Dynamic Access Control Of Encrypted Data In Cloud Storage

In recent years,with the rapid development of cloud technology,an increasing number of users store data in the cloud.In order to ensure the confidentiality of data,users tend to encrypt files before uploading them to the cloud,which makes it difficult to share data,especially for those organization clients with multiple data users.Therefore,how to enforce access control to the encrypted cloud data becomes a research issue.Existing works use public-key infrastructure or attribute-based encryption to enforce access control,which are not able to handle user revocation efficiently.User revocation in these schemes usually involves a large number of encryptions,so the computing burden for the system administrator is pretty high and the delay of user revocation is relatively long.To tackle this problem,we propose two new access control schemes based on the Proxy Re-Encryption(PRE)and the Chinese Remainder Theorem(CRT),respectively.Specifically,1.We first analyze the existing performance evaluation models,and show a simulation-based access control system performance evaluation framework.The framework uses the access control data from the real datasets as the initial state of the system,and uses the results of multiple measurements as a reference for conclusions,to eliminate the impact of random factors.Then we select the access control operations with high execution frequency and long execution time as the focus for the comparison between the schemes.2.We describe the detailed construction of the PRE-based access control scheme.The proxy,apart from the cloud service provider and the data users,is introduced into the access control system.Some of the access control data is moved from the cloud to the proxy and the processes of access control operations are redesigned accordingly.Then,the security of the scheme in terms of authentication and trust is analyzed,and the required security assumptions and modification of the certain operation when the proxy is considered semi-trusted are discussed.The performance analysis shows that the scheme significantly improves the performance,achieving speedup ranging from 3 times to 19 times on different datasets.3.We provide description of the CRT-based access control scheme.Instead of storing multiple pieces of ciphertext for a single key in the cloud,the proposed scheme stores the group key ciphertext and the key encrypted with the group key.Then we utilize the high efficiency of updating key groups to improve the performance of corresponding operations in the access control system.The impact of the introduction of group keys on the data confidentiality is analyzed accordingly,and the requirements on key distribution and authentication are explained as well.The performance analysis shows that the scheme significantly improves the performance,achieving speedups varying from 21 times to 146 times on different datasets.