Research On Cloud Access Control Technology Based On CP-ABE

In Identity-Based Encryption(IBE),all recipients can use attribute sets to identify themselves.It allows the sender to encrypt the data without having to know the recipient's identity information to query the public key certificate.The sender's encrypted data is stored in the cloud,and the corresponding access control policy is developed.The sender does not care who will access the encrypted data,because only the corresponding user whose attribute set satisfies the corresponding access policy can be decrypted.The integration of access control policies and public key systems effectively improves access control capabilities.Identity-based encryption is more suitable for protecting user data and privacy in a cloud computing environment.Based on this,identity-based encryption has been improved and optimized,and attribute-based encryption has emerged.The attribute encryption is further differentiated into Key Policy attribute encryption(KP-ABE)and Ciphertext Policy Attribute Encryption(CP-ABE).In CP-ABE,the access control policy is written in the ciphertext,and the access control capability becomes more accurate and better enough to protect the data on the customer's cloud.In the past,the ciphertext-based attribute encryption mechanism used a single trusted key distribution mechanism for the user to distribute the key,and the key distribution mechanism has the ability to decrypt the ciphertext separately.In order to eliminate this drawback,some existing solutions introduce third-party to weaken the key distribution mechanism.The two can be combined with a certain computing mechanism to jointly generate the user's key,and neither of them decrypts separately.The ability of a ciphertext.But it also brings the security problem of secret information such as new keys and leaks.Based on this,this paper proposes two different angles of solution as follows:(1)For the problem that the user key in the existing CP-ABE is easy to leak,a CP-ABE scheme based on the secure three-party computing protocol is proposed for the first time.Construct a proxyless key publishing protocol using secure three-party computing between the attribute authority,the cloud data storage center,and the user so that the user has the subkey needed to generate the full key,from the certificate authority and data storage center The generation of the respective keys is acquired by the malicious attacker in the transmission,and the attacker cannot have the ability to decrypt the ciphertext by itself.Security analysis shows that it can effectively eliminate the threat that a single key generation center and user key are maliciously acquired during transmission to the user.(2)For the access control of data on the cloud,the attribute encryption scheme can be considered to be tailor-made for it.Even so,users' data and privacy are still threatened.System communication complexity is directly proportional to risk exposure.In this paper,the ciphertext policy attribute encryption scheme based on homomorphic encryption is proposed.The attribute authorization center and the cloud service center have independent coordinates that are mutually confidential.Both use secret coordinates to perform a secure two-party linear protocol.After the protocol is executed,each generates a secret subkey.The analysis shows that the scheme greatly reduces the number of communication interactions required to generate the user key,and eliminates the single key generation mechanism,which effectively reduces the risk of leakage of important information such as secret keys during the interaction process.