摘要
密钥信息泄露是互联云服务难题之一,为解决该问题,该文提出一种基于属性环签名的用户密钥撤销方案。该方案以互联云的用户密文访问方法为研究对象,论述了无属性泄露的密文矩阵映射机制,多授权者自主扩展属性集生成密钥,从而令云服务提供者(CSP)无法获得用户完整属性,达到消除属性存储负载的目的。另外,该方案以撤销环与单调张成算法为基础设计用户签名验证撤销机制,令CSP、授权者与用户共同组成属性环,接受CSP定义密文访问结构,用户签名只有通过源CSP验证才能访问密文,授权者撤销部分属性失效用户解密密钥,从而达到权限撤销不影响其它用户访问的目的。该方案以密文策略属性基加密(CP-ABE)与单调张成算法为基础设计多用户组合属性共谋抵抗机制,用以保护属性的机密性。最后,给出该方案通信成本和计算效率的性能分析,用以验证该方法的有效性。
Key information leakage is one of the most serious problems in Intercloud service, to solve this problem, a scheme of user key revocation on attribute-based ring signatures is proposed. Focused on user ciphertext access in Intercloud, the mechanism of ciphertext matrixes mapping without attribute leakage is discussed, multi-authority can extend attribute sets for generation key, then full user attributes can not be acquired by Cloud Service Providers(CSP), thus overhead on attribute storage is reduced. In addition, user signature verification revocation based on revocable ring and monotone span programs is designed, which constitutes ring of CSPs, authorities and users. Receiving CSP can define ciphertext access structure, users can access ciphertext through source CSP verifying, and authorities can remove decryption key from attribute-lost users without affecting any other users. The mechanism of collusion resistance with integrating attributes on the basis of Ciphertext-Policy Attribute Base Encryption(CP-ABE) and monotone span programs is discussed, with which user attribute confidentiality can be protected from leakage. Finally, to prove the effectiviness of the proposed model, the performance analysis of communication cost and computational efficiency are verified.
出处
《电子与信息学报》
EI
CSCD
北大核心
2015年第9期2225-2231,共7页
Journal of Electronics & Information Technology
基金
国家自然科学基金(61373168
61202387)
教育部高等学校博士学科点专项科研基金(20120141110002)
河南省软科学研究基金(132400410165
142400410263
142400410267
142400411039)资助课题
关键词
云计算
环签名
访问结构
验证
共谋
Cloud computing
Ring signature
Access structure
Verify
Collusion
