Agent-assisted Cloud Storage Access Control Scheme And System

Currently,we gradually acceleratedstep from the era of Mobile Internet into the era of Internet of Things.Cloud Computing,as a vital element of information and technology,plays a pivotal role in accelerating this process.Admittedly,Cloud Storage,as one of the fundamental services provided by cloud computing,facilitates people's daily life and work to a great extent.Nevertheless,some security issues brought about by this technology have been exposed.The most effective solution to the problems of the security of the data stored in Cloud is the application of Data Access Control.The mechanism of Attribute-Based Encryption,with its specific advantage,can construct a scheme suitable for find-grained access control in Cloud Storage environment.However,ABE(Attribute-Based Encryption)encryption and decryption process contains a large number of complex bilinear pairs of operations and the mobile devices,including mobile phones,used by most of the subscribers,only have a small amount of memory,limited computing power as well.Besides,the problem of attribute revocation regularly arises in the open Cloud Storage environment.Meanwhile,the system must update the cloud ciphertext and user key timely,so as to ensure the security of the user data.Taking into account the fore-mentioned issues,this paper studies the issue of user decryption efficiency and the issue of attribute revocation in Cloud Storage Access Control System in a deep going way.A CP-ABE(Ciphertext-Policy Attribute-Based Encryption)scheme is proposed to tackle the issue of outsourcing decryption and attribute revocation.And it is on the basis of the CP-ABE scheme that a cloud storage environment based on Android Platform is created.First of all,the algorithm is refined on the basis of CP-ABE scheme.A third-party proxy server is applied to outsourcing part of the decryption.The advantage of this scheme is that the efficiency of the user decryption can be greatly improved since a large number of complex operations are outsourced by the proxy server.In this way,what the users need to do is just a small amount of decryption operation.Then,the scheme proposed in this research is programmed and realized,and the correctness of the proposed scheme and the advantage ofthe algorithm are obtained by the comparison of the experimental results with Li Yong et al's scheme.Secondly,on the basis of outsourcing decryption CP-ABE scheme,an efficient method of revoking the attribute is introduced in this thesis.When the system is initialized,a version number is generated for each system attribute.When a user's certain attribute is revoked,a new version number for the attribute will be produced within the system,and an updated key will be generated,according to the new version number corresponding to the revocation attribute,by utilizing the key update algorithm.By updating the decryption key and the part related to the revocation attribute in the ciphertext and by keeping the rest unchanged,the user key and cloud cipher text can be timely updated..Hence,the issue of the dynamic changes of large-scale user access to the Cloud Storage System can be solved.Finally,according to the proposed decryption CP-ABE scheme,this study constructs a Baidu cloud storage access control system based on Android platform,in which the outsourcing decryption part is attached to a proxy server.The results of the system test show that the interaction between the entire access control system,from the Android client to Baidu cloud BOS,and the outsourcing server can be successfully achieved.