| The cloud computing provides users with numerous convenient services,and the cloud storage as the most basic service is extremely widely used.With the development of information technology,data sharing in cloud storage integrates many new features.For example,in the Internet of Things environment and mobile health systems,data sharing needs to meet real time and efficiency requirements.How to achieve more secure access control for data sharing system and provide users with high quality service has become a very important problem.At present,the traditional data sharing access control focuses on the access control of the data receiver,without considering the access control of the sender,and because the cloud server is usually far away from the user,the data transmission usually has a large delay.On the other hand,revoking users in a data sharing system usually has a large overhead.Even with the help of outsourcing servers,there are still some efficiency problems.To address these problems,this thesis studies the access control scheme for cloud-edge data sharing systems,and achieves the following research results:(1)A secure bidirectional access control encryption scheme for cloud-edge data sharing is designed in this thesis.The edge node restricts the information flow between the data sender and the data receiver,and processes the shared messages to achieve the access control of the sender.At the receiver side,attribute-based encryption is utilized to achieve fine-grained access control.The introduction of edge servers not only enhances the security of access control,but also reduces the delay for users to obtain the data file.The security proof and performance analysis show that the proposed scheme is secure and practical.(2)A revocable access control scheme for cloud-edge data sharing system is designed in this thesis.The attribute related transformation key is directly distributed to the proxy servers,which reduces the user interaction and the transformation overhead of the proxy server.Additionally,the decryption overhead of the client can be reduced since most of the complex decryption computation is outsourced to the proxy server.When users with the same attributes request data,the proxy server can directly send the partially decrypted ciphertext to the user,thus reducing the user's request time.In addition,a more practical revocation is realized by combining the advantages of indirect revocation and direct revocation.The security analysis and the performance analysis show that the proposed scheme is secure and efficient. |
PDF Full Text Request