Research On Attribute-Based Access Control Mechanisms In Cloud Storage

With the constant change of the Internet Area, cloud storage has developed rapidly as storage part of cloud computing. C loud storage service model can not only achieve massive, efficient storage management, but also ensure the user's optional reading and resources sharing. However, cloud storage service providers are not entirely reliable, data and users in different domains, it cloud easily cause people concerns on data security and efficient access. Therefore, how to ensure the security of cloud storage system data and user fine-grained access has become the important issues to be worked out.Attribute-based encryption mechanism has the advantages of high security and access flexibility, and it is an important technique for secure access to cloud data at present. This thesis studies issues about ciphertext-policy access control in cloud storage systems. The main tasks are as follows:First of all, we analyze the existing basic ABE schemes, ciphertext-policy ABE(CP-ABE) schemes, key-policy ABE schemes and multi-authority ABE schemes. Through the analysis and study of the relevant schemes, we make summary and point out some problems such as attribute revocation and attribute authorization.In the second place, cloud storage access control schemes based on CP-ABE are studies in this paper. In order to improve the efficiency of user access, this paper introduces disjunctive tree access structure. Improved tree structure makes all the attributes in the same layer, which not only simplifies the recursive operation of the decryption algorithm, but also improves the efficiency of the user decryption. In ensuring data security situation, proxy re-encryption technology is used to transfer the re-encryption process of attribute revocation to the cloud service provider, thus reducing the computational overhead of data owner.Last but not least, multi-authority access control scheme is put forward in cloud storage systems in view of the problem that the single authority can't meet the demand of distributed applications and the authorized party without credible or malware attacks may cause leakage of the key issue. Based on CP-ABE, the scheme sets some attribute authorities to distribute secret keys. In order to prevent the join attract of attribute authorities, user ID managed by data owner is added to access policy. Mixed access structure including common attributes and user ID not only improves the security of the system, but also realizes the direct revocation of the user's rights. In order to improve the efficiency of attribute revocation, the proposed scheme introduces proxy re-encryption technology and attribute authorities' version numbers in the process of re-encryption. Through detailed analysis and performance evaluation, the improved scheme is secure, and it also effectively improves the efficiency of the secret key distribution.