| With the rapid growth of data and information,cloud storage service has been widely used which is derived from cloud computing.However,there are security problems in the present cloud storage that it is facing both the external security threats and the internal personnel unauthorized operation.Therefore,in order to ensure the confidentiality of user data,it should be stored in the cloud in a cipher text form,especially when the cloud is untrusted.The scheme calld ciphertext full-text retrieval is designed to enable users to full-text search the information from the large data.Secure sharing of data among different users is another important function of cloud storage,which requires flexible,efficient and safe access control scheme.The purpose of this thesis is to design a safa clould storage system with ciphertext full-text retrieval and efficient access control,when the cloud service providers and any other third parties are untrusted.The main tasks and innovations including:1)Improved DGHV homomorphic encryption algorithm is employed to cloud storage ciphertext full-text retrieval.The original algorithm meets the requirements for the feature of homomorphic.However,the original algorithm does not apply in this case when the cloud service provider is untrusted,for that the key need to be sent to the cloud server,if using in the cloud storage ciphertext retrieval.Improved algorithm includes two keys,and the cloud server can obtain the retrieval key to complete the search operation without getting another key and the user clear data.Hence,it guarantees the confidentiality of user data and provide retrieval service for users.2)This paper presents a secure assess control scheme which is based on the multi private key generator(PKG)ciphertext-policy attribute-based encryption.In the classic scheme(CP-ABE),PKG is required to be fully trusted,because it controls the key information corresponding to all the user attributes and decrypts any user data freely.This paper improve the original scheme that PKG do not need to be fully trusted.In the improved scheme,several private key generators jointly control the private key generator information of the user attribute.Only when all the private key generators launch collusion attack could they illegally capture the user data.This scheme provides users with enough granularity,efficient access control and further improves the security of system.3)With regard to the former scheme and thought,this thesis designs a set of rounded secure cloud storage system and detailedly introduces the working principle and process of each system modules.Finally,an experimental system is realized and related performance test is made. |