A data storage method combining user-side access control and cloud access control

Abstract

The invention discloses a data storage method combining user side access control and cloud access control. First a data owner generates an attribute set {A1, A2,..., An} required by attribute encryption and an access strategy A according to an access authority requirement of a file M that needs to be uploaded; the data owner generates a random session key K and N random character string {S1, S2,..., SN}, utilizes a symmetrical encryption algorithm to encrypt the file M and the random character string, utilizes an attribute encryption algorithm to encrypt the sensor key K, and finally obtains ciphertext CT; the data owner uploads the ciphertext CT to a cloud server for storage; when another user needs to require the file M stored in the cloud server, the cloud server and the user that makes the request complete a challenge-response process; and the cloud server sends the file ciphertext requested by the user to the user. By use of the abovementioned method, the access authority of a specific user can be effectively judged, a malicious user can be avoided from illegally downloading a cloud storage file, security of the cloud server itself and stored data is effectively guaranteed, and consumption of cloud resources is prevented.

Description

Technical field [0001] The invention relates to the technical field of cloud data storage, in particular to a data storage method combining user-side access control and cloud access control. Background technique [0002] At present, in the cloud storage environment, for economic and convenience considerations, users outsource their own data to cloud servers. In order to protect the confidentiality and privacy of user data, access control is an indispensable means of protection. However, because users cannot fully trust the cloud server provider, traditional access control methods cannot be well applied to the cloud storage environment. To solve this problem, attribute-based encryption (ABE) is introduced into cloud storage. ABE enables data owners to directly control access to their own data, which is an effective user-side access control method. Among them, the attribute-based encryption scheme (CP-ABE) with policy and ciphertext related is considered to be one of the most suit...

AI Technical Summary

Problems solved by technology

[0003] However, due to the lack of corresponding compatible cloud access control strategies, CP-ABE is still difficult to be directly deployed in the actual public cloud environment

In the current cloud access control scheme, the cloud server is always assumed to be completely trusted, so it is difficult for these schemes to be compatible with the CP-ABE scheme

Due to the lack of corresponding cloud access control, in the CP-ABE-based access control scheme, the cloud server is always exposed to a variety of security threats, one of the most important security threats is denial of service attacks (Dos / DDos), malicious Users can download files shared by other users on the cloud server without restriction, thus consuming various resources on the cloud server and making the cloud server unable to work normally; in addition, due to the lack of cloud access control, malicious users can download A large number of files can carry out attacks related to ciphertext analysis, threatening the confidentiality of user data

Images