摘要
存储在云端服务器中的敏感数据的保密和安全访问是云计算安全研究的重要内容。提出了一种安全、高效、细粒度的云计算访问控制方案。密文的加密采用了借助线性秘密共享矩阵的CP-ABE加密算法,并将大部分密文重加密工作转移给云服务提供商执行,在保证安全性的前提下,降低了数据属主的计算代价。该方案在用户属性撤销时,引入SD广播加密技术,有效降低了撤销时的计算开销和通信开销。理论分析表明该方案具有数据机密性、抗合谋攻击性、前向安全和后向安全,最后的实验结果验证了方案具有较高的撤销效率。
The privacy and secure access of sensitive data stored in the cloud server is important content in cloud computing security research. A secure, effective, fine-grained access control scheme in cloud computing was proposed. The ciphertext encryption employs a CP-ABE with a linear secret sharing matrix, and most of the re-encryption work is transferred to the cloud service provider, so the scheme reduces the data owner's computational cost on the premise of security. When user attributes' revocation occurs, the scheme introduces SD broadcast encryption technology, effectively reducing the computing and communication overheads. The analysis shows that the scheme has the data confidentiality, collusion-resistance, backward and forward secrecy. Finally the experiment result validates the high revocation efficiency of the scheme.
出处
《计算机科学》
CSCD
北大核心
2014年第9期152-157,168,共7页
Computer Science
基金
国家"九七三"重点基础研究发展规划:物联网混杂信息融合与决策研究(2011CB302903)
国家自然科学基金项目:云计算环境下的新型访问控制理论与关键技术研究(61272084)
江苏省自然科学基金(BK2009426)资助
关键词
访问控制
云计算
子集差分
基于属性加密
撤销
Access control
Cloud computing
Subset difference
Attribute-based encryption
Revocation