Research On Access Control Technology In Semi-honest Cloud

In recent years,the rapid development of Internet technology has caused an explosive increase in the amount of data.The storage and calculation of massive data is a huge burden for ordinary users.For enterprises that need to extract and filter out useful information from massive data to make a profit,it is unrealistic to use traditional data storage technology to store massive data.In this case,cloud storage technology came into being.Cloud storage technology can provide users with low-cost,efficient,reliable,and highly scalable storage space.In addition to saving data,cloud storage technology allows people to easily and quickly share data.But while bringing cost-effective storage space,cloud storage technology also brings many security issues such as integrity verification,unauthorized user access,and cloud storage service providers snooping on user privacy.How to design a reasonable access control scheme so that data owners can flexibly formulate access policies,ensure data security,and users can access data flexibly,efficiently,and securely has become one of the hot topics of research.This thesis mainly studies the access control technology based on attribute encryption,and completes the following three aspects:First,in response to the need to revoke or change the user's access permissions in the access control system,the existing attribute-based encryption-based revocable access control scheme is transformed,and a method of segmented key generation is proposed to propose a fine-grained,real-time attribute-based encryption revocation scheme.The computational overhead due to revocation in this solution is performed by a cloud service provider with strong computing power,and attribute-level revocation granularity is achieved.In addition,it also has the function of ciphertext delegation and anti-decryption key exposure.Secondly,in view of the case where a malicious user leaks a decryption key in an access control system,a responsible account access control scheme based on attribute encryption is proposed.First,a complete security scheme supporting large attribute sets is proposed and its security is proved using dual system proof method.Then combined with the binding commitment algorithm,a white-box accountable access control scheme is proposed.Without maintaining an additional identity table,the leaked key can be used to blame the user for leaking the private key.Third,set up an HDFS cluster as a cloud storage platform and implement an access control prototype system based on an attribute encryption algorithm.Users can flexibly formulate access policies to encrypt data and upload it to the cloud platform.Encrypted data downloaded from the cloud platform can only be successfully decrypted when the user holds attributes that satisfy the access policy.The system uses a browser / server architecture for quick and easy access.