Access control method for transformable data cloud storage with data origin authentication

Abstract

The invention belongs to the technical field of cloud computing, and discloses a convertible data cloud storage access control method with data source authentication. The control method includes: system parameter initialization, user key generation, data encryption and storage, data download and decryption, data Access control, ciphertext data conversion. The invention solves the problems of how to ensure data source authentication in the existing cloud data access control, how to determine that it is the responsibility of the cloud service provider when the data stored on the cloud server is damaged, and the public convertibility of ciphertext data. The public key system is constructed, so that there is no certificate management problem in PKI and key escrow problem under the identity-based public key system, and an access control method for data cloud storage with data source authentication can be converted.

Description

technical field [0001] The invention belongs to the technical field of cloud computing, and in particular relates to an access control method for convertible data cloud storage with data source authentication. Background technique [0002] At present, the existing technologies commonly used in the industry are as follows: [0003] Cloud computing (Cloud Computing) technology has brought tremendous changes to people's work and life. Cloud computing technology has penetrated into various fields and brought positive and far-reaching impacts to all walks of life. Data cloud storage is an important part of cloud computing services. Data cloud storage service not only provides users with cheap storage space, but also enables users to access the cloud server and obtain their own data through the Internet anytime and anywhere, or share the data stored on the cloud server with others. The data stored by the user on the cloud server may involve confidentiality and privacy issues, or...

AI Technical Summary

Problems solved by technology

However, there are three problems here: Question 1, when the ciphertext data is damaged on the cloud server and cannot be decrypted normally, how to determine that it is the responsibility of the cloud service provider? Question 2, how to authenticate the source of the data when the data user wants to use the data, that is, how to determine the owner of the data

Question 3: When the secret data stored in the cloud server by the data owner has passed a certain protection period, and the data owner wants to disclose the data to the outside world, how to achieve the convertibility of the secret data

[0005] (1) In the existing technology, it is considered to encrypt the data and store it on the cloud server, and then track whether the data stored on the cloud server is damaged through irregular (third-party) audit methods, but it is impossible to determine whether it is a cloud service Data corruption due to provider issues

[0006] (2) When performing data access control, the data user cannot be sure that the ciphertext data comes from the specific data owner, that is, there is no authentication of the data source

[0007] (3) The open convertibility of secret data is not considered in the prior art, that is, how to disclose the data under the premise of ensuring that the data source can be authenticated, so that the data user can decrypt and verify the data without using their own private key source

[0008] (4) There is a joint attack between the cloud service provider and the data user in the prior art, that is, their cooperation can recover the private key of the data owner

[0009] (5) Most of the existing methods are based on public key infrastructure or identity-based public key system construction, so there are key management issues and key custody issues

Images