Cloud storage access control system based on attribute

Abstract

The invention provides a cloud storage access control system based on an attribute. The cloud storage access control system based on the attribute comprises a security token unit (1), a main body information management unit (2), an access control unit (3), an attribute base encryption and decryption unit (4) and a cloud storage unit (5), wherein the security token unit (1) is used for achieving the function of identity authentication, the function of token distribution and the function of token verification, the main body information management unit (2) is used for achieving the function of generating a user private key, the function of storing user attribute information and the user private key, and the function of symmetric keys after encryption of an access control policy, the access control unit (3) is used for achieving the function of access control based on the attribute, and the function of user customization of the access control policy, the attribute base encryption and decryption unit (4) is used for achieving the function of encryption and decryption of files, and the function of using the access control policy and the user private key to carry out encryption and decryption on the symmetric keys, and the cloud storage unit (5) is used for achieving the function of storage of plaintext and ciphertext. The cloud storage access control system based on the attribute has the advantages of being fine in grit, real-time, dynamic, extensible, safe and the like, and can be used for achieving access control in the cloud storage environment.

Description

technical field [0001] The invention belongs to the technical field of network and information security, and relates to data access control technology, specifically a cloud storage access control system that introduces attribute-based encryption under the XACML framework, provides access control to data and ensures data confidentiality. Background technique [0002] Cloud storage is an emerging cloud service that has emerged in the past two years. Users can access the Internet anytime, anywhere, and use handheld mobile terminals or PCs to access their personal files at a very fast speed. Therefore, it has received extensive support and support. application. However, while it is convenient to use, cloud storage has also aroused widespread concerns among users about data security and privacy protection security. In 2009, many well-known cloud storage service providers such as Amazon, Google, LinkUp, etc. had user data and privacy leakage security issues, and caused serious co...

AI Technical Summary

Problems solved by technology

[0004] The attribute-based access control system using ciphertext strategy based on the above-mentioned cryptographic system can provide data encryption combined with attribute-based access control strategy, but in practical applications, not all data needs to be encrypted and stored. When the amount of data is large, directly The overhead of encrypting and decrypting data is high, and the performance of the access control system is low. Therefore, the existing attribute-based access control solutions for ciphertext policies cannot provide fine-grained, dynami

Images