A Data Storage and Access Control Method Based on Asymmetric Cryptographic Algorithm

Abstract

The invention discloses a data storage and access control method based on an asymmetric cryptographic algorithm. The method comprises the steps that a data owner generates an attribution set {A1, A2, ..., An} required by attribution encryption and an access strategy A according to access authority of a to-be-uploaded file M; the data owner generates a random session key K and a pair of public and private keys (PK, SK) and carries out corresponding encryption processing; the cloud server generates N random character strings {S1, S2, ..., Sn}, and encrypts the N random character strings through adoption of a public key encryption algorithm and a public key PK; when other user needs to obtain the file M, the cloud server and the user submitting a request finish a challenge-answer process; the cloud server sends data ciphertext EK (M) to the user; the user decrypts the EK (M) through adoption of the random session key K, thereby obtaining the file M; and the data owner audits resource consumption records provided by the cloud server. According to a signature function built in the asymmetric cryptographic mechanism, the data owner is effectively supported to audit resource consumption of a cloud server.

Description

Technical field [0001] The invention relates to the technical field of cloud data storage, in particular to a data storage and access control method based on an asymmetric cryptographic algorithm. Background technique [0002] At present, in the cloud storage environment, for economic and convenience considerations, users outsource their own data to cloud servers. In order to protect the confidentiality and privacy of user data, access control is an indispensable means of protection. However, because users cannot fully trust the cloud server provider, traditional access control methods cannot be well applied to the cloud storage environment. To solve this problem, attribute-based encryption (ABE) is introduced into cloud storage. ABE enables data owners to directly control access to their own data, which is an effective user-side access control method. Among them, the attribute-based encryption scheme (CP-ABE) with policy and ciphertext related is considered to be one of the mos...

AI Technical Summary

Problems solved by technology

[0003] However, due to the lack of corresponding compatible cloud access control strategies, CP-ABE is still difficult to be directly deployed in the actual public cloud environment

In the current cloud access control scheme, the cloud server is always assumed to be completely trusted, so it is difficult for these schemes to be compatible with the CP-ABE scheme

Due to the lack of corresponding cloud access control, in the access control scheme based on CP-ABE, the cloud server is always exposed to a variety of security threats, one of the most important security threats is denial of service attack (DoS / DDoS), malicious Users can download files shared by other users on the cloud server without restriction, thus consuming various resources on the cloud server and making the cloud server unable to work normally; in addition, due to the lack of cloud access control, malicious users can download A large number of files can carry out attacks related to ciphertext analysis, threatening the confidentiality of user data

Images