloud Storage

As a new distributed computing model,cloud computing is widely used in enterprises and organizations because of its self-service on demand,multiple network access,resource sharing,and fast resilience and metering services.Small and medium enterprises outsource computing and storage enterprise data by using cloud platform,thereby reducing the enterprise costs for the purchase of computers and other infrastructure.In addition,cloud storage services as the main service in the cloud,which widely favored by the people.With the popularity of the Internet and mobile networks,people use the cloud storage service becoming very convenient.It can access the cloud storage anytime and anywhere.At the same time,its own security has aroused the attention of the academy and industry.The cloud service provider is not fully credible for users.With a large number of sensitive data outsourcing to the cloud storage server,it is difficult to ensure that cloud storage service providers will disclose the interests of the user's data.Although we are able to encrypt the sensitive data to the cloud storage server,the users who access the data come from different organizations,which make the key distribution very difficult and it is not conducive to the sharing of data.In recent years,with the popularity of mobile terminals,accessing cloud storage data by mobile devices has become highly popular;however,mobile devices only have limited power support,the research on efficient ciphertext access is imminent.Therefore,in order to protect the security of cloud storage data,the efficient and flexible data access is still one of the important issues that must be concerned in cloud storage service.The ciphertext policy attribute-based encryption scheme is a part of the traditional public-key cryptosystems.It is one of the main techniques to implement ciphertext access for storage services.However,as the feature of one-to-many access that does not exist in the traditional public key encryption system,it is applicable to the ciphertext access control for cloud storage server.In addition,due to existing multi-authority attribute-based encryption,it is possible to share the same data among users of different organizations,which facilitate the expansion of the system scale.Despite the fact that the attribute-based encryption has many advantages,it is not directly applicable to cloud storage server.The most significant reason is access policy hidden.When the user is outsourcing the ciphertext to the cloud storage server,the embedded access structure in the ciphertext is plaintext that leaks the user's attribute privacy.In addition,in order to make the attribute based encryption mechanism can be directly on the mobile device,reducing the computational cost of encryption and decryption is of great importance.Mainly focus this paper on the issue of multi-authority attribute-based encryption access control over cloud storage server.The main work is as follows:Firstly,the characteristics,architecture and service types of cloud computing are described,and the security problems of cloud storage are introduced.In addition,the paper summarizes the research process of attribute-based encryption in cloud storage,and analyzes their advantages and disadvantages and puts forward the further ideas.Secondly,the problem of access structure hidden and user revocation in multi-authority attribute-based encryption access control is studied.For the cloud storage server can use the attribute information in the access structure to deduce the value of encrypted data,and can identify the security of the user's identity,this paper combines the one way anonymous key protocol with attribute's version control technology to propose multi-authority attribute-based encryption with policy hidden.The data owner can ensure the safety of the access structure by confusing the attribute in the access structure,thus resisting the cloud storage server to obtain the confidential information in the access structure.In addition,when the user revoking,the non-revoking user updates the ciphertext and private key containing the revocation attribute of the user in time to ensure the consistency of attribute's version of the ciphertext and the private key of the user,thus realizing the forward security of the system.Thirdly,we study the access control scheme of multi-authority attribute-based encryption that can apply to mobile devices.The encryption and decryption algorithms for existing multi-authority attribute-based encryption schemes are too costly to deploy to mobile cloud storage systems.To reduce the computational cost by outsourcing the decryption to the cloud storage server,but it does not guarantee the correctness of decryption.This paper offers an efficient and verifiable attribute-based encryption scheme based on online/offine and verifiable outsource decryption.The scheme divides the encryption process into online phase and offline phase,in which to reduce computational overhead by transferring a large number of pairing operations in the encryption process to the offline state.In addition,when decryption,a large number of pair operations transfer to the cloud storage server,and thus reduce the cost of computing the client.The scheme supports verification of the outsourcing decryption.Thus,verifying cloud storage server decryption is correct.Finally,this paper analyzes and summarizes the problem of the attribute based encryption access control over cloud storage server,and points out the next research direction for attribute based encryption.