期刊文献+

一种高效细粒度云存储访问控制方案 被引量:3

Fine-grained Access Control with Efficient Revocation in Cloud Storage
下载PDF
导出
摘要 分析Hur等提出的数据外包系统中属性基访问控制方案,指出其存在前向保密性安全漏洞、更新属性群密钥效率低和系统存储量大等缺陷,并基于Hur等方案,提出一种新的高效细粒度云存储访问控制方案。新方案由完全可信机构而非云服务器生成属性群密钥,解决前向保密性问题。采用中国剩余定理实现用户属性撤销,将KEK树上覆盖属性群用户最小子树的求解转变为中国剩余定理同余方程组的求解,提高群密钥更新效率。采用密文策略的属性基加密方法加密用于加密明文的对称密钥而非明文本身,将访问控制策略变更的重加密过程转移到云端,实现属性级和用户级的权限撤销。分析表明,新方案具有更强的安全性,更高的群密钥更新效率和更小的存储量与计算量。 Analyzed the attribute-based access control scheme in data outsourcing systems introduced by Hur et al and found there existed some weaknesses such as forward secrecy problem, low efficiency in updating the attribute group key, and great storage of the system in the scheme, then proposed a novel fine-grained access control scheme in cloud storage with more efficiency based on Hur et al's. The attribute group key was generated by the Trusted Authority(TA) rather than the Data Service Provider(DSP), thus solves the forward secrecy problem. The Chinese Remainder Theorem was applied to realize the user attribute revocation. Solving the Chinese Remainder Theorem Congruence Equations instead of solving the minimum cover set in the KEK tree makes it more efficient in updating the attribute group key. The ciphertext-policy attributebased encryption solution was used to encrypt the symmetric key encrypting the plaintext rather than the plaintext immediately. The task of attribute-based encryption re-encryption was delegated to the DSP. The scheme achieves hybrid revocations both on the attribute level and the user level. The analysis results indicate that the proposed scheme with less shortage and calculation is more secure and efficient in revocation cost.
出处 《计算机与数字工程》 2014年第9期1673-1677,1744,共6页 Computer & Digital Engineering
基金 国家自然科学基金(编号:61070164) 广东省自然科学基金(编号:S@01201000876)资助
关键词 安全保密 云存储 密文访问控制 属性基加密 代理重加密 撤销 security and secrecy, cloud storage, ciphertext access control, attribute-based encryption, proxy re-en- cryption, revocation
  • 相关文献

参考文献3

二级参考文献12

  • 1GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryptionfor fine-grained access control of encrypted data. Proceedings ofthe 13th ACM Conference on Computer and Communications Secu-rity . 2006
  • 2HONG C,ZHANG M,FENG D G.AB-ACCS:a cryptographic accesscontrol scheme for cloud storage. Journal of Computer ResearchAnd Development . 2010
  • 3ECHEVERRIA V,LIEBROCK L M,SHIN D.Permission manage-ment system:permission as a service in cloud computing. Pro-ceedings of the 1st IEEE International Workshop on Emerging Appli-cations for Cloud Computing . 2010
  • 4LUAN I,MUHAMMAD A,PETKOVIC.An encryption scheme for asecure policy updating. Proceedings of International Conference onSecurity and Cryptography (SECRYPT 2010) . 2010
  • 5DAEMEN J,RIJMEN V.AES proposal:rijndael,technical report,national institute of standards and technology. http://csrc.nist.gov/encryption/aes/round2/r2algs.htm .
  • 6BETHENCOURT J,SAHAI A,WATERS B.Advanced crypto soft-ware collection:the cpabe toolkit. http://acsc.cs.utexas.edu/cpabe/ .
  • 7John Bethencourt,Amit Sahai,Brent Waters."Ciphertext-policy attribute-based encryption". IEEE Symposium on Security and Privacy . 2007
  • 8S.Yu,C.Wang,K.Ren,W.Lou."Achieving Secure,Scalable, and Fine-grained Data Access Control in Cloud Computing,". Proceedings IEEE INFOCOM . 2010
  • 9Malek B,Miri A.Combining attribute-based and access systems. Proc.IEEE CSE 2009,12th IEEEInt’l Conf.on Computational Science and Engineering . 2009
  • 10R Ostrovsky,B Waters.Attribute-Based Encryption with Non-Monotonic Access Structures. Proceedings of the 14th ACM conference on Computer . 2007

共引文献86

同被引文献8

引证文献3

二级引证文献14

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部