The Research Of Identity Authentication Schemes And Access Control Policies In Cloud Compting

With the development of cloud computing technologies,more and more enterprises and individuals have become accustomed to using these convenient and efficient services provided by the cloud server for data storage and processing.However,with data far from its owner's physical control after being outsourced,cloud computing technologies have also brought about new security risks,so it's difficult to protect user's privacy and data's confidentiality.Meanwhile,the traditional identity authentication schemes and access control policies do have limitations to the service model of cloud computing,because the direct migration of schemes or policies will lead to some serious security concerns,such as the disclosure of personal authentication informations,the exposure of confidential datas,etc..On the basis of previous work,we have achieved some research results as follows:1.This thesis has proposed an identity authentication scheme based on the locality sensitive hashing function and the fingerprint feature in a specific cloud computing environment,which focuses on user's anonymity and secure sensitive data transmission in telecare medicine information systems.Our scheme employs locality sensitive hashing function,nonce and authenticated Diffie-Hellman key agreement as primitives to provide user privacy protection.Moreover,key agreement supports secure transmission by symmetric encryption to protect user's sensitive data from being leaked.Finally,the analysis shows that our proposal provides more security and privacy protection for telecare medicine information systems in cloud computing environment.2.In this thesis,considering both the control of the user's access authority and the privacy protection in data search,we have achieved fine-grained access control in multi-keyword searchable schemes over the cloud encrypted data.Through developing the respective access policy for each data file and then drawing on the thought of the inverted indexes,we can more rapidly filter out those data files that users own authority to access.Under two different threat models,methods of "coordinate matching" and“secure inner product computation" have also been introduced to preserve the data's privacy and user's access policy in multi-keyword search.Finally,the analysis shows that our proposal achieves the defined requirements of privacy protection and has relatively high efficiency.