摘要
针对不完全可信云环境中数据共享的安全问题,提出基于信任分散策略的数据共享方案。将原始数据拆分成动态数据和静态数据,动态数据采用在用户私钥内添加全局标志的密文策略属性基加密算法加密存储于一个云端,并在用户撤销时利用代理重加密技术改变访问结构;静态数据采用对称加密算法加密,存储于另一云端。安全性分析和实验表明,该方案能有效防止动态数据的串谋攻击并保证用户撤销的后向安全性,满足实际云环境中数据安全共享需求。
According to the security problem of data sharing in the environment of incomplete credible cloud,this paper proposed a data sharing scheme based on the decentralization strategy of credit.This scheme divided the original data into dyna-mic and static data.The dynamic data’s encryption used ciphertext-policy attribute-based encryption algorithm that added the personal identification in the user’s private key,and then a cloud stored it.At the same time,this scheme used the proxy re-encryption technology to change the access structure when the user revoked.The static data’s encryption used a symmetric encryption algorithm,and another cloud stored it.The security analysis and experiments show that the proposed scheme can effectively prevent the collusion attack of dynamic data and guarantee the backward security of users,which can meet the requirement of data security sharing in the real cloud environment.
作者
张光华
刘会梦
陈振国
许向阳
Zhang Guanghua;Liu Huimeng;Chen Zhenguo;Xu Xiangyang(State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an 710071,China;College of Information Science&Engineering,Hebei University of Science&Technology,Shijiazhuang 050000,China;Hebei Engineering Technology Research Center for IOT Data Acquisition&Processing,North China Institute of Science&Technology,Sanhe Hebei 065201,China)
出处
《计算机应用研究》
CSCD
北大核心
2018年第3期905-910,共6页
Application Research of Computers
基金
国家自然科学基金资助项目(61572255)
中国博士后科学基金资助项目(2015M582622)
物联网信息安全技术北京市重点实验室开放课题(J6V0011104)
河北省科技计划支撑项目(15210338)
关键词
数据共享
信任分散
云环境
属性加密
代理重加密
data sharing
trust decentralization
cloud environment
attribute encryption
proxy re-encryption
