摘要
针对云环境下数据安全共享过程中访问策略的更新以及加解密运算面临的高计算开销问题,提出一种灵活的、符合安全规则的细粒度存储方案ACSBPA。基于代理重加密进行算法改进,对多权限云中的数据进行分类共享,重加密阶段通过减少双线性映射实现对性能需求的优化;结合改进的属性加密算法,在减少双线性运算的基础上融入基于属性的访问策略,实现粒度细化、具有安全性的访问控制模型。实验结果表明,本文提出的方案在重加密阶段不涉及双线性映射,降低了第三方云服务器计算开销,在加解密阶段降低了用户的计算性能需求。与其他方案相比,本文方案在计算效率和策略更新方面具有优势。
Aiming at the updating of access policy and the high computational overhead of encryption and decryption in the process of data security sharing in cloud,a new scheme with flexible access policy and security is proposed.The data in multi-privilege cloud is classified and shared,which is improved based on proxy re-encryption.In the re-encryption stage,performance requirements are optimized by reducing bilinear mapping.Combined with the improved attribute encryption algorithm,the attribution-based access strategy is integrated by reducing bilinear operation to achieve a fine-grained and secure access control model.Through experimental comparison and analysis,the proposed scheme(ACSBPA)does not involve bilinear mapping,which reduces the computing overhead of the third-party cloud server in the encryption phase and the user’s demand for computing performance in the encryption and decryption phase.Compared with other schemes,the experimental results verify the advantages of this scheme in computing efficiency and policy updating.
作者
文鹏程
沈济南
梁芳
许振武
胡俊鹏
WEN Pengcheng;SHEN Jinan;LIANG Fang;XU Zhenwu;HU Junpeng(School of Information Engineering,Hubei Minzu University,Enshi 445000,Hubei,China;School of Cyber Science and Engineering,Sichuan University,Chengdu 610207,Sichuan,China)
出处
《武汉大学学报(理学版)》
CAS
CSCD
北大核心
2022年第1期93-101,共9页
Journal of Wuhan University:Natural Science Edition
基金
国家自然科学基金资助(61662022)
湖北民族大学高水平科研成果校内培育项目(PY20008)。
关键词
云存储
属性加密
代理重加密
细粒度
数据共享
cloud storage
attribute-base encryption
proxy re-encryption
fine-grained
data sharing
