Research On Cloud Storage Data Access Control Scheme Based On Attribute Encryption

In the rapid development of information technology era,the importance of information and data become more and more important,whether institutions or enterprises need to handle large amounts of data.With the rapid increase in data volume,data storage server of unit or enterprise has been unable to meet the growing data volume increase speed.The emergence of cloud storage technology provides a solution to the storage of large data.However,because of the cloud storage system is in an open network,the data stored in the cloud storage system by the user will suffer from security threats from all aspects,how to ensure the security of user data stored in the cloud storage server has become the biggest obstacle to the popularity of cloud storage technology.In view of the above problems,this paper makes an in-depth study on how to design a set of data access control schemes for the cloud environment.The main work is as follows:(1)The cloud storage system has a large number of users,changing frequently and being in the open network.After analyzing the research status of cloud storage access control protocol at home and abroad,ciphertext policy attribute set based encryption(CP-ASBE)algorithm is selected for the data access control in the cloud environment.The algorithm can not only solve the problem of attribute confusion in attribute-based encryption algorithm,can also support the attributes of more precise expression.After comparing several popular cloud storage systems,we chose a widely applied and open sourced HDFS cloud storage system as the cloud storage system studied in this paper.(2)After researching the original security mechanism of HDFS cloud storage system,a set of improved data block access token distribution protocol is proposed for the security risks of the data block access token protocol.In this protocol,the data block access token is first chunked and then retransmitted by the NameNode at the time of generation,thereby solving the potential security problems such as malicious interception of the token in the transmission process,leakage of the data block access token information and improve the efficiency of the HDFS cloud storage system.(3)A set of attributes-based encryption scheme is used to replace the original Kerberos security scheme,combined with the improved data block access token distribution protocol,a cloud storage access control scheme based on attribute set encryption is proposed.In the plan,the form of multi-authorization center is used to replace the traditional form of single authorization center to solve the single point security problem.When encrypting plaintext,a hybrid encryption method is used to improve efficiency.Specifically,the scheme uses a plaintext digest to encrypt the plaintext,and then uses the CP-ASBEencryption key,which not only improves the efficiency but also saves storage space of cloud storage.In terms of property revocation,the scheme uses an access control list to handle coarse-grained permission revocation.For fine-grained property revocation,the scheme uses proxy re-encryption to delegate complex computations to DataNodes which have powerful computing power.Finally,this paper evaluates the confidentiality,integrity,non-repudiation,and usability of the scheme.and the results show that this scheme can effectively improve the security of user data in the HDFS cloud storage system.