Revocable Multi-authority CP-ABE Access Control Scheme In Cloud

With the rapid development of cloud computing,our life has been greatly improved.With the data growing,people begin to use cloud storage service.However,data outsourcing means that users may lose control of their own data,and the security of data also raises people's concerns.As the most existing cloud service providers are not entirely credible,they may leak users' data by colluding with illegal users.Data security and lack of control are the biggest obstacles for cloud storage development.Access control can prevent illegal users from accessing sensitive data in the system,which is very suitable for the application in the cloud environment to protect users' privacy.Attribute-based encryption has become a hot topic in current research,and the ciphertext policy attribute-based encryption(CP-ABE)scheme is very suitable for cloud environment.In this scheme,each legal user is assigned some attributes,and only the users whose attributes satisfy the access structure can decrypt the file.However,the existing attribute-based encryption schemes have many problems.They are mostly based on only one authority,which may lead to single point failure and system bottlenecks.Meanwhile,the computation cost of encryption and decryption is huge,which seriously affects the access efficiency of the system.In addition,this access control technology can also bring great administrative burden,especially the issue of revocation.This paper mainly focuses on the privacy of user data security issues in cloud storage.Relevant research background and related works at home and abroad about attribute-based encryption is introduced first,and the problems of the existing schemes are also summarized.To solve these problems,a multi-authority CP-ABE scheme which supports user and attribute revocation is proposed.In this scheme,most computation of decryption is outsourced to the cloud server,which greatly reduces the user's computational cost.Meanwhile,the corresponding user and attribute revocation scheme is designed.When user revocation occurs,no complicated update operation is required,we only need to delete the revoked user's proxy key which is stored on the cloud server.In the attribute revocation phase,most operations of update and re-encryption are outsourced to the cloud server,and the user only needs to complete a small amount of computation.In order to improve the efficiency of the system,a verifiable outsourced multi-authority CP-ABE scheme is proposed.In this scheme,most computation of both encryption and decryption are outsourced to the cloud server,users only need to complete a small amount of computation,which greatly reduces the computational overhead of data owners and users.Meanwhile,the corresponding outsourcing result verification scheme is designed.By running the corresponding verification algorithm,once the cloud server returns the wrong result,the user can immediately notice it,thus ensuring the correctness of the subsequent results.Finally,security analysis and performance analysis of the two proposed access control schemes are given,and the proposed schemes are compared with several existing schemes,through theoretical and simulation results,the security and effectiveness of the proposed schemes are proved.