| Cloud computing provides the powerful operation ability and extensible storage service with "pay-as-you-use" means and relatively low price.More and more users will send their a lot of business data and personal information such as sensitive content to cloud computing server in order to solve the problem of the limited computing and storage terminals.How to ensure the security of sensitive data stored in the cloud is needed to be solved the problem by the cloud computing server.Cloud storage is an important content of cloud computing services;its safety is always the focus of attention.Users as the most flexible subject of the cloud service,their permissions granted and revoked also gradually become an important topic in the research of cloud security.In this paper,it users key-policy attribute-based encryption and ciphertext-policy attribute-based encryption as the research background and thoroughly researches the encryption process and the user access control principle.Meanwhile,it will discuss the difficult revocation issues around this two algorithms.The main work of this paper summarized as follows:First of all,it detailedly expounds the research status of cloud computing and cloud computing security problems and the critical technology of cloud computing security.Due to the characteristics of large users and large data of cloud computing,it in order to ensure the security of the data uses attribute-based encryption algorithm which is used to adapt the communication model.This paper detailedly describes key policy attribute-based encryption,ciphertext-policy attribute-based encryption and related issues.Additionally,this article describes the bilinear mapping,proxy re-encryption,access structure and other key technologies.Then,the paper proposes an improved key-policy attribute-based encryption algorithm efficient access control method for key-policy attribute-based encryption algorithm revocation difficult problem.This method efficiency mainly lies in under the premise that ensure the confidentiality of the ciphertext information,makes heavy encryption process of part of the private key components and related cipher components be transferred to the cloud to greatly reduce the computational cost of data owner;it will combine with revoke minimum influence attribute technology to revoke user privileges for achieving efficient,flexible and resistance to collusion attacks ciphertext access control scheme;finally it proves the security of the proposed scheme.Finally,for ciphertext-policy attribute-based encryption revocation difficult issues,the paper proposes a method which improves over the proposed scheme realizes efficient user revocation and attributes revocation.By introducing the critical attributes under the premise that ensures the confidentiality of the ciphertext information and resistance to collusion attacks,it uses proxy re-encryption technology to flexibly achieve specified users revocation and specified attributes revocation.In addition,it will transfer part of the private key components and related cipher components to cloud server for updated to reduce the computational cost of data owner.Finally,the experiment can verify the efficient privileges revocation of the proposed method.The contributions are as followed:1.This paper proposes a modified key-policy attribute-based encryption algorithm and revocation minimum influence attribute technology.Its aim is under the premise that ensures the confidentiality of the ciphertext information to solve the network "bottleneck" problem caused by the data owner limited computing power by transferring parts of the private key components and related ciphertext components to the cloud.2.The above scheme is improved.The paper respectively proposes two kinds of revocation scheme based on ABE algorithm address access structure tree and linear secret sharing access matrix.The two schemes realize effective users' privileges revocation and attribute revocation and reduce the computational cost of the data owner,cloud server and attribute authorization center. |
PDF Full Text Request