Policy Hidden CP-ABE Access Control Scheme In Cloud

Cloud computing has evolved from an emerging paradigm of technology and business to the bellwether of business computing.With the development of cloud computing,the mode of data storage and computing based on cloud has been widely used because of its high scalability and ability to support real-time applications.However,data acess cannot be controlled and there are many security challenges of data privacy in the model of outsourcing data directly to the cloud.Preventing unauthorized users from accessing sensitive data though access control has become an efficient means of solving data security problems in cloud.Ciphertext-policy attribute-based encryption(CP-ABE)defines the access policy through attributes of users,which could achieve fine-grained access control.So it is considered as one of the most suitable access control methods for distributed cloud environment.However,as the key to user access authorization in the CP-ABE access control scheme,the access policy contains sensitive information of users and their data.Although the data has been encrypted,cloud service providers may infer sensitive information of it based on access policy,which can easily lead to the disclosure of privacy information.To solve this problem,this thesis focuses on privacy preserving issues of access policy in CP-ABE scheme and proposes two policy hidden access control schemes by designing appropriate structure of ciphertext and keys and the form of access structure.The main contributions of this thesis is as follows:(1)To solve the issues of data security in cloud-fog computing,a CP-ABE access control scheme supporting anonymized attributes escrow and authentication is proposed,which achieves fully policy hidden,outsourcing decryption and efficient user revocation.This scheme designs a method of anonymized attributes escrow and authentication,which makes the user attributes anonymized and then stores them in the cloud.And the attribute authentication method could match the corresponding anonymous attributes for legitimate users so as to preserve the privacy of policy and avoid malicious data access by illegal users.In addition,by utilizing the computation capacity of fog nodes,a verifiable outsourced decryption method is designed to reduce the user computation overhead.Based on the management of the proxy keys,an efficient user revocation method is introduced to improve the flexibility and forward security of the system.(2)To solve the issues of data privacy in medical cloud,a CP-ABE access control scheme supporting attribute values hidden and key query is proposed,which achieves policy privacy preserving,proxy key query and cross-domain data sharing.In this scheme,the attribute values are hidden in the ciphertext.And the scheme designs a method of matching proxy keys with user attributes and ciphertext to query the key for legitimate users without exposing attribute values of the users,so as to avoid responding to the malicious data access requests.Only when the attributes and the keys of an authorized user match the hidden attribute values in a ciphertext,the decryption of the ciphertext could be completed by the user.Thus the scheme achieves privacy preserving of attribute values.The scheme also introduces the outsourced decryption mechanism,which mitigates part of the heavy decryption computation burden to the cloud,so as to improve the efficiency of the scheme.(3)Finally,the thesis analyzes the security and performance of the proposed schemes.Through the theoretical analysis and the simulation comparison with the existing schemes,the security and efficiency of the proposed schemes are proved.