期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于动态重加密的云计算存储平台权限撤销优化机制 被引量:10

A Cloud-storage Privilege Revoking Optimizing Mechanism Based on Dynamic Re-encryption
下载PDF
导出
摘要 针对云存储服务中用户访问权限撤销计算与带宽代价过大、复杂度过高等问题。以密文策略的属性加密体制(CP-ABE)的密文访问控制方案作为理论背景,设计出一种基于动态重加密的云存储权限撤销优化机制,即DR-PRO。该机制利用(k,n)门限方案,将数据信息划分成若干块,动态地选取某一数据信息块实现重加密,依次通过数据划分、重构、传输、提取以及权限撤销等子算法完成用户访问权限撤销实现过程。通过理论分析与模拟实验评估表明,在保证云存储服务用户数据高安全性的前提下,DR-PRO机制有效降低了用户访问权限撤销的计算与带宽代价,其性能效率得到了进一步优化与提高。 In order to effectively solve overhead computing and bandwidth, high complexity problems about user access privileges revoking of cloud-storage service. A cloud-storage privilege revoking optimizing mechanism was designed (DR-PRO) based on Dynamic re-encryption. Firstly, DR-PRO used ( k, n) threshold algorithm of secret sharing scheme, the data information was divided into a number of blocks, and achieved re-encryption to a data block. Secondly, successively achieved user access privilege revoking by data cutting, data reconstructing, data publishing, data extracting and data revoking sub-algorithms, theoretical analysis and experimental evaluation showed, DR-PRO ensured high data security, effectively reduced the computing and bandwidth overhead, and further optimized and improved the performance.
作者 韩同欣 丁建元
机构地区 国家气象信息中心
出处 《科学技术与工程》 北大核心 2015年第20期108-115,共8页 Science Technology and Engineering
基金 国家自然科学基金(61272511)资助
关键词 云存储 密文访问控制 权限撤销 动态重加密 密文策略的属性加密体制 动态重加密的云存储权限撤销优化机制 cloud-storage ciphertext access control privilege revoking dynamic re-encryption CP-ABE DR-PRO
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1Yu S, Wang C, Ren K, et al. Achieving secure, scalable and fine- grained data access control in cloud computing. Pro of the 2010 Int Conf Computer Communications. Piscataway, NJ: IEEE, 2010: 1-9.
  • 2Liang X, Cao Z, Lin H, et al. Attribute based proxy re-encryption with delegating capabilities. Proceedings of the 4th International Sym- posium on Information, Computer, and Communications Security, 2009 : 276-286.
  • 3孙国梓,董宇,李云.基于CP-ABE算法的云存储数据访问控制[J].通信学报,2011,32(7):146-152. 被引量:64
  • 4王涛,曾庆凯.动态安全策略的权限撤销研究[J].计算机应用,2009,29(7):1809-1812. 被引量:8
  • 5Tian X, Wang X, Zhou A. DSP re-encryption based access control enforcement management mechanism in DaaS. International Journal of Network Security, 2013 ; 15( 1 ) : 28-41.
  • 6洪澄,张敏,冯登国.面向云存储的高效动态密文访问控制方法[J].通信学报,2011,32(7):125-132. 被引量:79
  • 7Yu S, Wang C, Ren K, et al. Attribute based data sharing with at- tribute revocation. Proceedings of the 5th ACM Symposium on Infor- mation, Computer and Communications Security, 2010:261 -270.
  • 8Jahid S, Mittal P, Borisov N. Easier: encryption-based access control in social networks with efficient revocation. Proceedings of the 6th ACM Symposium on Information, Computer and Communications Se- curity, 2011:411-415.
  • 9Xu Z, Martin K. Dynamic user revocation and key refreshing for at- tribute based encryption in cloud storage. Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications ( TrustCom), 2012 : 844-849.
  • 10Libert B, Vergnaud D. Unidirectional chosen-ciphertext secure proxy reencryption. IEEE Transactions on Information Theory, 2011 ; 57(3) : 1786-1802.

二级参考文献50

  • 1王连强,张剑,吕述望,刘振华.一种基于密码的层次访问控制方案及其分析[J].计算机工程与应用,2005,41(33):7-10. 被引量:2
  • 2张淼,徐国爱,胡正名,杨义先.可信计算环境下基于主机身份的一次性密钥交换协议[J].电子与信息学报,2007,29(6):1348-1351. 被引量:2
  • 3ORGANICK E I. The Muhics system: An examination of its structure[M]. Cambridge, USA: MIT Press, 1972.
  • 4MAZIERES D, KAASHOEK M. Secure applications need flexible operating systems[C]//The 6th Workshop on Hot Topics in Operating Systems. Washington DC: Computer Society Press, 1997:56 -61.
  • 5AMON O. The rule set based access control Linux kernel security extension [ EB/OL]. [ 2008 - 11 - 25 ]. http:// www. rsbac, org/ doc/media/openweekend/openweekend-handout, pdf.
  • 6SMALLEY S, FRASER T. A security policy configuration for the security-enhanced Linux[ R]. NAI Labs, 2001.
  • 7LOSCOCCO P, SMALLEY S. Meeting critical security objectives with security-enhanced Linux[ R]. NAI Labs, 2000:45 - 50.
  • 8SPENEER R, SMALLEY S, LOSCOCCO P, et al. The flask security architecture: system support for diverse security policies[ C]// Proceedings of the 8th USENIX Security Symposium. Denver, CO, USA: USENIX Association, 1999:123 - 139.
  • 9KARGER P. New methods for immediate revocation[ C]// The IEEE Symposium on Security and Privacy. Oakland, CA, USA: IEEE Computer Society, 1989:48 -55.
  • 10REDELL D, FABRY R. Selective revocation of capabilities[ C]// Proceedings of the International Workshop on Protection in Operating Systems. Paris, France: [ s. n. ], 1974:192 -209.

共引文献143

同被引文献103

引证文献10

二级引证文献52

科学技术与工程
2015年 第20期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部