Research On Cloud Computing Anti-collusion Security Strategy Supporting Efficient Attribute User Revocation

Cloud computing is another new service computing model appeared after distributed computing,parallel computing and grid computing.It stores application resources such as computing resources,storage resources and software resources to the cloud through virtualization technology.The application resources are managed and controlled by the CSP(cloud computing service provider).Realized "centralized management of decentralized resources and decentralized services of centralized resources" through multi-tenant technology.Due to remoting resources of cloud resource service providers from trusted domains to untrustworthy domains will result in the forfeit of resources control right,The secure storage of data,auditing integrity and encrypted access control have become pivotal issues in the field of cloud security.At present,the encrypted access control of cloud computing mainly adopts the Ciphertext-Policy AttributeBased Encryption(CP-ABE)method based on the ciphertext strategy to control the system security.In CP-ABE cloud computing encryption access control,along with the the change of tenant access rights,there are three situations,which includes the circumstances of the partial revocation of tenant attributes,revocation of all attributes and system revocation.Due to the revocation of user attributes,its authorization policy will also be changed accordingly,and the permission to access restricted resources needs to be regiven to the user.However,due to the untrustworthy of the CSP,it may cause the problem that the tenant whose attribute has been revoked colludes with the CSP or other tenants to illegally obtain access rights to resources.This dissertation mainly researches baseds on the strategy of user attribute revocation in cloud computing environment,to solve the problem of anti-collusion attack.The main contributions of the scheme are as follows:(1)In the cloud computing environment,in order to response to the high frequency changes of user’s attribute and access control rights in the scheme of the cloud access control based on CP-ABE,proposeing a scheme which is a dynamic revocation strategy of cloud security user attributes based on large universe version control.In the proposal,the attribute version key and user version key are embedded in the conformation of the ciphertext policy attribute based encryption.Only the corresponding attribute version keys need to be update when the user attributes are revoked.similarly,only the user version key needs to be updated when the user is revoked.Implementing fine-grained attribute revocation be provided with high efficiency.The proposed scheme can dynamically implement attribute level user revocation and user revocation and multiple anti-collusion attacks under the premise of guaranteeing forward and backward security for ciphertext.The proposed scheme based on the assumption of q-DBPBDHE,through the plaintext attack in the random oracle model(ROM),Which proved is secure.Finally,the performance analysis and experimental verification are carried out,and the results show that the proposed scheme security and validity.(2)In view of the cloud access control based on CP-ABE,a user may have multiple attributes,and each attribute may be shared simultaneously by many users.The decryption key of an attribute can thus be shared by many users who all possess the attribute.A malicious authorized user may leak her/his decryption key,which is difficult to trace the owner of primitive secret key from an exposed key.This dissertation propose a dynamic traceable large-universe multi-authority ciphertext-policy with revocation,which adopt the method of embedding the user identity information into the user attribute private key and the user identity private key,and tracing the malicious user identity through the leaked key.Secondly,the existing idea of multi-authorization agencies is combined with the scheme of removed central authority.For the purpose of reducing the storage and computational burden of resource-constrained terminal users,by functionality of outsourcing decryption,which outsources the complicated decryption and traceable algorithm to cloud servers.Finally,the proposed scheme has been proven to be secure against chosen plaintext attacks under a selective access policy based on decisional q-parallel BDHE assumption in the standard model.Meanwhile,Our scheme provides the proof of key sanity check and secret key Forging attack.