Research On Access Control Technology Of Cloud Storage Based On Attribute Encryption

With the rapid development of information technology,information data is increasing day by day,and the demand for data storage is expanding rapidly.Cloud storage service has gradually become an important part of cloud computing services,but it also makes users out of the direct control of the data.Cyber hackers and even some cloud storage service providers themselves covet the huge value contained in this huge amount of data.Therefore,it is necessary to design solutions to meet the requirements of cloud storage access control and ensure data confidentiality,integrity and availability.As a new type of public key cryptosystem,the attribute-based encryption system can realize flexible access control while protecting data security.Among them,Ciphertext-Policy Attribute-Based Encryption(CP-ABE)is considered to be a more suitable solution for cloud storage environments.However,the traditional CP-ABE solution has some problems.For example,users frequently change access policy,resulting in the constant need to re-encrypt data,thus causing a waste of computing resources.Another case in point is that only a single authorization center is used,which leads to excessive load and low fault tolerance.Besides,users maliciously leaked their keys,but the solution lacks traceability,which makes it impossible to effectively track malicious users among a large number of users.And there is no hidden access policy,which causes malicious users to obtain valuable information through the access policy in the ciphertext.In order to achieve safe and efficient user access control in the cloud storage environment,the main research work of this paper is as follows:(1)Summarizes the current research status of attribute-based encryption and features such as multi-authority,traceability,and access policy hiding at home and abroad,and introduces the related basic theories of attribute-based access control technology.(2)Aiming at the problem of single authorization center bottleneck,tracking users leaking keys,and frequently changing access policy.Improve the multi-authority CP-ABE scheme in the cloud storage environment,construct the scheme through the bilinear group of prime order,and use the linear secret sharing scheme to construct the access structure.Based on the existing security model,the data security and traceability security of the scheme are described through the simulation game between the adversary and the challenger.At the same time,a theoretical comparison with related schemes in terms of characteristics,storage costs,and computational costs,as well as experimental comparisons of algorithms at each step are designed.(3)Aiming at the problem of incomplete credibility of cloud storage service providers and preventing malicious users from obtaining private information from the access policy in the ciphertext.Combined with the garbled attribute bloom filter,the traceable multi-authority CP-ABE scheme is improved.Based on simple assumptions,the security proof is completed under the random oracle model.At the same time,it is designed to compare with the existing schemes in terms of features,and the access policy hiding scheme in terms of storage and computing overhead.The innovations of this paper are:(1)A CP-ABE cloud storage fine-grained access control scheme with multiple features and high efficiency is proposed.This feature includes: support for white box tracking and constant tracking storage overhead,support for large attribute domains,support for dynamic access policy updates,high expressiveness,and support for multi-authority.It solves the problems of excessive load of single authorization center in cloud storage attribute-based encryption,leakage of user keys that cannot be traced,and frequent changes of access policy by data owners.Theoretical analysis results show that the storage cost is reduced when the scheme has multiple features,and the calculation cost is reasonably increased.Experiments show that compared with recent schemes,this scheme has multiple features and similar efficiency.(2)A traceable multi-authority CP-ABE scheme supporting access policy hiding is proposed.This solution not only has the features of traceability and multi-authority,but also completely hides the access policy,solving the problem of untrusted cloud storage providers and malicious users obtaining user privacy information through access policy.Theoretical analysis results show that,although the computational cost is increased compared with the related scheme,the scheme has higher security and multiple features,while the storage cost is similar.