Research On Cloud Storage Access Control Algorithm Based On Attribute Encryption

With the continuous development of cloud storage technology,cloud storage has become a new storage method,which is widely used in both enterprise and personal fields.The cloud environment can support users to share data,but this will cause some malicious users to use some illegal means to access or modify the data,so access control is an important way to protect user data.But in the current cloud environment,only simple access control and traditional encryption schemes are provided,so that the data security requirements cannot be fully satisfied.More fine-grained access control scheme needs to be provided in complex cloud storage environments.The attribute encryption scheme of the ciphertext policy plays an important role in the cloud storage access control scheme.The research work is as follows:(1)This thesis proposes a traceable attribute encryption scheme based on signature authentication,which can track users who leaked information.In the cloud environment,because the user's key is closely associated with its own attributes,the specific identity information cannot be viewed.So when the information is leaked,there is no way to trace the specific identity information and identify the responsibility of the user or authorization center.Also the user's private key will be illegally authorized to other user.Therefore,a traceable attribute encryption scheme based on signature authentication is proposed,and uses the unforgeability of signature authentication to avoid the leakage of user keys.The scheme can effectively track users who leak information.The scheme is able to distinguish the responsibility of user or authorization center.(2)This thesis proposes a policy revocation scheme based on attribute encryption,which enables users to revoke policies more flexibly.Policy revocation plays an important role in cloud storage access control,and policy revocation scheme can provide a more secure cloud environment for users to storage and transfer data.However,in general policy revocation schemes,there are often difficult problems to manage user.Therefore,the thesis proposes the scheme of policy revocation based on attribute encryption,and uses an improved ciphertext policy of attribute-based encryption scheme to encrypt sensitive attributes data in personal health records.In addition,consider revoking the policy in the attribute-based encryption scheme for ciphertext policy,a new key needs to be generated for authorized users.The owner of the personal health record updates the list of authorized users by changing the attribute policy.When the policy is revoked in system sharing the personal health record,the trusted authority calculates part of the secret token key according to level updating policy,and then issues the updated key for the new policy.The scheme puts more emphasis on key management,policy management and user revocation.The data owner is fully controlled according to the policy update level selected by the data owner.The scheme can help owners of personal health record and users to flexibly revoke policies,and it can also avoid wasting time.(3)This thesis proposes a user attribute revocation scheme based on improved attribute encryption,which enables data owners to reduce computational overhead.In the cloud storage access control,when more user attribute revocation problems is faced,the workload of the data owner will increase exponentially,and the user's attribute revocation is jointly decided by the data owner and the authorization center.In traditional user revocation,the user's private key needs to be updated,which will affect the execution effect of the access control policy in the cloud storage and the attribute encryption effect of the ciphertext policy.Therefore,the thesis proposes an effective attribute revocation scheme based on ciphertext policy.The plain text is encrypted mainly by asymmetric encryption technology,and then when the user attribute is revoked,the authorization center generates a new version number key,delivers the updated version number key to the cloud server,and re-encrypts the ciphertext.Security proof and performance analysis show that the scheme can reduce the computational cost of the data owner.This thesis mainly uses the above three schemes to improve the access control scheme in cloud storage.The attribute encryption scheme based on signature authentication plays a role of accountability.A policy revocation scheme based on attribute encryption can avoid unnecessary time loss.User attribute revocation scheme based on improved attribute encryption can reduce time overhead.Therefore,the research work of this article has theoretical and practical significance.