Research On Access Control Of Cloud Computing Multi-authorization Center Based On ABE

Cloud computing virtualizes the hardware and software resources provided by cloud resource providers into a resource cloud,and then deploys them on the cloud by cloud basic service providers to provide a flexible,scalable and ondemand service mode for cloud resource requesters.While providing new resource services,cloud computing mode also has some system security problems.First,in the cloud environment,once users transmit data to the cloud,they lose control of data,and the confidentiality,integrity,and Availability is not guaranteed.Secondly,there is a lack of trust between the tenant and the cloud service provider.Whether the computing task can be executed correctly and the execution result is complete cannot be determined.Third,in a distributed cloud environment,the cloud migration technology enables the tenant to In the case of cross-domain access,there are access control problems in different areas.Fourth,due to the use of virtualization technology in building resource clouds,side-channel attacks occur between virtual machines sharing the same physical machine.As one of the main technologies to ensure data security in the traditional mode,access control can effectively prevent illegal users from accessing information on the server on a trusted server,and ensure authorized users access authorized data.However,in the cloud computing environment,the data owner and the data are not in one domain.For this problem,the former combines the encryption mechanism with the access control technology to ensure the security of the data in the environment of the data owner and the data in different domains.The encryption mechanism has also evolved from identity-based encryption,fuzzy identity-based encryption to attribute-based encryption.At present,the existing research on attribute-based encrypted access control in the cloud computing environment is mostly based on a single authorization center,which not only has the problem of excessive computational burden,but also gets all system attributes if it is attacked.The security of the data in the system is not guaranteed.Therefore,this paper focuses on the multi-authorization center attribute-based encryption access control deployment.The main work of this paper is as follows:(1)Based on the analysis of the existing attribute-based encryption-based cloud computing single-authorization center access control,which has low security,complex authorization process and easy system bottleneck,a cloud based on attribute-based encryption is presented.Multi-authorization center access control model in computing environment.By combining symmetric encryption and asymmetric encryption,the model reduces the amount of encryption and decryption under the premise of ensuring data security.By introducing the attribute management server,the private key generated by multiple authorization centers obtained by each user is recorded.The number of the user's private key is compared with the threshold of the access structure before the cloud service provider sends the ciphertext to the user,and it is determined whether it is necessary to send the ciphertext to reduce the calculation amount of the part of the user,and also reduces the amount of calculation.The transmission cost of the cloud service provider.(2)Aiming at the anti-collusion and re-encryption problem after the user attribute is revoked,a user attribute revocation agent re-encryption mechanism is given.By introducing the proxy re-encryption method,the encrypted data after the user attribute is revoked is re-encrypted by the authorization center without the need to decrypt the data,so as to prevent the security problem after the ciphertext decryption.At the same time,by updating the version number,the consistency between the version number of the user whose attribute is revoked and the version number of the ciphertext are determined,so as to ensure the confidentiality of the data.By introducing a minimized attribute partitioning algorithm,the attribute value is represented by the attribute name,and the purpose of access control semi-hidden access structure is realized.(3)The security problem of multi-authorization center access control policy and proxy re-encryption strategy in ABE-based cloud computing environment is transformed into parallel bilinear Diffie-Hellman exponent problem.By constructing q-PDBDH hypothesis,access policy is implemented.Proof of safety.At the same time,the ABE-based cloud computing user attribute revocation agent re-encryption mechanism is experimentally analyzed to prove the effectiveness of the proposed algorithm in reducing computation time.