The Research On The Access Control Technology Based On Multi-authority ABE In Cloud Computing

With the development of cloud computing and cloud storage,users can access to the cloud servers and process large-scale information via Internet.However,the openness and complexity of cloud computing cause many data security problems,thus how to protect cloud users private information and data security is becoming the most severe problem in cloud security.At the same time,as a flexible factor,users can join or leave cloud service randomly.Therefore,the efficiency and security of user access control and revocation is also very important to the cloud security.Attribute-Based Encryption(ABE)can not meet the security and cross-domain access control in cloud computing due to many users and multiple authorities coexist.Multi-authority attribute-based encryption(MA-ABE)has become a hot topic in cloud security.In this paper,we mainly focus on multi-authority attribute-based access control method encryption and revocation.The main research contents are summarized as follows:1.Since it is difficult to achieve secure cross-domain data sharing and access control in the cloud storage environment,this paper proposes a multi-authority attribute-based encryption access control scheme based on access tree and build a decentralized authorization model.In the decentralized model,Data Owner(DO)and multiple attribute authorities(AAs)cooperate with each other to distribute attributes and generate corresponding secret keys.With this model,Central Authority(CA)is free from key generation,which reduces the security risks that are brought by CA and prevent the potential collusion attacks between users,AA and CA,AA and AA.In addition,user's attribute key is irrelevant with his global identity(GID),which can protect the identity information of user.At last,the security proof of this scheme is provided by using decision bilinear Diffie-Hellman(DBDH)assumption.2.For multi-authority attribute-based encryption revocation problems,a flexible user and attribute revocation scheme for multi-authority attribute-based encryption is proposed,which can achieve both efficient user and attribute revocation securely.By dividing secret key and using proxy re-encryption,a flexible user revocation and attribute revocation can be achieved.Additionally,in order to reduce the computational cost of data owner and decryption cost of user,large part of decryptionand ciphertext re-encryption are transmitted to the cloud server.Finally,the paper theoretically demonstrates the security of the scheme and experimentally verifies the efficiency in user revocation and attribute revocation.