Research On CP-abe Based Security And Traceable Cloud Storage Access Control Technology

With the development of cloud computing technology,cloud storage is widely used due to the good scalability,fast deployment,and low cost.However,the occurrence of cloud storage data loss,leakage,malicious attacks and other incidents in recent years has pushed the data of enterprises and individual users to encounter high security risk.Data encryption technology and access control technology are two important methodologies to protect data security in the cloud environment.The existing Ciphertext-Policy Attribute-Based Encryption(CP-ABE)scheme combines access control technology and data encryption technology,which is considered to be the most ideal method for protecting data access security in the cloud storage environment.But most CP-ABE schemes have low efficiency and the way to resist malicious user attacks is too simple or does not consider the situation of malicious user attacks in the cloud environment.Considering the problem of low efficiency of CP-ABE scheme and malicious user attacks in the cloud environment,CP-ABE based secure and traceable cloud storage access control scheme is proposed in this paper.In the encryption phase,the data owner must apply a certificateless signature scheme to sign the access policy,the signature is also required to add into the ciphertext calculation.Meanwhile,the private key contains the personal secret value of user in the system.When other users in the cloud environment initiate access requests to the data,the cloud server could combine the received part of private key with the user identifier to calculate a hash value.The hash values can be stored in public databases,such as storing in the blockchain as access records to identify malicious users.In addition,in the decryption phase,a qualified visitor must complete the signature verification to get the plaintext,which could effectively resist internal attacks by malicious users in the cloud environment: malicious users can neither modify the published data and access policies on the cloud server,nor can they pass as data publishers to issue malicious information.Furthermore,the scheme in this article switches partial calculation of the decryption process to a cloud server with strong computing capability,which reduces the decryption pressure on the client side.Based on the indistinguishable game security model framework,the attack security model of this scheme is defined,we also prove that our scheme has indistinguishability under the chosen-plaintext attack,which meets the security requirements of real-world implementations.In the meantime,it is intuitively analyzed that the proposed scheme can better resist common attacks such as replay attacks,man-in-the-middle attacks,malicious user attacks,and collusion attacks.And later functionality test and performance analysis are also conducted.The experimental results display that,schema of this paper,on the basis of satisfying the basic encryption and decryption functions,its performance,the private key storage overhead,ciphertext storage overhead,and encryption calculation overhead are smaller than the BSW CP-ABE scheme in the same scenario.With the upgrade of complexity of the access policy and the increase of number of elements in the minimum matching set of decryption,the decryption calculation overhead of the scheme in this paper will also be smaller than the BSW CP-ABE scheme,which indicates that the scheme in this paper better matches the large-scale access scenarios.Last but not least,the main work of this paper is summarized and the future work is prospected.