An Access Contorl Model On Attribute Baesd-Encryption Scheme For Cloud Storage

As an extension of the cloud computing,cloud storage provides an effective way for the storage of big data.Cloud storage can provide services to users wherever it is needed,and it has been widely used in various fields because of its low cost,simple interface,high scalability and so on.However,as many cloud storage service providers have been trapped into the scandals of data breaches,its security risks becomes a hot issue that has even become a bottleneck to further development of cloud storage.Access control is an important method to achieve the users' data confidentiality,although many Cloud Storage Servers(CSS)provide simple access control function,CSS can not guarantee fine-grained access control.Attribute based encryption scheme provides an effective way to solve this problem.This paper proposes an access model on attribute based-encryption with embeddoor scheme for cloud storage based on the previous researchs.Firstly,we re-define the cloud storage access model,including Cloud Storage Server(CSS),a trusted Attribute Authority(AA),the data owner(DO),and the users.We use DO to control the user's secret key to reduce the burden of A A and improve the security of this mode,while the AA is responsible for the generation,releasement,store,update and revocation of user's secret key.Besides,CSS allocates different access rights for DO and general users,DO has read and write permissions,while general users have read-only access to cloud data.Secondly,we propose some construction to ABE scheme.We embed a parameter which is called embeddoor to the calculation of master key for the revocation of attributes.Besides,we change the way the Secret Key is generated,where the decryption of ciphertext can be done only when OMK update the user's SK.Our scheme can enhance the security and reducing the computational cost of the secret key of AA.Finally,for the revocation of attribute,we designe key tree mechanism to support the immediate revocation and do not need to update secret key of un-revoked users,thus achieve a highly efficient attribute revocation.We propose an effective and stable access model based on CPABE-WE for cloud storage,which is more safe and efficient compared to the existed schemes.