Research On Data Access Control Based On Attribute-Based Encryption In Cloud Storage

Data access control in cloud storage has always been a research topic of common interest in academia and industry.C iphertext-policy attribute-based encryption is a technology suitable for data access control and secure sharing for cloud storage,because this technology can not only ensure data confidentiality,but also achieve fine-grained access control.Most existing data access control schemes based on attribute encr yption in cloud storage still have many problems,such as inability to resist collusion attacks,inability to guarantee the security of user and attribute revocation,and lack of access policy update mechanisms.In view of these problems,after analyzing and summarizing the characteristics of the existing schemes,this thesis proposes a more secure and flexible scheme.The main research contents of this thesis are as follows:1.Analyze the data access control scheme for cloud storage(NEDAC-MACS)proposed by Wu et al.,And give an attack method: the revoked user,through a collusion attack with the cloud storage service provider,can convert the new version of the ciphertext into the old version of the ciphertext,which can decrypt the old version of the ciphertext,and finally achieve the goal of unauthorized access and data acquisition.The security analysis also shows that NEDAC-MACS cannot guarantee backward security.2.In response to the problem pointed out above,this thesis proposes a security-enhanced data access control scheme for cloud storage(SEDAC-MACS).First,the system model of NEDAC-MACS is improved,and a trusted proxy server is added;then the decryption algorithm and attribute revocation algorithm of N EDAC-MACS are modified;finally,through formal safety analysis and performance analysis,it shows that SEDAC-MACS is safe and effective.3.This thesis proposes a dynamic data access control scheme for multi-authority cloud storage(DDAC-MACS),which for the first time simultaneously achieves attribute revocation,user revocation and policy update.However,most of the existing schemes are only a problem in the research of attribute revocation,user revocation and policy update,and they have not integrated the three.DDAC-MACS adds a version number to the attribute to achieve attribute revocation by changing the attribute version,and implements user revocation by adding the user to the blacklist.By studying the relationship between the new stra tegy and the old strategy,only a part of the ciphertext can be updated to implement the policy update.The formal security analysis of DDAC-MACS shows that DDAC-MACS meets security requirements such as anti-collusion attacks,data confidentiality,forward security,and backward security.Finally,the performance simulation comparison with the related data access control scheme shows that the scheme is still efficient in terms of storage cost,calculation cost,and communication cost.4.Analyze the data access control scheme for cloud storage(EERDAC-MACS)proposed by Yang et al.,and propose a new data access control scheme for cloud storage(NEERDAC-MACS).First,two attacks against attribute revocation in EERDAC-MACS are given;then some algorithms of EERDAC-MACS are improved to ensure the security of attribute revocation;finally,through the formal safety analysis and performance analysis of NEERDAC-MACS,it shows that NEERDAC-MACS is safe and effective.