| With the explosive growth of data volume in cyberspace and the steady development of cloud computing,an increasing number of organizations and individuals have abandoned the traditional mode of local storage with high cost of hardware equipments,and instead choose cloud storage as a new method of data storage.However,cloud storage may lead to the separation of data ownership and management,and the direct use of traditional encryption for data confidentiality protection will make cloud storage face the contradiction between data security and flexible data sharing.Therefore,as the common methods for solving such problems,cryptographic access control schemes such as attribute-based encryption(ABE)have been extensively studied.For some specific application scenarios in the cloud storage environment,building a cryptographic access control mechanism for hierarchical users is of great practical significance.In these scenarios,users are divided into a number of user groups organized in a hierarchy.Different users are given different access privileges depending on their groups and levels.Users in a higher-level group can access the data of their subordinate groups,while users in a bottom-level group cannot access the data of their superior groups or any other group.Hierarchical access control(HAC)based on cryptography is a basic method for solving the general problems in such scenarios.Nevertheless,due to the lack of scalable data sharing,user revocation,delegated re-encryption,etc.,most existing hierarchical access control solutions are not practical enough in cloud storage scenarios.This thesis mainly studies the construction of hierarchical access control scheme with scalable data sharing in cloud storage environment.The main work and contributions are as follows:1.Based on key-aggregate cryptosystem(KAC),this thesis proposes a basic scheme of hierarchical access control for cloud storage environment,supporting scalable secure data sharing which allows users to share data with any user group.In the basic scheme,the lengths of different users' secret keys are constant and regardless of the scale of hierarchical user structure.In addition,the basic scheme eliminates the need for key derivation process that is widely existing in hierarchical key assignment(HKA)schemes,which improves the convenience of key management.The result of security analysis shows that the basic scheme satisfies the requirements of correctness,compactness,data confidentiality and collusion resistant.2.For the cloud storage application scenarios with dynamic changes of users' access privileges and hierarchical structure,this thesis improves the limitations of the above basic scheme in dynamic update,and proposes a dynamic hierarchical access control scheme supporting the updates of user revocation.By introducing dynamic public matrix and delegated re-encryption,the improved scheme supports efficient user revocation and lazy re-encryption(LRE),which reduces the computation and communication overhead of updating.Compared with the basic scheme,the improved scheme also satisfies the requirement of forward security.3.This thesis conducted simulation experiments and performance analyses on both of the above two schemes based on Java language and j PBC cryptography library in Ubuntu operating system.In addition,by applying the proposed basic scheme,this thesis developed a prototype system under the browser/server(B/S)architecture based on Python language and Django framework,supporting secure data sharing with hierarchical access control for cloud data.The test result of the system shows that the hierarchical access control scheme proposed in this thesis are highly feasible in real-world applications. |
PDF Full Text Request