Research On Access Control Scheme With Attribute-based Encryption In Cloud Computing Environment

Cloud computing has become the mainstream data storage technology because of the strong scalability and low cost.But the security of cloud data is still a huge challenge.In order to solve such problems,the data owner took some access control technology to ensure data security.Attribute-based encryption(ABE)is an encryption mechanism with attribute as public key whose essence is to use attribute to associate user's relationship with ciphertext and secure the flexibility of encryption and access control for Cloud data.Meanwhile,it has become a key technology of safe cloud storage access control by realizing the fine-grained access.Among them,ABE is divided into two categories: Ciphertext Policy Attribute Based Encryption(CP-ABE)and Key Policy Attribute Based Encryption(KP-ABE).In the view of the traditional ABE mechanism This paper carries out an in-depth study in the existence of ABE and optimizes the original ABE on key distribution and attribute revocation so as to propose a more effective and safer fine-grained access scheme for cloud data storage.The main work is:Firstly,it introduces a scheme based on Trustlevel Ciphertext Policy Attribute Based Encryption(TCPABE)combining with trust management mechanism.And this scheme integrates the trust management mechanism on the basis of CP-ABE technology,which determines the users' trust level by quantifying the user's access behavior and embeds it as a kind of attribute into the data access strategy so that the user trust value calculation can be combined with attribute authorization and attributes revocation.According to the user access behavior,this system updates the trust value and promptly manages the user access status.At the same time,the composite load structure is used to reduce the computational burden.And the simulation results show that the scheme can solve the huge computational cost and data security problem caused by frequent replacement of keys due to attribute revocation.In addition,based on the bottleneck encountered in the issue of key distribution,user management and encryption and decryption calculation overhead,the ABE access control mechanism of a single attribute authority puts forward a cloud storage access control scheme which is efficient and secure multi-authority.The scheme is based on CP-ABE,and the central authority does not participate in the generation and distribution of attribute private key,which is transferred to data owner and multiple attribute authorities to reduce the risk of data leakage caused by central authority.Moreover,it supports anonymous user access without the Global Identity Descriptor(GID)to ensure that an attacker cannot obtain the user's GID through the attribute authority,and then can not obtain the user attribute forging the attribute set to satisfy the access policy to steal the data.This scheme fulfills anonymous communication and identity protection and the computational overhead is also much better than the single authority model.