A data storage and cloud control method with lightweight auditing

Abstract

The invention discloses a data storage and cloud control method capable of lightweight auditing. The data storage and cloud control method comprises the steps that: firstly, a data owner generates an attribute set { A1, A2, ..., An} and an access strategy A required for conducting attribute encryption according to access right requirements of a file M to be uploaded, and generates a random session key K and N random character strings {S1, S2, ..., SN}; the data owner processes the random character strings {S1, S2,..., SN} by adopting a secure Hash algorithm, and uploads a ciphertext CT to a cloud server; when another user needs to obtain the file M stored in the cloud server, the cloud server and the user complete a challenge-response process; the cloud server sends a data ciphertext EK(M) in the ciphertext CT corresponding to the file M required by the user; the user decrypts the EK(M) by adopting the random session key K to obtain the required file M; and the data owner audits a resource consumption record provided by the cloud server. The data storage and cloud control method effectively judges the access rights of specific users, and further ensures that the user can effectively monitor the resources provided by the cloud server.

Description

technical field [0001] The invention relates to the technical field of cloud data storage, in particular to a data storage and cloud control method with lightweight auditing. Background technique [0002] At present, in the cloud storage environment, users outsource their data to cloud servers for economic and convenience considerations. In order to protect the confidentiality and privacy of user data, access control is an indispensable means of protection. However, because users cannot fully trust cloud server providers, traditional access control methods cannot be well applied to cloud storage environments. In order to solve this problem, Attribute-Based Encryption (ABE) is introduced into cloud storage. ABE enables data owners to directly control access to their own data, and is an effective means of user-side access control. Among them, policy-associated attribute-based encryption (CP-ABE) is considered to be one of the most suitable means for implementing access contro...

AI Technical Summary

Problems solved by technology

[0003] However, due to the lack of corresponding compatible cloud access control strategies, CP-ABE is still difficult to be directly deployed in the actual public cloud environment

In the current cloud access control scheme, the cloud server is always assumed to be completely trusted, so it is difficult for these schemes to be compatible with the CP-ABE scheme

Due to the lack of corresponding cloud access control, in the access control scheme based on CP-ABE, the cloud server is always exposed to a variety of security threats, one of the most important security threats is denial of service attack (DoS / DDoS), malicious Users can download files shared by other users on the cloud server without restriction, thus consuming various resources on the cloud server and making the cloud server unable to work normally; in addition, due to the lack of cloud access control, malicious users can download A large number of files can carry out attacks related to ciphertext analysis, threatening the confidentiality of user data; at the same time, in order to pay for the resources consumed by the cloud server reasonably, the cloud server needs to provide users with an audit mechanism for related resource consumption, and there are currently some works to try to solve the resource auditing problem on the cloud server side, but these solutions are difficult to work with the current CP-ABE access control scheme

Images