Research On Efficient Cloud Data Access Control Method Supporting Extensible Attribute-based Encryption

With the advent of the mobile Internet era,the transformation of communication technology has outlined the blueprint of the Internet of everything.More and more terminal devices are connected to the Internet,and the large number of users leads to a promising digital economy.In order to manage the explosive growth of data information,enterprises and individuals are looking to the potential of the cloud platform.Different from traditional data information management mechanism,cloud platform releases user productivity and completely liberates users from complex machine configuration and tedious data management process.The prosperity of data assets has also produced a lot of security problems.Malicious users attempt to harm the security of data in the cloud,and various security incidents occur frequently.In order to protect the security of users’ data assets,data security has been paid more and more attention by the government and large cloud service providers.In order to protect the security of outsourced data,attribute-based encryption technology has been widely concerned by the academic community.By using attribute-based encryption technology,data owners can formulate access policies to restrict data access permissions to implement fine-grained access control mechanism.This one-to-many flexible access control method is very suitable for cloud storage scenarios.However,at present,the attribute-based encryption methods used to manage the access rights of time-sensitive cloud data still have some problems in terms of function and efficiency,such as the disclosure of user privacy information and the inability to utilize the rich computing resources of cloud computing.To address the above challenges,based on the analysis of relevant theories of attribute-based encryption technology,this dissertation studies an efficient cloud data access control method supporting extensible attribute-based encryption.The main work and innovation of this dissertation are as follows:1.Propose an efficient cloud data access control scheme supporting privacy protectionIn this dissertation,an efficient cloud data access control scheme supporting privacy protection is proposed for time-sensitive data requiring periodic release of access rights.The system model and security model of the scheme are defined in detail,and the construction algorithm is given.Compared with other schemes,the scheme in this dissertation uses the dual access policy tree to hide part of the policy information,which plays a role in protecting the privacy of data users.Meanwhile,the embedded time trap door can also realize the timed-release mechanism of data access rights without increasing the computing cost of users.In order to reduce the overhead of algorithm execution at the client end,edge computing nodes and cloud computing nodes are introduced in this scheme to undertake part of computing requirements on the premise of ensuring data confidentiality,so as to improve the efficiency of the scheme.2.Propose a distributed time sensitive data access control schemeIn order to solve the problems of single attribute authority,such as single point of failure,key escrow and poor ability of horizontal expansion,a distributed time sensitive data access control scheme is proposed in this dissertation,and its construction algorithm and execution flow are introduced in detail.Using cryptographic accumulator,this scheme realizes distributed attribute authority cluster under the condition of anonymity of user attribute value and global identity,and improves the availability of the system.By modifying the access structure,the data owner can set the data access permission timed-release function,which is very suitable for time sensitive data management.