Research On Decentralized Data Access Control Scheme In Cloud Storage

Cloud storage provides a low-cost solution for big data storage needs,which promotes the value of data assets.However,centralized storage makes cloud data susceptible to security threats such as leakage,tampering,and forgery.To effectively improve the quality of data security in cloud environments,implementing data access control is key to ensuring cloud data security and privacy.Attribute-based encryption technology can provide fine-grained access control over user attribute sets while ensuring data encryption,enabling flexible authorization of cloud data.However,existing cloud storage access control schemes based on attribute-based encryption rely on centralized computing and storage models,making it difficult to build a trusted data access authorization mechanism.In addition,existing solutions do not support data integrity verification,cloud ciphertext updates,and authorization retrieval,making it difficult to adapt to actual cloud storage application scenarios.To address above issues,this paper proposes three decentralized cloud data access control schemes that meet the security and availability requirements of non-trusted cloud environments.(1)To slove the problems of privacy leakage and non-support of correctness verification of outsourcing data in existing cloud data access control schemes,a cloud storage access control scheme that supports decentralization and verifiable outsourcing is proposed.Based on the technology of the ciphertext-policy attribute-based encryption that supports a hidden policy,the scheme avoids the risk of privacy leakage of cloud data.By utilizing blockchain technology,the proposed scheme eliminates the need for trusted cloud servers,achieving decentralized verifiability of decryption results and cloud data integrity verification.Experimental results demonstrate that the proposed scheme satisfies indistinguishability under chosen-ciphertext attacks.(2)To solve the problem of lacking support for cloud-based ciphertext revocation and integrity verification in existing schemes,a cloud storage access control scheme that supports decentralization and ciphertext update is proposed.Cloud ciphertext revocation is performed on the cloud platform,effectively improving the computational efficiency of traditional data owners’ online updating of cloud ciphertext.The verification of the cloud data is performed by smart contracts deployed in the blockchain,which ensures the integrity of cloud and revoked ciphertext.Analysis results show that the proposed scheme has lower communication and computational overheads.(3)To slove the problems of difficulty in ciphertext authorization retrieval and classification in existing cloud data access control schemes,a cloud storage access control scheme that supports decentralization and ciphertext equality testing is proposed.By using ABE-based equality testing technology,a mechanism for retrieving and classifying cloud ciphertext with attribute-level authorisation is implemented.To effectively resist collusion attacks by users and attribute authorities,multi-authorities are used to jointly distribute keys.The introduction of blockchain and smart contract technology eliminates the dependence of equality testing operations on trusted cloud servers.The proposed scheme satisfies the one-way property under chosen ciphertext attack under the random oracle model,and has better computational performance compared to similar schemes.